Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malicious link from Upwork site [Solved]

Started by skysuz , Oct 25 2016 10:22 PM

  • This topic is locked This topic is locked

#1
skysuz
Posted 25 October 2016 - 10:22 PM

skysuz

    Member

  • Member
  • PipPip
  • 13 posts

I noticed someone else has this problem.  I opened and excel link and I had already enabled macros, so I received a note from Upwork saying that I could be infected.  I ran a virus scan and thought I was OK until I woke up to my screen on and someone remotely accessing my computer at 3am.  I bought a better security software and now it is constantly blocking  the attempts and it says the link is a pushtone dot net slash getinfo dot php application TeamViewer Remote Control Application. I can't seem to get rid of it. This is the detailed report from my antivirus:

 

26.10.2016 07.20.34 Dangerous URL blocked http: //pushatone. net/getinfo. php Object: http:// pushatone. net/getinfo. php Object type: URL Reason: KSN Application: TeamViewer Remote Control Application Time: 10/26/2016 7:20 AM

 
and it goes on... (I put the spaces in the link)

 

I've copied and pasted the results from the farbar tool scan

 

Thanks so much for your help!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-10-2016
Ran by Suzanne (administrator) on SUZANNE-PC (25-10-2016 20:53:30)
Running from C:\Users\Suzanne\Desktop
Loaded Profiles: Suzanne (Available Profiles: Suzanne & LogMeInRemoteUser & Guest)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Windows\System32\nvwmi64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
() C:\Windows\System32\nvwmi64.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avp.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
() C:\Program Files\NVIDIA Corporation\nView\nviewMain64.exe
() C:\Program Files\NVIDIA Corporation\nView\nviewMain.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(TeamViewer GmbH) C:\Users\Suzanne\AppData\Roaming\MicrocoftUrdateNT\update_w32.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Akamai Technologies, Inc.) C:\Users\Suzanne\AppData\Local\Akamai\netsession_win.exe
(Box, Inc.) C:\Users\Suzanne\AppData\Local\Box\Box Edit\Box Edit.exe
(Akamai Technologies, Inc.) C:\Users\Suzanne\AppData\Local\Akamai\netsession_win.exe
(Box, Inc.) C:\Users\Suzanne\AppData\Local\Box\Box Local Com Server\Box Local Com Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
(Google Inc.) C:\Users\Suzanne\AppData\Local\Google\Chrome\Application\chrome.exe
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
(Google Inc.) C:\Users\Suzanne\AppData\Local\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\honestech\honestech TVR 2.5\scheduleTV.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe
(Google Inc.) C:\Users\Suzanne\AppData\Local\Google\Chrome\Application\chrome.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Rosetta Stone Ltd.) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avpui.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-10-2016
Ran by Suzanne (25-10-2016 20:56:04)
Running from C:\Users\Suzanne\Desktop
Windows 7 Professional Service Pack 1 (X64) (2011-03-18 21:08:59)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-151233617-2686695857-2843107125-500 - Administrator - Disabled)
Guest (S-1-5-21-151233617-2686695857-2843107125-501 - Limited - Disabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-151233617-2686695857-2843107125-1002 - Limited - Enabled)
LogMeInRemoteUser (S-1-5-21-151233617-2686695857-2843107125-1003 - Administrator - Enabled) => C:\Users\LogMeInRemoteUser
Suzanne (S-1-5-21-151233617-2686695857-2843107125-1001 - Administrator - Enabled) => C:\Users\Suzanne
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Kaspersky Total Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AS: Kaspersky Total Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Total Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 7.2.4 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 16.04 (HKLM-x32\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Ablebits.com Merge Cells Wizard for Microsoft Excel (HKLM-x32\...\{9B4821E3-3284-4D9C-ACC1-558A0AE064F9}) (Version: 5.0.30 - Add-in Express Ltd)
Add or Remove Adobe Creative Suite 3 Design Premium (HKLM-x32\...\Adobe_498b43b77cac072081a5692bfc52804) (Version: 1.0 - Adobe Systems Incorporated)
Adobe Acrobat 8.1.5 - CPSID_49013 (HKLM-x32\...\Adobe Acrobat 8 Professional_815) (Version:  - Adobe Systems Incorporated)
Adobe Acrobat 8.1.5 Professional (HKLM-x32\...\Adobe Acrobat 8 Professional) (Version: 8.1.5 - )
Adobe Color Common Settings (HKLM-x32\...\Adobe_6c8e2cb4fd241c55406016127a6ab2e) (Version: 1.0.1 - Adobe Systems Incorporated)
Adobe ExtendScript Toolkit 2 (HKLM-x32\...\Adobe_3e054d2218e7aa282c2369d939e58ff) (Version: 2.0.2 - Adobe Systems Incorporated)
Adobe Flash Player 9 Plugin (HKLM-x32\...\{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}) (Version: 9.0.45.0 - Adobe Systems, Inc.)
AHV content for Acrobat and Flash (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Akamai NetSession Interface (HKU\S-1-5-21-151233617-2686695857-2843107125-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
Apple Application Support (32-bit) (HKLM-x32\...\{29DB9165-5FC1-48F0-9188-26123F526848}) (Version: 5.0.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{5905C8CF-1C88-4478-A48E-4E458AD1BC7E}) (Version: 5.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D4D86CB2-2370-4691-8272-3869EDED6C64}) (Version: 10.0.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ArcGIS 10.4 for Desktop (HKLM-x32\...\ArcGIS 10.4 for Desktop) (Version: 10.4.5524 - Environmental Systems Research Institute, Inc.)
ArcGIS 10.4 for Desktop (x32 Version: 10.4.5524 - Environmental Systems Research Institute, Inc.) Hidden
ArcGIS ArcReader 10 (HKLM-x32\...\ArcGIS ArcReader 10) (Version: 10.0.2414 - Environmental Systems Research Institute, Inc.)
ArcGIS Earth (HKLM\...\ArcGIS Earth) (Version: 1.0.1214 - Environmental Systems Research Institute, Inc.)
ArcGIS Earth (Version: 1.0.1214 - Environmental Systems Research Institute, Inc.) Hidden
ArcGIS License Manager 10 (HKLM-x32\...\ArcGIS License Manager 10) (Version: 10.0.2414 - Environmental Systems Research Institute, Inc.)
ArcGIS Pro (HKLM\...\ArcGISPro) (Version: 1.3.5861 - Environmental Systems Research Institute, Inc.)
ArcGIS Pro (Version: 1.3.5861 - Environmental Systems Research Institute, Inc.) Hidden
Bing Bar (HKLM-x32\...\{FF6DD716-7B10-4269-9F19-FFB07AC4CD95}) (Version: 7.3.124.0 - Microsoft Corporation)
Bing Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.470.0 - Microsoft Corporation)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
BioAPI Framework (Version: 1.0.2 - Dell Inc.) Hidden
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 20.0.18.1035 - Bitdefender)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Box Tools (HKLM-x32\...\{56647361-687B-452B-8999-6179125FFD63}) (Version: 3.2.10.1533 - Box)
Broadcom NetXtreme-I Netlink Driver and Management Installer (HKLM\...\{982E1601-0DFC-4FD3-A427-AC6570697858}) (Version: 14.0.3.2 - Broadcom Corporation)
Citrix Online Launcher (HKLM-x32\...\{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}) (Version: 1.0.408 - Citrix)
Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 3.00 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: 1.02 - Creative Technology Limited)
Custom (Version: 12.34.56.789 - Wave Systems Corp.) Hidden
CyberLink PowerDVD 9.5 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.3225 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Data Protection | Access (HKLM-x32\...\{A7D91856-258D-4C87-8041-B170851CE432}) (Version: 2.0.00000.085 - Dell Inc.)
Dell Data Protection | Access (Version: 01.01.00.085 - Wave Systems Corp) Hidden
Dell Data Protection | Access | Drivers (HKLM-x32\...\{4E4E65EE-C456-45AC-B5AD-C62C3A325BD0}) (Version: 1.00.011 - Dell Inc.)
Dell Data Protection | Access | Middleware (HKLM-x32\...\{841CBDD5-4BB5-403E-AEE3-2FADC3890BE8}) (Version: 1.00.005 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell System Manager (HKLM\...\{0DB0EA38-E806-44ED-A892-489F2E305080}) (Version: 1.5.00000 - Dell Inc.)
DellAccess (Version: 01.01.00.053 - Wave Systems Corp.) Hidden
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
EMBASSY Security Center (Version: 04.03.00.067 - Wave Systems Corp.) Hidden
Esri CityEngine 2016.0 (HKLM\...\Esri CityEngine 2016.0) (Version: 16.0.100 - Environmental Systems Research Institute, Inc.)
Esri CityEngine 2016.0 (Version: 16.0.100 - Environmental Systems Research Institute, Inc.) Hidden
FME Desktop 2016.1.2.1 (Build 16674 - win64) (HKLM\...\{C6197A42-6BFE-1014-B1BC-EE2AC0F79D75}) (Version: 7.22.16674 - Safe Software Inc.)
Fushicai VIDEO DVR (HKLM-x32\...\{989BAFE8-E777-43D7-9749-9810E0E9FF48}) (Version: 2013.5.6 - Fushicai)
Gemalto (Version: 01.64.01.0010 - Wave Systems Corp) Hidden
Google Chrome (HKU\S-1-5-21-151233617-2686695857-2843107125-1001\...\Google Chrome) (Version: 54.0.2840.71 - Google Inc.)
Google Drive (HKLM-x32\...\{459CE109-4E46-4340-92BC-054642BC3BC2}) (Version: 1.31.2873.2758 - Google, Inc.)
Google Earth (HKLM-x32\...\{A0C18B96-AB79-46BD-8321-6FA83E6D25B9}) (Version: 7.1.7.2606 - Google)
Google Earth Pro (HKLM-x32\...\{1C63D1F0-DE50-11E2-BB78-B8AC6F98CCE3}) (Version: 7.1.1.1871 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
honestechTVR2.5 (HKLM-x32\...\{ABADD11D-1B48-4F23-BEBA-6B22CE8F5E58}) (Version: 2.5 - honestech)
honestechTVR2.5 (x32 Version: 2.5 - honestech) Hidden
HP FWUpdateEDO3 (HKLM-x32\...\{A82D0C46-EBDF-4B27-A731-D06EF2056E81}) (Version: 1.0.0.0 - Hewlett-Packard Company)
HP LaserJet Professional CP1520 Series (HKLM-x32\...\{5C069542-CA13-4f1b-B90C-28C6430F4992}) (Version:  - Hewlett-Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPLaserJetHelp_LearnCenter (HKLM-x32\...\{E15C68A1-9CA5-44AC-A7F7-6C0673F196A8}) (Version: 1.02.0000 - Hewlett-Packard)
HPLJUT (x32 Version: 1.00.0012 - HP) Hidden
hppCP1520LaserJetService (x32 Version: 001.008.00477 - Hewlett-Packard) Hidden
hppLaserJetService (x32 Version: 002.015.00599 - Hewlett-Packard) Hidden
hppTLBXFXCP1520 (x32 Version: 001.012.00948 - Hewlett-Packard) Hidden
hpzTLBXFX (x32 Version: 006.015.01163 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{CE29BC77-C5AE-49D8-A8C0-FDAF6ACF74DF}) (Version: 6.0.1.41 - Apple Inc.)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{9946A4F7-E0FD-4A33-82D1-06CBFFBBB9F9}) (Version: 12.5.1.21 - Apple Inc.)
Java 8 Update 112 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180112F0}) (Version: 8.0.1120.15 - Oracle Corporation)
Java™ 6 Update 23 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416023FF}) (Version: 6.0.230 - Oracle)
JavaFX 2.1.0 (HKLM-x32\...\{1111706F-666A-4037-7777-210328764D10}) (Version: 2.1.0 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab)
Kaspersky Secure Connection (x32 Version: 17.0.0.611 - Kaspersky Lab) Hidden
Kaspersky Total Security (HKLM-x32\...\InstallWIX_{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab)
Kaspersky Total Security (x32 Version: 17.0.0.611 - Kaspersky Lab) Hidden
Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)
LogMeIn (HKLM-x32\...\{D3AE96EE-2876-4B3F-847C-D3A4AD689E43}) (Version: 4.1.1578 - LogMeIn, Inc.)
LogMeIn Client (HKLM-x32\...\{D2300C4F-CC9B-4D00-BC53-B4C806A6C7AB}) (Version: 1.3.1675 - LogMeIn, Inc.)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional 2016 - en-us (HKLM\...\ProfessionalRetail - en-us) (Version: 16.0.7369.2038 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movavi Video Editor 11 (HKLM-x32\...\Movavi Video Editor 11) (Version: 11.2.0 - Movavi)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyHarmony (HKU\S-1-5-21-151233617-2686695857-2843107125-1001\...\036a0e4fc6a247ec) (Version: 1.0.1.257 - Logitech)
NTRU TCG Software Stack (Version: 2.1.34 - Security Innovation) Hidden
NVIDIA 3D Vision Driver 358.91 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 358.91 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5929 - NVIDIA Corporation)
NVIDIA Graphics Driver 358.91 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 358.91 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA nView 146.78 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 146.78 - NVIDIA Corporation)
NVIDIA WMI 2.24.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVWMI) (Version: 2.24.0 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7369.2038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7369.2038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7369.2038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7369.2038 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
PC-CCID (Version: 2.0.0 - Gemalto) Hidden
PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
Preboot Manager (Version: 03.03.00.049 - Wave Systems Corp.) Hidden
Private Information Manager (Version: 07.01.00.007 - Wave Systems Corp.) Hidden
Python 2.5 numpy-1.0.3 (HKLM-x32\...\numpy-py2.5) (Version:  - )
Python 2.5 numpy-1.0.3 (HKLM-x32\...\Python 2.5 numpy-1.0.3) (Version:  - )
Python 2.5.1 (HKLM-x32\...\Python 2.5.1) (Version:  - )
QGIS 2.16 2.16.2 Nødebo (HKLM\...\QGIS 2.16) (Version:  - QGIS Development Team)
Quicken 2012 (HKLM-x32\...\{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}) (Version: 21.1.7.18 - Intuit)
Quicken 2015 (HKLM-x32\...\{00C2D443-43D9-4550-ABEA-318288E23E57}) (Version: 24.1.11.1 - Intuit)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
Rosetta Stone Language Training (HKLM-x32\...\{00384623-4937-4D7D-BDD9-23513D1C50AB}) (Version: 5.0.37.0 - Rosetta Stone, Ltd)
Rosetta Stone Ltd Services (HKLM-x32\...\{3165E4A6-D5DE-46B0-8597-D55E2B826B84}) (Version: 3.2.21 - Rosetta Stone Ltd.)
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Sentinel System Driver(64-bit) 7.2.2 (HKLM\...\{97407E09-4EA8-49F0-A513-2C1776A6DEC0}) (Version: 7.2.2 - SafeNet, Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 7.28 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.28.101 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
SPBA 5.9 (Version: 5.9.4.6686 - UPEK Inc.) Hidden
Trusted Drive Manager (Version: 4.0.0.512 - Wave Systems Corp.) Hidden
Upek Touchchip Fingerprint Reader (Version: 1.2.004 - Dell Inc.) Hidden
Wave Infrastructure Installer (Version: 07.66.40.0008 - Wave Systems Corp) Hidden
Wave Support Software Installer (Version: 05.13.00.014 - Wave Systems Corp) Hidden
Windows Driver Package - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinZip 16.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240D3}) (Version: 16.5.10095 - WinZip Computing, S.L. )
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileCoAuthLib64.dll => No Fil (the data entry has 1 more characters).
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Suzanne\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe => No File
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{BF9DDDDB-4A44-41F7-94C7-4DB032B73B9F}\InprocServer32 -> C:\Users\Suzanne\AppData\Roaming\Add-in Express\Merge Cells Wizard for Microsoft Excel\adxloader64.dll ()
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0DC59238-B059-4EFF-9CF9-9A8CA49C9C53} - System32\Tasks\{0413D07A-8D30-4D5A-BE61-486976FB485F} => C:\Program Files (x86)\iTunes\iTunes.exe
Task: {15D894C6-8C07-4502-817B-3633CBC2F6A0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: {16E7A5FB-0D27-4FFC-935D-CB64441A4BD1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-151233617-2686695857-2843107125-1001Core1cf23885969d023 => C:\Users\Suzanne\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {19E720E5-12AA-4EE3-9C27-83BF10CA2419} - System32\Tasks\{A4BA670A-111C-4595-88DE-44B1BC131F3C} => C:\Program Files (x86)\iTunes\iTunes.exe
Task: {296820CE-CF2E-4BF6-A702-4363873404AB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-151233617-2686695857-2843107125-1001Core => C:\Users\Suzanne\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {3B786855-FB5F-4C15-B445-7A740D115058} - System32\Tasks\{04FF8751-D100-4F82-BE83-D96DAFA59B39} => C:\Program Files (x86)\iTunes\iTunes.exe
Task: {48239E39-A010-47DA-A4BA-F13478A0CAE6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-151233617-2686695857-2843107125-1001UA => C:\Users\Suzanne\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {5E91E53F-0505-4306-BB33-68DC3BE70C38} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [2010-09-22] (Hewlett Packard)
Task: {65729D44-5252-401D-B2CF-BAF410DE527B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {66732F40-8D0E-4B61-A60C-AEBCC6F3114C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {67A9D11B-7985-4EDA-96C7-C301BF4BA209} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2016-08-23] (AO Kaspersky Lab)
Task: {6B1929ED-F652-45B4-91AF-2B689541E8D6} - System32\Tasks\RegClean Pro_UPDATES => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {708F24B9-28BC-47E9-B04A-16B31A1C6744} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-151233617-2686695857-2843107125-1001UA1cf23886a25815c => C:\Users\Suzanne\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {87B96AB0-7AB8-4E37-A083-9C8B6952E13E} - System32\Tasks\{4D5AC19A-5FF4-4A2F-A1AF-3E5DD0BAAB0C} => D:\autorun.exe
Task: {964025AA-7830-4AC4-B364-E67585C17F61} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-08] (Microsoft Corporation)
Task: {A9C69709-F628-4E15-AA80-357F047BB55C} - System32\Tasks\G2MUpdateTask-S-1-5-21-151233617-2686695857-2843107125-1001 => C:\Program Files (x86)\Citrix\GoToMeeting\5742\g2mupdate.exe
Task: {B24AE1E3-4FF1-4DF0-8E8A-FFEAF516B368} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-08] (Microsoft Corporation)
Task: {B2AEA276-409F-468F-9DE6-98B2696BD095} - System32\Tasks\RegClean Pro_DEFAULT => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {B7B9DB6D-6070-4B33-B81A-4A015F6AD654} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2016-09-13] (Bitdefender)
Task: {B85041F5-4507-4DF4-B32F-2120AD6A00B5} - System32\Tasks\{89B37D2F-F8B6-4666-BC35-FCBF4333D964} => D:\autorun.exe
Task: {CEABA74D-1DA7-4D11-8436-1C4F8EC1EA84} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-151233617-2686695857-2843107125-1001UA1d0013a3ffd0f14 => C:\Users\Suzanne\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {CFB72B10-B94B-4668-8030-98F6B2092CD2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {D957B3D7-A0E7-47BE-A2B1-44A42E4C19DF} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2016-09-09] (Apple Inc.)
Task: {DC286D2F-C572-45D8-9115-DB9BC8B91E53} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-151233617-2686695857-2843107125-1001Core1d0013a3e4c6110 => C:\Users\Suzanne\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {E69A5AB1-5E51-4F59-AA96-C7F1360BDE91} - System32\Tasks\DigitalSite => C:\Users\Suzanne\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {F3F98508-023D-412B-A62A-F3C4D70BB29E} - System32\Tasks\G2MUploadTask-S-1-5-21-151233617-2686695857-2843107125-1001 => C:\Program Files (x86)\Citrix\GoToMeeting\5742\g2mupload.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\DigitalSite.job => C:\Users\Suzanne\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-151233617-2686695857-2843107125-1001Core.job => C:\Users\Suzanne\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-151233617-2686695857-2843107125-1001Core1cf23885969d023.job => C:\Users\Suzanne\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-151233617-2686695857-2843107125-1001Core1d0013a3e4c6110.job => C:\Users\Suzanne\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-151233617-2686695857-2843107125-1001UA.job => C:\Users\Suzanne\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-151233617-2686695857-2843107125-1001UA1cf23886a25815c.job => C:\Users\Suzanne\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-151233617-2686695857-2843107125-1001UA1d0013a3ffd0f14.job => C:\Users\Suzanne\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\RegClean Pro_DEFAULT.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: C:\Windows\Tasks\RegClean Pro_UPDATES.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Web Applications\pinterest.com\http_80\Pinterest _ Goodies.lnk -> C:\Users\Suzanne\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --app=hxxp://pinterest.com/about/goodies/
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-01-28 10:39 - 2015-11-10 02:32 - 03088712 _____ () C:\Windows\system32\nvwmi64.exe
2016-01-28 10:38 - 2015-11-05 08:13 - 00116528 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-09-01 18:12 - 2016-09-01 18:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-09-01 18:12 - 2016-09-01 18:12 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-09-06 13:21 - 2016-10-08 00:52 - 08923840 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-01-28 10:39 - 2015-11-10 02:26 - 01941304 _____ () C:\Program Files\NVIDIA Corporation\nView\nViewH64.dll
2010-11-10 20:53 - 2010-11-10 20:53 - 00817136 _____ () C:\Program Files\Roxio\Roxio Burn\RBVirtualFolder64.dll
2013-06-13 17:07 - 2013-03-25 10:57 - 00727952 _____ () C:\Windows\SysWOW64\WSCM64.dll
2016-01-28 10:39 - 2015-11-10 02:26 - 01315128 _____ () C:\Program Files\NVIDIA Corporation\nView\nViewMain64.exe
2016-01-28 10:39 - 2015-11-10 02:26 - 01187656 _____ () C:\Program Files\NVIDIA Corporation\nView\nViewMain.exe
2016-01-28 20:32 - 2009-11-03 10:19 - 00409088 _____ () C:\Program Files (x86)\honestech\honestech TVR 2.5\scheduleTV.exe
2010-11-17 08:35 - 2010-11-17 08:35 - 00514544 ____N () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
2016-06-28 00:19 - 2016-06-28 00:19 - 00865232 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\kpcengine.2.3.dll
2016-01-28 10:39 - 2015-11-10 02:26 - 01582408 _____ () C:\Program Files\NVIDIA Corporation\nView\nViewH.dll
2016-10-04 09:55 - 2016-01-01 02:00 - 00100352 ___SH () C:\Users\Suzanne\AppData\Roaming\MicrocoftUrdateNT\MSIMG32.dll
2016-09-01 18:13 - 2016-09-01 18:13 - 01041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-09-01 18:13 - 2016-09-01 18:13 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2016-09-01 18:12 - 2016-09-01 18:12 - 00189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2016-01-28 20:32 - 2008-04-27 19:06 - 00053248 _____ () C:\Program Files (x86)\honestech\honestech TVR 2.5\ReadRemoteKey.dll
2010-11-24 20:44 - 2010-11-24 20:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
2010-10-25 14:36 - 2010-10-25 14:36 - 00119864 _____ () C:\Program Files (x86)\HP\ToolboxFX\bin\nativeutils.dll
2016-10-25 08:16 - 2016-10-20 01:47 - 01819240 _____ () C:\Users\Suzanne\AppData\Local\Google\Chrome\Application\54.0.2840.71\libglesv2.dll
2016-10-25 08:16 - 2016-10-20 01:47 - 00093288 _____ () C:\Users\Suzanne\AppData\Local\Google\Chrome\Application\54.0.2840.71\libegl.dll
2016-10-25 20:22 - 2016-10-25 20:22 - 00098816 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI24722\win32api.pyd
2016-10-25 20:22 - 2016-10-25 20:22 - 00110080 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI24722\pywintypes27.dll
2016-10-25 20:22 - 2016-10-25 20:22 - 00364544 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI24722\pythoncom27.dll
2016-10-25 20:22 - 2016-10-25 20:22 - 00320512 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI24722\win32com.shell.shell.pyd
2016-10-25 20:22 - 2016-10-25 20:22 - 00776704 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI24722\_hashlib.pyd
2016-10-25 20:22 - 2016-10-25 20:22 - 01176576 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI24722\wx._core_.pyd
2016-10-25 20:22 - 2016-10-25 20:22 - 00806400 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI24722\wx._gdi_.pyd
2016-10-25 20:22 - 2016-10-25 20:22 - 00816128 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI24722\wx._windows_.pyd
2016-10-25 20:22 - 2016-10-25 20:22 - 01067008 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI24722\wx._controls_.pyd
2016-10-25 20:22 - 2016-10-25 20:22 - 00733184 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI24722\wx._misc_.pyd
2016-10-25 20:22 - 2016-10-25 20:22 - 00682496 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI24722\pysqlite2._sqlite.pyd
2016-10-25 20:22 - 2016-10-25 20:22 - 00088064 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI24722\_ctypes.pyd
2016-10-25 20:22 - 2016-10-25 20:22 - 00119808 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI24722\win32file.pyd
2016-10-25 20:22 - 2016-10-25 20:22 - 00108544 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI24722\win32security.pyd
2016-10-25 20:22 - 2016-10-25 20:22 - 00007168 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI24722\hashobjs_ext.pyd
2016-10-25 20:22 - 2016-10-25 20:22 - 00017920 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI24722\thumbnails_ext.pyd
2016-10-25 20:22 - 2016-10-25 20:22 - 00088064 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI24722\usb_ext.pyd
2016-10-25 20:22 - 2016-10-25 20:22 - 00012800 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI24722\common.time34.pyd
2016-10-25 20:22 - 2016-10-25 20:22 - 00018432 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI24722\win32event.pyd
2016-10-25 20:22 - 2016-10-25 20:22 - 00167936 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI24722\win32gui.pyd
2016-10-25 20:22 - 2016-10-25 20:22 - 00046080 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI24722\_socket.pyd
2016-10-25 20:22 - 2016-10-25 20:22 - 01208320 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI24722\_ssl.pyd
2016-10-25 20:22 - 2016-10-25 20:22 - 00128512 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI24722\_elementtree.pyd
2016-10-25 20:22 - 2016-10-25 20:22 - 00127488 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI24722\pyexpat.pyd
2016-10-25 20:22 - 2016-10-25 20:22 - 00038912 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI24722\win32inet.pyd
2016-10-25 20:22 - 2016-10-25 20:22 - 00036864 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI24722\_psutil_windows.pyd
2016-10-25 20:22 - 2016-10-25 20:22 - 00525208 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI24722\windows._lib_cacheinvalidation.pyd
2016-10-25 20:22 - 2016-10-25 20:22 - 00011264 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI24722\win32crypt.pyd
2016-10-25 20:22 - 2016-10-25 20:22 - 00077312 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI24722\wx._html2.pyd
2016-10-25 20:22 - 2016-10-25 20:22 - 00027136 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI24722\_multiprocessing.pyd
2016-10-25 20:22 - 2016-10-25 20:22 - 00020480 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI24722\_yappi.pyd
2016-10-25 20:22 - 2016-10-25 20:22 - 00035840 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI24722\win32process.pyd
2016-10-25 20:22 - 2016-10-25 20:22 - 00686080 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI24722\unicodedata.pyd
2016-10-25 20:22 - 2016-10-25 20:22 - 00078848 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI24722\wx._animate.pyd
2016-10-25 20:22 - 2016-10-25 20:22 - 00123392 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI24722\wx._wizard.pyd
2016-10-25 20:22 - 2016-10-25 20:22 - 00024064 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI24722\win32pipe.pyd
2016-10-25 20:22 - 2016-10-25 20:22 - 00010240 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI24722\select.pyd
2016-10-25 20:22 - 2016-10-25 20:22 - 00025600 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI24722\win32pdh.pyd
2016-10-25 20:22 - 2016-10-25 20:22 - 00017408 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI24722\win32profile.pyd
2016-10-25 20:22 - 2016-10-25 20:22 - 00022528 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI24722\win32ts.pyd
2016-10-04 09:55 - 2016-01-01 02:00 - 00100352 ___SH () c:\users\suzanne\appdata\roaming\microcofturdatent\msimg32.dll
2016-10-25 14:20 - 2016-10-24 11:03 - 17771200 _____ () C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\PepperFlash\23.0.0.205\pepflashplayer.dll
2016-09-06 13:15 - 2016-10-18 11:32 - 03593408 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\gfx.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Windows\SysWOW64\ractrlkeyhook.dll:BDU [22]
AlternateDataStreams: C:\Windows\SysWOW64\TABCTL32.htm:BDU [22]
AlternateDataStreams: C:\Users\Suzanne\Downloads\ArcGISPro_5023_149395.exe:BDU [0]
AlternateDataStreams: C:\Users\Suzanne\Downloads\ArcGIS_Desktop_104_149411.exe:BDU [0]
AlternateDataStreams: C:\Users\Suzanne\Downloads\ArcGIS_Earth_x64_Setup_1.0.exe:BDU [0]
AlternateDataStreams: C:\Users\Suzanne\Downloads\BoxEditInstaller.exe:BDU [0]
AlternateDataStreams: C:\Users\Suzanne\Downloads\ChromeSetup.exe:BDU [0]
AlternateDataStreams: C:\Users\Suzanne\Downloads\CityEngine_2016_0_150261.exe:BDU [0]
AlternateDataStreams: C:\Users\Suzanne\Downloads\Driver207win (1).exe:BDU [0]
AlternateDataStreams: C:\Users\Suzanne\Downloads\Driver207win.exe:BDU [0]
AlternateDataStreams: C:\Users\Suzanne\Downloads\easycapture_setup_1.2.0.exe:BDU [0]
AlternateDataStreams: C:\Users\Suzanne\Downloads\PatchFinder.exe:BDU [0]
AlternateDataStreams: C:\Users\Suzanne\Downloads\Setup.X86.en-US_ProfessionalRetail_bd258168-37e4-471a-92f1-93d2ff205f62_TX_PR_.exe:BDU [0]
AlternateDataStreams: C:\Users\Suzanne\Downloads\wlsetup-web.exe:BDU [0]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2016-10-24 14:41 - 00003072 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-151233617-2686695857-2843107125-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Suzanne\Pictures\gumby.jpg
DNS Servers: 192.168.10.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{41422E44-3406-4A93-B450-2D312C87D6E1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{D4A758E9-3C0D-44E8-ADB2-854FC98DFE5D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{3157DD3A-319D-4D65-B6AB-93ADB4D0C653}] => (Allow) LPort=3703
FirewallRules: [{441D9186-92A4-4803-BA11-81797D55FA23}] => (Allow) LPort=3704
FirewallRules: [{DEB659CD-54F8-41A1-80B9-58AA05256D7E}] => (Allow) LPort=50900
FirewallRules: [{91D4E84B-47C9-40A2-AD72-5E88730A454E}] => (Allow) LPort=50901
FirewallRules: [{88989606-90A7-4BB1-BD7C-1CE9214F2628}] => (Allow) C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
FirewallRules: [{EF737E9D-43CF-4486-8F8D-DA1CD805EBB2}] => (Allow) C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
FirewallRules: [TCP Query User{3657E126-8208-4A49-AF8E-8C2F67290776}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{A8990542-A0F9-4F21-A280-9B40215B48F5}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{35C514E1-2A7C-414C-9DBF-3CFD2041C813}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [UDP Query User{8D9A34C2-1F86-4732-9B17-16CDEF0FA141}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [{744D57AA-4761-4FD7-AC38-DB3F978D2CD5}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{2CE9DC3A-C8E0-4E2B-ABEA-63A5EA4C8B6E}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [TCP Query User{BA4A4083-E4AE-4689-8489-6853D6966CA5}C:\program files (x86)\orbitdownloader\orbitnet.exe] => (Allow) C:\program files (x86)\orbitdownloader\orbitnet.exe
FirewallRules: [UDP Query User{8A3E9F7D-57F0-4896-92D0-9AD22349AD68}C:\program files (x86)\orbitdownloader\orbitnet.exe] => (Allow) C:\program files (x86)\orbitdownloader\orbitnet.exe
FirewallRules: [TCP Query User{FB2964C2-23C2-45D0-AD6C-63A6609EF4C6}C:\program files (x86)\arcgis\desktop10.0\bin\arcmap.exe] => (Allow) C:\program files (x86)\arcgis\desktop10.0\bin\arcmap.exe
FirewallRules: [UDP Query User{FB3D0B7A-D1E0-4659-A4CD-B16994194ABE}C:\program files (x86)\arcgis\desktop10.0\bin\arcmap.exe] => (Allow) C:\program files (x86)\arcgis\desktop10.0\bin\arcmap.exe
FirewallRules: [TCP Query User{F150EBA6-1731-46CF-84A8-C7CAE1819E92}C:\program files (x86)\orbitdownloader\orbitnet.exe] => (Allow) C:\program files (x86)\orbitdownloader\orbitnet.exe
FirewallRules: [UDP Query User{1BE6857F-5A65-4110-955F-0879D273B82F}C:\program files (x86)\orbitdownloader\orbitnet.exe] => (Allow) C:\program files (x86)\orbitdownloader\orbitnet.exe
FirewallRules: [{84C9C5E3-7B7F-4CCE-BB5C-56554272AACC}] => (Allow) %ProgramFiles% (x86)\iTunes\iTunes.exe
FirewallRules: [TCP Query User{ABFFB7A9-9081-4825-A3F0-E7F43010878B}C:\users\suzanne\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\suzanne\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{8B3ED360-E7F8-4AD0-AF68-9A97502C9E20}C:\users\suzanne\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\suzanne\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{CED04AFF-E697-456D-9774-CFE97754AEED}C:\users\suzanne\appdata\local\temp\lmi1467.tmp\logmein client.exe] => (Allow) C:\users\suzanne\appdata\local\temp\lmi1467.tmp\logmein client.exe
FirewallRules: [UDP Query User{5595BF07-86BD-492A-B9BF-CD836622E16C}C:\users\suzanne\appdata\local\temp\lmi1467.tmp\logmein client.exe] => (Allow) C:\users\suzanne\appdata\local\temp\lmi1467.tmp\logmein client.exe
FirewallRules: [TCP Query User{99EA1E7D-E49D-4A49-AEBB-E07858ECDF90}C:\users\suzanne\appdata\local\logmein client\logmein client.exe] => (Allow) C:\users\suzanne\appdata\local\logmein client\logmein client.exe
FirewallRules: [UDP Query User{4C89C0BD-E6C6-436C-B0DF-97C7E2082B7E}C:\users\suzanne\appdata\local\logmein client\logmein client.exe] => (Allow) C:\users\suzanne\appdata\local\logmein client\logmein client.exe
FirewallRules: [TCP Query User{B5C8AFCC-5C87-4757-B0DD-F995D841735B}C:\users\suzanne\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\suzanne\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{A3463A72-67CB-4961-9734-66F4D88F62DD}C:\users\suzanne\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\suzanne\appdata\local\akamai\netsession_win.exe
FirewallRules: [{732EAA20-57DD-4604-9510-F1A736F7BAD8}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdServices.exe
FirewallRules: [{9655D171-2832-45E1-B9C0-6776DE56CFA1}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdServices.exe
FirewallRules: [{B5B9EB9D-00F6-4463-8971-C64EBAF5BBD5}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
FirewallRules: [{83CACCBF-39E6-4BD9-9EFD-D20D2004CDAC}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
FirewallRules: [TCP Query User{23D6FAE3-CFF4-49F6-8D2C-23C474FE0321}C:\users\suzanne\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\suzanne\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{E6DC87CD-29DA-44C9-8F95-6687908B57BF}C:\users\suzanne\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\suzanne\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{67A479B6-923D-4EBE-9C6C-46EB93EFE929}C:\users\suzanne\appdata\local\logmein client\lmiignition.exe] => (Allow) C:\users\suzanne\appdata\local\logmein client\lmiignition.exe
FirewallRules: [UDP Query User{C3F93811-B9A0-4376-89C2-C672A2C25C12}C:\users\suzanne\appdata\local\logmein client\lmiignition.exe] => (Allow) C:\users\suzanne\appdata\local\logmein client\lmiignition.exe
FirewallRules: [TCP Query User{AC34F27F-9FE1-414A-A6D1-996DF99FC468}C:\program files (x86)\logmein\ignition\lmiignition.exe] => (Allow) C:\program files (x86)\logmein\ignition\lmiignition.exe
FirewallRules: [UDP Query User{A0452389-3C2D-4086-9FDF-A72BC9984728}C:\program files (x86)\logmein\ignition\lmiignition.exe] => (Allow) C:\program files (x86)\logmein\ignition\lmiignition.exe
FirewallRules: [TCP Query User{B701E11A-7F07-48BB-A60F-083DD8563891}C:\program files (x86)\arcgis\desktop10.2\bin\arcmap.exe] => (Allow) C:\program files (x86)\arcgis\desktop10.2\bin\arcmap.exe
FirewallRules: [UDP Query User{822A887B-A1DA-4BCE-AF99-228B45B6115D}C:\program files (x86)\arcgis\desktop10.2\bin\arcmap.exe] => (Allow) C:\program files (x86)\arcgis\desktop10.2\bin\arcmap.exe
FirewallRules: [TCP Query User{FBDB9957-690B-46CA-9507-A55E39F321D2}C:\program files (x86)\arcgis\desktop10.2\bin\arccatalog.exe] => (Allow) C:\program files (x86)\arcgis\desktop10.2\bin\arccatalog.exe
FirewallRules: [UDP Query User{B19595DA-CF6D-4993-9589-8DA867853C46}C:\program files (x86)\arcgis\desktop10.2\bin\arccatalog.exe] => (Allow) C:\program files (x86)\arcgis\desktop10.2\bin\arccatalog.exe
FirewallRules: [{F451F5B4-04F5-4F2E-A2A5-A1913F4A7038}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F62383D0-7692-43D3-B48C-6C655144597E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{68FE5D4D-2129-4A80-B807-3394670D2B14}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7AF72695-1DCE-40D2-8B00-9F43872CAE9E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{58D8F0A2-EA3F-42E9-8E80-DC8D20C21CED}C:\program files (x86)\logmein ignition\lmiignition.exe] => (Allow) C:\program files (x86)\logmein ignition\lmiignition.exe
FirewallRules: [UDP Query User{4402769C-36F7-4AED-9682-C563834A6BA0}C:\program files (x86)\logmein ignition\lmiignition.exe] => (Allow) C:\program files (x86)\logmein ignition\lmiignition.exe
FirewallRules: [{71A8EF7F-EC4E-4034-A704-E825B4EA9F49}] => (Allow) LPort=49384
FirewallRules: [{E1F7B4C3-9119-46DB-9117-AAE5FFEC99B8}] => (Allow) LPort=5000
FirewallRules: [{7B0CB2F1-0228-4081-B443-9B03EB4463B9}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{4A855208-1C2D-4AD7-997C-62367249E94C}] => (Allow) LPort=2869
FirewallRules: [{18298327-6A1A-4BB3-B212-C95EA99A50E6}] => (Allow) LPort=1900
FirewallRules: [{6F69F51A-0A4B-4F38-8731-194E3124255B}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [TCP Query User{0F13D120-B627-4479-BF00-9C512AE3C600}C:\users\suzanne\appdata\local\temp\g2_1826\g2viewer.exe] => (Allow) C:\users\suzanne\appdata\local\temp\g2_1826\g2viewer.exe
FirewallRules: [UDP Query User{028224AD-E439-4657-A5AC-9562C1035FED}C:\users\suzanne\appdata\local\temp\g2_1826\g2viewer.exe] => (Allow) C:\users\suzanne\appdata\local\temp\g2_1826\g2viewer.exe
FirewallRules: [{4A41CC16-99B3-4869-9F40-7F7FCA0D1336}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{96BECEC8-C48A-4B9B-B6E7-0E9B28B08B26}C:\users\suzanne\appdata\local\temp\g2_1875\g2viewer.exe] => (Allow) C:\users\suzanne\appdata\local\temp\g2_1875\g2viewer.exe
FirewallRules: [UDP Query User{15CE6E14-27AE-4F1B-82AB-40680753D602}C:\users\suzanne\appdata\local\temp\g2_1875\g2viewer.exe] => (Allow) C:\users\suzanne\appdata\local\temp\g2_1875\g2viewer.exe
FirewallRules: [TCP Query User{89D3265B-BB7B-410D-B259-7EA747FA1386}C:\program files\esri\cityengine2016.0\cityengine.exe] => (Allow) C:\program files\esri\cityengine2016.0\cityengine.exe
FirewallRules: [UDP Query User{9A2A33F9-F5FA-42F3-AA18-83D84CE63C12}C:\program files\esri\cityengine2016.0\cityengine.exe] => (Allow) C:\program files\esri\cityengine2016.0\cityengine.exe
FirewallRules: [TCP Query User{1429D159-427C-44DE-93EC-9CDA37841971}C:\program files (x86)\adobe\adobe dreamweaver cs3\dreamweaver.exe] => (Allow) C:\program files (x86)\adobe\adobe dreamweaver cs3\dreamweaver.exe
FirewallRules: [UDP Query User{5293B334-C0B4-400D-BD84-54557DD9465B}C:\program files (x86)\adobe\adobe dreamweaver cs3\dreamweaver.exe] => (Allow) C:\program files (x86)\adobe\adobe dreamweaver cs3\dreamweaver.exe
FirewallRules: [{DA9B2384-EFC5-4F09-B4F7-BC349D18D701}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{97284FD0-7786-4CB2-89B3-EDFC047DD166}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{3D6C4DCB-D476-41B7-BA83-8A2B70ACE023}] => (Allow) LPort=49265
FirewallRules: [{0CC91500-002A-4D41-B0B4-5523DBBEE0F6}] => (Allow) C:\Program Files\FME\fme.exe
FirewallRules: [{9AF969F5-A10B-4B61-B44C-296DE23664B9}] => (Allow) LPort=3389
FirewallRules: [{C66743B9-C5BF-4B60-8FF4-B16356BC9521}] => (Allow) LPort=443
FirewallRules: [{21DEDBCE-7291-4012-828A-B5536B025A0E}] => (Allow) LPort=443
FirewallRules: [{8FAFAC91-9911-4ACC-A07A-E1EB32FF4382}] => (Allow) LPort=443
FirewallRules: [{DB9B0B58-343A-483B-BB9A-D3C61817B2B6}] => (Allow) LPort=443
FirewallRules: [{81B805D5-9DA0-4078-B38E-7EB1D72198BA}] => (Allow) LPort=443
FirewallRules: [{EC95BDCC-0E2B-4806-BA68-E63AE97F21C9}] => (Allow) LPort=443
FirewallRules: [{1F5EFC2F-C3C2-4433-9248-D1D2C954819B}] => (Allow) C:\Users\Suzanne\AppData\Local\Google\Chrome\Application\chrome.exe
FirewallRules: [{9BD393E8-6D30-4997-989C-8F119EEA14AA}] => (Allow) LPort=49330
FirewallRules: [{A52A6B08-FA8A-4944-98E9-BE8CC579669F}] => (Allow) LPort=5000
DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7
 
==================== Restore Points =========================
 
18-10-2016 18:54:46 Scheduled Checkpoint
19-10-2016 03:00:27 Windows Update
20-10-2016 03:00:15 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/25/2016 08:33:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iCloudPhotos.exe, version: 105.0.0.21, time stamp: 0x57a82682
Faulting module name: iCloudPhotos_main.dll, version: 105.0.0.21, time stamp: 0x57d32c57
Exception code: 0xc0000005
Fault offset: 0x000f156c
Faulting process id: 0xd04
Faulting application start time: 0x01d22f3827f93cb5
Faulting application path: C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
Faulting module path: C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos_main.dll
Report Id: 04339c67-9b2d-11e6-868d-bc305bd66386
 
Error: (10/25/2016 08:24:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HPLaserJetService.exe, version: 2.15.599.0, time stamp: 0x4cc5ee57
Faulting module name: hppccompio.DLL, version: 1.3.0.24, time stamp: 0x4c9685d0
Exception code: 0xc0000417
Fault offset: 0x000073bf
Faulting process id: 0xa10
Faulting application start time: 0x01d22f3815cf99e0
Faulting application path: C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
Faulting module path: C:\Windows\system32\hppccompio.DLL
Report Id: a7ddfebe-9b2b-11e6-868d-bc305bd66386
 
Error: (10/25/2016 06:05:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HPLaserJetService.exe, version: 2.15.599.0, time stamp: 0x4cc5ee57
Faulting module name: hppccompio.DLL, version: 1.3.0.24, time stamp: 0x4c9685d0
Exception code: 0xc0000417
Fault offset: 0x000073bf
Faulting process id: 0x25a4
Faulting application start time: 0x01d22f24fb9543e4
Faulting application path: C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
Faulting module path: C:\Windows\system32\hppccompio.DLL
Report Id: 3a3074a2-9b18-11e6-adea-bc305bd66386
 
Error: (10/25/2016 05:18:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HPLaserJetService.exe, version: 2.15.599.0, time stamp: 0x4cc5ee57
Faulting module name: hppccompio.DLL, version: 1.3.0.24, time stamp: 0x4c9685d0
Exception code: 0xc0000417
Fault offset: 0x000073bf
Faulting process id: 0x1c58
Faulting application start time: 0x01d22f1e6feb4bcb
Faulting application path: C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
Faulting module path: C:\Windows\system32\hppccompio.DLL
Report Id: af4834b9-9b11-11e6-adea-bc305bd66386
 
Error: (10/25/2016 05:04:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HPLaserJetService.exe, version: 2.15.599.0, time stamp: 0x4cc5ee57
Faulting module name: hppccompio.DLL, version: 1.3.0.24, time stamp: 0x4c9685d0
Exception code: 0xc0000417
Fault offset: 0x000073bf
Faulting process id: 0x8e4
Faulting application start time: 0x01d22f1c6355ce9c
Faulting application path: C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
Faulting module path: C:\Windows\system32\hppccompio.DLL
Report Id: c57c8fcf-9b0f-11e6-adea-bc305bd66386
 
Error: (10/25/2016 04:05:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HPLaserJetService.exe, version: 2.15.599.0, time stamp: 0x4cc5ee57
Faulting module name: hppccompio.DLL, version: 1.3.0.24, time stamp: 0x4c9685d0
Exception code: 0xc0000417
Fault offset: 0x000073bf
Faulting process id: 0x13c0
Faulting application start time: 0x01d22f14394530be
Faulting application path: C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
Faulting module path: C:\Windows\system32\hppccompio.DLL
Report Id: 78cd48fd-9b07-11e6-87d1-bc305bd66386
 
Error: (10/25/2016 03:05:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HPLaserJetService.exe, version: 2.15.599.0, time stamp: 0x4cc5ee57
Faulting module name: hppccompio.DLL, version: 1.3.0.24, time stamp: 0x4c9685d0
Exception code: 0xc0000417
Fault offset: 0x000073bf
Faulting process id: 0x1080
Faulting application start time: 0x01d22f0bd7332060
Faulting application path: C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
Faulting module path: C:\Windows\system32\hppccompio.DLL
Report Id: 171edde5-9aff-11e6-87d1-bc305bd66386
 
Error: (10/25/2016 02:05:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HPLaserJetService.exe, version: 2.15.599.0, time stamp: 0x4cc5ee57
Faulting module name: hppccompio.DLL, version: 1.3.0.24, time stamp: 0x4c9685d0
Exception code: 0xc0000417
Fault offset: 0x000073bf
Faulting process id: 0x1d2c
Faulting application start time: 0x01d22f0372b49acd
Faulting application path: C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
Faulting module path: C:\Windows\system32\hppccompio.DLL
Report Id: b174570e-9af6-11e6-87d1-bc305bd66386
 
Error: (10/25/2016 01:05:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HPLaserJetService.exe, version: 2.15.599.0, time stamp: 0x4cc5ee57
Faulting module name: hppccompio.DLL, version: 1.3.0.24, time stamp: 0x4c9685d0
Exception code: 0xc0000417
Fault offset: 0x000073bf
Faulting process id: 0x2230
Faulting application start time: 0x01d22efb139c2687
Faulting application path: C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
Faulting module path: C:\Windows\system32\hppccompio.DLL
Report Id: 5529da5a-9aee-11e6-87d1-bc305bd66386
 
Error: (10/25/2016 12:05:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HPLaserJetService.exe, version: 2.15.599.0, time stamp: 0x4cc5ee57
Faulting module name: hppccompio.DLL, version: 1.3.0.24, time stamp: 0x4c9685d0
Exception code: 0xc0000417
Fault offset: 0x000073bf
Faulting process id: 0x2348
Faulting application start time: 0x01d22ef2b7e81fa7
Faulting application path: C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
Faulting module path: C:\Windows\system32\hppccompio.DLL
Report Id: f950709f-9ae5-11e6-87d1-bc305bd66386
 
 
System errors:
=============
Error: (10/25/2016 08:34:24 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.
 
Error: (10/25/2016 08:25:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP LaserJet Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (10/25/2016 08:25:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Sentinel service failed to start due to the following error: 
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Error: (10/25/2016 08:21:31 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The NTRU TSS v1.2.1.34 TCS service depends the following service: TBS. This service might not be installed.
 
Error: (10/25/2016 08:18:49 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (10/25/2016 08:18:49 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (10/25/2016 08:18:49 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (10/25/2016 08:16:43 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (10/25/2016 08:16:43 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (10/25/2016 08:16:43 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
 
CodeIntegrity:
===================================
  Date: 2016-10-25 20:25:45.550
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\Sentinel64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-10-25 20:25:45.373
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\Sentinel64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-10-25 17:06:04.391
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\Sentinel64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-10-25 17:06:04.172
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\Sentinel64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-10-24 20:53:09.902
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\Sentinel64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-10-24 20:53:09.732
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\Sentinel64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-10-24 19:56:39.877
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\Sentinel64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-10-24 19:56:39.707
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\Sentinel64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-10-24 15:07:35.291
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\Sentinel64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-10-24 15:07:35.121
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\Sentinel64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Xeon® CPU W3530 @ 2.80GHz
Percentage of memory in use: 59%
Total physical RAM: 6141.55 MB
Available physical RAM: 2501.71 MB
Total Virtual: 12281.29 MB
Available Virtual: 8013.31 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:464.99 GB) (Free:125.49 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: C648A420)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=750 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=465 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

Edited by skysuz, 26 October 2016 - 08:33 AM.

  • 0

Advertisements

#2
Jr0x
Posted 31 October 2016 - 08:25 AM

Jr0x

    Malware removal team

  • Malware Removal
  • 1,830 posts
Hi skysuz,

Welcome to   :welcome:. My name is Jr0x and I'll be helping you with your problem.

Please Note: I am still in training and my fixes have to be approved by my instructor so there may be a slight delay in my replies. Look upon it as a good thing though in that you have two people looking at your problem.

Before we get started, there are a few things I need you to take note of.
  • Please read through the instructions before attempting to follow those procedures. I would recommend printing them out as some of the instructions would requires you to be in safe mode / offline.
  • If there is anything you are unclear of, please ask before you start the fix.
  • Do not run any scripts / tools on your own, unsupervised usage may cause more harm than good.
  • Please stay with me on this thread, do not start another thread in here (Geeks To Go) or any other forum until I've declared you clean and good to go.
  • There may be delayed response to you as we may live in different timezone.
  • Inform me of anything that happens unexpectedly during the fix at any point of time.
  • As much as we like to make this a easy process for you. Malware removal is a complex multi-step process, and things may happen such as data loss or render your machine unbootable. I would recommend that you backup your personal data before we proceed.
  • Posts that are not replied to in four (4) days will result in the topic being closed. We have not forgotten you; this is just an effort to keep the boards organized and flowing. To continue on your closed topic, please PM me or any Moderator to have the topic reactivated. If, at any time during our working together, I have not responded to you in 2 days (48 hours), then please PM me.
  • Please do not attach any log files to your replies unless I specifically ask youInstead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
  • As we go along please tell me how the computer is running now. Please be as descriptive as possible e.g. I'm still getting web redirects, I am unable to access the internet etc.
Let's get started.

FRST.gif Re-Scan with Farbar's Recovery Scan Tool (FRST)
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File).
  • Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • Because you selected the Addition.txt check box this log will be created as well. Please also paste that along with the FRST.txt into your reply.

  • 0

#3
skysuz
Posted 31 October 2016 - 08:49 PM

skysuz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

OK-- I ran it again:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-10-2016
Ran by Suzanne (administrator) on SUZANNE-PC (31-10-2016 18:21:26)
Running from C:\Users\Suzanne\Desktop
Loaded Profiles: Suzanne (Available Profiles: Suzanne & LogMeInRemoteUser & Guest)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Windows\System32\nvwmi64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Windows\System32\nvwmi64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avp.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(Rosetta Stone Ltd.) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.EXE
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avpui.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe
(TeamViewer GmbH) C:\Users\Suzanne\AppData\Roaming\MicrocoftUrdateNT\update_w32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
() C:\Program Files\NVIDIA Corporation\nView\nviewMain64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Program Files\NVIDIA Corporation\nView\nviewMain.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Akamai Technologies, Inc.) C:\Users\Suzanne\AppData\Local\Akamai\netsession_win.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Akamai Technologies, Inc.) C:\Users\Suzanne\AppData\Local\Akamai\netsession_win.exe
(Box, Inc.) C:\Users\Suzanne\AppData\Local\Box\Box Edit\Box Edit.exe
(Box, Inc.) C:\Users\Suzanne\AppData\Local\Box\Box Local Com Server\Box Local Com Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
() C:\Program Files (x86)\honestech\honestech TVR 2.5\scheduleTV.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\PanelHelper32.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Flexera Software LLC) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
() C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe
(Google Inc.) C:\Users\Suzanne\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Suzanne\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Suzanne\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Suzanne\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
(Intuit Inc.) C:\Program Files (x86)\Quicken\qw.exe
(Google Inc.) C:\Users\Suzanne\AppData\Local\Google\Chrome\Application\chrome.exe
(The OpenVPN Project) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\openvpn.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Users\Suzanne\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-08-07] (Intel Corporation)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2010-09-17] (LogMeIn, Inc.)
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2168976 2015-11-10] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-09-09] (Apple Inc.)
HKLM\...\Run: [update_w32.exe] => "C:\Windows\SysWOW64\regsvr32.exe" /s "C:\Users\Suzanne\AppData\Roaming\MicrocoftUrdateNT\MSIMG32.dll" C:\Users\Suzanne\AppData\Roaming\MicrocoftUrdateNT\update_w32.exe <===== ATTENTION
HKLM-x32\...\Run: [SoundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1314816 2009-04-23] (Analog Devices, Inc.)
HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-04-29] (CyberLink Corp.)
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [623992 2008-10-14] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe_ID0EYTHM] => C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe [1884160 2007-03-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-09-01] (Apple Inc.)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2368736 2014-06-03] (Microsoft Corp.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1743648 2013-06-13] (Wondershare)
HKLM-x32\...\Run: [BrowserPlugInHelper] => C:\Program Files (x86)\Wondershare\Video Converter Ultimate\BrowserPlugInHelper.exe
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKU\S-1-5-21-151233617-2686695857-2843107125-1001\...\Run: [Google Update] => C:\Users\Suzanne\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-09-01] (Google Inc.)
HKU\S-1-5-21-151233617-2686695857-2843107125-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23375200 2016-07-29] (Google)
HKU\S-1-5-21-151233617-2686695857-2843107125-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Suzanne\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-151233617-2686695857-2843107125-1001\...\Run: [QuickenScheduledUpdates] => C:\Program Files (x86)\Quicken\bagent.exe [77248 2016-04-12] (Intuit Inc.)
HKU\S-1-5-21-151233617-2686695857-2843107125-1001\...\Run: [Bitdefender Wallet Agent] => "C:\Program Files\BitDefender\Bitdefender 2016\bdwtxag.exe"
HKU\S-1-5-21-151233617-2686695857-2843107125-1001\...\Run: [Box Edit] => C:\Users\Suzanne\AppData\Local\Box\Box Edit\Box Edit.exe [919280 2016-08-15] (Box, Inc.)
HKU\S-1-5-21-151233617-2686695857-2843107125-1001\...\Run: [Box Local Com Server] => C:\Users\Suzanne\AppData\Local\Box\Box Local Com Server\Box Local Com Service.exe [121072 2016-08-15] (Box, Inc.)
HKU\S-1-5-21-151233617-2686695857-2843107125-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27017856 2016-10-17] (Skype Technologies S.A.)
HKU\S-1-5-21-151233617-2686695857-2843107125-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-09-09] (Apple Inc.)
HKU\S-1-5-21-151233617-2686695857-2843107125-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2016-09-09] (Apple Inc.)
HKU\S-1-5-21-151233617-2686695857-2843107125-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2016-09-09] (Apple Inc.)
HKU\S-1-5-21-151233617-2686695857-2843107125-1001\...\MountPoints2: {bf8c87ee-5192-11e0-bc42-806e6f6e6963} - "E:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-151233617-2686695857-2843107125-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [477696 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [CTAutoUpdate] => C:\Program Files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe [623416 2009-06-19] (Creative Technology Ltd)
Lsa: [Authentication Packages] msv1_0 wvauth
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2010-10-16] (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2010-10-16] (Wave Systems Corp.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell System Manager.lnk [2011-03-14]
ShortcutTarget: Dell System Manager.lnk -> C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe (Dell Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Driver performer.lnk [2011-05-27]
ShortcutTarget: Driver performer.lnk -> C:\Users\Suzanne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ALTNH929\DriverPerformer_V15[1].exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TVR Scheduler.lnk [2016-01-28]
ShortcutTarget: TVR Scheduler.lnk -> C:\Program Files (x86)\honestech\honestech TVR 2.5\scheduleTV.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Windows Update Manager.lnk [2016-10-04]
ShortcutTarget: Windows Update Manager.lnk -> C:\Users\Suzanne\AppData\Roaming\MicrocoftUrdateNT\update_w32.exe (TeamViewer GmbH)
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Update Manager.lnk [2016-10-21]
ShortcutTarget: Windows Update Manager.lnk -> C:\Users\Suzanne\AppData\Roaming\MicrocoftUrdateNT\update_w32.exe (TeamViewer GmbH)
Startup: C:\Users\Suzanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk [2016-10-31]
ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)
Startup: C:\Users\Suzanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-09-30]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Suzanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Update Manager.lnk [2016-10-04]
ShortcutTarget: Windows Update Manager.lnk -> C:\Users\Suzanne\AppData\Roaming\MicrocoftUrdateNT\update_w32.exe (TeamViewer GmbH)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{ABD0FBC1-D7C9-4998-B256-9E7E2EFC42C1}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{DD2ABD81-8CBC-4327-864B-6CA8A461820B}: [DhcpNameServer] 192.168.10.1
Tcpip\..\Interfaces\{EE1CEDF6-DC37-4E1E-B9B8-793698419F43}: [DhcpNameServer] 172.20.10.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-151233617-2686695857-2843107125-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-151233617-2686695857-2843107125-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://igoogle.com/
hxxp://yahoo.com/
hxxp://bing.com/
URLSearchHook: HKU\S-1-5-21-151233617-2686695857-2843107125-1001 - (No Name) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - No File
URLSearchHook: HKU\S-1-5-21-151233617-2686695857-2843107125-1001 - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
SearchScopes: HKLM -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2438727
SearchScopes: HKU\S-1-5-21-151233617-2686695857-2843107125-1001 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3317816&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP09882FE0-F102-47D6-91B3-397840C39B62&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-151233617-2686695857-2843107125-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3317816&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP09882FE0-F102-47D6-91B3-397840C39B62&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-151233617-2686695857-2843107125-1001 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.doko-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=6CEFBC305BD66386&affID=125830&tsp=5036
SearchScopes: HKU\S-1-5-21-151233617-2686695857-2843107125-1001 -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = 
SearchScopes: HKU\S-1-5-21-151233617-2686695857-2843107125-1001 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2438727
SearchScopes: HKU\S-1-5-21-151233617-2686695857-2843107125-1001 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}
BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\IEExt\ie_plugin.dll [2016-06-28] (AO Kaspersky Lab)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-10-08] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2016-10-08] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-10-08] (Microsoft Corporation)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll [2013-12-16] (Microsoft Corporation.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-03-14] (Sun Microsystems, Inc.)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\IEExt\ie_plugin.dll [2016-06-28] (AO Kaspersky Lab)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_112\bin\ssv.dll [2016-10-24] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2016-10-07] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll [2013-12-16] (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_112\bin\jp2ssv.dll [2016-10-24] (Oracle Corporation)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll [2013-12-16] (Microsoft Corporation.)
Toolbar: HKLM - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\IEExt\ie_plugin.dll [2016-06-28] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll [2013-12-16] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\IEExt\ie_plugin.dll [2016-06-28] (AO Kaspersky Lab)
Toolbar: HKU\S-1-5-21-151233617-2686695857-2843107125-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-151233617-2686695857-2843107125-1001 -> No Name - {7B13EC3E-999A-4B70-B9CB-2617B8323822} -  No File
Toolbar: HKU\S-1-5-21-151233617-2686695857-2843107125-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-151233617-2686695857-2843107125-1001 -> No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} -  No File
DPF: HKLM-x32 {2B497CAF-D938-4059-BA76-0DA5DB77EA0A} hxxps://remote.gdcre.com/Remote/BuiltIns/FS/Wssg.Web.FileAccess.RichUpload.cab
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://mystores.genpt.com/dana-cached/sc/JuniperSetupClient.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com/activex/RACtrl.cab?rnd=4103956056
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-18] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-18] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-18] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-18] (Microsoft Corporation)
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2016-06-28]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-03-14] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.112.2 -> C:\Program Files (x86)\Java\jre1.8.0_112\bin\dtplugin\npDeployJava1.dll [2016-10-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.112.2 -> C:\Program Files (x86)\Java\jre1.8.0_112\bin\plugin2\npjp2.dll [2016-10-24] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-10-07] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-11-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-11-05] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-151233617-2686695857-2843107125-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Suzanne\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-07-13] (Citrix Online)
FF Plugin HKU\S-1-5-21-151233617-2686695857-2843107125-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-151233617-2686695857-2843107125-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/ig
CHR StartupUrls: Default -> "hxxps://www.yahoo.com/","hxxp://www.bing.com/"
CHR Plugin: (Shockwave Flash) - C:\Users\Suzanne\AppData\Local\Google\Chrome\Application\54.0.2840.71\gcswf32.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll => No File
CHR Plugin: (Java™ Platform SE 6 U29) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll => No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll => No File
CHR Plugin: (Native Client) - C:\Users\Suzanne\AppData\Local\Google\Chrome\Application\54.0.2840.71\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Suzanne\AppData\Local\Google\Chrome\Application\54.0.2840.71\pdf.dll => No File
CHR Plugin: (WinZip Courier) - C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilckobikkmajlmhhdenkhonjkoaneclk\3.0.2_0\wzwmcgc.dll => No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Users\Suzanne\AppData\Local\Google\Update\1.3.21.81\npGoogleUpdate3.dll => No File
CHR Plugin: (Musicnotes) - C:\Program Files (x86)\Musicnotes\npmusicn.dll => No File
CHR Plugin: (ScorchPlugin) - C:\Program Files (x86)\Musicnotes\npsibelius.dll => No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll => No File
CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) - C:\Users\Suzanne\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll => No File
CHR Profile: C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default [2016-10-31]
CHR Extension: (Google Drive) - C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (Honey) - C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2016-10-25]
CHR Extension: (Kaspersky Protection) - C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib [2016-10-24]
CHR Extension: (Google Docs Offline) - C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Pinterest Save Button) - C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2016-10-31]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (LogMeIn) - C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\omkjapkpkiciphacnalicgmmcelfolon [2013-10-04]
CHR Extension: (Chrome Media Router) - C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-25]
CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
CHR HKU\S-1-5-21-151233617-2686695857-2843107125-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Suzanne\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-10-24]
CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
StartMenuInternet: Google Chrome - C:\Users\Suzanne\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-08-05] (Apple Inc.)
R2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173792 2014-06-03] (Microsoft Corp.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3291848 2016-10-08] (Microsoft Corporation)
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2011-12-04] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [145920 2010-10-25] (HP) [File not signed]
S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\vssbridge64.exe [77328 2016-06-28] (AO Kaspersky Lab)
R2 KSDE1.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-28] (AO Kaspersky Lab)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [419336 2016-10-21] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2010-11-08] (LogMeIn, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NVWMI; C:\Windows\system32\nvwmi64.exe [3088712 2015-11-10] ()
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
S3 SecureStorageService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe [2117120 2010-11-03] (Wave Systems Corp.) [File not signed]
S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1629696 2010-07-13] () [File not signed]
R2 TermService; C:\Program Files\RDP Wrapper\rdpwrap.dll [116736 2016-10-04] (Stas'M Corp.) [File not signed]
R2 usbhubsvc3; C:\Users\Suzanne\AppData\Roaming\MicrocoftUrdateNT\MSIMG32.dll [100352 2016-01-01] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-07] (AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [86352 2016-06-15] (AO Kaspersky Lab)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [189264 2016-06-26] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [305496 2016-09-12] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1027984 2016-09-12] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [50008 2016-09-12] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [52144 2016-05-19] (AO Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45488 2016-05-31] (AO Kaspersky Lab)
R3 kltap; C:\Windows\System32\DRIVERS\kltap.sys [52152 2016-06-07] (The OpenVPN Project)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [75696 2016-05-17] (AO Kaspersky Lab)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [126360 2016-09-12] (AO Kaspersky Lab)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [194480 2016-06-14] (AO Kaspersky Lab)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-05-29] (LogMeIn, Inc.)
S4 LMIRfsClientNP; no ImagePath
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S2 Sentinel; C:\Windows\System32\Drivers\SENTINEL64.SYS [141888 2006-04-20] (SafeNet, Inc.)
S3 SNTUSB64; C:\Windows\System32\DRIVERS\SNTUSB64.SYS [54192 2006-04-20] (SafeNet, Inc.)
S3 X86BDA; C:\Windows\System32\DRIVERS\OEMDrv.sys [268416 2011-06-08] ( )
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-10-31 18:21 - 2016-10-31 18:23 - 00037673 _____ C:\Users\Suzanne\Desktop\FRST.txt
2016-10-31 18:20 - 2016-10-31 18:20 - 00000000 ____D C:\Users\Suzanne\Desktop\FRST-OlderVersion
2016-10-31 18:19 - 2016-10-31 18:19 - 00000000 ____D C:\Users\Suzanne\Desktop\New folder
2016-10-31 18:14 - 2016-10-31 18:14 - 00125372 _____ C:\Users\Suzanne\Desktop\IC3 Complaint Referral Form.pdf
2016-10-31 18:14 - 2016-10-31 18:14 - 00016730 _____ C:\Users\Suzanne\Desktop\IC3 Complaint Referral Form.html
2016-10-31 18:14 - 2016-10-31 18:14 - 00000000 ____D C:\Users\Suzanne\Desktop\IC3 Complaint Referral Form_files
2016-10-31 16:59 - 2016-10-31 16:59 - 00058666 _____ C:\Users\Suzanne\Desktop\External Accounts - chase.pdf
2016-10-31 15:50 - 2016-10-31 15:50 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.5
2016-10-31 13:57 - 2016-10-31 13:57 - 00000000 ____D C:\Users\Suzanne\AppData\Local\Logitech® Webcam Software
2016-10-31 13:55 - 2016-10-31 13:55 - 00000000 ____D C:\ProgramData\LogiShrd
2016-10-31 13:51 - 2016-10-31 13:51 - 00000000 ____D C:\Users\Suzanne\AppData\Roaming\Leadertech
2016-10-31 13:50 - 2016-10-31 13:50 - 00001626 _____ C:\Users\Public\Desktop\Logitech Webcam Software  .lnk
2016-10-31 13:50 - 2016-10-31 13:50 - 00000000 ____D C:\ProgramData\Logitech
2016-10-31 13:44 - 2016-10-31 13:51 - 00000000 ____D C:\Program Files\Common Files\logishrd
2016-10-31 13:05 - 2016-10-31 13:05 - 03199319 _____ C:\Users\Suzanne\Downloads\Attachments_20161031.zip
2016-10-31 10:31 - 2016-10-31 10:31 - 00028662 _____ C:\ProgramData\agent.1477935068.bdinstall.bin
2016-10-30 19:41 - 2016-10-30 19:41 - 00001127 _____ C:\Users\Suzanne\Desktop\HD Pro Webcam C920 - Shortcut.lnk
2016-10-26 20:52 - 2016-10-26 20:52 - 00001124 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-10-26 17:05 - 2016-10-26 17:22 - 00000000 ____D C:\Users\Suzanne\AppData\Roaming\XnConvert
2016-10-26 17:05 - 2016-10-26 17:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XnConvert
2016-10-26 17:05 - 2016-10-26 17:05 - 00000000 ____D C:\Program Files\XnConvert
2016-10-26 17:04 - 2016-10-26 17:04 - 15171912 _____ (Gougelet Pierre-e ) C:\Users\Suzanne\Downloads\XnConvert-win-x64.exe
2016-10-26 17:01 - 2016-10-26 17:01 - 00057278 _____ C:\Users\Suzanne\Downloads\26243_03 (1) (1).SFW
2016-10-26 17:00 - 2016-10-26 17:00 - 00057278 _____ C:\Users\Suzanne\Downloads\26243_03 (3).SFW
2016-10-26 17:00 - 2016-10-26 17:00 - 00057278 _____ C:\Users\Suzanne\Downloads\26243_03 (2).SFW
2016-10-26 17:00 - 2016-10-26 17:00 - 00057278 _____ C:\Users\Suzanne\Downloads\26243_03 (1).SFW
2016-10-26 16:59 - 2016-10-26 16:59 - 00057278 _____ C:\Users\Suzanne\Downloads\26243_03.SFW
2016-10-26 07:20 - 2016-10-26 07:20 - 00127163 _____ C:\Users\Suzanne\Desktop\Detailed report.txt
2016-10-26 07:14 - 2016-10-26 07:14 - 00067932 _____ C:\Users\Suzanne\Downloads\Addition.txt
2016-10-25 20:53 - 2016-10-31 18:21 - 00000000 ____D C:\FRST
2016-10-25 20:52 - 2016-10-31 18:20 - 02408960 _____ (Farbar) C:\Users\Suzanne\Desktop\FRST64.exe
2016-10-25 20:03 - 2016-10-25 20:03 - 212514840 _____ (Emsisoft Ltd. ) C:\Users\Suzanne\Downloads\EmsisoftAntiMalwareSetup_bc.exe
2016-10-25 20:00 - 2016-10-25 20:00 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Suzanne\Downloads\iExplore.exe
2016-10-25 18:58 - 2016-10-25 20:00 - 00003176 _____ C:\Users\Suzanne\Desktop\Rkill.txt
2016-10-25 18:58 - 2016-10-25 18:58 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Suzanne\Downloads\rkill.com
2016-10-25 18:55 - 2016-10-25 20:09 - 00088806 _____ C:\Windows\ntbtlog.txt
2016-10-24 21:43 - 2016-10-24 21:43 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-10-24 21:43 - 2016-10-24 21:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-10-24 21:43 - 2016-10-24 21:43 - 00000000 ____D C:\Program Files (x86)\Java
2016-10-24 21:41 - 2016-10-24 21:41 - 00000000 ____D C:\Users\Default\AppData\Roaming\Sun
2016-10-24 21:41 - 2016-10-24 21:41 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Sun
2016-10-24 21:40 - 2016-10-24 21:40 - 00000000 ____D C:\ProgramData\Oracle
2016-10-24 15:16 - 2016-10-31 15:10 - 00003032 _____ C:\Windows\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2016-10-24 15:16 - 2016-10-24 15:16 - 00000000 ____D C:\Program Files\Common Files\AV
2016-10-24 15:15 - 2016-10-24 15:15 - 00001376 _____ C:\Users\Public\Desktop\Kaspersky Secure Connection.lnk
2016-10-24 15:15 - 2016-10-24 15:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection
2016-10-24 15:14 - 2016-10-24 15:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Total Security
2016-10-24 15:14 - 2016-10-24 15:13 - 00002137 _____ C:\Users\Public\Desktop\Safe Money.lnk
2016-10-24 15:14 - 2016-10-24 15:13 - 00002113 _____ C:\Users\Public\Desktop\Kaspersky Total Security.lnk
2016-10-24 15:12 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2016-10-24 15:11 - 2016-10-31 17:09 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-10-24 15:11 - 2016-10-24 15:15 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2016-10-24 15:11 - 2016-10-24 15:11 - 00000000 ____D C:\Windows\ELAMBKUP
2016-10-24 15:10 - 2016-09-12 23:03 - 01027984 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2016-10-24 15:10 - 2016-09-12 23:03 - 00305496 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys
2016-10-24 15:10 - 2016-06-26 15:10 - 00189264 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys
2016-10-24 14:55 - 2016-10-24 14:56 - 184386592 _____ (Kaspersky Lab) C:\Users\Suzanne\Downloads\kts17.0.0.611aben_11549.exe
2016-10-24 14:55 - 2016-10-24 14:55 - 00240686 _____ C:\ProgramData\1477345837.bdinstall.bin
2016-10-22 02:52 - 2016-10-22 02:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2016-10-20 12:38 - 2016-10-20 12:38 - 00004096 _____ C:\new.lyr
2016-10-20 12:23 - 2016-10-20 12:23 - 00106510 _____ C:\Users\Suzanne\Downloads\CityBoundaries.zip
2016-10-18 15:21 - 2016-10-31 15:50 - 00000000 ___RD C:\Users\Suzanne\iCloudDrive
2016-10-18 15:21 - 2016-10-18 15:21 - 00000000 ____D C:\Users\Suzanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iCloud
2016-10-18 11:57 - 2016-09-30 13:13 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-10-18 11:57 - 2016-09-30 12:28 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-10-18 11:57 - 2016-09-30 08:37 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-10-18 11:57 - 2016-09-30 08:20 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-10-18 11:57 - 2016-09-30 08:20 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-10-18 11:57 - 2016-09-30 00:55 - 25765376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-10-18 11:57 - 2016-09-29 23:26 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-10-18 11:57 - 2016-09-29 23:25 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-10-18 11:57 - 2016-09-29 23:25 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-10-18 11:57 - 2016-09-29 23:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-10-18 11:57 - 2016-09-29 23:25 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-10-18 11:57 - 2016-09-29 23:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-10-18 11:57 - 2016-09-29 23:18 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-10-18 11:57 - 2016-09-29 23:17 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-10-18 11:57 - 2016-09-29 23:14 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-10-18 11:57 - 2016-09-29 23:13 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-10-18 11:57 - 2016-09-29 23:13 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-10-18 11:57 - 2016-09-29 23:12 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-10-18 11:57 - 2016-09-29 23:12 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-10-18 11:57 - 2016-09-29 23:09 - 06048256 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-10-18 11:57 - 2016-09-29 23:05 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-10-18 11:57 - 2016-09-29 23:02 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-10-18 11:57 - 2016-09-29 22:55 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-10-18 11:57 - 2016-09-29 22:54 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-10-18 11:57 - 2016-09-29 22:51 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-10-18 11:57 - 2016-09-29 22:50 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-10-18 11:57 - 2016-09-29 22:47 - 20306944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-10-18 11:57 - 2016-09-29 22:47 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-10-18 11:57 - 2016-09-29 22:46 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-10-18 11:57 - 2016-09-29 22:42 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-10-18 11:57 - 2016-09-29 22:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-10-18 11:57 - 2016-09-29 22:42 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-10-18 11:57 - 2016-09-29 22:42 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-10-18 11:57 - 2016-09-29 22:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-10-18 11:57 - 2016-09-29 22:38 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-10-18 11:57 - 2016-09-29 22:36 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-10-18 11:57 - 2016-09-29 22:35 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-10-18 11:57 - 2016-09-29 22:33 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-10-18 11:57 - 2016-09-29 22:33 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-10-18 11:57 - 2016-09-29 22:32 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-10-18 11:57 - 2016-09-29 22:32 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-10-18 11:57 - 2016-09-29 22:32 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-10-18 11:57 - 2016-09-29 22:32 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-10-18 11:57 - 2016-09-29 22:31 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-10-18 11:57 - 2016-09-29 22:31 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-10-18 11:57 - 2016-09-29 22:24 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-10-18 11:57 - 2016-09-29 22:21 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-10-18 11:57 - 2016-09-29 22:19 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-10-18 11:57 - 2016-09-29 22:19 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-10-18 11:57 - 2016-09-29 22:17 - 02920960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-10-18 11:57 - 2016-09-29 22:17 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-10-18 11:57 - 2016-09-29 22:15 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-10-18 11:57 - 2016-09-29 22:14 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-10-18 11:57 - 2016-09-29 22:13 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-10-18 11:57 - 2016-09-29 22:12 - 04608512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-10-18 11:57 - 2016-09-29 22:07 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-10-18 11:57 - 2016-09-29 22:05 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-10-18 11:57 - 2016-09-29 22:05 - 01544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-10-18 11:57 - 2016-09-29 22:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-10-18 11:57 - 2016-09-29 22:05 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-10-18 11:57 - 2016-09-29 22:03 - 13653504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-10-18 11:57 - 2016-09-29 21:54 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-10-18 11:57 - 2016-09-29 21:46 - 02444288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-10-18 11:57 - 2016-09-29 21:43 - 01312768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-10-18 11:57 - 2016-09-29 21:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-10-18 11:57 - 2016-09-15 08:30 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-10-18 11:57 - 2016-09-15 08:30 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-10-18 11:57 - 2016-09-15 08:15 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-10-18 11:57 - 2016-09-15 08:15 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2016-10-18 11:57 - 2016-09-12 14:13 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-10-18 11:57 - 2016-09-12 14:13 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-10-18 11:57 - 2016-09-12 14:08 - 01465344 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-10-18 11:57 - 2016-09-12 14:08 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-10-18 11:57 - 2016-09-12 14:08 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-10-18 11:57 - 2016-09-12 14:08 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-10-18 11:57 - 2016-09-12 14:08 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-10-18 11:57 - 2016-09-12 14:08 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-10-18 11:57 - 2016-09-12 14:08 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-10-18 11:57 - 2016-09-12 14:08 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-10-18 11:57 - 2016-09-12 14:08 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-10-18 11:57 - 2016-09-12 14:08 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-10-18 11:57 - 2016-09-12 14:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll
2016-10-18 11:57 - 2016-09-12 14:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-10-18 11:57 - 2016-09-12 13:49 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-10-18 11:57 - 2016-09-12 13:49 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-10-18 11:57 - 2016-09-12 13:49 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-10-18 11:57 - 2016-09-12 13:49 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-10-18 11:57 - 2016-09-12 13:49 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-10-18 11:57 - 2016-09-12 13:49 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-10-18 11:57 - 2016-09-12 13:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-10-18 11:57 - 2016-09-12 13:49 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsmsext.dll
2016-10-18 11:57 - 2016-09-12 13:37 - 03218944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-10-18 11:57 - 2016-09-12 13:32 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-10-18 11:57 - 2016-09-12 13:32 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-10-18 11:57 - 2016-09-12 13:32 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-10-18 11:57 - 2016-09-12 12:08 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2016-10-18 11:57 - 2016-09-12 11:43 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2016-10-18 11:57 - 2016-09-12 11:43 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2016-10-18 11:57 - 2016-09-10 09:19 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2016-10-18 11:57 - 2016-09-10 08:53 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2016-10-18 11:57 - 2016-09-09 11:29 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-10-18 11:57 - 2016-09-09 11:26 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-10-18 11:57 - 2016-09-09 11:23 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-10-18 11:57 - 2016-09-09 11:20 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-10-18 11:57 - 2016-09-09 11:20 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-10-18 11:57 - 2016-09-09 11:20 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-10-18 11:57 - 2016-09-09 11:20 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-10-18 11:57 - 2016-09-09 11:20 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-10-18 11:57 - 2016-09-09 11:01 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-10-18 11:57 - 2016-09-09 10:59 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-10-18 11:57 - 2016-09-09 10:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-10-18 11:57 - 2016-09-08 13:34 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2016-10-18 11:57 - 2016-09-08 13:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2016-10-18 11:57 - 2016-09-08 13:34 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2016-10-18 11:57 - 2016-09-08 13:34 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2016-10-18 11:57 - 2016-09-08 07:55 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-10-18 11:57 - 2016-09-08 07:55 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2016-10-18 11:57 - 2016-08-12 10:02 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-10-18 11:57 - 2016-08-12 10:02 - 12574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-10-18 11:57 - 2016-08-12 10:02 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2016-10-18 11:57 - 2016-08-12 10:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2016-10-18 11:57 - 2016-08-12 10:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2016-10-18 11:57 - 2016-08-12 09:47 - 12574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2016-10-18 11:57 - 2016-08-12 09:47 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-10-18 11:57 - 2016-08-12 09:31 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2016-10-18 11:57 - 2016-08-12 09:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2016-10-18 11:57 - 2016-08-12 09:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2016-10-18 11:57 - 2016-08-12 09:26 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2016-10-18 11:57 - 2016-08-06 08:31 - 02023424 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2016-10-18 11:57 - 2016-08-06 08:31 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2016-10-18 11:57 - 2016-08-06 08:31 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2016-10-18 11:57 - 2016-08-06 08:31 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2016-10-18 11:57 - 2016-08-06 08:31 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll
2016-10-18 11:57 - 2016-08-06 08:31 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll
2016-10-18 11:57 - 2016-08-06 08:15 - 01178112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2016-10-18 11:57 - 2016-08-06 08:15 - 00249344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2016-10-18 11:57 - 2016-08-06 08:15 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2016-10-18 11:57 - 2016-08-06 08:15 - 00146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2016-10-18 11:57 - 2016-08-06 08:15 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmRes.dll
2016-10-18 11:57 - 2016-08-06 08:01 - 00266752 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2016-10-18 11:57 - 2016-08-06 08:01 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe
2016-10-18 11:57 - 2016-08-06 07:53 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2016-10-18 11:57 - 2016-08-06 07:53 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmprovhost.exe
2016-10-18 11:57 - 2016-08-06 07:53 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmplpxy.dll
2016-10-18 11:57 - 2016-06-14 10:21 - 00094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2016-10-18 11:57 - 2016-06-14 10:16 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-10-18 11:57 - 2016-06-14 10:16 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-10-18 11:57 - 2016-06-14 10:16 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-10-18 11:57 - 2016-06-14 10:16 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2016-10-18 11:57 - 2016-06-14 10:16 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2016-10-18 11:57 - 2016-06-14 10:16 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2016-10-18 11:57 - 2016-06-14 10:16 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2016-10-18 11:57 - 2016-06-14 10:16 - 00680448 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2016-10-18 11:57 - 2016-06-14 10:16 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2016-10-18 11:57 - 2016-06-14 10:16 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-10-18 11:57 - 2016-06-14 10:16 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2016-10-18 11:57 - 2016-06-14 10:16 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2016-10-18 11:57 - 2016-06-14 10:16 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2016-10-18 11:57 - 2016-06-14 10:16 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-10-18 11:57 - 2016-06-14 10:16 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-10-18 11:57 - 2016-06-14 10:16 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2016-10-18 11:57 - 2016-06-14 10:16 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2016-10-18 11:57 - 2016-06-14 10:16 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2016-10-18 11:57 - 2016-06-14 10:16 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-10-18 11:57 - 2016-06-14 10:16 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-10-18 11:57 - 2016-06-14 10:16 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-10-18 11:57 - 2016-06-14 10:16 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2016-10-18 11:57 - 2016-06-14 10:16 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2016-10-18 11:57 - 2016-06-14 10:16 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2016-10-18 11:57 - 2016-06-14 10:16 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2016-10-18 11:57 - 2016-06-14 10:16 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2016-10-18 11:57 - 2016-06-14 10:16 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2016-10-18 11:57 - 2016-06-14 10:11 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2016-10-18 11:57 - 2016-06-14 08:21 - 03209216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-10-18 11:57 - 2016-06-14 08:21 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-10-18 11:57 - 2016-06-14 08:21 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2016-10-18 11:57 - 2016-06-14 08:21 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2016-10-18 11:57 - 2016-06-14 08:21 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2016-10-18 11:57 - 2016-06-14 08:21 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2016-10-18 11:57 - 2016-06-14 08:21 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-10-18 11:57 - 2016-06-14 08:21 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2016-10-18 11:57 - 2016-06-14 08:21 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-10-18 11:57 - 2016-06-14 08:21 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2016-10-18 11:57 - 2016-06-14 08:21 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2016-10-18 11:57 - 2016-06-14 08:21 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2016-10-18 11:57 - 2016-06-14 08:21 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-10-18 11:57 - 2016-06-14 08:21 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2016-10-18 11:57 - 2016-06-14 08:21 - 00195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2016-10-18 11:57 - 2016-06-14 08:21 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-10-18 11:57 - 2016-06-14 08:21 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2016-10-18 11:57 - 2016-06-14 08:15 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2016-10-18 11:57 - 2016-06-14 08:15 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-10-18 11:57 - 2016-06-14 08:15 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-10-18 11:57 - 2016-06-14 08:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-10-18 11:57 - 2016-06-14 08:05 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-10-18 11:57 - 2016-06-14 08:00 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2016-10-18 11:57 - 2016-06-14 08:00 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2016-10-18 11:56 - 2016-09-29 23:41 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-10-18 11:56 - 2016-09-29 23:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-10-18 11:56 - 2016-09-29 22:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-10-18 11:56 - 2016-09-29 22:35 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-10-18 11:56 - 2016-09-12 14:08 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-10-18 11:56 - 2016-09-12 14:08 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-10-18 11:56 - 2016-09-12 14:08 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-10-18 11:56 - 2016-09-12 14:08 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-10-18 11:56 - 2016-09-12 14:08 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-10-18 11:56 - 2016-09-12 14:08 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-10-18 11:56 - 2016-09-12 14:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-10-18 11:56 - 2016-09-12 13:49 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-10-18 11:56 - 2016-09-12 13:49 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-10-18 11:56 - 2016-09-12 13:49 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-10-18 11:56 - 2016-09-12 13:49 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-10-18 11:56 - 2016-09-12 13:49 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-10-18 11:56 - 2016-09-12 13:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-10-18 11:56 - 2016-09-12 13:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-10-18 11:56 - 2016-09-12 13:49 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-10-18 11:56 - 2016-09-12 13:39 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-10-18 11:56 - 2016-09-12 13:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-10-18 11:56 - 2016-09-12 13:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-10-18 11:56 - 2016-09-12 13:25 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 11:00 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-10-18 11:56 - 2016-09-09 11:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-10-18 11:56 - 2016-09-09 11:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-10-18 11:56 - 2016-09-09 11:00 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-10-18 11:56 - 2016-09-09 10:59 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-10-18 11:56 - 2016-09-09 10:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-10-18 11:56 - 2016-09-09 10:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 10:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 10:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 10:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 10:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 10:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 10:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 10:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 10:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 10:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 10:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 10:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 10:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 10:51 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-10-18 11:56 - 2016-09-09 10:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-10-18 11:56 - 2016-09-09 10:51 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-10-18 11:56 - 2016-09-09 10:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-10-18 11:56 - 2016-09-09 10:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-10-18 11:56 - 2016-09-09 10:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-10-18 11:56 - 2016-09-09 10:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-10-18 11:56 - 2016-09-09 10:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-10-18 11:56 - 2016-09-09 10:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-10-18 11:56 - 2016-09-09 10:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 10:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 10:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-10-18 11:56 - 2016-06-14 10:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-10-18 11:56 - 2016-06-14 08:21 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2016-10-18 11:56 - 2016-06-14 08:21 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2016-10-18 11:56 - 2016-06-14 08:21 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2016-10-18 11:56 - 2016-06-14 08:21 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2016-10-18 11:56 - 2016-06-14 08:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-10-18 11:55 - 2016-09-12 14:17 - 00077032 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-10-18 11:55 - 2016-09-12 14:08 - 01226752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-10-18 11:55 - 2016-09-09 08:54 - 01629184 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-10-18 11:55 - 2016-09-09 08:54 - 00586752 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-10-18 11:55 - 2016-09-09 08:54 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-10-18 11:55 - 2016-09-09 08:54 - 00314368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-10-18 11:55 - 2016-09-09 08:54 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-10-18 11:55 - 2016-09-09 08:54 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-10-18 11:55 - 2016-09-09 08:54 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-10-18 11:55 - 2016-08-16 13:40 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2016-10-18 11:55 - 2016-08-16 13:40 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2016-10-18 11:55 - 2016-08-16 13:40 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2016-10-18 11:55 - 2016-08-16 13:40 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2016-10-18 11:55 - 2016-08-16 13:40 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2016-10-18 11:55 - 2016-08-16 13:40 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2016-10-18 11:55 - 2016-08-16 13:40 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2016-10-18 11:54 - 2016-08-29 08:31 - 14183424 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-10-18 11:54 - 2016-08-29 08:31 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-10-18 11:54 - 2016-08-29 08:31 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-10-18 11:54 - 2016-08-29 08:12 - 12880384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-10-18 11:54 - 2016-08-29 08:12 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-10-18 11:54 - 2016-08-29 08:12 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-10-18 11:54 - 2016-08-29 08:04 - 03229696 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-10-18 11:54 - 2016-08-29 07:55 - 02972672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-10-18 11:54 - 2016-07-22 07:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2016-10-18 11:54 - 2016-07-22 07:51 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2016-10-07 22:52 - 2016-10-07 22:52 - 00443632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp140.dll
2016-10-07 22:52 - 2016-10-07 22:52 - 00394496 _____ (Microsoft Corporation) C:\Windows\system32\vccorlib140.dll
2016-10-07 22:52 - 2016-10-07 22:52 - 00334608 _____ (Microsoft Corporation) C:\Windows\system32\concrt140.dll
2016-10-07 22:52 - 2016-10-07 22:52 - 00089328 _____ (Microsoft Corporation) C:\Windows\system32\vcruntime140.dll
2016-10-07 22:52 - 2016-10-07 22:52 - 00085744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vcruntime140.dll
2016-10-07 22:49 - 2016-10-07 22:49 - 00639728 _____ (Microsoft Corporation) C:\Windows\system32\msvcp140.dll
2016-10-07 22:49 - 2016-10-07 22:49 - 00244504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\concrt140.dll
2016-10-07 22:45 - 2016-10-07 22:45 - 00271112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vccorlib140.dll
2016-10-04 22:42 - 2016-10-04 22:42 - 00000000 ____D C:\Users\Suzanne\AppData\Temp
2016-10-04 22:31 - 2016-10-30 19:57 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-10-04 22:31 - 2016-10-04 22:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-10-04 13:03 - 2016-10-04 13:03 - 00000000 ____D C:\Program Files\RDP Wrapper
2016-10-04 09:56 - 2016-10-04 09:56 - 00035112 ___SH (TeamViewer GmbH) C:\Windows\system32\Drivers\teamviewervpn.sys
2016-10-04 09:55 - 2016-10-23 14:10 - 00000000 ____D C:\Users\Suzanne\AppData\Roaming\MicrocoftUrdateNT
2016-10-02 13:34 - 2016-10-02 13:34 - 25169568 _____ C:\Users\Suzanne\Downloads\New Zealand.kmz
2016-10-02 13:34 - 2016-10-02 13:34 - 01341348 _____ C:\Users\Suzanne\Downloads\NZ Childcare Centres.kmz
2016-10-02 12:26 - 2016-10-02 12:26 - 00000000 ____D C:\Users\Suzanne\AppData\Roaming\Safe Software
2016-10-02 12:25 - 2016-10-02 12:25 - 00000000 ____D C:\Users\Suzanne\AppData\Local\FME Desktop Help
2016-10-02 12:25 - 2016-10-02 12:25 - 00000000 ____D C:\ProgramData\Safe Software
2016-10-02 12:15 - 2016-10-02 12:29 - 00000000 ____D C:\Users\Suzanne\Documents\My FME Workspaces
2016-10-02 12:15 - 2016-10-02 12:25 - 00000000 ____D C:\Users\Suzanne\Documents\FME
2016-10-02 12:15 - 2016-10-02 12:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FME Desktop 2016.1.2.1
2016-10-02 12:15 - 2016-10-02 12:22 - 00000000 ____D C:\Program Files\FME
2016-10-02 12:15 - 2016-10-02 12:20 - 00000000 ____D C:\Program Files\Common Files\Safe Software Shared
2016-10-02 12:15 - 2016-10-02 12:20 - 00000000 ____D C:\Program Files\Common Files\Autodesk Shared
2016-10-02 12:06 - 2016-10-02 12:06 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs
2016-10-02 12:01 - 2016-10-02 12:03 - 949047296 _____ C:\Users\Suzanne\Downloads\fme_eval (3).msi
2016-10-02 11:57 - 2016-10-02 11:59 - 836608000 _____ C:\Users\Suzanne\Downloads\fme_eval.msi
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-10-31 18:18 - 2014-02-06 15:11 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-151233617-2686695857-2843107125-1001UA1cf23886a25815c.job
2016-10-31 17:51 - 2011-05-27 10:54 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-10-31 17:47 - 2014-11-15 18:11 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-151233617-2686695857-2843107125-1001UA1d0013a3ffd0f14.job
2016-10-31 17:42 - 2011-03-25 08:10 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-151233617-2686695857-2843107125-1001UA.job
2016-10-31 17:10 - 2011-03-18 13:39 - 00003942 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{5F1214C0-A7BC-412C-83C5-45F631CD7E30}
2016-10-31 17:05 - 2011-03-18 12:30 - 00000000 ____D C:\ProgramData\LogMeIn
2016-10-31 16:18 - 2014-02-06 15:11 - 00000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-151233617-2686695857-2843107125-1001Core1cf23885969d023.job
2016-10-31 16:00 - 2016-07-17 16:44 - 00000000 ____D C:\Users\Suzanne\AppData\Roaming\Skype
2016-10-31 15:49 - 2011-05-27 10:54 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-10-31 15:47 - 2014-11-15 18:11 - 00000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-151233617-2686695857-2843107125-1001Core1d0013a3e4c6110.job
2016-10-31 15:00 - 2009-07-13 21:45 - 00025424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-10-31 15:00 - 2009-07-13 21:45 - 00025424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-10-31 14:54 - 2014-01-24 11:40 - 00000990 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2016-10-31 14:52 - 2011-03-14 14:23 - 00000000 ____D C:\ProgramData\NVIDIA
2016-10-31 14:52 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-10-31 14:50 - 2011-03-14 17:22 - 00062308 _____ C:\Windows\system32\BMXStateBkp-{00000001-00000000-00000000-00001102-0000000B-00441102}.rfx
2016-10-31 14:50 - 2011-03-14 17:22 - 00062308 _____ C:\Windows\system32\BMXState-{00000001-00000000-00000000-00001102-0000000B-00441102}.rfx
2016-10-31 14:50 - 2011-03-14 17:22 - 00000820 _____ C:\Windows\system32\DVCState-{00000001-00000000-00000000-00001102-0000000B-00441102}.rfx
2016-10-31 13:51 - 2014-05-25 18:09 - 00000000 ____D C:\Program Files (x86)\Logitech
2016-10-31 13:50 - 2014-05-25 18:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2016-10-31 13:45 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2016-10-31 13:42 - 2011-03-25 08:10 - 00000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-151233617-2686695857-2843107125-1001Core.job
2016-10-31 12:28 - 2015-10-12 17:13 - 00001080 _____ C:\Windows\system32\settingsbkup.sfm
2016-10-31 12:28 - 2015-10-12 17:13 - 00001080 _____ C:\Windows\system32\settings.sfm
2016-10-31 10:36 - 2012-07-01 15:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2016-10-31 10:36 - 2012-07-01 14:55 - 00000000 ____D C:\Program Files (x86)\HP
2016-10-30 19:57 - 2016-07-17 16:43 - 00000000 ____D C:\ProgramData\Skype
2016-10-30 16:28 - 2015-03-14 17:37 - 00000871 _____ C:\messages.xml
2016-10-30 16:24 - 2016-05-24 13:02 - 00000000 ____D C:\Users\Suzanne\.matplotlib
2016-10-27 14:13 - 2011-03-18 12:15 - 00000000 ___HD C:\Users\Suzanne\AppData\Roaming\Adobe
2016-10-27 13:59 - 2015-03-06 12:44 - 00000000 ____D C:\Ed
2016-10-26 20:42 - 2011-03-14 14:44 - 00000000 ____D C:\ProgramData\Sonic
2016-10-26 20:41 - 2009-07-13 22:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2016-10-26 18:28 - 2011-08-18 17:12 - 00038400 ___SH C:\Users\Suzanne\Thumbs.db
2016-10-26 17:37 - 2009-07-13 22:13 - 00786578 _____ C:\Windows\system32\PerfStringBackup.INI
2016-10-26 17:08 - 2011-09-09 15:40 - 00000000 ___HD C:\Users\Suzanne\AppData\Local\Windows Live
2016-10-26 16:08 - 2009-07-13 21:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-10-26 11:14 - 2016-09-15 15:30 - 00000000 ____D C:\Users\Suzanne\AppData\Roaming\Add-in Express
2016-10-26 07:50 - 2014-01-24 13:16 - 00000000 ____D C:\Windows\Minidump
2016-10-25 20:14 - 2011-11-15 20:26 - 00000000 ____D C:\Windows\system32\Macromed
2016-10-25 20:14 - 2011-08-24 13:57 - 00000000 ____D C:\Program Files (x86)\Citrix
2016-10-25 20:14 - 2011-03-14 14:28 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-10-25 14:42 - 2016-09-14 10:58 - 00003676 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-151233617-2686695857-2843107125-1001
2016-10-25 14:42 - 2016-09-14 10:58 - 00003580 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-151233617-2686695857-2843107125-1001
2016-10-25 14:21 - 2013-09-29 11:12 - 00003428 _____ C:\Windows\System32\Tasks\Apple Diagnostics
2016-10-25 10:25 - 2016-08-02 14:16 - 00000000 ____D C:\Users\Suzanne\Documents\MoreThanMapps
2016-10-25 08:16 - 2011-03-25 08:11 - 00002388 _____ C:\Users\Suzanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-10-24 21:41 - 2012-06-04 15:49 - 00268864 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2016-10-24 20:01 - 2011-09-05 19:46 - 00000000 ___HD C:\Users\Suzanne\AppData\Local\ElevatedDiagnostics
2016-10-24 19:47 - 2011-03-21 09:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-10-24 16:34 - 2016-09-15 08:37 - 00000000 ____D C:\2016_Upwork
2016-10-24 15:13 - 2011-03-26 09:19 - 00000000 ____D C:\Users\Dorothy
2016-10-24 15:02 - 2011-03-18 12:49 - 00000000 ____D C:\Program Files\BitDefender
2016-10-24 14:58 - 2011-08-27 18:06 - 00000000 ____D C:\Users\Suzanne\AppData\Roaming\Orbit
2016-10-24 14:55 - 2011-03-18 12:42 - 00000000 ____D C:\Program Files\Common Files\BitDefender
2016-10-24 14:52 - 2011-03-18 14:01 - 00184210 _____ C:\bdlog.txt
2016-10-21 14:43 - 2011-03-18 12:30 - 00000000 ____D C:\Program Files (x86)\LogMeIn
2016-10-21 10:52 - 2011-03-18 12:30 - 00122400 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
2016-10-21 10:52 - 2011-03-18 12:30 - 00107520 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll
2016-10-20 12:32 - 2011-03-21 17:42 - 00000000 ___HD C:\Users\Suzanne\AppData\Local\ESRI
2016-10-20 11:13 - 2015-11-08 11:28 - 00000000 ____D C:\Users\Suzanne\AppData\Roaming\ProjectTimer
2016-10-19 04:43 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2016-10-19 03:41 - 2009-07-13 21:45 - 02498824 _____ C:\Windows\system32\FNTCACHE.DAT
2016-10-19 03:39 - 2013-03-13 03:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-10-19 03:39 - 2013-03-13 03:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-10-19 03:35 - 2014-12-10 04:26 - 00000000 ____D C:\Windows\system32\appraiser
2016-10-19 03:35 - 2014-04-30 03:00 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-10-19 03:35 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-10-19 03:35 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\Dism
2016-10-19 03:17 - 2013-07-16 03:00 - 00000000 ____D C:\Windows\system32\MRT
2016-10-19 03:06 - 2011-03-18 13:58 - 143495576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-10-19 03:05 - 2013-03-13 03:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-10-18 17:30 - 2011-09-01 18:50 - 00007597 ____H C:\Users\Suzanne\AppData\Local\Resmon.ResmonCfg
2016-10-18 15:21 - 2015-10-28 18:03 - 00000000 ____D C:\Users\Suzanne\AppData\Local\Apple Inc
2016-10-18 15:21 - 2011-03-18 14:09 - 00000000 ___HD C:\Users\Suzanne
2016-10-18 15:18 - 2011-03-18 13:15 - 00000000 ___HD C:\Users\Suzanne\AppData\Local\Apple Computer
2016-10-18 15:17 - 2011-03-18 13:15 - 00000000 ___HD C:\Users\Suzanne\AppData\Roaming\Apple Computer
2016-10-18 11:54 - 2015-11-08 11:07 - 00000000 ____D C:\JasonNov
2016-10-18 11:46 - 2016-09-06 13:16 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-10-18 11:35 - 2011-03-18 13:44 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-10-18 11:14 - 2012-04-13 09:22 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-10-04 22:31 - 2016-07-17 16:44 - 00000000 ____D C:\Users\Suzanne\AppData\Local\Skype
2016-10-04 16:40 - 2016-02-01 13:56 - 00000000 ____D C:\Users\Suzanne\Documents\invoices 2016
2016-10-04 16:40 - 2016-01-17 11:20 - 00000000 ____D C:\Job Invoices
2016-10-04 13:10 - 2009-07-13 22:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-10-02 16:03 - 2016-04-22 07:45 - 00000000 ____D C:\Tanner
2016-10-02 13:54 - 2016-09-22 09:46 - 00000000 ____D C:\Sam
2016-10-02 13:37 - 2011-12-04 12:18 - 00173888 _____ C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
2016-10-02 12:27 - 2011-12-04 11:22 - 00173888 _____ C:\Windows\system32\GDIPFONTCACHEV1.DAT
2016-10-02 12:10 - 2016-09-19 12:14 - 00000000 ____D C:\Users\Suzanne\.qgis2
2016-10-02 12:06 - 2011-03-21 09:35 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2016-10-02 12:06 - 2011-03-21 09:35 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
 
==================== Files in the root of some directories =======
 
2011-09-01 18:50 - 2016-10-18 17:30 - 0007597 ____H () C:\Users\Suzanne\AppData\Local\Resmon.ResmonCfg
2016-10-24 14:55 - 2016-10-24 14:55 - 0240686 _____ () C:\ProgramData\1477345837.bdinstall.bin
2016-10-31 10:31 - 2016-10-31 10:31 - 0028662 _____ () C:\ProgramData\agent.1477935068.bdinstall.bin
2016-01-28 20:12 - 2016-01-28 20:12 - 0000016 _____ () C:\ProgramData\mntemp
2016-01-28 20:12 - 2016-01-28 20:12 - 0004881 _____ () C:\ProgramData\rxsmznjf.zcp
 
Files to move or delete:
====================
C:\Users\Suzanne\ExporttoKML.dll
C:\Users\Suzanne\ExporttoKML.reg
C:\Users\Suzanne\ExporttoKML_64bit.reg
C:\Users\Suzanne\ExporttoKML_INSTALL.bat
C:\Users\Suzanne\ExporttoKML_UNINSTALL.bat
 
 
Some files in TEMP:
====================
C:\Users\Suzanne\AppData\Local\Temp\qc_e3f0f3ef_27e6_4ca8_8a7c_a3d761aa54bb_64.exe
C:\Users\Suzanne\AppData\Local\Temp\SkypeSetup.exe
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-10-25 00:32
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-10-2016
Ran by Suzanne (31-10-2016 18:24:16)
Running from C:\Users\Suzanne\Desktop
Windows 7 Professional Service Pack 1 (X64) (2011-03-18 21:08:59)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-151233617-2686695857-2843107125-500 - Administrator - Disabled)
Guest (S-1-5-21-151233617-2686695857-2843107125-501 - Limited - Disabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-151233617-2686695857-2843107125-1002 - Limited - Enabled)
LogMeInRemoteUser (S-1-5-21-151233617-2686695857-2843107125-1003 - Administrator - Enabled) => C:\Users\LogMeInRemoteUser
Suzanne (S-1-5-21-151233617-2686695857-2843107125-1001 - Administrator - Enabled) => C:\Users\Suzanne
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Kaspersky Total Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AS: Kaspersky Total Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Total Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 7.2.4 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 16.04 (HKLM-x32\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Add or Remove Adobe Creative Suite 3 Design Premium (HKLM-x32\...\Adobe_498b43b77cac072081a5692bfc52804) (Version: 1.0 - Adobe Systems Incorporated)
Adobe Acrobat 8.1.5 - CPSID_49013 (HKLM-x32\...\Adobe Acrobat 8 Professional_815) (Version:  - Adobe Systems Incorporated)
Adobe Acrobat 8.1.5 Professional (HKLM-x32\...\Adobe Acrobat 8 Professional) (Version: 8.1.5 - )
Adobe Color Common Settings (HKLM-x32\...\Adobe_6c8e2cb4fd241c55406016127a6ab2e) (Version: 1.0.1 - Adobe Systems Incorporated)
Adobe ExtendScript Toolkit 2 (HKLM-x32\...\Adobe_3e054d2218e7aa282c2369d939e58ff) (Version: 2.0.2 - Adobe Systems Incorporated)
Adobe Flash Player 9 Plugin (HKLM-x32\...\{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}) (Version: 9.0.45.0 - Adobe Systems, Inc.)
AHV content for Acrobat and Flash (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Akamai NetSession Interface (HKU\S-1-5-21-151233617-2686695857-2843107125-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
Apple Application Support (32-bit) (HKLM-x32\...\{29DB9165-5FC1-48F0-9188-26123F526848}) (Version: 5.0.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{5905C8CF-1C88-4478-A48E-4E458AD1BC7E}) (Version: 5.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D4D86CB2-2370-4691-8272-3869EDED6C64}) (Version: 10.0.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ArcGIS 10.4 for Desktop (HKLM-x32\...\ArcGIS 10.4 for Desktop) (Version: 10.4.5524 - Environmental Systems Research Institute, Inc.)
ArcGIS 10.4 for Desktop (x32 Version: 10.4.5524 - Environmental Systems Research Institute, Inc.) Hidden
ArcGIS ArcReader 10 (HKLM-x32\...\ArcGIS ArcReader 10) (Version: 10.0.2414 - Environmental Systems Research Institute, Inc.)
ArcGIS Earth (HKLM\...\ArcGIS Earth) (Version: 1.0.1214 - Environmental Systems Research Institute, Inc.)
ArcGIS Earth (Version: 1.0.1214 - Environmental Systems Research Institute, Inc.) Hidden
ArcGIS License Manager 10 (HKLM-x32\...\ArcGIS License Manager 10) (Version: 10.0.2414 - Environmental Systems Research Institute, Inc.)
ArcGIS Pro (HKLM\...\ArcGISPro) (Version: 1.3.5861 - Environmental Systems Research Institute, Inc.)
ArcGIS Pro (Version: 1.3.5861 - Environmental Systems Research Institute, Inc.) Hidden
Bing Bar (HKLM-x32\...\{FF6DD716-7B10-4269-9F19-FFB07AC4CD95}) (Version: 7.3.124.0 - Microsoft Corporation)
Bing Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.470.0 - Microsoft Corporation)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
BioAPI Framework (Version: 1.0.2 - Dell Inc.) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Box Tools (HKLM-x32\...\{56647361-687B-452B-8999-6179125FFD63}) (Version: 3.2.10.1533 - Box)
Broadcom NetXtreme-I Netlink Driver and Management Installer (HKLM\...\{982E1601-0DFC-4FD3-A427-AC6570697858}) (Version: 14.0.3.2 - Broadcom Corporation)
CameraHelperMsi (x32 Version: 13.40.836.0 - Logitech) Hidden
Citrix Online Launcher (HKLM-x32\...\{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}) (Version: 1.0.408 - Citrix)
Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 3.00 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: 1.02 - Creative Technology Limited)
Custom (Version: 12.34.56.789 - Wave Systems Corp.) Hidden
CyberLink PowerDVD 9.5 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.3225 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Data Protection | Access (HKLM-x32\...\{A7D91856-258D-4C87-8041-B170851CE432}) (Version: 2.0.00000.085 - Dell Inc.)
Dell Data Protection | Access (Version: 01.01.00.085 - Wave Systems Corp) Hidden
Dell Data Protection | Access | Drivers (HKLM-x32\...\{4E4E65EE-C456-45AC-B5AD-C62C3A325BD0}) (Version: 1.00.011 - Dell Inc.)
Dell Data Protection | Access | Middleware (HKLM-x32\...\{841CBDD5-4BB5-403E-AEE3-2FADC3890BE8}) (Version: 1.00.005 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell System Manager (HKLM\...\{0DB0EA38-E806-44ED-A892-489F2E305080}) (Version: 1.5.00000 - Dell Inc.)
DellAccess (Version: 01.01.00.053 - Wave Systems Corp.) Hidden
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
EMBASSY Security Center (Version: 04.03.00.067 - Wave Systems Corp.) Hidden
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Esri CityEngine 2016.0 (HKLM\...\Esri CityEngine 2016.0) (Version: 16.0.100 - Environmental Systems Research Institute, Inc.)
Esri CityEngine 2016.0 (Version: 16.0.100 - Environmental Systems Research Institute, Inc.) Hidden
FME Desktop 2016.1.2.1 (Build 16674 - win64) (HKLM\...\{C6197A42-6BFE-1014-B1BC-EE2AC0F79D75}) (Version: 7.22.16674 - Safe Software Inc.)
Fushicai VIDEO DVR (HKLM-x32\...\{989BAFE8-E777-43D7-9749-9810E0E9FF48}) (Version: 2013.5.6 - Fushicai)
Gemalto (Version: 01.64.01.0010 - Wave Systems Corp) Hidden
Google Chrome (HKU\S-1-5-21-151233617-2686695857-2843107125-1001\...\Google Chrome) (Version: 54.0.2840.71 - Google Inc.)
Google Drive (HKLM-x32\...\{459CE109-4E46-4340-92BC-054642BC3BC2}) (Version: 1.31.2873.2758 - Google, Inc.)
Google Earth (HKLM-x32\...\{A0C18B96-AB79-46BD-8321-6FA83E6D25B9}) (Version: 7.1.7.2606 - Google)
Google Earth Pro (HKLM-x32\...\{1C63D1F0-DE50-11E2-BB78-B8AC6F98CCE3}) (Version: 7.1.1.1871 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
honestechTVR2.5 (HKLM-x32\...\{ABADD11D-1B48-4F23-BEBA-6B22CE8F5E58}) (Version: 2.5 - honestech)
honestechTVR2.5 (x32 Version: 2.5 - honestech) Hidden
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
hppLaserJetService (x32 Version: 002.015.00599 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{CE29BC77-C5AE-49D8-A8C0-FDAF6ACF74DF}) (Version: 6.0.1.41 - Apple Inc.)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{9946A4F7-E0FD-4A33-82D1-06CBFFBBB9F9}) (Version: 12.5.1.21 - Apple Inc.)
Java 8 Update 112 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180112F0}) (Version: 8.0.1120.15 - Oracle Corporation)
Java™ 6 Update 23 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416023FF}) (Version: 6.0.230 - Oracle)
JavaFX 2.1.0 (HKLM-x32\...\{1111706F-666A-4037-7777-210328764D10}) (Version: 2.1.0 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab)
Kaspersky Secure Connection (x32 Version: 17.0.0.611 - Kaspersky Lab) Hidden
Kaspersky Total Security (HKLM-x32\...\InstallWIX_{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab)
Kaspersky Total Security (x32 Version: 17.0.0.611 - Kaspersky Lab) Hidden
Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.40 - Logitech Inc.)
LogMeIn (HKLM-x32\...\{D3AE96EE-2876-4B3F-847C-D3A4AD689E43}) (Version: 4.1.1578 - LogMeIn, Inc.)
LogMeIn Client (HKLM-x32\...\{D2300C4F-CC9B-4D00-BC53-B4C806A6C7AB}) (Version: 1.3.1675 - LogMeIn, Inc.)
LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional 2016 - en-us (HKLM\...\ProfessionalRetail - en-us) (Version: 16.0.7369.2038 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movavi Video Editor 11 (HKLM-x32\...\Movavi Video Editor 11) (Version: 11.2.0 - Movavi)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyHarmony (HKU\S-1-5-21-151233617-2686695857-2843107125-1001\...\036a0e4fc6a247ec) (Version: 1.0.1.257 - Logitech)
NTRU TCG Software Stack (Version: 2.1.34 - Security Innovation) Hidden
NVIDIA 3D Vision Driver 358.91 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 358.91 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5929 - NVIDIA Corporation)
NVIDIA Graphics Driver 358.91 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 358.91 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA nView 146.78 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 146.78 - NVIDIA Corporation)
NVIDIA WMI 2.24.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVWMI) (Version: 2.24.0 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7369.2038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7369.2038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7369.2038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7369.2038 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
PC-CCID (Version: 2.0.0 - Gemalto) Hidden
PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
Preboot Manager (Version: 03.03.00.049 - Wave Systems Corp.) Hidden
Private Information Manager (Version: 07.01.00.007 - Wave Systems Corp.) Hidden
Python 2.5 numpy-1.0.3 (HKLM-x32\...\numpy-py2.5) (Version:  - )
Python 2.5 numpy-1.0.3 (HKLM-x32\...\Python 2.5 numpy-1.0.3) (Version:  - )
Python 2.5.1 (HKLM-x32\...\Python 2.5.1) (Version:  - )
QGIS 2.16 2.16.2 Nødebo (HKLM\...\QGIS 2.16) (Version:  - QGIS Development Team)
Quicken 2012 (HKLM-x32\...\{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}) (Version: 21.1.7.18 - Intuit)
Quicken 2015 (HKLM-x32\...\{00C2D443-43D9-4550-ABEA-318288E23E57}) (Version: 24.1.11.1 - Intuit)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
Rosetta Stone Language Training (HKLM-x32\...\{00384623-4937-4D7D-BDD9-23513D1C50AB}) (Version: 5.0.37.0 - Rosetta Stone, Ltd)
Rosetta Stone Ltd Services (HKLM-x32\...\{3165E4A6-D5DE-46B0-8597-D55E2B826B84}) (Version: 3.2.21 - Rosetta Stone Ltd.)
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Sentinel System Driver(64-bit) 7.2.2 (HKLM\...\{97407E09-4EA8-49F0-A513-2C1776A6DEC0}) (Version: 7.2.2 - SafeNet, Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 7.29 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.29.102 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
SPBA 5.9 (Version: 5.9.4.6686 - UPEK Inc.) Hidden
Trusted Drive Manager (Version: 4.0.0.512 - Wave Systems Corp.) Hidden
Upek Touchchip Fingerprint Reader (Version: 1.2.004 - Dell Inc.) Hidden
Wave Infrastructure Installer (Version: 07.66.40.0008 - Wave Systems Corp) Hidden
Wave Support Software Installer (Version: 05.13.00.014 - Wave Systems Corp) Hidden
Windows Driver Package - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinZip 16.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240D3}) (Version: 16.5.10095 - WinZip Computing, S.L. )
XnConvert 1.73 (HKLM\...\XnConvert_is1) (Version: 1.73 - Gougelet Pierre-e)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileCoAuthLib64.dll => No Fil (the data entry has 1 more characters).
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Suzanne\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe => No File
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0DC59238-B059-4EFF-9CF9-9A8CA49C9C53} - System32\Tasks\{0413D07A-8D30-4D5A-BE61-486976FB485F} => C:\Program Files (x86)\iTunes\iTunes.exe
Task: {15D894C6-8C07-4502-817B-3633CBC2F6A0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: {16E7A5FB-0D27-4FFC-935D-CB64441A4BD1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-151233617-2686695857-2843107125-1001Core1cf23885969d023 => C:\Users\Suzanne\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {19E720E5-12AA-4EE3-9C27-83BF10CA2419} - System32\Tasks\{A4BA670A-111C-4595-88DE-44B1BC131F3C} => C:\Program Files (x86)\iTunes\iTunes.exe
Task: {296820CE-CF2E-4BF6-A702-4363873404AB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-151233617-2686695857-2843107125-1001Core => C:\Users\Suzanne\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {3B786855-FB5F-4C15-B445-7A740D115058} - System32\Tasks\{04FF8751-D100-4F82-BE83-D96DAFA59B39} => C:\Program Files (x86)\iTunes\iTunes.exe
Task: {48239E39-A010-47DA-A4BA-F13478A0CAE6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-151233617-2686695857-2843107125-1001UA => C:\Users\Suzanne\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {65729D44-5252-401D-B2CF-BAF410DE527B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {66732F40-8D0E-4B61-A60C-AEBCC6F3114C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {6B1929ED-F652-45B4-91AF-2B689541E8D6} - System32\Tasks\RegClean Pro_UPDATES => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {708F24B9-28BC-47E9-B04A-16B31A1C6744} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-151233617-2686695857-2843107125-1001UA1cf23886a25815c => C:\Users\Suzanne\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {87B96AB0-7AB8-4E37-A083-9C8B6952E13E} - System32\Tasks\{4D5AC19A-5FF4-4A2F-A1AF-3E5DD0BAAB0C} => D:\autorun.exe
Task: {964025AA-7830-4AC4-B364-E67585C17F61} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-08] (Microsoft Corporation)
Task: {A9C69709-F628-4E15-AA80-357F047BB55C} - System32\Tasks\G2MUpdateTask-S-1-5-21-151233617-2686695857-2843107125-1001 => C:\Program Files (x86)\Citrix\GoToMeeting\5742\g2mupdate.exe
Task: {B24AE1E3-4FF1-4DF0-8E8A-FFEAF516B368} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-08] (Microsoft Corporation)
Task: {B2AEA276-409F-468F-9DE6-98B2696BD095} - System32\Tasks\RegClean Pro_DEFAULT => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {B85041F5-4507-4DF4-B32F-2120AD6A00B5} - System32\Tasks\{89B37D2F-F8B6-4666-BC35-FCBF4333D964} => D:\autorun.exe
Task: {CEABA74D-1DA7-4D11-8436-1C4F8EC1EA84} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-151233617-2686695857-2843107125-1001UA1d0013a3ffd0f14 => C:\Users\Suzanne\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {CFB72B10-B94B-4668-8030-98F6B2092CD2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {D957B3D7-A0E7-47BE-A2B1-44A42E4C19DF} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2016-09-09] (Apple Inc.)
Task: {DC286D2F-C572-45D8-9115-DB9BC8B91E53} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-151233617-2686695857-2843107125-1001Core1d0013a3e4c6110 => C:\Users\Suzanne\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {E69A5AB1-5E51-4F59-AA96-C7F1360BDE91} - System32\Tasks\DigitalSite => C:\Users\Suzanne\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {F3F98508-023D-412B-A62A-F3C4D70BB29E} - System32\Tasks\G2MUploadTask-S-1-5-21-151233617-2686695857-2843107125-1001 => C:\Program Files (x86)\Citrix\GoToMeeting\5742\g2mupload.exe
Task: {FC0618F9-7884-4336-81D7-22AF35483A9C} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2016-08-23] (AO Kaspersky Lab)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\DigitalSite.job => C:\Users\Suzanne\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-151233617-2686695857-2843107125-1001Core.job => C:\Users\Suzanne\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-151233617-2686695857-2843107125-1001Core1cf23885969d023.job => C:\Users\Suzanne\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-151233617-2686695857-2843107125-1001Core1d0013a3e4c6110.job => C:\Users\Suzanne\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-151233617-2686695857-2843107125-1001UA.job => C:\Users\Suzanne\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-151233617-2686695857-2843107125-1001UA1cf23886a25815c.job => C:\Users\Suzanne\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-151233617-2686695857-2843107125-1001UA1d0013a3ffd0f14.job => C:\Users\Suzanne\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\RegClean Pro_DEFAULT.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: C:\Windows\Tasks\RegClean Pro_UPDATES.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Web Applications\pinterest.com\http_80\Pinterest _ Goodies.lnk -> C:\Users\Suzanne\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --app=hxxp://pinterest.com/about/goodies/
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-01-28 10:39 - 2015-11-10 02:32 - 03088712 _____ () C:\Windows\system32\nvwmi64.exe
2016-01-28 10:38 - 2015-11-05 08:13 - 00116528 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-09-01 18:12 - 2016-09-01 18:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-09-01 18:12 - 2016-09-01 18:12 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-09-06 13:21 - 2016-10-08 00:52 - 08923840 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-01-28 10:39 - 2015-11-10 02:26 - 01941304 _____ () C:\Program Files\NVIDIA Corporation\nView\nViewH64.dll
2013-06-13 17:07 - 2013-03-25 10:57 - 00727952 _____ () C:\Windows\SysWOW64\WSCM64.dll
2011-03-14 16:20 - 2015-11-10 02:30 - 00726160 _____ () C:\Program Files\NVIDIA Corporation\nview\nvshell.dll
2016-01-28 10:39 - 2015-11-10 02:26 - 01315128 _____ () C:\Program Files\NVIDIA Corporation\nView\nViewMain64.exe
2016-01-28 10:39 - 2015-11-10 02:26 - 01187656 _____ () C:\Program Files\NVIDIA Corporation\nView\nViewMain.exe
2016-01-28 20:32 - 2009-11-03 10:19 - 00409088 _____ () C:\Program Files (x86)\honestech\honestech TVR 2.5\scheduleTV.exe
2010-11-17 08:35 - 2010-11-17 08:35 - 00514544 ____N () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
2011-11-11 14:07 - 2011-11-11 14:07 - 00265240 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2011-08-12 12:19 - 2011-08-12 12:19 - 00680984 _____ () C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
2016-06-28 00:19 - 2016-06-28 00:19 - 00865232 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\kpcengine.2.3.dll
2016-10-04 09:55 - 2016-01-01 02:00 - 00100352 ___SH () c:\users\suzanne\appdata\roaming\microcofturdatent\msimg32.dll
2016-09-12 23:03 - 2016-09-12 23:03 - 01359320 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\KasperskyLab.Ksde.NativeInterop.dll
2016-10-04 09:55 - 2016-01-01 02:00 - 00100352 ___SH () C:\Users\Suzanne\AppData\Roaming\MicrocoftUrdateNT\MSIMG32.dll
2016-01-28 10:39 - 2015-11-10 02:26 - 01582408 _____ () C:\Program Files\NVIDIA Corporation\nView\nViewH.dll
2016-09-01 18:13 - 2016-09-01 18:13 - 01041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-09-01 18:13 - 2016-09-01 18:13 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2016-09-01 18:12 - 2016-09-01 18:12 - 00189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2016-10-31 15:49 - 2016-10-31 15:49 - 00098816 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI57282\win32api.pyd
2016-10-31 15:49 - 2016-10-31 15:49 - 00110080 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI57282\pywintypes27.dll
2016-10-31 15:49 - 2016-10-31 15:49 - 00364544 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI57282\pythoncom27.dll
2016-10-31 15:49 - 2016-10-31 15:49 - 00320512 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI57282\win32com.shell.shell.pyd
2016-10-31 15:49 - 2016-10-31 15:49 - 00776704 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI57282\_hashlib.pyd
2016-10-31 15:49 - 2016-10-31 15:49 - 01176576 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI57282\wx._core_.pyd
2016-10-31 15:49 - 2016-10-31 15:49 - 00806400 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI57282\wx._gdi_.pyd
2016-10-31 15:49 - 2016-10-31 15:49 - 00816128 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI57282\wx._windows_.pyd
2016-10-31 15:49 - 2016-10-31 15:49 - 01067008 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI57282\wx._controls_.pyd
2016-10-31 15:49 - 2016-10-31 15:49 - 00733184 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI57282\wx._misc_.pyd
2016-10-31 15:49 - 2016-10-31 15:49 - 00682496 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI57282\pysqlite2._sqlite.pyd
2016-10-31 15:49 - 2016-10-31 15:49 - 00088064 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI57282\_ctypes.pyd
2016-10-31 15:49 - 2016-10-31 15:49 - 00119808 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI57282\win32file.pyd
2016-10-31 15:49 - 2016-10-31 15:49 - 00108544 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI57282\win32security.pyd
2016-10-31 15:49 - 2016-10-31 15:49 - 00007168 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI57282\hashobjs_ext.pyd
2016-10-31 15:49 - 2016-10-31 15:49 - 00017920 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI57282\thumbnails_ext.pyd
2016-10-31 15:49 - 2016-10-31 15:49 - 00088064 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI57282\usb_ext.pyd
2016-10-31 15:49 - 2016-10-31 15:49 - 00012800 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI57282\common.time34.pyd
2016-10-31 15:49 - 2016-10-31 15:49 - 00018432 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI57282\win32event.pyd
2016-10-31 15:49 - 2016-10-31 15:49 - 00167936 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI57282\win32gui.pyd
2016-10-31 15:49 - 2016-10-31 15:49 - 00046080 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI57282\_socket.pyd
2016-10-31 15:49 - 2016-10-31 15:49 - 01208320 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI57282\_ssl.pyd
2016-10-31 15:49 - 2016-10-31 15:49 - 00128512 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI57282\_elementtree.pyd
2016-10-31 15:49 - 2016-10-31 15:49 - 00127488 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI57282\pyexpat.pyd
2016-10-31 15:49 - 2016-10-31 15:49 - 00038912 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI57282\win32inet.pyd
2016-10-31 15:49 - 2016-10-31 15:49 - 00036864 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI57282\_psutil_windows.pyd
2016-10-31 15:49 - 2016-10-31 15:49 - 00525208 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI57282\windows._lib_cacheinvalidation.pyd
2016-10-31 15:49 - 2016-10-31 15:49 - 00011264 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI57282\win32crypt.pyd
2016-10-31 15:49 - 2016-10-31 15:49 - 00077312 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI57282\wx._html2.pyd
2016-10-31 15:49 - 2016-10-31 15:49 - 00027136 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI57282\_multiprocessing.pyd
2016-10-31 15:49 - 2016-10-31 15:49 - 00020480 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI57282\_yappi.pyd
2016-10-31 15:49 - 2016-10-31 15:49 - 00035840 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI57282\win32process.pyd
2016-10-31 15:49 - 2016-10-31 15:49 - 00686080 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI57282\unicodedata.pyd
2016-10-31 15:49 - 2016-10-31 15:49 - 00078848 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI57282\wx._animate.pyd
2016-10-31 15:49 - 2016-10-31 15:49 - 00123392 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI57282\wx._wizard.pyd
2016-10-31 15:49 - 2016-10-31 15:49 - 00024064 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI57282\win32pipe.pyd
2016-10-31 15:49 - 2016-10-31 15:49 - 00010240 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI57282\select.pyd
2016-10-31 15:49 - 2016-10-31 15:49 - 00025600 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI57282\win32pdh.pyd
2016-10-31 15:49 - 2016-10-31 15:49 - 00017408 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI57282\win32profile.pyd
2016-10-31 15:49 - 2016-10-31 15:49 - 00022528 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI57282\win32ts.pyd
2016-01-28 20:32 - 2008-04-27 19:06 - 00053248 _____ () C:\Program Files (x86)\honestech\honestech TVR 2.5\ReadRemoteKey.dll
2010-11-24 20:44 - 2010-11-24 20:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 02145304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 07956504 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 00342552 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 00029208 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 00128536 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2011-12-12 15:44 - 2011-12-12 15:44 - 00336408 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2007-05-11 00:50 - 2007-05-11 00:50 - 00017024 _____ () C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\viewerps.dll
2016-10-25 08:16 - 2016-10-20 01:47 - 01819240 _____ () C:\Users\Suzanne\AppData\Local\Google\Chrome\Application\54.0.2840.71\libglesv2.dll
2016-10-25 08:16 - 2016-10-20 01:47 - 00093288 _____ () C:\Users\Suzanne\AppData\Local\Google\Chrome\Application\54.0.2840.71\libegl.dll
2016-09-06 13:15 - 2016-10-18 11:32 - 03593408 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\gfx.dll
2016-08-28 18:41 - 2016-04-12 17:31 - 36632000 _____ () C:\Program Files (x86)\Quicken\libcef.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Windows\SysWOW64\ractrlkeyhook.dll:BDU [22]
AlternateDataStreams: C:\Windows\SysWOW64\TABCTL32.htm:BDU [22]
AlternateDataStreams: C:\Users\Suzanne\Downloads\ArcGISPro_5023_149395.exe:BDU [0]
AlternateDataStreams: C:\Users\Suzanne\Downloads\ArcGIS_Desktop_104_149411.exe:BDU [0]
AlternateDataStreams: C:\Users\Suzanne\Downloads\ArcGIS_Earth_x64_Setup_1.0.exe:BDU [0]
AlternateDataStreams: C:\Users\Suzanne\Downloads\BoxEditInstaller.exe:BDU [0]
AlternateDataStreams: C:\Users\Suzanne\Downloads\ChromeSetup.exe:BDU [0]
AlternateDataStreams: C:\Users\Suzanne\Downloads\CityEngine_2016_0_150261.exe:BDU [0]
AlternateDataStreams: C:\Users\Suzanne\Downloads\Driver207win (1).exe:BDU [0]
AlternateDataStreams: C:\Users\Suzanne\Downloads\Driver207win.exe:BDU [0]
AlternateDataStreams: C:\Users\Suzanne\Downloads\easycapture_setup_1.2.0.exe:BDU [0]
AlternateDataStreams: C:\Users\Suzanne\Downloads\PatchFinder.exe:BDU [0]
AlternateDataStreams: C:\Users\Suzanne\Downloads\Setup.X86.en-US_ProfessionalRetail_bd258168-37e4-471a-92f1-93d2ff205f62_TX_PR_.exe:BDU [0]
AlternateDataStreams: C:\Users\Suzanne\Downloads\wlsetup-web.exe:BDU [0]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2016-10-24 14:41 - 00003072 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-151233617-2686695857-2843107125-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Suzanne\Pictures\gumby.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{41422E44-3406-4A93-B450-2D312C87D6E1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{D4A758E9-3C0D-44E8-ADB2-854FC98DFE5D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{3157DD3A-319D-4D65-B6AB-93ADB4D0C653}] => (Allow) LPort=3703
FirewallRules: [{441D9186-92A4-4803-BA11-81797D55FA23}] => (Allow) LPort=3704
FirewallRules: [{DEB659CD-54F8-41A1-80B9-58AA05256D7E}] => (Allow) LPort=50900
FirewallRules: [{91D4E84B-47C9-40A2-AD72-5E88730A454E}] => (Allow) LPort=50901
FirewallRules: [{88989606-90A7-4BB1-BD7C-1CE9214F2628}] => (Allow) C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
FirewallRules: [{EF737E9D-43CF-4486-8F8D-DA1CD805EBB2}] => (Allow) C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
FirewallRules: [TCP Query User{3657E126-8208-4A49-AF8E-8C2F67290776}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{A8990542-A0F9-4F21-A280-9B40215B48F5}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{35C514E1-2A7C-414C-9DBF-3CFD2041C813}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [UDP Query User{8D9A34C2-1F86-4732-9B17-16CDEF0FA141}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [{744D57AA-4761-4FD7-AC38-DB3F978D2CD5}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{2CE9DC3A-C8E0-4E2B-ABEA-63A5EA4C8B6E}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [TCP Query User{BA4A4083-E4AE-4689-8489-6853D6966CA5}C:\program files (x86)\orbitdownloader\orbitnet.exe] => (Allow) C:\program files (x86)\orbitdownloader\orbitnet.exe
FirewallRules: [UDP Query User{8A3E9F7D-57F0-4896-92D0-9AD22349AD68}C:\program files (x86)\orbitdownloader\orbitnet.exe] => (Allow) C:\program files (x86)\orbitdownloader\orbitnet.exe
FirewallRules: [TCP Query User{FB2964C2-23C2-45D0-AD6C-63A6609EF4C6}C:\program files (x86)\arcgis\desktop10.0\bin\arcmap.exe] => (Allow) C:\program files (x86)\arcgis\desktop10.0\bin\arcmap.exe
FirewallRules: [UDP Query User{FB3D0B7A-D1E0-4659-A4CD-B16994194ABE}C:\program files (x86)\arcgis\desktop10.0\bin\arcmap.exe] => (Allow) C:\program files (x86)\arcgis\desktop10.0\bin\arcmap.exe
FirewallRules: [TCP Query User{F150EBA6-1731-46CF-84A8-C7CAE1819E92}C:\program files (x86)\orbitdownloader\orbitnet.exe] => (Allow) C:\program files (x86)\orbitdownloader\orbitnet.exe
FirewallRules: [UDP Query User{1BE6857F-5A65-4110-955F-0879D273B82F}C:\program files (x86)\orbitdownloader\orbitnet.exe] => (Allow) C:\program files (x86)\orbitdownloader\orbitnet.exe
FirewallRules: [{84C9C5E3-7B7F-4CCE-BB5C-56554272AACC}] => (Allow) %ProgramFiles% (x86)\iTunes\iTunes.exe
FirewallRules: [TCP Query User{ABFFB7A9-9081-4825-A3F0-E7F43010878B}C:\users\suzanne\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\suzanne\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{8B3ED360-E7F8-4AD0-AF68-9A97502C9E20}C:\users\suzanne\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\suzanne\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{CED04AFF-E697-456D-9774-CFE97754AEED}C:\users\suzanne\appdata\local\temp\lmi1467.tmp\logmein client.exe] => (Allow) C:\users\suzanne\appdata\local\temp\lmi1467.tmp\logmein client.exe
FirewallRules: [UDP Query User{5595BF07-86BD-492A-B9BF-CD836622E16C}C:\users\suzanne\appdata\local\temp\lmi1467.tmp\logmein client.exe] => (Allow) C:\users\suzanne\appdata\local\temp\lmi1467.tmp\logmein client.exe
FirewallRules: [TCP Query User{99EA1E7D-E49D-4A49-AEBB-E07858ECDF90}C:\users\suzanne\appdata\local\logmein client\logmein client.exe] => (Allow) C:\users\suzanne\appdata\local\logmein client\logmein client.exe
FirewallRules: [UDP Query User{4C89C0BD-E6C6-436C-B0DF-97C7E2082B7E}C:\users\suzanne\appdata\local\logmein client\logmein client.exe] => (Allow) C:\users\suzanne\appdata\local\logmein client\logmein client.exe
FirewallRules: [TCP Query User{B5C8AFCC-5C87-4757-B0DD-F995D841735B}C:\users\suzanne\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\suzanne\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{A3463A72-67CB-4961-9734-66F4D88F62DD}C:\users\suzanne\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\suzanne\appdata\local\akamai\netsession_win.exe
FirewallRules: [{732EAA20-57DD-4604-9510-F1A736F7BAD8}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdServices.exe
FirewallRules: [{9655D171-2832-45E1-B9C0-6776DE56CFA1}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdServices.exe
FirewallRules: [{B5B9EB9D-00F6-4463-8971-C64EBAF5BBD5}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
FirewallRules: [{83CACCBF-39E6-4BD9-9EFD-D20D2004CDAC}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
FirewallRules: [TCP Query User{23D6FAE3-CFF4-49F6-8D2C-23C474FE0321}C:\users\suzanne\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\suzanne\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{E6DC87CD-29DA-44C9-8F95-6687908B57BF}C:\users\suzanne\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\suzanne\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{67A479B6-923D-4EBE-9C6C-46EB93EFE929}C:\users\suzanne\appdata\local\logmein client\lmiignition.exe] => (Allow) C:\users\suzanne\appdata\local\logmein client\lmiignition.exe
FirewallRules: [UDP Query User{C3F93811-B9A0-4376-89C2-C672A2C25C12}C:\users\suzanne\appdata\local\logmein client\lmiignition.exe] => (Allow) C:\users\suzanne\appdata\local\logmein client\lmiignition.exe
FirewallRules: [TCP Query User{AC34F27F-9FE1-414A-A6D1-996DF99FC468}C:\program files (x86)\logmein\ignition\lmiignition.exe] => (Allow) C:\program files (x86)\logmein\ignition\lmiignition.exe
FirewallRules: [UDP Query User{A0452389-3C2D-4086-9FDF-A72BC9984728}C:\program files (x86)\logmein\ignition\lmiignition.exe] => (Allow) C:\program files (x86)\logmein\ignition\lmiignition.exe
FirewallRules: [TCP Query User{B701E11A-7F07-48BB-A60F-083DD8563891}C:\program files (x86)\arcgis\desktop10.2\bin\arcmap.exe] => (Allow) C:\program files (x86)\arcgis\desktop10.2\bin\arcmap.exe
FirewallRules: [UDP Query User{822A887B-A1DA-4BCE-AF99-228B45B6115D}C:\program files (x86)\arcgis\desktop10.2\bin\arcmap.exe] => (Allow) C:\program files (x86)\arcgis\desktop10.2\bin\arcmap.exe
FirewallRules: [TCP Query User{FBDB9957-690B-46CA-9507-A55E39F321D2}C:\program files (x86)\arcgis\desktop10.2\bin\arccatalog.exe] => (Allow) C:\program files (x86)\arcgis\desktop10.2\bin\arccatalog.exe
FirewallRules: [UDP Query User{B19595DA-CF6D-4993-9589-8DA867853C46}C:\program files (x86)\arcgis\desktop10.2\bin\arccatalog.exe] => (Allow) C:\program files (x86)\arcgis\desktop10.2\bin\arccatalog.exe
FirewallRules: [{F451F5B4-04F5-4F2E-A2A5-A1913F4A7038}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F62383D0-7692-43D3-B48C-6C655144597E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{68FE5D4D-2129-4A80-B807-3394670D2B14}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7AF72695-1DCE-40D2-8B00-9F43872CAE9E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{58D8F0A2-EA3F-42E9-8E80-DC8D20C21CED}C:\program files (x86)\logmein ignition\lmiignition.exe] => (Allow) C:\program files (x86)\logmein ignition\lmiignition.exe
FirewallRules: [UDP Query User{4402769C-36F7-4AED-9682-C563834A6BA0}C:\program files (x86)\logmein ignition\lmiignition.exe] => (Allow) C:\program files (x86)\logmein ignition\lmiignition.exe
FirewallRules: [{71A8EF7F-EC4E-4034-A704-E825B4EA9F49}] => (Allow) LPort=49384
FirewallRules: [{E1F7B4C3-9119-46DB-9117-AAE5FFEC99B8}] => (Allow) LPort=5000
FirewallRules: [{7B0CB2F1-0228-4081-B443-9B03EB4463B9}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{4A855208-1C2D-4AD7-997C-62367249E94C}] => (Allow) LPort=2869
FirewallRules: [{18298327-6A1A-4BB3-B212-C95EA99A50E6}] => (Allow) LPort=1900
FirewallRules: [{6F69F51A-0A4B-4F38-8731-194E3124255B}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [TCP Query User{0F13D120-B627-4479-BF00-9C512AE3C600}C:\users\suzanne\appdata\local\temp\g2_1826\g2viewer.exe] => (Allow) C:\users\suzanne\appdata\local\temp\g2_1826\g2viewer.exe
FirewallRules: [UDP Query User{028224AD-E439-4657-A5AC-9562C1035FED}C:\users\suzanne\appdata\local\temp\g2_1826\g2viewer.exe] => (Allow) C:\users\suzanne\appdata\local\temp\g2_1826\g2viewer.exe
FirewallRules: [{4A41CC16-99B3-4869-9F40-7F7FCA0D1336}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{96BECEC8-C48A-4B9B-B6E7-0E9B28B08B26}C:\users\suzanne\appdata\local\temp\g2_1875\g2viewer.exe] => (Allow) C:\users\suzanne\appdata\local\temp\g2_1875\g2viewer.exe
FirewallRules: [UDP Query User{15CE6E14-27AE-4F1B-82AB-40680753D602}C:\users\suzanne\appdata\local\temp\g2_1875\g2viewer.exe] => (Allow) C:\users\suzanne\appdata\local\temp\g2_1875\g2viewer.exe
FirewallRules: [TCP Query User{89D3265B-BB7B-410D-B259-7EA747FA1386}C:\program files\esri\cityengine2016.0\cityengine.exe] => (Allow) C:\program files\esri\cityengine2016.0\cityengine.exe
FirewallRules: [UDP Query User{9A2A33F9-F5FA-42F3-AA18-83D84CE63C12}C:\program files\esri\cityengine2016.0\cityengine.exe] => (Allow) C:\program files\esri\cityengine2016.0\cityengine.exe
FirewallRules: [TCP Query User{1429D159-427C-44DE-93EC-9CDA37841971}C:\program files (x86)\adobe\adobe dreamweaver cs3\dreamweaver.exe] => (Allow) C:\program files (x86)\adobe\adobe dreamweaver cs3\dreamweaver.exe
FirewallRules: [UDP Query User{5293B334-C0B4-400D-BD84-54557DD9465B}C:\program files (x86)\adobe\adobe dreamweaver cs3\dreamweaver.exe] => (Allow) C:\program files (x86)\adobe\adobe dreamweaver cs3\dreamweaver.exe
FirewallRules: [{DA9B2384-EFC5-4F09-B4F7-BC349D18D701}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{97284FD0-7786-4CB2-89B3-EDFC047DD166}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{3D6C4DCB-D476-41B7-BA83-8A2B70ACE023}] => (Allow) LPort=49265
FirewallRules: [{0CC91500-002A-4D41-B0B4-5523DBBEE0F6}] => (Allow) C:\Program Files\FME\fme.exe
FirewallRules: [{9AF969F5-A10B-4B61-B44C-296DE23664B9}] => (Allow) LPort=3389
FirewallRules: [{C66743B9-C5BF-4B60-8FF4-B16356BC9521}] => (Allow) LPort=443
FirewallRules: [{21DEDBCE-7291-4012-828A-B5536B025A0E}] => (Allow) LPort=443
FirewallRules: [{8FAFAC91-9911-4ACC-A07A-E1EB32FF4382}] => (Allow) LPort=443
FirewallRules: [{DB9B0B58-343A-483B-BB9A-D3C61817B2B6}] => (Allow) LPort=443
FirewallRules: [{81B805D5-9DA0-4078-B38E-7EB1D72198BA}] => (Allow) LPort=443
FirewallRules: [{EC95BDCC-0E2B-4806-BA68-E63AE97F21C9}] => (Allow) LPort=443
FirewallRules: [{1F5EFC2F-C3C2-4433-9248-D1D2C954819B}] => (Allow) C:\Users\Suzanne\AppData\Local\Google\Chrome\Application\chrome.exe
FirewallRules: [{4FFC1687-42E8-4AA2-8A72-2FE7264159B9}] => (Allow) C:\Program Files (x86)\HP\csiInstaller\5C069542-CA13-4f1b-B90C-28C6430F4992\Installer\hpbcsiInstaller.exe
FirewallRules: [{153D02CF-2359-4776-86E8-E89CEE3E760B}] => (Allow) C:\Program Files (x86)\HP\csiInstaller\5C069542-CA13-4f1b-B90C-28C6430F4992\Installer\hpbcsiInstaller.exe
FirewallRules: [{8B043BC7-780E-4F60-8AF7-37CAA3A99398}] => (Allow) LPort=49267
FirewallRules: [{4AA4EEBB-01A0-4445-977C-7614DA3B9AD5}] => (Allow) LPort=5000
DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7
 
==================== Restore Points =========================
 
31-10-2016 10:30:17 Removed HP FWUpdateEDO3
31-10-2016 13:44:15 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/31/2016 10:35:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HPLaserJetService.exe, version: 2.15.599.0, time stamp: 0x4cc5ee57
Faulting module name: hppccompio.DLL, version: 1.3.0.24, time stamp: 0x4c9685d0
Exception code: 0xc0000417
Fault offset: 0x000073bf
Faulting process id: 0xb14
Faulting application start time: 0x01d2339d3202c95f
Faulting application path: C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
Faulting module path: C:\Windows\system32\hppccompio.DLL
Report Id: 7042091e-9f90-11e6-8663-bc305bd66386
 
Error: (10/31/2016 10:35:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HPLaserJetService.exe, version: 2.15.599.0, time stamp: 0x4cc5ee57
Faulting module name: hppccompio.DLL, version: 1.3.0.24, time stamp: 0x4c9685d0
Exception code: 0xc0000417
Fault offset: 0x000073bf
Faulting process id: 0x8e4
Faulting application start time: 0x01d2339d2b45ae8c
Faulting application path: C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
Faulting module path: C:\Windows\system32\hppccompio.DLL
Report Id: 69795560-9f90-11e6-8663-bc305bd66386
 
Error: (10/31/2016 10:35:17 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HPLaserJetService.exe, version: 2.15.599.0, time stamp: 0x4cc5ee57
Faulting module name: hppccompio.DLL, version: 1.3.0.24, time stamp: 0x4c9685d0
Exception code: 0xc0000417
Fault offset: 0x000073bf
Faulting process id: 0x11f8
Faulting application start time: 0x01d2339d2488baca
Faulting application path: C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
Faulting module path: C:\Windows\system32\hppccompio.DLL
Report Id: 62be0f54-9f90-11e6-8663-bc305bd66386
 
Error: (10/31/2016 10:35:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HPLaserJetService.exe, version: 2.15.599.0, time stamp: 0x4cc5ee57
Faulting module name: hppccompio.DLL, version: 1.3.0.24, time stamp: 0x4c9685d0
Exception code: 0xc0000417
Fault offset: 0x000073bf
Faulting process id: 0xd0c
Faulting application start time: 0x01d2339d1dcb51d7
Faulting application path: C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
Faulting module path: C:\Windows\system32\hppccompio.DLL
Report Id: 5bffbbfd-9f90-11e6-8663-bc305bd66386
 
Error: (10/31/2016 10:34:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HPLaserJetService.exe, version: 2.15.599.0, time stamp: 0x4cc5ee57
Faulting module name: hppccompio.DLL, version: 1.3.0.24, time stamp: 0x4c9685d0
Exception code: 0xc0000417
Fault offset: 0x000073bf
Faulting process id: 0x43c
Faulting application start time: 0x01d2339d170de8e3
Faulting application path: C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
Faulting module path: C:\Windows\system32\hppccompio.DLL
Report Id: 554427d0-9f90-11e6-8663-bc305bd66386
 
Error: (10/31/2016 10:34:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HPLaserJetService.exe, version: 2.15.599.0, time stamp: 0x4cc5ee57
Faulting module name: hppccompio.DLL, version: 1.3.0.24, time stamp: 0x4c9685d0
Exception code: 0xc0000417
Fault offset: 0x000073bf
Faulting process id: 0x19ac
Faulting application start time: 0x01d2339d10507ff0
Faulting application path: C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
Faulting module path: C:\Windows\system32\hppccompio.DLL
Report Id: 4e8697cc-9f90-11e6-8663-bc305bd66386
 
Error: (10/31/2016 10:34:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HPLaserJetService.exe, version: 2.15.599.0, time stamp: 0x4cc5ee57
Faulting module name: hppccompio.DLL, version: 1.3.0.24, time stamp: 0x4c9685d0
Exception code: 0xc0000417
Fault offset: 0x000073bf
Faulting process id: 0xf00
Faulting application start time: 0x01d2339d09927aba
Faulting application path: C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
Faulting module path: C:\Windows\system32\hppccompio.DLL
Report Id: 47cbee03-9f90-11e6-8663-bc305bd66386
 
Error: (10/31/2016 10:34:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HPLaserJetService.exe, version: 2.15.599.0, time stamp: 0x4cc5ee57
Faulting module name: hppccompio.DLL, version: 1.3.0.24, time stamp: 0x4c9685d0
Exception code: 0xc0000417
Fault offset: 0x000073bf
Faulting process id: 0x26b0
Faulting application start time: 0x01d2339d02d511c6
Faulting application path: C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
Faulting module path: C:\Windows\system32\hppccompio.DLL
Report Id: 410954dc-9f90-11e6-8663-bc305bd66386
 
Error: (10/31/2016 10:34:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HPLaserJetService.exe, version: 2.15.599.0, time stamp: 0x4cc5ee57
Faulting module name: hppccompio.DLL, version: 1.3.0.24, time stamp: 0x4c9685d0
Exception code: 0xc0000417
Fault offset: 0x000073bf
Faulting process id: 0x94c
Faulting application start time: 0x01d2339cfc181e04
Faulting application path: C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
Faulting module path: C:\Windows\system32\hppccompio.DLL
Report Id: 3a4dc0af-9f90-11e6-8663-bc305bd66386
 
Error: (10/31/2016 10:33:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HPLaserJetService.exe, version: 2.15.599.0, time stamp: 0x4cc5ee57
Faulting module name: hppccompio.DLL, version: 1.3.0.24, time stamp: 0x4c9685d0
Exception code: 0xc0000417
Fault offset: 0x000073bf
Faulting process id: 0x19e0
Faulting application start time: 0x01d2339cf55adc21
Faulting application path: C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
Faulting module path: C:\Windows\system32\hppccompio.DLL
Report Id: 33936507-9f90-11e6-8663-bc305bd66386
 
 
System errors:
=============
Error: (10/31/2016 02:54:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Sentinel service failed to start due to the following error: 
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Error: (10/31/2016 02:52:08 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The NTRU TSS v1.2.1.34 TCS service depends the following service: TBS. This service might not be installed.
 
Error: (10/31/2016 12:33:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Sentinel service failed to start due to the following error: 
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Error: (10/31/2016 12:29:44 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The NTRU TSS v1.2.1.34 TCS service depends the following service: TBS. This service might not be installed.
 
Error: (10/31/2016 10:35:40 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP LaserJet Service service terminated unexpectedly.  It has done this 255 time(s).
 
Error: (10/31/2016 10:35:28 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP LaserJet Service service terminated unexpectedly.  It has done this 254 time(s).
 
Error: (10/31/2016 10:35:17 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP LaserJet Service service terminated unexpectedly.  It has done this 253 time(s).
 
Error: (10/31/2016 10:35:06 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP LaserJet Service service terminated unexpectedly.  It has done this 252 time(s).
 
Error: (10/31/2016 10:34:54 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP LaserJet Service service terminated unexpectedly.  It has done this 251 time(s).
 
Error: (10/31/2016 10:34:43 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP LaserJet Service service terminated unexpectedly.  It has done this 250 time(s).
 
 
CodeIntegrity:
===================================
  Date: 2016-10-31 14:54:41.728
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\Sentinel64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-10-31 14:54:41.541
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\Sentinel64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-10-31 12:33:50.160
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\Sentinel64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-10-31 12:33:49.960
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\Sentinel64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-10-30 16:06:00.398
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\Sentinel64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-10-30 16:06:00.086
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\Sentinel64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-10-26 20:56:58.798
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\Sentinel64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-10-26 20:56:58.628
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\Sentinel64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-10-25 20:25:45.550
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\Sentinel64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-10-25 20:25:45.373
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\Sentinel64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Xeon® CPU W3530 @ 2.80GHz
Percentage of memory in use: 66%
Total physical RAM: 6141.55 MB
Available physical RAM: 2082.55 MB
Total Virtual: 12281.29 MB
Available Virtual: 7607.4 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:464.99 GB) (Free:150.92 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: C648A420)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=750 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=465 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

  • 0

#4
Jr0x
Posted 02 November 2016 - 09:05 AM

Jr0x

    Malware removal team

  • Malware Removal
  • 1,830 posts
Hi skysuz,

Two things to clarify with you.

1. When you mentioned that you bought a better security software, did you mean Kaspersky Total Security?
2. Do you (yourself or your family members) uses Logmein service?

Backdoor Warning

You have backdoor infections on your machine.

These allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

That being said, we clean these infections all the time here without reformatting and reinstalling. I've included the first steps below to begin the cleaning if you wish to do so. If you decide you want reformat and reinstall, please let me know that in your next reponse.

If you decide to proceed with the cleaning, then let's kill the main infections, and then we'll go from there. 

Uninstall BitDefender

Please download ESET AV Remover and save it to your Desktop.
  • Double-click ESET AV Remover AV_remover.pngto run the AV Remover tool.
  • After you have read the End-User License Agreement, click Accept.
  • Click Continue. ESET AV Remover will scan your computer for previously installed antivirus software.

    SOLN3572FIG1-1.png
  • Select the check box next to BitDefender and click Remove.
    Note: Do not select Kaspersky AV that you have installed recently.
     
    SOLN3572FIG1-2.png
  • Click Remove when prompted. ESET AV Remover will begin removing the software from your system.

    SOLN3572FIG1-3.png
  • After the removal process is complete, Applications successfully removed will be displayed. Click Continue.
  • Please restart your computer and run ESET AV Remover again to ensure that all remnants of the previous antivirus software are removed.
FRST.gif Re-Scan with Farbar's Recovery Scan Tool (FRST)
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File).
  • Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • Because you selected the Addition.txt check box this log will be created as well. Please also paste that along with the FRST.txt into your reply.
In your next reply, please include the following:
  • Answer to my two question
  • Was BitDefender uninstalled succesfully?
  • FRST log
  • Addition log

  • 0

#5
skysuz
Posted 03 November 2016 - 04:22 PM

skysuz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Yes Kaspersky Total Security and I do have a subscription to Logmein.  After this happened though I added a two step security to logmein so that they have to send me a code to my phone prior to login.  I have still been using my computer, but dissconnect it from the internet whenever I am not at the console. I'm going through your instructions and will have the new logs to you shortly

 

Suzanne


Edited by skysuz, 03 November 2016 - 04:25 PM.

  • 0

#6
skysuz
Posted 03 November 2016 - 05:22 PM

skysuz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Yes Kaspersky Total Security and I do have a subscription to Logmein.  After this happened though I added a two step security to logmein so that they have to send me a code to my phone prior to login.

 

Ran the avremover twice --once after reboot --and it said there was nothing to remove 

 

Here is the rescan Farbar:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-11-2016

Ran by Suzanne (administrator) on SUZANNE-PC (03-11-2016 16:08:34)
Running from C:\Users\Suzanne\Desktop
Loaded Profiles: Suzanne (Available Profiles: Suzanne & LogMeInRemoteUser & Guest)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Windows\System32\nvwmi64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Windows\System32\nvwmi64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avp.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.EXE
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
() C:\Program Files\NVIDIA Corporation\nView\nviewMain64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Program Files\NVIDIA Corporation\nView\nviewMain.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(TeamViewer GmbH) C:\Users\Suzanne\AppData\Roaming\MicrocoftUrdateNT\update_w32.exe
(Akamai Technologies, Inc.) C:\Users\Suzanne\AppData\Local\Akamai\netsession_win.exe
(Box, Inc.) C:\Users\Suzanne\AppData\Local\Box\Box Edit\Box Edit.exe
(Box, Inc.) C:\Users\Suzanne\AppData\Local\Box\Box Local Com Server\Box Local Com Service.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Akamai Technologies, Inc.) C:\Users\Suzanne\AppData\Local\Akamai\netsession_win.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
() C:\Program Files (x86)\honestech\honestech TVR 2.5\scheduleTV.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
() C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe
(Rosetta Stone Ltd.) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\wmi64.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avpui.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Users\Suzanne\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Suzanne\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Suzanne\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Suzanne\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Suzanne\AppData\Local\Google\Chrome\Application\chrome.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Flexera Software LLC) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\PanelHelper32.exe
(Microsoft Corporation) C:\Windows\System32\makecab.exe
 
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-08-07] (Intel Corporation)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2010-09-17] (LogMeIn, Inc.)
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2168976 2015-11-10] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-09-09] (Apple Inc.)
HKLM\...\Run: [update_w32.exe] => "C:\Windows\SysWOW64\regsvr32.exe" /s "C:\Users\Suzanne\AppData\Roaming\MicrocoftUrdateNT\MSIMG32.dll" C:\Users\Suzanne\AppData\Roaming\MicrocoftUrdateNT\update_w32.exe <===== ATTENTION
HKLM-x32\...\Run: [SoundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1314816 2009-04-23] (Analog Devices, Inc.)
HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-04-29] (CyberLink Corp.)
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [623992 2008-10-14] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe_ID0EYTHM] => C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe [1884160 2007-03-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-09-01] (Apple Inc.)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2368736 2014-06-03] (Microsoft Corp.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1743648 2013-06-13] (Wondershare)
HKLM-x32\...\Run: [BrowserPlugInHelper] => C:\Program Files (x86)\Wondershare\Video Converter Ultimate\BrowserPlugInHelper.exe
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKU\S-1-5-21-151233617-2686695857-2843107125-1001\...\Run: [Google Update] => C:\Users\Suzanne\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-09-01] (Google Inc.)
HKU\S-1-5-21-151233617-2686695857-2843107125-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23375200 2016-07-29] (Google)
HKU\S-1-5-21-151233617-2686695857-2843107125-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Suzanne\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-151233617-2686695857-2843107125-1001\...\Run: [QuickenScheduledUpdates] => C:\Program Files (x86)\Quicken\bagent.exe [77248 2016-04-12] (Intuit Inc.)
HKU\S-1-5-21-151233617-2686695857-2843107125-1001\...\Run: [Bitdefender Wallet Agent] => "C:\Program Files\BitDefender\Bitdefender 2016\bdwtxag.exe"
HKU\S-1-5-21-151233617-2686695857-2843107125-1001\...\Run: [Box Edit] => C:\Users\Suzanne\AppData\Local\Box\Box Edit\Box Edit.exe [919280 2016-08-15] (Box, Inc.)
HKU\S-1-5-21-151233617-2686695857-2843107125-1001\...\Run: [Box Local Com Server] => C:\Users\Suzanne\AppData\Local\Box\Box Local Com Server\Box Local Com Service.exe [121072 2016-08-15] (Box, Inc.)
HKU\S-1-5-21-151233617-2686695857-2843107125-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27017856 2016-10-17] (Skype Technologies S.A.)
HKU\S-1-5-21-151233617-2686695857-2843107125-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-09-09] (Apple Inc.)
HKU\S-1-5-21-151233617-2686695857-2843107125-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2016-09-09] (Apple Inc.)
HKU\S-1-5-21-151233617-2686695857-2843107125-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2016-09-09] (Apple Inc.)
HKU\S-1-5-21-151233617-2686695857-2843107125-1001\...\MountPoints2: {bf8c87ee-5192-11e0-bc42-806e6f6e6963} - "E:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-151233617-2686695857-2843107125-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [477696 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [CTAutoUpdate] => C:\Program Files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe [623416 2009-06-19] (Creative Technology Ltd)
Lsa: [Authentication Packages] msv1_0 wvauth
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2010-10-16] (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2010-10-16] (Wave Systems Corp.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell System Manager.lnk [2011-03-14]
ShortcutTarget: Dell System Manager.lnk -> C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe (Dell Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Driver performer.lnk [2011-05-27]
ShortcutTarget: Driver performer.lnk -> C:\Users\Suzanne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ALTNH929\DriverPerformer_V15[1].exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TVR Scheduler.lnk [2016-01-28]
ShortcutTarget: TVR Scheduler.lnk -> C:\Program Files (x86)\honestech\honestech TVR 2.5\scheduleTV.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Windows Update Manager.lnk [2016-10-04]
ShortcutTarget: Windows Update Manager.lnk -> C:\Users\Suzanne\AppData\Roaming\MicrocoftUrdateNT\update_w32.exe (TeamViewer GmbH)
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Update Manager.lnk [2016-10-21]
ShortcutTarget: Windows Update Manager.lnk -> C:\Users\Suzanne\AppData\Roaming\MicrocoftUrdateNT\update_w32.exe (TeamViewer GmbH)
Startup: C:\Users\Suzanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk [2016-11-03]
ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)
Startup: C:\Users\Suzanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-09-30]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Suzanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Update Manager.lnk [2016-10-04]
ShortcutTarget: Windows Update Manager.lnk -> C:\Users\Suzanne\AppData\Roaming\MicrocoftUrdateNT\update_w32.exe (TeamViewer GmbH)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.10.1
Tcpip\..\Interfaces\{ABD0FBC1-D7C9-4998-B256-9E7E2EFC42C1}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{DD2ABD81-8CBC-4327-864B-6CA8A461820B}: [DhcpNameServer] 192.168.10.1
Tcpip\..\Interfaces\{EE1CEDF6-DC37-4E1E-B9B8-793698419F43}: [DhcpNameServer] 172.20.10.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-151233617-2686695857-2843107125-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-151233617-2686695857-2843107125-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://igoogle.com/
hxxp://yahoo.com/
hxxp://bing.com/
URLSearchHook: HKU\S-1-5-21-151233617-2686695857-2843107125-1001 - (No Name) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - No File
URLSearchHook: HKU\S-1-5-21-151233617-2686695857-2843107125-1001 - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
SearchScopes: HKLM -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2438727
SearchScopes: HKU\S-1-5-21-151233617-2686695857-2843107125-1001 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3317816&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP09882FE0-F102-47D6-91B3-397840C39B62&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-151233617-2686695857-2843107125-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3317816&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP09882FE0-F102-47D6-91B3-397840C39B62&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-151233617-2686695857-2843107125-1001 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.doko-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=6CEFBC305BD66386&affID=125830&tsp=5036
SearchScopes: HKU\S-1-5-21-151233617-2686695857-2843107125-1001 -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = 
SearchScopes: HKU\S-1-5-21-151233617-2686695857-2843107125-1001 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2438727
SearchScopes: HKU\S-1-5-21-151233617-2686695857-2843107125-1001 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}
BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\IEExt\ie_plugin.dll [2016-06-28] (AO Kaspersky Lab)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-10-08] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2016-10-08] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-10-08] (Microsoft Corporation)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll [2013-12-16] (Microsoft Corporation.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-03-14] (Sun Microsystems, Inc.)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\IEExt\ie_plugin.dll [2016-06-28] (AO Kaspersky Lab)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_112\bin\ssv.dll [2016-10-24] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2016-10-07] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll [2013-12-16] (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_112\bin\jp2ssv.dll [2016-10-24] (Oracle Corporation)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll [2013-12-16] (Microsoft Corporation.)
Toolbar: HKLM - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\IEExt\ie_plugin.dll [2016-06-28] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll [2013-12-16] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\IEExt\ie_plugin.dll [2016-06-28] (AO Kaspersky Lab)
Toolbar: HKU\S-1-5-21-151233617-2686695857-2843107125-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-151233617-2686695857-2843107125-1001 -> No Name - {7B13EC3E-999A-4B70-B9CB-2617B8323822} -  No File
Toolbar: HKU\S-1-5-21-151233617-2686695857-2843107125-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-151233617-2686695857-2843107125-1001 -> No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} -  No File
DPF: HKLM-x32 {2B497CAF-D938-4059-BA76-0DA5DB77EA0A} hxxps://remote.gdcre.com/Remote/BuiltIns/FS/Wssg.Web.FileAccess.RichUpload.cab
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://mystores.genpt.com/dana-cached/sc/JuniperSetupClient.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com/activex/RACtrl.cab?rnd=4103956056
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-18] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-18] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-18] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-18] (Microsoft Corporation)
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2016-06-28]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-03-14] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.112.2 -> C:\Program Files (x86)\Java\jre1.8.0_112\bin\dtplugin\npDeployJava1.dll [2016-10-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.112.2 -> C:\Program Files (x86)\Java\jre1.8.0_112\bin\plugin2\npjp2.dll [2016-10-24] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-10-07] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-11-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-11-05] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-151233617-2686695857-2843107125-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Suzanne\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-07-13] (Citrix Online)
FF Plugin HKU\S-1-5-21-151233617-2686695857-2843107125-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-151233617-2686695857-2843107125-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/ig
CHR StartupUrls: Default -> "hxxps://www.yahoo.com/","hxxp://www.bing.com/"
CHR Plugin: (Shockwave Flash) - C:\Users\Suzanne\AppData\Local\Google\Chrome\Application\54.0.2840.71\gcswf32.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll => No File
CHR Plugin: (Java™ Platform SE 6 U29) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll => No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll => No File
CHR Plugin: (Native Client) - C:\Users\Suzanne\AppData\Local\Google\Chrome\Application\54.0.2840.71\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Suzanne\AppData\Local\Google\Chrome\Application\54.0.2840.71\pdf.dll => No File
CHR Plugin: (WinZip Courier) - C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilckobikkmajlmhhdenkhonjkoaneclk\3.0.2_0\wzwmcgc.dll => No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Users\Suzanne\AppData\Local\Google\Update\1.3.21.81\npGoogleUpdate3.dll => No File
CHR Plugin: (Musicnotes) - C:\Program Files (x86)\Musicnotes\npmusicn.dll => No File
CHR Plugin: (ScorchPlugin) - C:\Program Files (x86)\Musicnotes\npsibelius.dll => No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll => No File
CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) - C:\Users\Suzanne\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll => No File
CHR Profile: C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default [2016-11-03]
CHR Extension: (Google Drive) - C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (Honey) - C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2016-11-03]
CHR Extension: (Kaspersky Protection) - C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib [2016-10-24]
CHR Extension: (Google Docs Offline) - C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Pinterest Save Button) - C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2016-10-31]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (LogMeIn) - C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\omkjapkpkiciphacnalicgmmcelfolon [2013-10-04]
CHR Extension: (Chrome Media Router) - C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-25]
CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
CHR HKU\S-1-5-21-151233617-2686695857-2843107125-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Suzanne\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-10-24]
CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
StartMenuInternet: Google Chrome - C:\Users\Suzanne\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-08-05] (Apple Inc.)
R2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173792 2014-06-03] (Microsoft Corp.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3291848 2016-10-08] (Microsoft Corporation)
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2011-12-04] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [145920 2010-10-25] (HP) [File not signed]
S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\vssbridge64.exe [77328 2016-06-28] (AO Kaspersky Lab)
R2 KSDE1.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-28] (AO Kaspersky Lab)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [419336 2016-10-21] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2010-11-08] (LogMeIn, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NVWMI; C:\Windows\system32\nvwmi64.exe [3088712 2015-11-10] ()
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
S3 SecureStorageService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe [2117120 2010-11-03] (Wave Systems Corp.) [File not signed]
S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1629696 2010-07-13] () [File not signed]
R2 TermService; C:\Program Files\RDP Wrapper\rdpwrap.dll [116736 2016-10-04] (Stas'M Corp.) [File not signed]
R2 usbhubsvc3; C:\Users\Suzanne\AppData\Roaming\MicrocoftUrdateNT\MSIMG32.dll [100352 2016-01-01] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-07] (AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [86352 2016-06-15] (AO Kaspersky Lab)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [189264 2016-06-26] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [305496 2016-09-12] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1027984 2016-09-12] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [50008 2016-09-12] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [52144 2016-05-19] (AO Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45488 2016-05-31] (AO Kaspersky Lab)
R3 kltap; C:\Windows\System32\DRIVERS\kltap.sys [52152 2016-06-07] (The OpenVPN Project)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [75696 2016-05-17] (AO Kaspersky Lab)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [126360 2016-09-12] (AO Kaspersky Lab)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [194480 2016-06-14] (AO Kaspersky Lab)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-05-29] (LogMeIn, Inc.)
S4 LMIRfsClientNP; no ImagePath
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S2 Sentinel; C:\Windows\System32\Drivers\SENTINEL64.SYS [141888 2006-04-20] (SafeNet, Inc.)
S3 SNTUSB64; C:\Windows\System32\DRIVERS\SNTUSB64.SYS [54192 2006-04-20] (SafeNet, Inc.)
S3 X86BDA; C:\Windows\System32\DRIVERS\OEMDrv.sys [268416 2011-06-08] ( )
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-11-03 16:07 - 2016-11-03 16:07 - 00000000 ____D C:\Users\Suzanne\Downloads\FRST-OlderVersion
2016-11-03 16:03 - 2016-11-03 16:03 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.5
2016-11-03 16:00 - 2016-11-03 16:08 - 00037393 _____ C:\Users\Suzanne\Desktop\FRST.txt
2016-11-03 15:42 - 2016-11-03 15:42 - 11646112 _____ (ESET) C:\Users\Suzanne\Downloads\avremover_nt64_enu (1).exe
2016-11-03 15:23 - 2016-11-03 15:23 - 11646112 _____ (ESET) C:\Users\Suzanne\Desktop\avremover_nt64_enu.exe
2016-11-03 14:44 - 2016-11-03 14:44 - 00000000 ____D C:\Grange
2016-11-03 14:41 - 2016-11-03 14:41 - 00091323 _____ C:\Users\Suzanne\Desktop\20161103_dep_direct_deposit_form_3911.pdf
2016-11-03 09:19 - 2016-11-03 09:19 - 08126070 _____ C:\Users\Suzanne\Desktop\scan0002.pdf
2016-11-02 03:00 - 2016-11-02 03:00 - 00000000 ____D C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2016-10-31 18:20 - 2016-11-03 16:07 - 00000000 ____D C:\Users\Suzanne\Desktop\FRST-OlderVersion
2016-10-31 18:19 - 2016-10-31 18:19 - 00000000 ____D C:\Users\Suzanne\Desktop\New folder
2016-10-31 18:14 - 2016-10-31 18:14 - 00125372 _____ C:\Users\Suzanne\Desktop\IC3 Complaint Referral Form.pdf
2016-10-31 18:14 - 2016-10-31 18:14 - 00016730 _____ C:\Users\Suzanne\Desktop\IC3 Complaint Referral Form.html
2016-10-31 18:14 - 2016-10-31 18:14 - 00000000 ____D C:\Users\Suzanne\Desktop\IC3 Complaint Referral Form_files
2016-10-31 16:59 - 2016-10-31 16:59 - 00058666 _____ C:\Users\Suzanne\Desktop\External Accounts - chase.pdf
2016-10-31 13:57 - 2016-10-31 13:57 - 00000000 ____D C:\Users\Suzanne\AppData\Local\Logitech® Webcam Software
2016-10-31 13:55 - 2016-10-31 13:55 - 00000000 ____D C:\ProgramData\LogiShrd
2016-10-31 13:51 - 2016-10-31 13:51 - 00000000 ____D C:\Users\Suzanne\AppData\Roaming\Leadertech
2016-10-31 13:50 - 2016-10-31 13:50 - 00001626 _____ C:\Users\Public\Desktop\Logitech Webcam Software  .lnk
2016-10-31 13:50 - 2016-10-31 13:50 - 00000000 ____D C:\ProgramData\Logitech
2016-10-31 13:44 - 2016-10-31 13:51 - 00000000 ____D C:\Program Files\Common Files\logishrd
2016-10-31 13:05 - 2016-10-31 13:05 - 03199319 _____ C:\Users\Suzanne\Downloads\Attachments_20161031.zip
2016-10-31 10:31 - 2016-10-31 10:31 - 00028662 _____ C:\ProgramData\agent.1477935068.bdinstall.bin
2016-10-30 19:41 - 2016-10-30 19:41 - 00001127 _____ C:\Users\Suzanne\Desktop\HD Pro Webcam C920 - Shortcut.lnk
2016-10-26 20:52 - 2016-10-26 20:52 - 00001874 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-10-26 17:05 - 2016-10-26 17:22 - 00000000 ____D C:\Users\Suzanne\AppData\Roaming\XnConvert
2016-10-26 17:05 - 2016-10-26 17:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XnConvert
2016-10-26 17:05 - 2016-10-26 17:05 - 00000000 ____D C:\Program Files\XnConvert
2016-10-26 17:04 - 2016-10-26 17:04 - 15171912 _____ (Gougelet Pierre-e ) C:\Users\Suzanne\Downloads\XnConvert-win-x64.exe
2016-10-26 17:01 - 2016-10-26 17:01 - 00057278 _____ C:\Users\Suzanne\Downloads\26243_03 (1) (1).SFW
2016-10-26 17:00 - 2016-10-26 17:00 - 00057278 _____ C:\Users\Suzanne\Downloads\26243_03 (3).SFW
2016-10-26 17:00 - 2016-10-26 17:00 - 00057278 _____ C:\Users\Suzanne\Downloads\26243_03 (2).SFW
2016-10-26 17:00 - 2016-10-26 17:00 - 00057278 _____ C:\Users\Suzanne\Downloads\26243_03 (1).SFW
2016-10-26 16:59 - 2016-10-26 16:59 - 00057278 _____ C:\Users\Suzanne\Downloads\26243_03.SFW
2016-10-26 07:20 - 2016-10-26 07:20 - 00127163 _____ C:\Users\Suzanne\Desktop\Detailed report.txt
2016-10-26 07:14 - 2016-10-26 07:14 - 00067932 _____ C:\Users\Suzanne\Downloads\Addition.txt
2016-10-25 20:53 - 2016-11-03 16:00 - 00000000 ____D C:\FRST
2016-10-25 20:52 - 2016-11-03 16:07 - 02409984 _____ (Farbar) C:\Users\Suzanne\Desktop\FRST64.exe
2016-10-25 20:03 - 2016-10-25 20:03 - 212514840 _____ (Emsisoft Ltd. ) C:\Users\Suzanne\Downloads\EmsisoftAntiMalwareSetup_bc.exe
2016-10-25 20:00 - 2016-10-25 20:00 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Suzanne\Downloads\iExplore.exe
2016-10-25 18:58 - 2016-10-25 20:00 - 00003176 _____ C:\Users\Suzanne\Desktop\Rkill.txt
2016-10-25 18:58 - 2016-10-25 18:58 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Suzanne\Downloads\rkill.com
2016-10-25 18:55 - 2016-10-25 20:09 - 00088806 _____ C:\Windows\ntbtlog.txt
2016-10-24 21:43 - 2016-10-24 21:43 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-10-24 21:43 - 2016-10-24 21:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-10-24 21:43 - 2016-10-24 21:43 - 00000000 ____D C:\Program Files (x86)\Java
2016-10-24 21:41 - 2016-10-24 21:41 - 00000000 ____D C:\Users\Default\AppData\Roaming\Sun
2016-10-24 21:41 - 2016-10-24 21:41 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Sun
2016-10-24 21:40 - 2016-10-24 21:40 - 00000000 ____D C:\ProgramData\Oracle
2016-10-24 15:16 - 2016-11-03 16:00 - 00003032 _____ C:\Windows\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2016-10-24 15:16 - 2016-10-24 15:16 - 00000000 ____D C:\Program Files\Common Files\AV
2016-10-24 15:15 - 2016-10-24 15:15 - 00001376 _____ C:\Users\Public\Desktop\Kaspersky Secure Connection.lnk
2016-10-24 15:15 - 2016-10-24 15:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection
2016-10-24 15:14 - 2016-10-24 15:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Total Security
2016-10-24 15:14 - 2016-10-24 15:13 - 00002137 _____ C:\Users\Public\Desktop\Safe Money.lnk
2016-10-24 15:14 - 2016-10-24 15:13 - 00002113 _____ C:\Users\Public\Desktop\Kaspersky Total Security.lnk
2016-10-24 15:12 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2016-10-24 15:11 - 2016-11-03 16:09 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-10-24 15:11 - 2016-10-24 15:15 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2016-10-24 15:11 - 2016-10-24 15:11 - 00000000 ____D C:\Windows\ELAMBKUP
2016-10-24 15:10 - 2016-09-12 23:03 - 01027984 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2016-10-24 15:10 - 2016-09-12 23:03 - 00305496 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys
2016-10-24 15:10 - 2016-06-26 15:10 - 00189264 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys
2016-10-24 14:55 - 2016-10-24 14:56 - 184386592 _____ (Kaspersky Lab) C:\Users\Suzanne\Downloads\kts17.0.0.611aben_11549.exe
2016-10-24 14:55 - 2016-10-24 14:55 - 00240686 _____ C:\ProgramData\1477345837.bdinstall.bin
2016-10-22 02:52 - 2016-10-22 02:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2016-10-20 12:38 - 2016-10-20 12:38 - 00004096 _____ C:\new.lyr
2016-10-20 12:23 - 2016-10-20 12:23 - 00106510 _____ C:\Users\Suzanne\Downloads\CityBoundaries.zip
2016-10-18 15:21 - 2016-11-03 16:03 - 00000000 ___RD C:\Users\Suzanne\iCloudDrive
2016-10-18 15:21 - 2016-10-18 15:21 - 00000000 ____D C:\Users\Suzanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iCloud
2016-10-18 11:57 - 2016-09-30 13:13 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-10-18 11:57 - 2016-09-30 12:28 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-10-18 11:57 - 2016-09-30 08:37 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-10-18 11:57 - 2016-09-30 08:20 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-10-18 11:57 - 2016-09-30 08:20 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-10-18 11:57 - 2016-09-30 00:55 - 25765376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-10-18 11:57 - 2016-09-29 23:26 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-10-18 11:57 - 2016-09-29 23:25 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-10-18 11:57 - 2016-09-29 23:25 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-10-18 11:57 - 2016-09-29 23:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-10-18 11:57 - 2016-09-29 23:25 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-10-18 11:57 - 2016-09-29 23:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-10-18 11:57 - 2016-09-29 23:18 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-10-18 11:57 - 2016-09-29 23:17 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-10-18 11:57 - 2016-09-29 23:14 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-10-18 11:57 - 2016-09-29 23:13 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-10-18 11:57 - 2016-09-29 23:13 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-10-18 11:57 - 2016-09-29 23:12 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-10-18 11:57 - 2016-09-29 23:12 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-10-18 11:57 - 2016-09-29 23:09 - 06048256 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-10-18 11:57 - 2016-09-29 23:05 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-10-18 11:57 - 2016-09-29 23:02 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-10-18 11:57 - 2016-09-29 22:55 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-10-18 11:57 - 2016-09-29 22:54 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-10-18 11:57 - 2016-09-29 22:51 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-10-18 11:57 - 2016-09-29 22:50 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-10-18 11:57 - 2016-09-29 22:47 - 20306944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-10-18 11:57 - 2016-09-29 22:47 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-10-18 11:57 - 2016-09-29 22:46 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-10-18 11:57 - 2016-09-29 22:42 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-10-18 11:57 - 2016-09-29 22:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-10-18 11:57 - 2016-09-29 22:42 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-10-18 11:57 - 2016-09-29 22:42 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-10-18 11:57 - 2016-09-29 22:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-10-18 11:57 - 2016-09-29 22:38 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-10-18 11:57 - 2016-09-29 22:36 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-10-18 11:57 - 2016-09-29 22:35 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-10-18 11:57 - 2016-09-29 22:33 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-10-18 11:57 - 2016-09-29 22:33 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-10-18 11:57 - 2016-09-29 22:32 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-10-18 11:57 - 2016-09-29 22:32 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-10-18 11:57 - 2016-09-29 22:32 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-10-18 11:57 - 2016-09-29 22:32 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-10-18 11:57 - 2016-09-29 22:31 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-10-18 11:57 - 2016-09-29 22:31 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-10-18 11:57 - 2016-09-29 22:24 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-10-18 11:57 - 2016-09-29 22:21 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-10-18 11:57 - 2016-09-29 22:19 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-10-18 11:57 - 2016-09-29 22:19 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-10-18 11:57 - 2016-09-29 22:17 - 02920960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-10-18 11:57 - 2016-09-29 22:17 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-10-18 11:57 - 2016-09-29 22:15 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-10-18 11:57 - 2016-09-29 22:14 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-10-18 11:57 - 2016-09-29 22:13 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-10-18 11:57 - 2016-09-29 22:12 - 04608512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-10-18 11:57 - 2016-09-29 22:07 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-10-18 11:57 - 2016-09-29 22:05 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-10-18 11:57 - 2016-09-29 22:05 - 01544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-10-18 11:57 - 2016-09-29 22:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-10-18 11:57 - 2016-09-29 22:05 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-10-18 11:57 - 2016-09-29 22:03 - 13653504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-10-18 11:57 - 2016-09-29 21:54 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-10-18 11:57 - 2016-09-29 21:46 - 02444288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-10-18 11:57 - 2016-09-29 21:43 - 01312768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-10-18 11:57 - 2016-09-29 21:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-10-18 11:57 - 2016-09-15 08:30 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-10-18 11:57 - 2016-09-15 08:30 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-10-18 11:57 - 2016-09-15 08:15 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-10-18 11:57 - 2016-09-15 08:15 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2016-10-18 11:57 - 2016-09-12 14:13 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-10-18 11:57 - 2016-09-12 14:13 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-10-18 11:57 - 2016-09-12 14:08 - 01465344 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-10-18 11:57 - 2016-09-12 14:08 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-10-18 11:57 - 2016-09-12 14:08 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-10-18 11:57 - 2016-09-12 14:08 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-10-18 11:57 - 2016-09-12 14:08 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-10-18 11:57 - 2016-09-12 14:08 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-10-18 11:57 - 2016-09-12 14:08 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-10-18 11:57 - 2016-09-12 14:08 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-10-18 11:57 - 2016-09-12 14:08 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-10-18 11:57 - 2016-09-12 14:08 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-10-18 11:57 - 2016-09-12 14:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll
2016-10-18 11:57 - 2016-09-12 14:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-10-18 11:57 - 2016-09-12 13:49 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-10-18 11:57 - 2016-09-12 13:49 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-10-18 11:57 - 2016-09-12 13:49 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-10-18 11:57 - 2016-09-12 13:49 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-10-18 11:57 - 2016-09-12 13:49 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-10-18 11:57 - 2016-09-12 13:49 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-10-18 11:57 - 2016-09-12 13:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-10-18 11:57 - 2016-09-12 13:49 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsmsext.dll
2016-10-18 11:57 - 2016-09-12 13:37 - 03218944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-10-18 11:57 - 2016-09-12 13:32 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-10-18 11:57 - 2016-09-12 13:32 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-10-18 11:57 - 2016-09-12 13:32 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-10-18 11:57 - 2016-09-12 12:08 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2016-10-18 11:57 - 2016-09-12 11:43 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2016-10-18 11:57 - 2016-09-12 11:43 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2016-10-18 11:57 - 2016-09-10 09:19 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2016-10-18 11:57 - 2016-09-10 08:53 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2016-10-18 11:57 - 2016-09-09 11:29 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-10-18 11:57 - 2016-09-09 11:26 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-10-18 11:57 - 2016-09-09 11:23 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-10-18 11:57 - 2016-09-09 11:20 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-10-18 11:57 - 2016-09-09 11:20 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-10-18 11:57 - 2016-09-09 11:20 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-10-18 11:57 - 2016-09-09 11:20 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-10-18 11:57 - 2016-09-09 11:20 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-10-18 11:57 - 2016-09-09 11:01 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-10-18 11:57 - 2016-09-09 10:59 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-10-18 11:57 - 2016-09-09 10:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-10-18 11:57 - 2016-09-08 13:34 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2016-10-18 11:57 - 2016-09-08 13:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2016-10-18 11:57 - 2016-09-08 13:34 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2016-10-18 11:57 - 2016-09-08 13:34 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2016-10-18 11:57 - 2016-09-08 07:55 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-10-18 11:57 - 2016-09-08 07:55 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2016-10-18 11:57 - 2016-08-12 10:02 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-10-18 11:57 - 2016-08-12 10:02 - 12574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-10-18 11:57 - 2016-08-12 10:02 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2016-10-18 11:57 - 2016-08-12 10:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2016-10-18 11:57 - 2016-08-12 10:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2016-10-18 11:57 - 2016-08-12 09:47 - 12574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2016-10-18 11:57 - 2016-08-12 09:47 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-10-18 11:57 - 2016-08-12 09:31 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2016-10-18 11:57 - 2016-08-12 09:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2016-10-18 11:57 - 2016-08-12 09:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2016-10-18 11:57 - 2016-08-12 09:26 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2016-10-18 11:57 - 2016-08-06 08:31 - 02023424 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2016-10-18 11:57 - 2016-08-06 08:31 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2016-10-18 11:57 - 2016-08-06 08:31 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2016-10-18 11:57 - 2016-08-06 08:31 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2016-10-18 11:57 - 2016-08-06 08:31 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll
2016-10-18 11:57 - 2016-08-06 08:31 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll
2016-10-18 11:57 - 2016-08-06 08:15 - 01178112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2016-10-18 11:57 - 2016-08-06 08:15 - 00249344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2016-10-18 11:57 - 2016-08-06 08:15 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2016-10-18 11:57 - 2016-08-06 08:15 - 00146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2016-10-18 11:57 - 2016-08-06 08:15 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmRes.dll
2016-10-18 11:57 - 2016-08-06 08:01 - 00266752 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2016-10-18 11:57 - 2016-08-06 08:01 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe
2016-10-18 11:57 - 2016-08-06 07:53 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2016-10-18 11:57 - 2016-08-06 07:53 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmprovhost.exe
2016-10-18 11:57 - 2016-08-06 07:53 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmplpxy.dll
2016-10-18 11:57 - 2016-06-14 10:21 - 00094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2016-10-18 11:57 - 2016-06-14 10:16 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-10-18 11:57 - 2016-06-14 10:16 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-10-18 11:57 - 2016-06-14 10:16 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-10-18 11:57 - 2016-06-14 10:16 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2016-10-18 11:57 - 2016-06-14 10:16 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2016-10-18 11:57 - 2016-06-14 10:16 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2016-10-18 11:57 - 2016-06-14 10:16 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2016-10-18 11:57 - 2016-06-14 10:16 - 00680448 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2016-10-18 11:57 - 2016-06-14 10:16 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2016-10-18 11:57 - 2016-06-14 10:16 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-10-18 11:57 - 2016-06-14 10:16 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2016-10-18 11:57 - 2016-06-14 10:16 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2016-10-18 11:57 - 2016-06-14 10:16 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2016-10-18 11:57 - 2016-06-14 10:16 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-10-18 11:57 - 2016-06-14 10:16 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-10-18 11:57 - 2016-06-14 10:16 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2016-10-18 11:57 - 2016-06-14 10:16 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2016-10-18 11:57 - 2016-06-14 10:16 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2016-10-18 11:57 - 2016-06-14 10:16 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-10-18 11:57 - 2016-06-14 10:16 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-10-18 11:57 - 2016-06-14 10:16 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-10-18 11:57 - 2016-06-14 10:16 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2016-10-18 11:57 - 2016-06-14 10:16 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2016-10-18 11:57 - 2016-06-14 10:16 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2016-10-18 11:57 - 2016-06-14 10:16 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2016-10-18 11:57 - 2016-06-14 10:16 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2016-10-18 11:57 - 2016-06-14 10:16 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2016-10-18 11:57 - 2016-06-14 10:11 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2016-10-18 11:57 - 2016-06-14 08:21 - 03209216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-10-18 11:57 - 2016-06-14 08:21 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-10-18 11:57 - 2016-06-14 08:21 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2016-10-18 11:57 - 2016-06-14 08:21 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2016-10-18 11:57 - 2016-06-14 08:21 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2016-10-18 11:57 - 2016-06-14 08:21 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2016-10-18 11:57 - 2016-06-14 08:21 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-10-18 11:57 - 2016-06-14 08:21 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2016-10-18 11:57 - 2016-06-14 08:21 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-10-18 11:57 - 2016-06-14 08:21 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2016-10-18 11:57 - 2016-06-14 08:21 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2016-10-18 11:57 - 2016-06-14 08:21 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2016-10-18 11:57 - 2016-06-14 08:21 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-10-18 11:57 - 2016-06-14 08:21 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2016-10-18 11:57 - 2016-06-14 08:21 - 00195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2016-10-18 11:57 - 2016-06-14 08:21 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-10-18 11:57 - 2016-06-14 08:21 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2016-10-18 11:57 - 2016-06-14 08:15 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2016-10-18 11:57 - 2016-06-14 08:15 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-10-18 11:57 - 2016-06-14 08:15 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-10-18 11:57 - 2016-06-14 08:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-10-18 11:57 - 2016-06-14 08:05 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-10-18 11:57 - 2016-06-14 08:00 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2016-10-18 11:57 - 2016-06-14 08:00 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2016-10-18 11:56 - 2016-09-29 23:41 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-10-18 11:56 - 2016-09-29 23:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-10-18 11:56 - 2016-09-29 22:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-10-18 11:56 - 2016-09-29 22:35 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-10-18 11:56 - 2016-09-12 14:08 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-10-18 11:56 - 2016-09-12 14:08 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-10-18 11:56 - 2016-09-12 14:08 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-10-18 11:56 - 2016-09-12 14:08 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-10-18 11:56 - 2016-09-12 14:08 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-10-18 11:56 - 2016-09-12 14:08 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-10-18 11:56 - 2016-09-12 14:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-10-18 11:56 - 2016-09-12 13:49 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-10-18 11:56 - 2016-09-12 13:49 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-10-18 11:56 - 2016-09-12 13:49 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-10-18 11:56 - 2016-09-12 13:49 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-10-18 11:56 - 2016-09-12 13:49 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-10-18 11:56 - 2016-09-12 13:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-10-18 11:56 - 2016-09-12 13:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-10-18 11:56 - 2016-09-12 13:49 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-10-18 11:56 - 2016-09-12 13:39 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-10-18 11:56 - 2016-09-12 13:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-10-18 11:56 - 2016-09-12 13:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-10-18 11:56 - 2016-09-12 13:25 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 11:00 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-10-18 11:56 - 2016-09-09 11:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-10-18 11:56 - 2016-09-09 11:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-10-18 11:56 - 2016-09-09 11:00 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-10-18 11:56 - 2016-09-09 10:59 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-10-18 11:56 - 2016-09-09 10:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-10-18 11:56 - 2016-09-09 10:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 10:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 10:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 10:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 10:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 10:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 10:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 10:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 10:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 10:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 10:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 10:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 10:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 10:51 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-10-18 11:56 - 2016-09-09 10:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-10-18 11:56 - 2016-09-09 10:51 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-10-18 11:56 - 2016-09-09 10:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-10-18 11:56 - 2016-09-09 10:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-10-18 11:56 - 2016-09-09 10:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-10-18 11:56 - 2016-09-09 10:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-10-18 11:56 - 2016-09-09 10:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-10-18 11:56 - 2016-09-09 10:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-10-18 11:56 - 2016-09-09 10:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 10:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 10:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-10-18 11:56 - 2016-06-14 10:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-10-18 11:56 - 2016-06-14 08:21 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2016-10-18 11:56 - 2016-06-14 08:21 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2016-10-18 11:56 - 2016-06-14 08:21 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2016-10-18 11:56 - 2016-06-14 08:21 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2016-10-18 11:56 - 2016-06-14 08:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-10-18 11:55 - 2016-09-12 14:17 - 00077032 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-10-18 11:55 - 2016-09-12 14:08 - 01226752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-10-18 11:55 - 2016-09-09 08:54 - 01629184 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-10-18 11:55 - 2016-09-09 08:54 - 00586752 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-10-18 11:55 - 2016-09-09 08:54 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-10-18 11:55 - 2016-09-09 08:54 - 00314368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-10-18 11:55 - 2016-09-09 08:54 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-10-18 11:55 - 2016-09-09 08:54 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-10-18 11:55 - 2016-09-09 08:54 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-10-18 11:55 - 2016-08-16 13:40 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2016-10-18 11:55 - 2016-08-16 13:40 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2016-10-18 11:55 - 2016-08-16 13:40 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2016-10-18 11:55 - 2016-08-16 13:40 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2016-10-18 11:55 - 2016-08-16 13:40 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2016-10-18 11:55 - 2016-08-16 13:40 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2016-10-18 11:55 - 2016-08-16 13:40 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2016-10-18 11:54 - 2016-08-29 08:31 - 14183424 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-10-18 11:54 - 2016-08-29 08:31 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-10-18 11:54 - 2016-08-29 08:31 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-10-18 11:54 - 2016-08-29 08:12 - 12880384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-10-18 11:54 - 2016-08-29 08:12 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-10-18 11:54 - 2016-08-29 08:12 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-10-18 11:54 - 2016-08-29 08:04 - 03229696 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-10-18 11:54 - 2016-08-29 07:55 - 02972672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-10-18 11:54 - 2016-07-22 07:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2016-10-18 11:54 - 2016-07-22 07:51 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2016-10-07 22:52 - 2016-10-07 22:52 - 00443632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp140.dll
2016-10-07 22:52 - 2016-10-07 22:52 - 00394496 _____ (Microsoft Corporation) C:\Windows\system32\vccorlib140.dll
2016-10-07 22:52 - 2016-10-07 22:52 - 00334608 _____ (Microsoft Corporation) C:\Windows\system32\concrt140.dll
2016-10-07 22:52 - 2016-10-07 22:52 - 00089328 _____ (Microsoft Corporation) C:\Windows\system32\vcruntime140.dll
2016-10-07 22:52 - 2016-10-07 22:52 - 00085744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vcruntime140.dll
2016-10-07 22:49 - 2016-10-07 22:49 - 00639728 _____ (Microsoft Corporation) C:\Windows\system32\msvcp140.dll
2016-10-07 22:49 - 2016-10-07 22:49 - 00244504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\concrt140.dll
2016-10-07 22:45 - 2016-10-07 22:45 - 00271112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vccorlib140.dll
2016-10-04 22:42 - 2016-10-04 22:42 - 00000000 ____D C:\Users\Suzanne\AppData\Temp
2016-10-04 22:31 - 2016-10-30 19:57 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-10-04 22:31 - 2016-10-04 22:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-10-04 13:03 - 2016-10-04 13:03 - 00000000 ____D C:\Program Files\RDP Wrapper
2016-10-04 09:56 - 2016-10-04 09:56 - 00035112 ___SH (TeamViewer GmbH) C:\Windows\system32\Drivers\teamviewervpn.sys
2016-10-04 09:55 - 2016-10-23 14:10 - 00000000 ____D C:\Users\Suzanne\AppData\Roaming\MicrocoftUrdateNT
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-11-03 16:12 - 2009-07-13 21:45 - 00025424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-03 16:12 - 2009-07-13 21:45 - 00025424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-03 16:10 - 2016-07-17 16:44 - 00000000 ____D C:\Users\Suzanne\AppData\Roaming\Skype
2016-11-03 16:07 - 2014-01-24 11:40 - 00000990 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2016-11-03 16:02 - 2011-05-27 10:54 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-03 16:02 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-03 16:01 - 2011-03-14 17:22 - 00062308 _____ C:\Windows\system32\BMXStateBkp-{00000001-00000000-00000000-00001102-0000000B-00441102}.rfx
2016-11-03 16:01 - 2011-03-14 17:22 - 00062308 _____ C:\Windows\system32\BMXState-{00000001-00000000-00000000-00001102-0000000B-00441102}.rfx
2016-11-03 16:01 - 2011-03-14 17:22 - 00000820 _____ C:\Windows\system32\DVCState-{00000001-00000000-00000000-00001102-0000000B-00441102}.rfx
2016-11-03 16:01 - 2011-03-14 14:23 - 00000000 ____D C:\ProgramData\NVIDIA
2016-11-03 15:51 - 2011-05-27 10:54 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-03 15:47 - 2014-11-15 18:11 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-151233617-2686695857-2843107125-1001UA1d0013a3ffd0f14.job
2016-11-03 15:47 - 2014-11-15 18:11 - 00000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-151233617-2686695857-2843107125-1001Core1d0013a3e4c6110.job
2016-11-03 15:42 - 2011-03-25 08:10 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-151233617-2686695857-2843107125-1001UA.job
2016-11-03 15:38 - 2015-10-12 17:13 - 00001080 _____ C:\Windows\system32\settingsbkup.sfm
2016-11-03 15:38 - 2015-10-12 17:13 - 00001080 _____ C:\Windows\system32\settings.sfm
2016-11-03 15:18 - 2014-02-06 15:11 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-151233617-2686695857-2843107125-1001UA1cf23886a25815c.job
2016-11-03 15:12 - 2011-03-18 12:15 - 00000000 ___HD C:\Users\Suzanne\AppData\Roaming\Adobe
2016-11-03 14:28 - 2016-09-06 13:37 - 00000000 ____D C:\Users\Suzanne\Documents\Outlook Files
2016-11-03 13:42 - 2011-03-25 08:10 - 00000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-151233617-2686695857-2843107125-1001Core.job
2016-11-03 09:15 - 2011-03-21 09:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcGIS
2016-11-03 00:00 - 2011-03-18 12:30 - 00000000 ____D C:\ProgramData\LogMeIn
2016-11-02 22:25 - 2011-03-21 17:42 - 00000000 ____D C:\Users\Suzanne\AppData\Roaming\ESRI
2016-11-02 22:24 - 2016-05-20 17:37 - 00000000 ___HD C:\Users\Suzanne\AppData\Local\ESRI_Licensing
2016-11-02 18:43 - 2011-03-18 13:39 - 00003942 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{5F1214C0-A7BC-412C-83C5-45F631CD7E30}
2016-11-02 16:18 - 2014-02-06 15:11 - 00000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-151233617-2686695857-2843107125-1001Core1cf23885969d023.job
2016-11-02 10:36 - 2011-03-21 17:42 - 00000000 ____D C:\Users\Suzanne\Documents\ArcGIS
2016-11-02 10:22 - 2016-07-12 21:31 - 00264312 ____H C:\Windows\system32\mlfcache.dat
2016-11-02 03:01 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2016-11-01 14:21 - 2013-09-29 11:12 - 00003428 _____ C:\Windows\System32\Tasks\Apple Diagnostics
2016-11-01 12:17 - 2011-03-25 08:10 - 00000000 ___HD C:\Users\Suzanne\AppData\Local\Google
2016-10-31 13:51 - 2014-05-25 18:09 - 00000000 ____D C:\Program Files (x86)\Logitech
2016-10-31 13:50 - 2014-05-25 18:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2016-10-31 10:36 - 2012-07-01 15:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2016-10-31 10:36 - 2012-07-01 14:55 - 00000000 ____D C:\Program Files (x86)\HP
2016-10-30 19:57 - 2016-07-17 16:43 - 00000000 ____D C:\ProgramData\Skype
2016-10-30 16:28 - 2015-03-14 17:37 - 00000871 _____ C:\messages.xml
2016-10-30 16:24 - 2016-05-24 13:02 - 00000000 ____D C:\Users\Suzanne\.matplotlib
2016-10-27 13:59 - 2015-03-06 12:44 - 00000000 ____D C:\Ed
2016-10-26 20:42 - 2011-03-14 14:44 - 00000000 ____D C:\ProgramData\Sonic
2016-10-26 20:41 - 2009-07-13 22:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2016-10-26 18:28 - 2011-08-18 17:12 - 00038400 ___SH C:\Users\Suzanne\Thumbs.db
2016-10-26 17:37 - 2009-07-13 22:13 - 00786578 _____ C:\Windows\system32\PerfStringBackup.INI
2016-10-26 17:08 - 2011-09-09 15:40 - 00000000 ___HD C:\Users\Suzanne\AppData\Local\Windows Live
2016-10-26 16:08 - 2009-07-13 21:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-10-26 11:14 - 2016-09-15 15:30 - 00000000 ____D C:\Users\Suzanne\AppData\Roaming\Add-in Express
2016-10-26 07:50 - 2014-01-24 13:16 - 00000000 ____D C:\Windows\Minidump
2016-10-25 20:14 - 2011-11-15 20:26 - 00000000 ____D C:\Windows\system32\Macromed
2016-10-25 20:14 - 2011-08-24 13:57 - 00000000 ____D C:\Program Files (x86)\Citrix
2016-10-25 20:14 - 2011-03-14 14:28 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-10-25 14:42 - 2016-09-14 10:58 - 00003676 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-151233617-2686695857-2843107125-1001
2016-10-25 14:42 - 2016-09-14 10:58 - 00003580 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-151233617-2686695857-2843107125-1001
2016-10-25 10:25 - 2016-08-02 14:16 - 00000000 ____D C:\Users\Suzanne\Documents\MoreThanMapps
2016-10-25 08:16 - 2011-03-25 08:11 - 00002388 _____ C:\Users\Suzanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-10-24 21:41 - 2012-06-04 15:49 - 00268864 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2016-10-24 20:01 - 2011-09-05 19:46 - 00000000 ___HD C:\Users\Suzanne\AppData\Local\ElevatedDiagnostics
2016-10-24 19:47 - 2011-03-21 09:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-10-24 16:34 - 2016-09-15 08:37 - 00000000 ____D C:\2016_Upwork
2016-10-24 15:13 - 2011-03-26 09:19 - 00000000 ____D C:\Users\Dorothy
2016-10-24 15:02 - 2011-03-18 12:49 - 00000000 ____D C:\Program Files\BitDefender
2016-10-24 14:58 - 2011-08-27 18:06 - 00000000 ____D C:\Users\Suzanne\AppData\Roaming\Orbit
2016-10-24 14:55 - 2011-03-18 12:42 - 00000000 ____D C:\Program Files\Common Files\BitDefender
2016-10-24 14:52 - 2011-03-18 14:01 - 00184210 _____ C:\bdlog.txt
2016-10-21 14:43 - 2011-03-18 12:30 - 00000000 ____D C:\Program Files (x86)\LogMeIn
2016-10-21 10:52 - 2011-03-18 12:30 - 00122400 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
2016-10-21 10:52 - 2011-03-18 12:30 - 00107520 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll
2016-10-20 12:32 - 2011-03-21 17:42 - 00000000 ___HD C:\Users\Suzanne\AppData\Local\ESRI
2016-10-20 11:13 - 2015-11-08 11:28 - 00000000 ____D C:\Users\Suzanne\AppData\Roaming\ProjectTimer
2016-10-19 04:43 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2016-10-19 03:41 - 2009-07-13 21:45 - 02498824 _____ C:\Windows\system32\FNTCACHE.DAT
2016-10-19 03:39 - 2013-03-13 03:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-10-19 03:39 - 2013-03-13 03:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-10-19 03:35 - 2014-12-10 04:26 - 00000000 ____D C:\Windows\system32\appraiser
2016-10-19 03:35 - 2014-04-30 03:00 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-10-19 03:35 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-10-19 03:35 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\Dism
2016-10-19 03:17 - 2013-07-16 03:00 - 00000000 ____D C:\Windows\system32\MRT
2016-10-19 03:06 - 2011-03-18 13:58 - 143495576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-10-19 03:05 - 2013-03-13 03:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-10-18 17:30 - 2011-09-01 18:50 - 00007597 ____H C:\Users\Suzanne\AppData\Local\Resmon.ResmonCfg
2016-10-18 15:21 - 2015-10-28 18:03 - 00000000 ____D C:\Users\Suzanne\AppData\Local\Apple Inc
2016-10-18 15:21 - 2011-03-18 14:09 - 00000000 ___HD C:\Users\Suzanne
2016-10-18 15:18 - 2011-03-18 13:15 - 00000000 ___HD C:\Users\Suzanne\AppData\Local\Apple Computer
2016-10-18 15:17 - 2011-03-18 13:15 - 00000000 ___HD C:\Users\Suzanne\AppData\Roaming\Apple Computer
2016-10-18 11:54 - 2015-11-08 11:07 - 00000000 ____D C:\JasonNov
2016-10-18 11:46 - 2016-09-06 13:16 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-10-18 11:35 - 2011-03-18 13:44 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-10-18 11:14 - 2012-04-13 09:22 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-10-04 22:31 - 2016-07-17 16:44 - 00000000 ____D C:\Users\Suzanne\AppData\Local\Skype
2016-10-04 16:40 - 2016-02-01 13:56 - 00000000 ____D C:\Users\Suzanne\Documents\invoices 2016
2016-10-04 16:40 - 2016-01-17 11:20 - 00000000 ____D C:\Job Invoices
2016-10-04 13:10 - 2009-07-13 22:32 - 00000000 ____D C:\Windows\system32\FxsTmp
 
==================== Files in the root of some directories =======
 
2011-09-01 18:50 - 2016-10-18 17:30 - 0007597 ____H () C:\Users\Suzanne\AppData\Local\Resmon.ResmonCfg
2016-10-24 14:55 - 2016-10-24 14:55 - 0240686 _____ () C:\ProgramData\1477345837.bdinstall.bin
2016-10-31 10:31 - 2016-10-31 10:31 - 0028662 _____ () C:\ProgramData\agent.1477935068.bdinstall.bin
2016-01-28 20:12 - 2016-01-28 20:12 - 0000016 _____ () C:\ProgramData\mntemp
2016-01-28 20:12 - 2016-01-28 20:12 - 0004881 _____ () C:\ProgramData\rxsmznjf.zcp
 
Files to move or delete:
====================
C:\Users\Suzanne\ExporttoKML.dll
C:\Users\Suzanne\ExporttoKML.reg
C:\Users\Suzanne\ExporttoKML_64bit.reg
C:\Users\Suzanne\ExporttoKML_INSTALL.bat
C:\Users\Suzanne\ExporttoKML_UNINSTALL.bat
 
 
Some files in TEMP:
====================
C:\Users\Suzanne\AppData\Local\Temp\qc_e3f0f3ef_27e6_4ca8_8a7c_a3d761aa54bb_64.exe
C:\Users\Suzanne\AppData\Local\Temp\SkypeSetup.exe
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-10-25 00:32
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-11-2016
Ran by Suzanne (03-11-2016 16:15:40)
Running from C:\Users\Suzanne\Desktop
Windows 7 Professional Service Pack 1 (X64) (2011-03-18 21:08:59)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-151233617-2686695857-2843107125-500 - Administrator - Disabled)
Guest (S-1-5-21-151233617-2686695857-2843107125-501 - Limited - Disabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-151233617-2686695857-2843107125-1002 - Limited - Enabled)
LogMeInRemoteUser (S-1-5-21-151233617-2686695857-2843107125-1003 - Administrator - Enabled) => C:\Users\LogMeInRemoteUser
Suzanne (S-1-5-21-151233617-2686695857-2843107125-1001 - Administrator - Enabled) => C:\Users\Suzanne
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Kaspersky Total Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AS: Kaspersky Total Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Total Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 7.2.4 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 16.04 (HKLM-x32\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Add or Remove Adobe Creative Suite 3 Design Premium (HKLM-x32\...\Adobe_498b43b77cac072081a5692bfc52804) (Version: 1.0 - Adobe Systems Incorporated)
Adobe Acrobat 8.1.5 - CPSID_49013 (HKLM-x32\...\Adobe Acrobat 8 Professional_815) (Version:  - Adobe Systems Incorporated)
Adobe Acrobat 8.1.5 Professional (HKLM-x32\...\Adobe Acrobat 8 Professional) (Version: 8.1.5 - )
Adobe Color Common Settings (HKLM-x32\...\Adobe_6c8e2cb4fd241c55406016127a6ab2e) (Version: 1.0.1 - Adobe Systems Incorporated)
Adobe ExtendScript Toolkit 2 (HKLM-x32\...\Adobe_3e054d2218e7aa282c2369d939e58ff) (Version: 2.0.2 - Adobe Systems Incorporated)
Adobe Flash Player 9 Plugin (HKLM-x32\...\{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}) (Version: 9.0.45.0 - Adobe Systems, Inc.)
AHV content for Acrobat and Flash (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Akamai NetSession Interface (HKU\S-1-5-21-151233617-2686695857-2843107125-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
Apple Application Support (32-bit) (HKLM-x32\...\{29DB9165-5FC1-48F0-9188-26123F526848}) (Version: 5.0.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{5905C8CF-1C88-4478-A48E-4E458AD1BC7E}) (Version: 5.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D4D86CB2-2370-4691-8272-3869EDED6C64}) (Version: 10.0.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ArcGIS 10.4 for Desktop (HKLM-x32\...\ArcGIS 10.4 for Desktop) (Version: 10.4.5524 - Environmental Systems Research Institute, Inc.)
ArcGIS 10.4 for Desktop (x32 Version: 10.4.5524 - Environmental Systems Research Institute, Inc.) Hidden
ArcGIS ArcReader 10 (HKLM-x32\...\ArcGIS ArcReader 10) (Version: 10.0.2414 - Environmental Systems Research Institute, Inc.)
ArcGIS Earth (HKLM\...\ArcGIS Earth) (Version: 1.0.1214 - Environmental Systems Research Institute, Inc.)
ArcGIS Earth (Version: 1.0.1214 - Environmental Systems Research Institute, Inc.) Hidden
ArcGIS License Manager 10 (HKLM-x32\...\ArcGIS License Manager 10) (Version: 10.0.2414 - Environmental Systems Research Institute, Inc.)
ArcGIS Pro (HKLM\...\ArcGISPro) (Version: 1.3.5861 - Environmental Systems Research Institute, Inc.)
ArcGIS Pro (Version: 1.3.5861 - Environmental Systems Research Institute, Inc.) Hidden
Bing Bar (HKLM-x32\...\{FF6DD716-7B10-4269-9F19-FFB07AC4CD95}) (Version: 7.3.124.0 - Microsoft Corporation)
Bing Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.470.0 - Microsoft Corporation)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
BioAPI Framework (Version: 1.0.2 - Dell Inc.) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Box Tools (HKLM-x32\...\{56647361-687B-452B-8999-6179125FFD63}) (Version: 3.2.10.1533 - Box)
Broadcom NetXtreme-I Netlink Driver and Management Installer (HKLM\...\{982E1601-0DFC-4FD3-A427-AC6570697858}) (Version: 14.0.3.2 - Broadcom Corporation)
CameraHelperMsi (x32 Version: 13.40.836.0 - Logitech) Hidden
Citrix Online Launcher (HKLM-x32\...\{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}) (Version: 1.0.408 - Citrix)
Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 3.00 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: 1.02 - Creative Technology Limited)
Custom (Version: 12.34.56.789 - Wave Systems Corp.) Hidden
CyberLink PowerDVD 9.5 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.3225 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Data Protection | Access (HKLM-x32\...\{A7D91856-258D-4C87-8041-B170851CE432}) (Version: 2.0.00000.085 - Dell Inc.)
Dell Data Protection | Access (Version: 01.01.00.085 - Wave Systems Corp) Hidden
Dell Data Protection | Access | Drivers (HKLM-x32\...\{4E4E65EE-C456-45AC-B5AD-C62C3A325BD0}) (Version: 1.00.011 - Dell Inc.)
Dell Data Protection | Access | Middleware (HKLM-x32\...\{841CBDD5-4BB5-403E-AEE3-2FADC3890BE8}) (Version: 1.00.005 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell System Manager (HKLM\...\{0DB0EA38-E806-44ED-A892-489F2E305080}) (Version: 1.5.00000 - Dell Inc.)
DellAccess (Version: 01.01.00.053 - Wave Systems Corp.) Hidden
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
EMBASSY Security Center (Version: 04.03.00.067 - Wave Systems Corp.) Hidden
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Esri CityEngine 2016.0 (HKLM\...\Esri CityEngine 2016.0) (Version: 16.0.100 - Environmental Systems Research Institute, Inc.)
Esri CityEngine 2016.0 (Version: 16.0.100 - Environmental Systems Research Institute, Inc.) Hidden
FME Desktop 2016.1.2.1 (Build 16674 - win64) (HKLM\...\{C6197A42-6BFE-1014-B1BC-EE2AC0F79D75}) (Version: 7.22.16674 - Safe Software Inc.)
Fushicai VIDEO DVR (HKLM-x32\...\{989BAFE8-E777-43D7-9749-9810E0E9FF48}) (Version: 2013.5.6 - Fushicai)
Gemalto (Version: 01.64.01.0010 - Wave Systems Corp) Hidden
Google Chrome (HKU\S-1-5-21-151233617-2686695857-2843107125-1001\...\Google Chrome) (Version: 54.0.2840.71 - Google Inc.)
Google Chrome (HKU\S-1-5-21-151233617-2686695857-2843107125-1003\...\Google Chrome) (Version: 15.0.874.121 - Google Inc.)
Google Drive (HKLM-x32\...\{459CE109-4E46-4340-92BC-054642BC3BC2}) (Version: 1.31.2873.2758 - Google, Inc.)
Google Earth (HKLM-x32\...\{A0C18B96-AB79-46BD-8321-6FA83E6D25B9}) (Version: 7.1.7.2606 - Google)
Google Earth Pro (HKLM-x32\...\{1C63D1F0-DE50-11E2-BB78-B8AC6F98CCE3}) (Version: 7.1.1.1871 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
GoToMeeting 5.0.0.799 (HKU\S-1-5-21-151233617-2686695857-2843107125-1003\...\GoToMeeting) (Version: 5.0.0.799 - CitrixOnline)
honestechTVR2.5 (HKLM-x32\...\{ABADD11D-1B48-4F23-BEBA-6B22CE8F5E58}) (Version: 2.5 - honestech)
honestechTVR2.5 (x32 Version: 2.5 - honestech) Hidden
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
hppLaserJetService (x32 Version: 002.015.00599 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{CE29BC77-C5AE-49D8-A8C0-FDAF6ACF74DF}) (Version: 6.0.1.41 - Apple Inc.)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{9946A4F7-E0FD-4A33-82D1-06CBFFBBB9F9}) (Version: 12.5.1.21 - Apple Inc.)
Java 8 Update 112 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180112F0}) (Version: 8.0.1120.15 - Oracle Corporation)
Java™ 6 Update 23 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416023FF}) (Version: 6.0.230 - Oracle)
JavaFX 2.1.0 (HKLM-x32\...\{1111706F-666A-4037-7777-210328764D10}) (Version: 2.1.0 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab)
Kaspersky Secure Connection (x32 Version: 17.0.0.611 - Kaspersky Lab) Hidden
Kaspersky Total Security (HKLM-x32\...\InstallWIX_{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab)
Kaspersky Total Security (x32 Version: 17.0.0.611 - Kaspersky Lab) Hidden
Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.40 - Logitech Inc.)
LogMeIn (HKLM-x32\...\{D3AE96EE-2876-4B3F-847C-D3A4AD689E43}) (Version: 4.1.1578 - LogMeIn, Inc.)
LogMeIn Client (HKLM-x32\...\{D2300C4F-CC9B-4D00-BC53-B4C806A6C7AB}) (Version: 1.3.1675 - LogMeIn, Inc.)
LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional 2016 - en-us (HKLM\...\ProfessionalRetail - en-us) (Version: 16.0.7369.2038 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movavi Video Editor 11 (HKLM-x32\...\Movavi Video Editor 11) (Version: 11.2.0 - Movavi)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyHarmony (HKU\S-1-5-21-151233617-2686695857-2843107125-1001\...\036a0e4fc6a247ec) (Version: 1.0.1.257 - Logitech)
NTRU TCG Software Stack (Version: 2.1.34 - Security Innovation) Hidden
NVIDIA 3D Vision Driver 358.91 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 358.91 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5929 - NVIDIA Corporation)
NVIDIA Graphics Driver 358.91 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 358.91 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA nView 146.78 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 146.78 - NVIDIA Corporation)
NVIDIA WMI 2.24.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVWMI) (Version: 2.24.0 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7369.2038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7369.2038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7369.2038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7369.2038 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
PC-CCID (Version: 2.0.0 - Gemalto) Hidden
PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
Preboot Manager (Version: 03.03.00.049 - Wave Systems Corp.) Hidden
Private Information Manager (Version: 07.01.00.007 - Wave Systems Corp.) Hidden
Python 2.5 numpy-1.0.3 (HKLM-x32\...\numpy-py2.5) (Version:  - )
Python 2.5 numpy-1.0.3 (HKLM-x32\...\Python 2.5 numpy-1.0.3) (Version:  - )
Python 2.5.1 (HKLM-x32\...\Python 2.5.1) (Version:  - )
QGIS 2.16 2.16.2 Nødebo (HKLM\...\QGIS 2.16) (Version:  - QGIS Development Team)
Quicken 2012 (HKLM-x32\...\{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}) (Version: 21.1.7.18 - Intuit)
Quicken 2015 (HKLM-x32\...\{00C2D443-43D9-4550-ABEA-318288E23E57}) (Version: 24.1.11.1 - Intuit)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
Rosetta Stone Language Training (HKLM-x32\...\{00384623-4937-4D7D-BDD9-23513D1C50AB}) (Version: 5.0.37.0 - Rosetta Stone, Ltd)
Rosetta Stone Ltd Services (HKLM-x32\...\{3165E4A6-D5DE-46B0-8597-D55E2B826B84}) (Version: 3.2.21 - Rosetta Stone Ltd.)
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Sentinel System Driver(64-bit) 7.2.2 (HKLM\...\{97407E09-4EA8-49F0-A513-2C1776A6DEC0}) (Version: 7.2.2 - SafeNet, Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 7.29 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.29.102 - Skype Technologies S.A.)
Smilebox (HKU\S-1-5-21-151233617-2686695857-2843107125-1003\...\Smilebox) (Version: 1.1.1.1 - Smilebox, Inc.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
SPBA 5.9 (Version: 5.9.4.6686 - UPEK Inc.) Hidden
Trusted Drive Manager (Version: 4.0.0.512 - Wave Systems Corp.) Hidden
Upek Touchchip Fingerprint Reader (Version: 1.2.004 - Dell Inc.) Hidden
Wave Infrastructure Installer (Version: 07.66.40.0008 - Wave Systems Corp) Hidden
Wave Support Software Installer (Version: 05.13.00.014 - Wave Systems Corp) Hidden
Windows Driver Package - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinZip 16.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240D3}) (Version: 16.5.10095 - WinZip Computing, S.L. )
XnConvert 1.73 (HKLM\...\XnConvert_is1) (Version: 1.73 - Gougelet Pierre-e)
Yahoo! BrowserPlus 2.9.8 (HKU\S-1-5-21-151233617-2686695857-2843107125-1003\...\Yahoo! BrowserPlus) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileCoAuthLib64.dll => No Fil (the data entry has 1 more characters).
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll => No Fil (the data entry has 1 more characters).
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll => No Fil (the data entry has 1 more characters).
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Suzanne\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe => No File
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll => No Fil (the data entry has 1 more characters).
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll => No Fil (the data entry has 1 more characters).
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll => No Fil (the data entry has 1 more characters).
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll => No Fil (the data entry has 1 more characters).
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll => No Fil (the data entry has 1 more characters).
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll => No Fil (the data entry has 1 more characters).
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll => No Fil (the data entry has 1 more characters).
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncApi64.dll => No File
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0CF0900A-2372-446C-9BFD-CD4C3E88568A} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2016-08-23] (AO Kaspersky Lab)
Task: {0DC59238-B059-4EFF-9CF9-9A8CA49C9C53} - System32\Tasks\{0413D07A-8D30-4D5A-BE61-486976FB485F} => C:\Program Files (x86)\iTunes\iTunes.exe
Task: {15D894C6-8C07-4502-817B-3633CBC2F6A0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: {16E7A5FB-0D27-4FFC-935D-CB64441A4BD1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-151233617-2686695857-2843107125-1001Core1cf23885969d023 => C:\Users\Suzanne\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {19E720E5-12AA-4EE3-9C27-83BF10CA2419} - System32\Tasks\{A4BA670A-111C-4595-88DE-44B1BC131F3C} => C:\Program Files (x86)\iTunes\iTunes.exe
Task: {296820CE-CF2E-4BF6-A702-4363873404AB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-151233617-2686695857-2843107125-1001Core => C:\Users\Suzanne\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {3B786855-FB5F-4C15-B445-7A740D115058} - System32\Tasks\{04FF8751-D100-4F82-BE83-D96DAFA59B39} => C:\Program Files (x86)\iTunes\iTunes.exe
Task: {48239E39-A010-47DA-A4BA-F13478A0CAE6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-151233617-2686695857-2843107125-1001UA => C:\Users\Suzanne\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {65729D44-5252-401D-B2CF-BAF410DE527B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {66732F40-8D0E-4B61-A60C-AEBCC6F3114C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {6B1929ED-F652-45B4-91AF-2B689541E8D6} - System32\Tasks\RegClean Pro_UPDATES => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {708F24B9-28BC-47E9-B04A-16B31A1C6744} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-151233617-2686695857-2843107125-1001UA1cf23886a25815c => C:\Users\Suzanne\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {87B96AB0-7AB8-4E37-A083-9C8B6952E13E} - System32\Tasks\{4D5AC19A-5FF4-4A2F-A1AF-3E5DD0BAAB0C} => D:\autorun.exe
Task: {964025AA-7830-4AC4-B364-E67585C17F61} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-08] (Microsoft Corporation)
Task: {A9C69709-F628-4E15-AA80-357F047BB55C} - System32\Tasks\G2MUpdateTask-S-1-5-21-151233617-2686695857-2843107125-1001 => C:\Program Files (x86)\Citrix\GoToMeeting\5742\g2mupdate.exe
Task: {B24AE1E3-4FF1-4DF0-8E8A-FFEAF516B368} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-08] (Microsoft Corporation)
Task: {B2AEA276-409F-468F-9DE6-98B2696BD095} - System32\Tasks\RegClean Pro_DEFAULT => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {B85041F5-4507-4DF4-B32F-2120AD6A00B5} - System32\Tasks\{89B37D2F-F8B6-4666-BC35-FCBF4333D964} => D:\autorun.exe
Task: {CEABA74D-1DA7-4D11-8436-1C4F8EC1EA84} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-151233617-2686695857-2843107125-1001UA1d0013a3ffd0f14 => C:\Users\Suzanne\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {CFB72B10-B94B-4668-8030-98F6B2092CD2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {D957B3D7-A0E7-47BE-A2B1-44A42E4C19DF} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2016-09-09] (Apple Inc.)
Task: {DC286D2F-C572-45D8-9115-DB9BC8B91E53} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-151233617-2686695857-2843107125-1001Core1d0013a3e4c6110 => C:\Users\Suzanne\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {E69A5AB1-5E51-4F59-AA96-C7F1360BDE91} - System32\Tasks\DigitalSite => C:\Users\Suzanne\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {F3F98508-023D-412B-A62A-F3C4D70BB29E} - System32\Tasks\G2MUploadTask-S-1-5-21-151233617-2686695857-2843107125-1001 => C:\Program Files (x86)\Citrix\GoToMeeting\5742\g2mupload.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\DigitalSite.job => C:\Users\Suzanne\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-151233617-2686695857-2843107125-1001Core.job => C:\Users\Suzanne\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-151233617-2686695857-2843107125-1001Core1cf23885969d023.job => C:\Users\Suzanne\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-151233617-2686695857-2843107125-1001Core1d0013a3e4c6110.job => C:\Users\Suzanne\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-151233617-2686695857-2843107125-1001UA.job => C:\Users\Suzanne\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-151233617-2686695857-2843107125-1001UA1cf23886a25815c.job => C:\Users\Suzanne\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-151233617-2686695857-2843107125-1001UA1d0013a3ffd0f14.job => C:\Users\Suzanne\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\RegClean Pro_DEFAULT.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: C:\Windows\Tasks\RegClean Pro_UPDATES.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Web Applications\pinterest.com\http_80\Pinterest _ Goodies.lnk -> C:\Users\Suzanne\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --app=hxxp://pinterest.com/about/goodies/
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-01-28 10:39 - 2015-11-10 02:32 - 03088712 _____ () C:\Windows\system32\nvwmi64.exe
2016-01-28 10:38 - 2015-11-05 08:13 - 00116528 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-09-01 18:12 - 2016-09-01 18:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-09-01 18:12 - 2016-09-01 18:12 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-09-06 13:21 - 2016-10-08 00:52 - 08923840 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-01-28 10:39 - 2015-11-10 02:26 - 01941304 _____ () C:\Program Files\NVIDIA Corporation\nView\nViewH64.dll
2013-06-13 17:07 - 2013-03-25 10:57 - 00727952 _____ () C:\Windows\SysWOW64\WSCM64.dll
2016-01-28 10:39 - 2015-11-10 02:26 - 01315128 _____ () C:\Program Files\NVIDIA Corporation\nView\nViewMain64.exe
2016-01-28 10:39 - 2015-11-10 02:26 - 01187656 _____ () C:\Program Files\NVIDIA Corporation\nView\nViewMain.exe
2016-01-28 20:32 - 2009-11-03 10:19 - 00409088 _____ () C:\Program Files (x86)\honestech\honestech TVR 2.5\scheduleTV.exe
2010-11-17 08:35 - 2010-11-17 08:35 - 00514544 ____N () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
2011-11-11 14:07 - 2011-11-11 14:07 - 00265240 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2011-08-12 12:19 - 2011-08-12 12:19 - 00680984 _____ () C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
2016-06-28 00:19 - 2016-06-28 00:19 - 00865232 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\kpcengine.2.3.dll
2016-01-28 10:39 - 2015-11-10 02:26 - 01582408 _____ () C:\Program Files\NVIDIA Corporation\nView\nViewH.dll
2016-10-04 09:55 - 2016-01-01 02:00 - 00100352 ___SH () C:\Users\Suzanne\AppData\Roaming\MicrocoftUrdateNT\MSIMG32.dll
2016-09-01 18:13 - 2016-09-01 18:13 - 01041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-09-01 18:13 - 2016-09-01 18:13 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2016-09-01 18:12 - 2016-09-01 18:12 - 00189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2016-01-28 20:32 - 2008-04-27 19:06 - 00053248 _____ () C:\Program Files (x86)\honestech\honestech TVR 2.5\ReadRemoteKey.dll
2010-11-24 20:44 - 2010-11-24 20:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 02145304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 07956504 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 00342552 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 00029208 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 00128536 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2011-12-12 15:44 - 2011-12-12 15:44 - 00336408 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2016-11-03 16:02 - 2016-11-03 16:02 - 00098816 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI34522\win32api.pyd
2016-11-03 16:02 - 2016-11-03 16:02 - 00110080 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI34522\pywintypes27.dll
2016-11-03 16:02 - 2016-11-03 16:02 - 00364544 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI34522\pythoncom27.dll
2016-11-03 16:02 - 2016-11-03 16:02 - 00320512 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI34522\win32com.shell.shell.pyd
2016-11-03 16:02 - 2016-11-03 16:02 - 00776704 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI34522\_hashlib.pyd
2016-11-03 16:02 - 2016-11-03 16:02 - 01176576 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI34522\wx._core_.pyd
2016-11-03 16:02 - 2016-11-03 16:02 - 00806400 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI34522\wx._gdi_.pyd
2016-11-03 16:02 - 2016-11-03 16:02 - 00816128 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI34522\wx._windows_.pyd
2016-11-03 16:02 - 2016-11-03 16:02 - 01067008 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI34522\wx._controls_.pyd
2016-11-03 16:02 - 2016-11-03 16:02 - 00733184 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI34522\wx._misc_.pyd
2016-11-03 16:02 - 2016-11-03 16:02 - 00682496 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI34522\pysqlite2._sqlite.pyd
2016-11-03 16:02 - 2016-11-03 16:02 - 00088064 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI34522\_ctypes.pyd
2016-11-03 16:02 - 2016-11-03 16:02 - 00119808 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI34522\win32file.pyd
2016-11-03 16:02 - 2016-11-03 16:02 - 00108544 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI34522\win32security.pyd
2016-11-03 16:02 - 2016-11-03 16:02 - 00007168 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI34522\hashobjs_ext.pyd
2016-11-03 16:02 - 2016-11-03 16:02 - 00017920 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI34522\thumbnails_ext.pyd
2016-11-03 16:02 - 2016-11-03 16:02 - 00088064 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI34522\usb_ext.pyd
2016-11-03 16:02 - 2016-11-03 16:02 - 00012800 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI34522\common.time34.pyd
2016-11-03 16:02 - 2016-11-03 16:02 - 00018432 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI34522\win32event.pyd
2016-11-03 16:02 - 2016-11-03 16:02 - 00167936 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI34522\win32gui.pyd
2016-11-03 16:02 - 2016-11-03 16:02 - 00046080 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI34522\_socket.pyd
2016-11-03 16:02 - 2016-11-03 16:02 - 01208320 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI34522\_ssl.pyd
2016-11-03 16:02 - 2016-11-03 16:02 - 00128512 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI34522\_elementtree.pyd
2016-11-03 16:02 - 2016-11-03 16:02 - 00127488 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI34522\pyexpat.pyd
2016-11-03 16:02 - 2016-11-03 16:02 - 00038912 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI34522\win32inet.pyd
2016-11-03 16:02 - 2016-11-03 16:02 - 00036864 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI34522\_psutil_windows.pyd
2016-11-03 16:02 - 2016-11-03 16:02 - 00525208 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI34522\windows._lib_cacheinvalidation.pyd
2016-11-03 16:02 - 2016-11-03 16:02 - 00011264 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI34522\win32crypt.pyd
2016-11-03 16:02 - 2016-11-03 16:02 - 00077312 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI34522\wx._html2.pyd
2016-11-03 16:02 - 2016-11-03 16:02 - 00027136 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI34522\_multiprocessing.pyd
2016-11-03 16:02 - 2016-11-03 16:02 - 00020480 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI34522\_yappi.pyd
2016-11-03 16:02 - 2016-11-03 16:02 - 00035840 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI34522\win32process.pyd
2016-11-03 16:02 - 2016-11-03 16:02 - 00686080 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI34522\unicodedata.pyd
2016-11-03 16:02 - 2016-11-03 16:02 - 00078848 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI34522\wx._animate.pyd
2016-11-03 16:02 - 2016-11-03 16:02 - 00123392 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI34522\wx._wizard.pyd
2016-11-03 16:02 - 2016-11-03 16:02 - 00024064 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI34522\win32pipe.pyd
2016-11-03 16:02 - 2016-11-03 16:02 - 00010240 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI34522\select.pyd
2016-11-03 16:02 - 2016-11-03 16:02 - 00025600 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI34522\win32pdh.pyd
2016-11-03 16:02 - 2016-11-03 16:02 - 00017408 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI34522\win32profile.pyd
2016-11-03 16:02 - 2016-11-03 16:02 - 00022528 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI34522\win32ts.pyd
2016-10-25 08:16 - 2016-10-20 01:47 - 01819240 _____ () C:\Users\Suzanne\AppData\Local\Google\Chrome\Application\54.0.2840.71\libglesv2.dll
2016-10-25 08:16 - 2016-10-20 01:47 - 00093288 _____ () C:\Users\Suzanne\AppData\Local\Google\Chrome\Application\54.0.2840.71\libegl.dll
2016-10-04 09:55 - 2016-01-01 02:00 - 00100352 ___SH () c:\users\suzanne\appdata\roaming\microcofturdatent\msimg32.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Windows\SysWOW64\ractrlkeyhook.dll:BDU [22]
AlternateDataStreams: C:\Windows\SysWOW64\TABCTL32.htm:BDU [22]
AlternateDataStreams: C:\Users\Suzanne\Downloads\ArcGISPro_5023_149395.exe:BDU [0]
AlternateDataStreams: C:\Users\Suzanne\Downloads\ArcGIS_Desktop_104_149411.exe:BDU [0]
AlternateDataStreams: C:\Users\Suzanne\Downloads\ArcGIS_Earth_x64_Setup_1.0.exe:BDU [0]
AlternateDataStreams: C:\Users\Suzanne\Downloads\BoxEditInstaller.exe:BDU [0]
AlternateDataStreams: C:\Users\Suzanne\Downloads\ChromeSetup.exe:BDU [0]
AlternateDataStreams: C:\Users\Suzanne\Downloads\CityEngine_2016_0_150261.exe:BDU [0]
AlternateDataStreams: C:\Users\Suzanne\Downloads\Driver207win (1).exe:BDU [0]
AlternateDataStreams: C:\Users\Suzanne\Downloads\Driver207win.exe:BDU [0]
AlternateDataStreams: C:\Users\Suzanne\Downloads\easycapture_setup_1.2.0.exe:BDU [0]
AlternateDataStreams: C:\Users\Suzanne\Downloads\PatchFinder.exe:BDU [0]
AlternateDataStreams: C:\Users\Suzanne\Downloads\Setup.X86.en-US_ProfessionalRetail_bd258168-37e4-471a-92f1-93d2ff205f62_TX_PR_.exe:BDU [0]
AlternateDataStreams: C:\Users\Suzanne\Downloads\wlsetup-web.exe:BDU [0]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2016-10-24 14:41 - 00003072 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-151233617-2686695857-2843107125-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Suzanne\Pictures\gumby.jpg
HKU\S-1-5-21-151233617-2686695857-2843107125-501\Control Panel\Desktop\\Wallpaper -> C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.10.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{41422E44-3406-4A93-B450-2D312C87D6E1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{D4A758E9-3C0D-44E8-ADB2-854FC98DFE5D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{3157DD3A-319D-4D65-B6AB-93ADB4D0C653}] => (Allow) LPort=3703
FirewallRules: [{441D9186-92A4-4803-BA11-81797D55FA23}] => (Allow) LPort=3704
FirewallRules: [{DEB659CD-54F8-41A1-80B9-58AA05256D7E}] => (Allow) LPort=50900
FirewallRules: [{91D4E84B-47C9-40A2-AD72-5E88730A454E}] => (Allow) LPort=50901
FirewallRules: [{88989606-90A7-4BB1-BD7C-1CE9214F2628}] => (Allow) C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
FirewallRules: [{EF737E9D-43CF-4486-8F8D-DA1CD805EBB2}] => (Allow) C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
FirewallRules: [TCP Query User{3657E126-8208-4A49-AF8E-8C2F67290776}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{A8990542-A0F9-4F21-A280-9B40215B48F5}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{35C514E1-2A7C-414C-9DBF-3CFD2041C813}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [UDP Query User{8D9A34C2-1F86-4732-9B17-16CDEF0FA141}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [{744D57AA-4761-4FD7-AC38-DB3F978D2CD5}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{2CE9DC3A-C8E0-4E2B-ABEA-63A5EA4C8B6E}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [TCP Query User{BA4A4083-E4AE-4689-8489-6853D6966CA5}C:\program files (x86)\orbitdownloader\orbitnet.exe] => (Allow) C:\program files (x86)\orbitdownloader\orbitnet.exe
FirewallRules: [UDP Query User{8A3E9F7D-57F0-4896-92D0-9AD22349AD68}C:\program files (x86)\orbitdownloader\orbitnet.exe] => (Allow) C:\program files (x86)\orbitdownloader\orbitnet.exe
FirewallRules: [TCP Query User{FB2964C2-23C2-45D0-AD6C-63A6609EF4C6}C:\program files (x86)\arcgis\desktop10.0\bin\arcmap.exe] => (Allow) C:\program files (x86)\arcgis\desktop10.0\bin\arcmap.exe
FirewallRules: [UDP Query User{FB3D0B7A-D1E0-4659-A4CD-B16994194ABE}C:\program files (x86)\arcgis\desktop10.0\bin\arcmap.exe] => (Allow) C:\program files (x86)\arcgis\desktop10.0\bin\arcmap.exe
FirewallRules: [TCP Query User{F150EBA6-1731-46CF-84A8-C7CAE1819E92}C:\program files (x86)\orbitdownloader\orbitnet.exe] => (Allow) C:\program files (x86)\orbitdownloader\orbitnet.exe
FirewallRules: [UDP Query User{1BE6857F-5A65-4110-955F-0879D273B82F}C:\program files (x86)\orbitdownloader\orbitnet.exe] => (Allow) C:\program files (x86)\orbitdownloader\orbitnet.exe
FirewallRules: [{84C9C5E3-7B7F-4CCE-BB5C-56554272AACC}] => (Allow) %ProgramFiles% (x86)\iTunes\iTunes.exe
FirewallRules: [TCP Query User{ABFFB7A9-9081-4825-A3F0-E7F43010878B}C:\users\suzanne\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\suzanne\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{8B3ED360-E7F8-4AD0-AF68-9A97502C9E20}C:\users\suzanne\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\suzanne\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{CED04AFF-E697-456D-9774-CFE97754AEED}C:\users\suzanne\appdata\local\temp\lmi1467.tmp\logmein client.exe] => (Allow) C:\users\suzanne\appdata\local\temp\lmi1467.tmp\logmein client.exe
FirewallRules: [UDP Query User{5595BF07-86BD-492A-B9BF-CD836622E16C}C:\users\suzanne\appdata\local\temp\lmi1467.tmp\logmein client.exe] => (Allow) C:\users\suzanne\appdata\local\temp\lmi1467.tmp\logmein client.exe
FirewallRules: [TCP Query User{99EA1E7D-E49D-4A49-AEBB-E07858ECDF90}C:\users\suzanne\appdata\local\logmein client\logmein client.exe] => (Allow) C:\users\suzanne\appdata\local\logmein client\logmein client.exe
FirewallRules: [UDP Query User{4C89C0BD-E6C6-436C-B0DF-97C7E2082B7E}C:\users\suzanne\appdata\local\logmein client\logmein client.exe] => (Allow) C:\users\suzanne\appdata\local\logmein client\logmein client.exe
FirewallRules: [TCP Query User{B5C8AFCC-5C87-4757-B0DD-F995D841735B}C:\users\suzanne\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\suzanne\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{A3463A72-67CB-4961-9734-66F4D88F62DD}C:\users\suzanne\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\suzanne\appdata\local\akamai\netsession_win.exe
FirewallRules: [{732EAA20-57DD-4604-9510-F1A736F7BAD8}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdServices.exe
FirewallRules: [{9655D171-2832-45E1-B9C0-6776DE56CFA1}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdServices.exe
FirewallRules: [{B5B9EB9D-00F6-4463-8971-C64EBAF5BBD5}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
FirewallRules: [{83CACCBF-39E6-4BD9-9EFD-D20D2004CDAC}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
FirewallRules: [TCP Query User{23D6FAE3-CFF4-49F6-8D2C-23C474FE0321}C:\users\suzanne\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\suzanne\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{E6DC87CD-29DA-44C9-8F95-6687908B57BF}C:\users\suzanne\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\suzanne\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{67A479B6-923D-4EBE-9C6C-46EB93EFE929}C:\users\suzanne\appdata\local\logmein client\lmiignition.exe] => (Allow) C:\users\suzanne\appdata\local\logmein client\lmiignition.exe
FirewallRules: [UDP Query User{C3F93811-B9A0-4376-89C2-C672A2C25C12}C:\users\suzanne\appdata\local\logmein client\lmiignition.exe] => (Allow) C:\users\suzanne\appdata\local\logmein client\lmiignition.exe
FirewallRules: [TCP Query User{AC34F27F-9FE1-414A-A6D1-996DF99FC468}C:\program files (x86)\logmein\ignition\lmiignition.exe] => (Allow) C:\program files (x86)\logmein\ignition\lmiignition.exe
FirewallRules: [UDP Query User{A0452389-3C2D-4086-9FDF-A72BC9984728}C:\program files (x86)\logmein\ignition\lmiignition.exe] => (Allow) C:\program files (x86)\logmein\ignition\lmiignition.exe
FirewallRules: [TCP Query User{B701E11A-7F07-48BB-A60F-083DD8563891}C:\program files (x86)\arcgis\desktop10.2\bin\arcmap.exe] => (Allow) C:\program files (x86)\arcgis\desktop10.2\bin\arcmap.exe
FirewallRules: [UDP Query User{822A887B-A1DA-4BCE-AF99-228B45B6115D}C:\program files (x86)\arcgis\desktop10.2\bin\arcmap.exe] => (Allow) C:\program files (x86)\arcgis\desktop10.2\bin\arcmap.exe
FirewallRules: [TCP Query User{FBDB9957-690B-46CA-9507-A55E39F321D2}C:\program files (x86)\arcgis\desktop10.2\bin\arccatalog.exe] => (Allow) C:\program files (x86)\arcgis\desktop10.2\bin\arccatalog.exe
FirewallRules: [UDP Query User{B19595DA-CF6D-4993-9589-8DA867853C46}C:\program files (x86)\arcgis\desktop10.2\bin\arccatalog.exe] => (Allow) C:\program files (x86)\arcgis\desktop10.2\bin\arccatalog.exe
FirewallRules: [{F451F5B4-04F5-4F2E-A2A5-A1913F4A7038}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F62383D0-7692-43D3-B48C-6C655144597E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{68FE5D4D-2129-4A80-B807-3394670D2B14}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7AF72695-1DCE-40D2-8B00-9F43872CAE9E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{58D8F0A2-EA3F-42E9-8E80-DC8D20C21CED}C:\program files (x86)\logmein ignition\lmiignition.exe] => (Allow) C:\program files (x86)\logmein ignition\lmiignition.exe
FirewallRules: [UDP Query User{4402769C-36F7-4AED-9682-C563834A6BA0}C:\program files (x86)\logmein ignition\lmiignition.exe] => (Allow) C:\program files (x86)\logmein ignition\lmiignition.exe
FirewallRules: [{71A8EF7F-EC4E-4034-A704-E825B4EA9F49}] => (Allow) LPort=49384
FirewallRules: [{E1F7B4C3-9119-46DB-9117-AAE5FFEC99B8}] => (Allow) LPort=5000
FirewallRules: [{7B0CB2F1-0228-4081-B443-9B03EB4463B9}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{4A855208-1C2D-4AD7-997C-62367249E94C}] => (Allow) LPort=2869
FirewallRules: [{18298327-6A1A-4BB3-B212-C95EA99A50E6}] => (Allow) LPort=1900
FirewallRules: [{6F69F51A-0A4B-4F38-8731-194E3124255B}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [TCP Query User{0F13D120-B627-4479-BF00-9C512AE3C600}C:\users\suzanne\appdata\local\temp\g2_1826\g2viewer.exe] => (Allow) C:\users\suzanne\appdata\local\temp\g2_1826\g2viewer.exe
FirewallRules: [UDP Query User{028224AD-E439-4657-A5AC-9562C1035FED}C:\users\suzanne\appdata\local\temp\g2_1826\g2viewer.exe] => (Allow) C:\users\suzanne\appdata\local\temp\g2_1826\g2viewer.exe
FirewallRules: [{4A41CC16-99B3-4869-9F40-7F7FCA0D1336}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{96BECEC8-C48A-4B9B-B6E7-0E9B28B08B26}C:\users\suzanne\appdata\local\temp\g2_1875\g2viewer.exe] => (Allow) C:\users\suzanne\appdata\local\temp\g2_1875\g2viewer.exe
FirewallRules: [UDP Query User{15CE6E14-27AE-4F1B-82AB-40680753D602}C:\users\suzanne\appdata\local\temp\g2_1875\g2viewer.exe] => (Allow) C:\users\suzanne\appdata\local\temp\g2_1875\g2viewer.exe
FirewallRules: [TCP Query User{89D3265B-BB7B-410D-B259-7EA747FA1386}C:\program files\esri\cityengine2016.0\cityengine.exe] => (Allow) C:\program files\esri\cityengine2016.0\cityengine.exe
FirewallRules: [UDP Query User{9A2A33F9-F5FA-42F3-AA18-83D84CE63C12}C:\program files\esri\cityengine2016.0\cityengine.exe] => (Allow) C:\program files\esri\cityengine2016.0\cityengine.exe
FirewallRules: [TCP Query User{1429D159-427C-44DE-93EC-9CDA37841971}C:\program files (x86)\adobe\adobe dreamweaver cs3\dreamweaver.exe] => (Allow) C:\program files (x86)\adobe\adobe dreamweaver cs3\dreamweaver.exe
FirewallRules: [UDP Query User{5293B334-C0B4-400D-BD84-54557DD9465B}C:\program files (x86)\adobe\adobe dreamweaver cs3\dreamweaver.exe] => (Allow) C:\program files (x86)\adobe\adobe dreamweaver cs3\dreamweaver.exe
FirewallRules: [{DA9B2384-EFC5-4F09-B4F7-BC349D18D701}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{97284FD0-7786-4CB2-89B3-EDFC047DD166}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{3D6C4DCB-D476-41B7-BA83-8A2B70ACE023}] => (Allow) LPort=49265
FirewallRules: [{0CC91500-002A-4D41-B0B4-5523DBBEE0F6}] => (Allow) C:\Program Files\FME\fme.exe
FirewallRules: [{9AF969F5-A10B-4B61-B44C-296DE23664B9}] => (Allow) LPort=3389
FirewallRules: [{C66743B9-C5BF-4B60-8FF4-B16356BC9521}] => (Allow) LPort=443
FirewallRules: [{21DEDBCE-7291-4012-828A-B5536B025A0E}] => (Allow) LPort=443
FirewallRules: [{8FAFAC91-9911-4ACC-A07A-E1EB32FF4382}] => (Allow) LPort=443
FirewallRules: [{DB9B0B58-343A-483B-BB9A-D3C61817B2B6}] => (Allow) LPort=443
FirewallRules: [{81B805D5-9DA0-4078-B38E-7EB1D72198BA}] => (Allow) LPort=443
FirewallRules: [{EC95BDCC-0E2B-4806-BA68-E63AE97F21C9}] => (Allow) LPort=443
FirewallRules: [{1F5EFC2F-C3C2-4433-9248-D1D2C954819B}] => (Allow) C:\Users\Suzanne\AppData\Local\Google\Chrome\Application\chrome.exe
FirewallRules: [{4FFC1687-42E8-4AA2-8A72-2FE7264159B9}] => (Allow) C:\Program Files (x86)\HP\csiInstaller\5C069542-CA13-4f1b-B90C-28C6430F4992\Installer\hpbcsiInstaller.exe
FirewallRules: [{153D02CF-2359-4776-86E8-E89CEE3E760B}] => (Allow) C:\Program Files (x86)\HP\csiInstaller\5C069542-CA13-4f1b-B90C-28C6430F4992\Installer\hpbcsiInstaller.exe
FirewallRules: [{E00F2F2F-495E-4A41-9DEC-671E3661C32A}] => (Allow) LPort=49166
DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7
 
==================== Restore Points =========================
 
31-10-2016 10:30:17 Removed HP FWUpdateEDO3
31-10-2016 13:44:15 Windows Update
02-11-2016 03:00:11 Windows Update
03-11-2016 03:00:11 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/03/2016 03:33:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Photoshop.exe version 10.0.1.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 664
 
Start Time: 01d2361f5baf2f93
 
Termination Time: 60000
 
Application Path: C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Photoshop.exe
 
Report Id: 5d98212d-a215-11e6-9f94-bc305bd66386
 
Error: (11/03/2016 10:23:16 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program rundll32.exe version 6.1.7600.16385 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 2450
 
Start Time: 01d235f6c50d1c1a
 
Termination Time: 5
 
Application Path: C:\Windows\System32\rundll32.exe
 
Report Id: 3118d096-a1ea-11e6-9f94-bc305bd66386
 
Error: (11/03/2016 03:02:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: spoolsv.exe, version: 6.1.7601.17777, time stamp: 0x4f35fc1d
Faulting module name: hppdcompio.dll, version: 1.3.0.24, time stamp: 0x4c9685da
Exception code: 0xc0000417
Fault offset: 0x000000000000552c
Faulting process id: 0x1ee4
Faulting application start time: 0x01d234f04f1ac6d3
Faulting application path: C:\Windows\System32\spoolsv.exe
Faulting module path: C:\Windows\system32\spool\DRIVERS\x64\3\hppdcompio.dll
Report Id: 95f2eb3a-a1ac-11e6-9f94-bc305bd66386
 
Error: (11/02/2016 03:02:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: spoolsv.exe, version: 6.1.7601.17777, time stamp: 0x4f35fc1d
Faulting module name: hppdcompio.dll, version: 1.3.0.24, time stamp: 0x4c9685da
Exception code: 0xc0000417
Fault offset: 0x000000000000552c
Faulting process id: 0x654
Faulting application start time: 0x01d2345a893813a6
Faulting application path: C:\Windows\System32\spoolsv.exe
Faulting module path: C:\Windows\system32\spool\DRIVERS\x64\3\hppdcompio.dll
Report Id: 65f2d74a-a0e3-11e6-9f94-bc305bd66386
 
Error: (10/31/2016 10:35:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HPLaserJetService.exe, version: 2.15.599.0, time stamp: 0x4cc5ee57
Faulting module name: hppccompio.DLL, version: 1.3.0.24, time stamp: 0x4c9685d0
Exception code: 0xc0000417
Fault offset: 0x000073bf
Faulting process id: 0xb14
Faulting application start time: 0x01d2339d3202c95f
Faulting application path: C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
Faulting module path: C:\Windows\system32\hppccompio.DLL
Report Id: 7042091e-9f90-11e6-8663-bc305bd66386
 
Error: (10/31/2016 10:35:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HPLaserJetService.exe, version: 2.15.599.0, time stamp: 0x4cc5ee57
Faulting module name: hppccompio.DLL, version: 1.3.0.24, time stamp: 0x4c9685d0
Exception code: 0xc0000417
Fault offset: 0x000073bf
Faulting process id: 0x8e4
Faulting application start time: 0x01d2339d2b45ae8c
Faulting application path: C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
Faulting module path: C:\Windows\system32\hppccompio.DLL
Report Id: 69795560-9f90-11e6-8663-bc305bd66386
 
Error: (10/31/2016 10:35:17 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HPLaserJetService.exe, version: 2.15.599.0, time stamp: 0x4cc5ee57
Faulting module name: hppccompio.DLL, version: 1.3.0.24, time stamp: 0x4c9685d0
Exception code: 0xc0000417
Fault offset: 0x000073bf
Faulting process id: 0x11f8
Faulting application start time: 0x01d2339d2488baca
Faulting application path: C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
Faulting module path: C:\Windows\system32\hppccompio.DLL
Report Id: 62be0f54-9f90-11e6-8663-bc305bd66386
 
Error: (10/31/2016 10:35:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HPLaserJetService.exe, version: 2.15.599.0, time stamp: 0x4cc5ee57
Faulting module name: hppccompio.DLL, version: 1.3.0.24, time stamp: 0x4c9685d0
Exception code: 0xc0000417
Fault offset: 0x000073bf
Faulting process id: 0xd0c
Faulting application start time: 0x01d2339d1dcb51d7
Faulting application path: C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
Faulting module path: C:\Windows\system32\hppccompio.DLL
Report Id: 5bffbbfd-9f90-11e6-8663-bc305bd66386
 
Error: (10/31/2016 10:34:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HPLaserJetService.exe, version: 2.15.599.0, time stamp: 0x4cc5ee57
Faulting module name: hppccompio.DLL, version: 1.3.0.24, time stamp: 0x4c9685d0
Exception code: 0xc0000417
Fault offset: 0x000073bf
Faulting process id: 0x43c
Faulting application start time: 0x01d2339d170de8e3
Faulting application path: C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
Faulting module path: C:\Windows\system32\hppccompio.DLL
Report Id: 554427d0-9f90-11e6-8663-bc305bd66386
 
Error: (10/31/2016 10:34:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HPLaserJetService.exe, version: 2.15.599.0, time stamp: 0x4cc5ee57
Faulting module name: hppccompio.DLL, version: 1.3.0.24, time stamp: 0x4c9685d0
Exception code: 0xc0000417
Fault offset: 0x000073bf
Faulting process id: 0x19ac
Faulting application start time: 0x01d2339d10507ff0
Faulting application path: C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
Faulting module path: C:\Windows\system32\hppccompio.DLL
Report Id: 4e8697cc-9f90-11e6-8663-bc305bd66386
 
 
System errors:
=============
Error: (11/03/2016 04:06:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Sentinel service failed to start due to the following error: 
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Error: (11/03/2016 04:02:07 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The NTRU TSS v1.2.1.34 TCS service depends the following service: TBS. This service might not be installed.
 
Error: (11/03/2016 04:00:34 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
 
Error: (11/03/2016 03:44:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Sentinel service failed to start due to the following error: 
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Error: (11/03/2016 03:39:36 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The NTRU TSS v1.2.1.34 TCS service depends the following service: TBS. This service might not be installed.
 
Error: (11/03/2016 10:16:35 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server:
{752073A1-23F2-4396-85F0-8FDB879ED0ED}
 
Error: (11/03/2016 10:16:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Modules Installer service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (11/03/2016 10:16:34 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.
 
Error: (11/03/2016 03:04:09 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800706be: HP - Printers - HP LaserJet Professional CP1520 Series PCL 6.
 
Error: (11/03/2016 03:02:16 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
 
CodeIntegrity:
===================================
  Date: 2016-11-03 16:06:53.877
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\Sentinel64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-11-03 16:06:53.647
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\Sentinel64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-11-03 15:44:38.068
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\Sentinel64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-11-03 15:44:37.898
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\Sentinel64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-11-01 09:12:23.699
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\Sentinel64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-11-01 09:12:23.528
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\Sentinel64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-10-31 14:54:41.728
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\Sentinel64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-10-31 14:54:41.541
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\Sentinel64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-10-31 12:33:50.160
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\Sentinel64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-10-31 12:33:49.960
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\Sentinel64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Xeon® CPU W3530 @ 2.80GHz
Percentage of memory in use: 58%
Total physical RAM: 6141.55 MB
Available physical RAM: 2572 MB
Total Virtual: 12281.29 MB
Available Virtual: 8634.39 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:464.99 GB) (Free:141.26 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: C648A420)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=750 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=465 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 

Edited by skysuz, 03 November 2016 - 05:25 PM.

  • 0

#7
Jr0x
Posted 03 November 2016 - 09:43 PM

Jr0x

    Malware removal team

  • Malware Removal
  • 1,830 posts

Hi skysuz, when you ran the av remover the first time, did it detect BitDefender product for you to remove?

 

Do you know what the BitDefender product and version that you installed previously? e.g BitDefender Antivirus Plus 2016, BitDefender Total Security 2016.

 

I'll get back to you soon with a fix meanwhile, do provide me the answer if you know.


  • 0

#8
Jr0x
Posted 04 November 2016 - 08:25 AM

Jr0x

    Malware removal team

  • Malware Removal
  • 1,830 posts

Hi skysuz,

Please follow the instruction below to remove BitDefender product.

BitDefender Removal Tool

Please download BitDefender Removal Tool and save it to your Desktop.

  • Double-click the Bitdefender_2016_UninstallTool.exe file to run the program.
  • Click Uninstall
  • Let it run and restart your machine after it completes

 

Let me know if it removes successfully.


  • 0

#9
skysuz
Posted 04 November 2016 - 10:08 AM

skysuz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Thanks!

 

It said that bitdefender was removed.  I rescanned with Farbar

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-11-2016
Ran by Suzanne (administrator) on SUZANNE-PC (04-11-2016 08:54:21)
Running from C:\Users\Suzanne\Desktop
Loaded Profiles: Suzanne (Available Profiles: Suzanne & LogMeInRemoteUser & Guest)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Windows\System32\nvwmi64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Windows\System32\nvwmi64.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avp.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.EXE
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(Rosetta Stone Ltd.) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TeamViewer GmbH) C:\Users\Suzanne\AppData\Roaming\MicrocoftUrdateNT\update_w32.exe
(Microsoft Corporation) C:\Windows\System32\dinotify.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avpui.exe
(Microsoft Corporation) C:\Windows\System32\makecab.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
() C:\Program Files\NVIDIA Corporation\nView\nviewMain64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Program Files\NVIDIA Corporation\nView\nviewMain.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Akamai Technologies, Inc.) C:\Users\Suzanne\AppData\Local\Akamai\netsession_win.exe
(Box, Inc.) C:\Users\Suzanne\AppData\Local\Box\Box Edit\Box Edit.exe
(Box, Inc.) C:\Users\Suzanne\AppData\Local\Box\Box Local Com Server\Box Local Com Service.exe
(Akamai Technologies, Inc.) C:\Users\Suzanne\AppData\Local\Akamai\netsession_win.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
() C:\Program Files (x86)\honestech\honestech TVR 2.5\scheduleTV.exe
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\PanelHelper32.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Flexera Software LLC) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Adobe Systems Incorporated.) C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrodist.exe
(Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
() C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
 
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-08-07] (Intel Corporation)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2010-09-17] (LogMeIn, Inc.)
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2168976 2015-11-10] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-09-09] (Apple Inc.)
HKLM\...\Run: [update_w32.exe] => "C:\Windows\SysWOW64\regsvr32.exe" /s "C:\Users\Suzanne\AppData\Roaming\MicrocoftUrdateNT\MSIMG32.dll" C:\Users\Suzanne\AppData\Roaming\MicrocoftUrdateNT\update_w32.exe <===== ATTENTION
HKLM-x32\...\Run: [SoundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1314816 2009-04-23] (Analog Devices, Inc.)
HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-04-29] (CyberLink Corp.)
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [623992 2008-10-14] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe_ID0EYTHM] => C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe [1884160 2007-03-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-09-01] (Apple Inc.)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2368736 2014-06-03] (Microsoft Corp.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1743648 2013-06-13] (Wondershare)
HKLM-x32\...\Run: [BrowserPlugInHelper] => C:\Program Files (x86)\Wondershare\Video Converter Ultimate\BrowserPlugInHelper.exe
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKU\S-1-5-21-151233617-2686695857-2843107125-1001\...\Run: [Google Update] => C:\Users\Suzanne\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-09-01] (Google Inc.)
HKU\S-1-5-21-151233617-2686695857-2843107125-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23375200 2016-07-29] (Google)
HKU\S-1-5-21-151233617-2686695857-2843107125-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Suzanne\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-151233617-2686695857-2843107125-1001\...\Run: [QuickenScheduledUpdates] => C:\Program Files (x86)\Quicken\bagent.exe [77248 2016-04-12] (Intuit Inc.)
HKU\S-1-5-21-151233617-2686695857-2843107125-1001\...\Run: [Box Edit] => C:\Users\Suzanne\AppData\Local\Box\Box Edit\Box Edit.exe [919280 2016-08-15] (Box, Inc.)
HKU\S-1-5-21-151233617-2686695857-2843107125-1001\...\Run: [Box Local Com Server] => C:\Users\Suzanne\AppData\Local\Box\Box Local Com Server\Box Local Com Service.exe [121072 2016-08-15] (Box, Inc.)
HKU\S-1-5-21-151233617-2686695857-2843107125-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27017856 2016-10-17] (Skype Technologies S.A.)
HKU\S-1-5-21-151233617-2686695857-2843107125-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-09-09] (Apple Inc.)
HKU\S-1-5-21-151233617-2686695857-2843107125-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2016-09-09] (Apple Inc.)
HKU\S-1-5-21-151233617-2686695857-2843107125-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2016-09-09] (Apple Inc.)
HKU\S-1-5-21-151233617-2686695857-2843107125-1001\...\MountPoints2: {bf8c87ee-5192-11e0-bc42-806e6f6e6963} - "E:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-151233617-2686695857-2843107125-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [477696 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [CTAutoUpdate] => C:\Program Files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe [623416 2009-06-19] (Creative Technology Ltd)
Lsa: [Authentication Packages] msv1_0 wvauth
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2010-10-16] (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2010-10-16] (Wave Systems Corp.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell System Manager.lnk [2011-03-14]
ShortcutTarget: Dell System Manager.lnk -> C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe (Dell Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Driver performer.lnk [2011-05-27]
ShortcutTarget: Driver performer.lnk -> C:\Users\Suzanne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ALTNH929\DriverPerformer_V15[1].exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TVR Scheduler.lnk [2016-01-28]
ShortcutTarget: TVR Scheduler.lnk -> C:\Program Files (x86)\honestech\honestech TVR 2.5\scheduleTV.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Windows Update Manager.lnk [2016-10-04]
ShortcutTarget: Windows Update Manager.lnk -> C:\Users\Suzanne\AppData\Roaming\MicrocoftUrdateNT\update_w32.exe (TeamViewer GmbH)
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Update Manager.lnk [2016-10-21]
ShortcutTarget: Windows Update Manager.lnk -> C:\Users\Suzanne\AppData\Roaming\MicrocoftUrdateNT\update_w32.exe (TeamViewer GmbH)
Startup: C:\Users\Suzanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk [2016-11-03]
ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)
Startup: C:\Users\Suzanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-09-30]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Suzanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Update Manager.lnk [2016-10-04]
ShortcutTarget: Windows Update Manager.lnk -> C:\Users\Suzanne\AppData\Roaming\MicrocoftUrdateNT\update_w32.exe (TeamViewer GmbH)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.10.1
Tcpip\..\Interfaces\{ABD0FBC1-D7C9-4998-B256-9E7E2EFC42C1}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{DD2ABD81-8CBC-4327-864B-6CA8A461820B}: [DhcpNameServer] 192.168.10.1
Tcpip\..\Interfaces\{EE1CEDF6-DC37-4E1E-B9B8-793698419F43}: [DhcpNameServer] 172.20.10.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-151233617-2686695857-2843107125-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-151233617-2686695857-2843107125-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://igoogle.com/
hxxp://yahoo.com/
hxxp://bing.com/
URLSearchHook: HKU\S-1-5-21-151233617-2686695857-2843107125-1001 - (No Name) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - No File
URLSearchHook: HKU\S-1-5-21-151233617-2686695857-2843107125-1001 - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
SearchScopes: HKLM -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2438727
SearchScopes: HKU\S-1-5-21-151233617-2686695857-2843107125-1001 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3317816&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP09882FE0-F102-47D6-91B3-397840C39B62&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-151233617-2686695857-2843107125-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3317816&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP09882FE0-F102-47D6-91B3-397840C39B62&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-151233617-2686695857-2843107125-1001 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.doko-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=6CEFBC305BD66386&affID=125830&tsp=5036
SearchScopes: HKU\S-1-5-21-151233617-2686695857-2843107125-1001 -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = 
SearchScopes: HKU\S-1-5-21-151233617-2686695857-2843107125-1001 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2438727
SearchScopes: HKU\S-1-5-21-151233617-2686695857-2843107125-1001 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}
BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\IEExt\ie_plugin.dll [2016-06-28] (AO Kaspersky Lab)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-10-08] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2016-10-08] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-10-08] (Microsoft Corporation)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll [2013-12-16] (Microsoft Corporation.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-03-14] (Sun Microsystems, Inc.)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\IEExt\ie_plugin.dll [2016-06-28] (AO Kaspersky Lab)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_112\bin\ssv.dll [2016-10-24] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2016-10-07] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll [2013-12-16] (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_112\bin\jp2ssv.dll [2016-10-24] (Oracle Corporation)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll [2013-12-16] (Microsoft Corporation.)
Toolbar: HKLM - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\IEExt\ie_plugin.dll [2016-06-28] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll [2013-12-16] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\IEExt\ie_plugin.dll [2016-06-28] (AO Kaspersky Lab)
Toolbar: HKU\S-1-5-21-151233617-2686695857-2843107125-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-151233617-2686695857-2843107125-1001 -> No Name - {7B13EC3E-999A-4B70-B9CB-2617B8323822} -  No File
Toolbar: HKU\S-1-5-21-151233617-2686695857-2843107125-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-151233617-2686695857-2843107125-1001 -> No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} -  No File
DPF: HKLM-x32 {2B497CAF-D938-4059-BA76-0DA5DB77EA0A} hxxps://remote.gdcre.com/Remote/BuiltIns/FS/Wssg.Web.FileAccess.RichUpload.cab
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://mystores.genpt.com/dana-cached/sc/JuniperSetupClient.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com/activex/RACtrl.cab?rnd=4103956056
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-18] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-18] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-18] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-18] (Microsoft Corporation)
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2016-06-28]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-03-14] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.112.2 -> C:\Program Files (x86)\Java\jre1.8.0_112\bin\dtplugin\npDeployJava1.dll [2016-10-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.112.2 -> C:\Program Files (x86)\Java\jre1.8.0_112\bin\plugin2\npjp2.dll [2016-10-24] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-10-07] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-11-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-11-05] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-151233617-2686695857-2843107125-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Suzanne\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-07-13] (Citrix Online)
FF Plugin HKU\S-1-5-21-151233617-2686695857-2843107125-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-151233617-2686695857-2843107125-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/ig
CHR StartupUrls: Default -> "hxxps://www.yahoo.com/","hxxp://www.bing.com/"
CHR Plugin: (Shockwave Flash) - C:\Users\Suzanne\AppData\Local\Google\Chrome\Application\54.0.2840.71\gcswf32.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll => No File
CHR Plugin: (Java™ Platform SE 6 U29) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll => No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll => No File
CHR Plugin: (Native Client) - C:\Users\Suzanne\AppData\Local\Google\Chrome\Application\54.0.2840.71\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Suzanne\AppData\Local\Google\Chrome\Application\54.0.2840.71\pdf.dll => No File
CHR Plugin: (WinZip Courier) - C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilckobikkmajlmhhdenkhonjkoaneclk\3.0.2_0\wzwmcgc.dll => No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Users\Suzanne\AppData\Local\Google\Update\1.3.21.81\npGoogleUpdate3.dll => No File
CHR Plugin: (Musicnotes) - C:\Program Files (x86)\Musicnotes\npmusicn.dll => No File
CHR Plugin: (ScorchPlugin) - C:\Program Files (x86)\Musicnotes\npsibelius.dll => No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll => No File
CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) - C:\Users\Suzanne\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll => No File
CHR Profile: C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default [2016-11-04]
CHR Extension: (Google Drive) - C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (Honey) - C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2016-11-03]
CHR Extension: (Kaspersky Protection) - C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib [2016-10-24]
CHR Extension: (Google Docs Offline) - C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Pinterest Save Button) - C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2016-10-31]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (LogMeIn) - C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\omkjapkpkiciphacnalicgmmcelfolon [2013-10-04]
CHR Extension: (Chrome Media Router) - C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-25]
CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
CHR HKU\S-1-5-21-151233617-2686695857-2843107125-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Suzanne\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-10-24]
CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
StartMenuInternet: Google Chrome - C:\Users\Suzanne\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-08-05] (Apple Inc.)
R2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173792 2014-06-03] (Microsoft Corp.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3291848 2016-10-08] (Microsoft Corporation)
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2011-12-04] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [145920 2010-10-25] (HP) [File not signed]
S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\vssbridge64.exe [77328 2016-06-28] (AO Kaspersky Lab)
R2 KSDE1.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-28] (AO Kaspersky Lab)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [419336 2016-10-21] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2010-11-08] (LogMeIn, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NVWMI; C:\Windows\system32\nvwmi64.exe [3088712 2015-11-10] ()
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
S3 SecureStorageService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe [2117120 2010-11-03] (Wave Systems Corp.) [File not signed]
S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1629696 2010-07-13] () [File not signed]
R2 TermService; C:\Program Files\RDP Wrapper\rdpwrap.dll [116736 2016-10-04] (Stas'M Corp.) [File not signed]
R2 usbhubsvc3; C:\Users\Suzanne\AppData\Roaming\MicrocoftUrdateNT\MSIMG32.dll [100352 2016-01-01] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-07] (AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [86352 2016-06-15] (AO Kaspersky Lab)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [189264 2016-06-26] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [305496 2016-09-12] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1027984 2016-09-12] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [50008 2016-09-12] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [52144 2016-05-19] (AO Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45488 2016-05-31] (AO Kaspersky Lab)
R3 kltap; C:\Windows\System32\DRIVERS\kltap.sys [52152 2016-06-07] (The OpenVPN Project)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [75696 2016-05-17] (AO Kaspersky Lab)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [126360 2016-09-12] (AO Kaspersky Lab)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [194480 2016-06-14] (AO Kaspersky Lab)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-05-29] (LogMeIn, Inc.)
S4 LMIRfsClientNP; no ImagePath
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S2 Sentinel; C:\Windows\System32\Drivers\SENTINEL64.SYS [141888 2006-04-20] (SafeNet, Inc.)
S3 SNTUSB64; C:\Windows\System32\DRIVERS\SNTUSB64.SYS [54192 2006-04-20] (SafeNet, Inc.)
S3 X86BDA; C:\Windows\System32\DRIVERS\OEMDrv.sys [268416 2011-06-08] ( )
S3 b06bdrv; \SystemRoot\system32\DRIVERS\bxvbda.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-11-04 08:51 - 2016-11-04 08:51 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.5
2016-11-04 08:37 - 2016-11-04 08:37 - 13709368 _____ C:\Users\Suzanne\Desktop\Bitdefender_2016_UninstallTool.exe
2016-11-03 16:15 - 2016-11-03 16:18 - 00070905 _____ C:\Users\Suzanne\Desktop\Addition.txt
2016-11-03 16:07 - 2016-11-03 16:07 - 00000000 ____D C:\Users\Suzanne\Downloads\FRST-OlderVersion
2016-11-03 16:00 - 2016-11-04 08:54 - 00037233 _____ C:\Users\Suzanne\Desktop\FRST.txt
2016-11-03 15:42 - 2016-11-03 15:42 - 11646112 _____ (ESET) C:\Users\Suzanne\Downloads\avremover_nt64_enu (1).exe
2016-11-03 15:23 - 2016-11-03 15:23 - 11646112 _____ (ESET) C:\Users\Suzanne\Desktop\avremover_nt64_enu.exe
2016-11-03 14:44 - 2016-11-03 14:44 - 00000000 ____D C:\Grange
2016-11-03 14:41 - 2016-11-03 14:41 - 00091323 _____ C:\Users\Suzanne\Desktop\20161103_dep_direct_deposit_form_3911.pdf
2016-11-03 09:19 - 2016-11-03 09:19 - 08126070 _____ C:\Users\Suzanne\Desktop\scan0002.pdf
2016-11-02 03:00 - 2016-11-02 03:00 - 00000000 ____D C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2016-10-31 18:20 - 2016-11-04 08:54 - 00000000 ____D C:\Users\Suzanne\Desktop\FRST-OlderVersion
2016-10-31 18:19 - 2016-10-31 18:19 - 00000000 ____D C:\Users\Suzanne\Desktop\New folder
2016-10-31 18:14 - 2016-10-31 18:14 - 00125372 _____ C:\Users\Suzanne\Desktop\IC3 Complaint Referral Form.pdf
2016-10-31 18:14 - 2016-10-31 18:14 - 00016730 _____ C:\Users\Suzanne\Desktop\IC3 Complaint Referral Form.html
2016-10-31 18:14 - 2016-10-31 18:14 - 00000000 ____D C:\Users\Suzanne\Desktop\IC3 Complaint Referral Form_files
2016-10-31 16:59 - 2016-10-31 16:59 - 00058666 _____ C:\Users\Suzanne\Desktop\External Accounts - chase.pdf
2016-10-31 13:57 - 2016-10-31 13:57 - 00000000 ____D C:\Users\Suzanne\AppData\Local\Logitech® Webcam Software
2016-10-31 13:55 - 2016-10-31 13:55 - 00000000 ____D C:\ProgramData\LogiShrd
2016-10-31 13:51 - 2016-10-31 13:51 - 00000000 ____D C:\Users\Suzanne\AppData\Roaming\Leadertech
2016-10-31 13:50 - 2016-10-31 13:50 - 00001626 _____ C:\Users\Public\Desktop\Logitech Webcam Software  .lnk
2016-10-31 13:50 - 2016-10-31 13:50 - 00000000 ____D C:\ProgramData\Logitech
2016-10-31 13:44 - 2016-10-31 13:51 - 00000000 ____D C:\Program Files\Common Files\logishrd
2016-10-31 13:05 - 2016-10-31 13:05 - 03199319 _____ C:\Users\Suzanne\Downloads\Attachments_20161031.zip
2016-10-31 10:31 - 2016-10-31 10:31 - 00028662 _____ C:\ProgramData\agent.1477935068.bdinstall.bin
2016-10-30 19:41 - 2016-10-30 19:41 - 00001127 _____ C:\Users\Suzanne\Desktop\HD Pro Webcam C920 - Shortcut.lnk
2016-10-26 20:52 - 2016-10-26 20:52 - 00002124 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-10-26 17:05 - 2016-10-26 17:22 - 00000000 ____D C:\Users\Suzanne\AppData\Roaming\XnConvert
2016-10-26 17:05 - 2016-10-26 17:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XnConvert
2016-10-26 17:05 - 2016-10-26 17:05 - 00000000 ____D C:\Program Files\XnConvert
2016-10-26 17:04 - 2016-10-26 17:04 - 15171912 _____ (Gougelet Pierre-e ) C:\Users\Suzanne\Downloads\XnConvert-win-x64.exe
2016-10-26 17:01 - 2016-10-26 17:01 - 00057278 _____ C:\Users\Suzanne\Downloads\26243_03 (1) (1).SFW
2016-10-26 17:00 - 2016-10-26 17:00 - 00057278 _____ C:\Users\Suzanne\Downloads\26243_03 (3).SFW
2016-10-26 17:00 - 2016-10-26 17:00 - 00057278 _____ C:\Users\Suzanne\Downloads\26243_03 (2).SFW
2016-10-26 17:00 - 2016-10-26 17:00 - 00057278 _____ C:\Users\Suzanne\Downloads\26243_03 (1).SFW
2016-10-26 16:59 - 2016-10-26 16:59 - 00057278 _____ C:\Users\Suzanne\Downloads\26243_03.SFW
2016-10-26 07:20 - 2016-10-26 07:20 - 00127163 _____ C:\Users\Suzanne\Desktop\Detailed report.txt
2016-10-26 07:14 - 2016-10-26 07:14 - 00067932 _____ C:\Users\Suzanne\Downloads\Addition.txt
2016-10-25 20:53 - 2016-11-04 08:54 - 00000000 ____D C:\FRST
2016-10-25 20:52 - 2016-11-04 08:53 - 02409984 _____ (Farbar) C:\Users\Suzanne\Desktop\FRST64.exe
2016-10-25 20:03 - 2016-10-25 20:03 - 212514840 _____ (Emsisoft Ltd. ) C:\Users\Suzanne\Downloads\EmsisoftAntiMalwareSetup_bc.exe
2016-10-25 20:00 - 2016-10-25 20:00 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Suzanne\Downloads\iExplore.exe
2016-10-25 18:58 - 2016-10-25 20:00 - 00003176 _____ C:\Users\Suzanne\Desktop\Rkill.txt
2016-10-25 18:58 - 2016-10-25 18:58 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Suzanne\Downloads\rkill.com
2016-10-25 18:55 - 2016-10-25 20:09 - 00088806 _____ C:\Windows\ntbtlog.txt
2016-10-24 21:43 - 2016-10-24 21:43 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-10-24 21:43 - 2016-10-24 21:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-10-24 21:43 - 2016-10-24 21:43 - 00000000 ____D C:\Program Files (x86)\Java
2016-10-24 21:41 - 2016-10-24 21:41 - 00000000 ____D C:\Users\Default\AppData\Roaming\Sun
2016-10-24 21:41 - 2016-10-24 21:41 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Sun
2016-10-24 21:40 - 2016-10-24 21:40 - 00000000 ____D C:\ProgramData\Oracle
2016-10-24 15:16 - 2016-11-03 16:23 - 00003032 _____ C:\Windows\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2016-10-24 15:15 - 2016-10-24 15:15 - 00001376 _____ C:\Users\Public\Desktop\Kaspersky Secure Connection.lnk
2016-10-24 15:15 - 2016-10-24 15:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection
2016-10-24 15:14 - 2016-10-24 15:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Total Security
2016-10-24 15:14 - 2016-10-24 15:13 - 00002137 _____ C:\Users\Public\Desktop\Safe Money.lnk
2016-10-24 15:14 - 2016-10-24 15:13 - 00002113 _____ C:\Users\Public\Desktop\Kaspersky Total Security.lnk
2016-10-24 15:12 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2016-10-24 15:11 - 2016-11-04 08:56 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-10-24 15:11 - 2016-10-24 15:15 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2016-10-24 15:11 - 2016-10-24 15:11 - 00000000 ____D C:\Windows\ELAMBKUP
2016-10-24 15:10 - 2016-09-12 23:03 - 01027984 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2016-10-24 15:10 - 2016-09-12 23:03 - 00305496 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys
2016-10-24 15:10 - 2016-06-26 15:10 - 00189264 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys
2016-10-24 14:55 - 2016-10-24 14:56 - 184386592 _____ (Kaspersky Lab) C:\Users\Suzanne\Downloads\kts17.0.0.611aben_11549.exe
2016-10-24 14:55 - 2016-10-24 14:55 - 00240686 _____ C:\ProgramData\1477345837.bdinstall.bin
2016-10-22 02:52 - 2016-10-22 02:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2016-10-20 12:38 - 2016-10-20 12:38 - 00004096 _____ C:\new.lyr
2016-10-20 12:23 - 2016-10-20 12:23 - 00106510 _____ C:\Users\Suzanne\Downloads\CityBoundaries.zip
2016-10-18 15:21 - 2016-11-04 08:52 - 00000000 ___RD C:\Users\Suzanne\iCloudDrive
2016-10-18 15:21 - 2016-10-18 15:21 - 00000000 ____D C:\Users\Suzanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iCloud
2016-10-18 11:57 - 2016-09-30 13:13 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-10-18 11:57 - 2016-09-30 12:28 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-10-18 11:57 - 2016-09-30 08:37 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-10-18 11:57 - 2016-09-30 08:20 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-10-18 11:57 - 2016-09-30 08:20 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-10-18 11:57 - 2016-09-30 00:55 - 25765376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-10-18 11:57 - 2016-09-29 23:26 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-10-18 11:57 - 2016-09-29 23:25 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-10-18 11:57 - 2016-09-29 23:25 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-10-18 11:57 - 2016-09-29 23:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-10-18 11:57 - 2016-09-29 23:25 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-10-18 11:57 - 2016-09-29 23:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-10-18 11:57 - 2016-09-29 23:18 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-10-18 11:57 - 2016-09-29 23:17 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-10-18 11:57 - 2016-09-29 23:14 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-10-18 11:57 - 2016-09-29 23:13 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-10-18 11:57 - 2016-09-29 23:13 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-10-18 11:57 - 2016-09-29 23:12 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-10-18 11:57 - 2016-09-29 23:12 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-10-18 11:57 - 2016-09-29 23:09 - 06048256 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-10-18 11:57 - 2016-09-29 23:05 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-10-18 11:57 - 2016-09-29 23:02 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-10-18 11:57 - 2016-09-29 22:55 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-10-18 11:57 - 2016-09-29 22:54 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-10-18 11:57 - 2016-09-29 22:51 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-10-18 11:57 - 2016-09-29 22:50 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-10-18 11:57 - 2016-09-29 22:47 - 20306944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-10-18 11:57 - 2016-09-29 22:47 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-10-18 11:57 - 2016-09-29 22:46 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-10-18 11:57 - 2016-09-29 22:42 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-10-18 11:57 - 2016-09-29 22:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-10-18 11:57 - 2016-09-29 22:42 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-10-18 11:57 - 2016-09-29 22:42 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-10-18 11:57 - 2016-09-29 22:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-10-18 11:57 - 2016-09-29 22:38 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-10-18 11:57 - 2016-09-29 22:36 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-10-18 11:57 - 2016-09-29 22:35 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-10-18 11:57 - 2016-09-29 22:33 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-10-18 11:57 - 2016-09-29 22:33 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-10-18 11:57 - 2016-09-29 22:32 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-10-18 11:57 - 2016-09-29 22:32 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-10-18 11:57 - 2016-09-29 22:32 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-10-18 11:57 - 2016-09-29 22:32 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-10-18 11:57 - 2016-09-29 22:31 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-10-18 11:57 - 2016-09-29 22:31 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-10-18 11:57 - 2016-09-29 22:24 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-10-18 11:57 - 2016-09-29 22:21 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-10-18 11:57 - 2016-09-29 22:19 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-10-18 11:57 - 2016-09-29 22:19 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-10-18 11:57 - 2016-09-29 22:17 - 02920960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-10-18 11:57 - 2016-09-29 22:17 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-10-18 11:57 - 2016-09-29 22:15 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-10-18 11:57 - 2016-09-29 22:14 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-10-18 11:57 - 2016-09-29 22:13 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-10-18 11:57 - 2016-09-29 22:12 - 04608512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-10-18 11:57 - 2016-09-29 22:07 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-10-18 11:57 - 2016-09-29 22:05 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-10-18 11:57 - 2016-09-29 22:05 - 01544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-10-18 11:57 - 2016-09-29 22:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-10-18 11:57 - 2016-09-29 22:05 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-10-18 11:57 - 2016-09-29 22:03 - 13653504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-10-18 11:57 - 2016-09-29 21:54 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-10-18 11:57 - 2016-09-29 21:46 - 02444288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-10-18 11:57 - 2016-09-29 21:43 - 01312768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-10-18 11:57 - 2016-09-29 21:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-10-18 11:57 - 2016-09-15 08:30 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-10-18 11:57 - 2016-09-15 08:30 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-10-18 11:57 - 2016-09-15 08:15 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-10-18 11:57 - 2016-09-15 08:15 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2016-10-18 11:57 - 2016-09-12 14:13 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-10-18 11:57 - 2016-09-12 14:13 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-10-18 11:57 - 2016-09-12 14:08 - 01465344 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-10-18 11:57 - 2016-09-12 14:08 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-10-18 11:57 - 2016-09-12 14:08 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-10-18 11:57 - 2016-09-12 14:08 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-10-18 11:57 - 2016-09-12 14:08 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-10-18 11:57 - 2016-09-12 14:08 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-10-18 11:57 - 2016-09-12 14:08 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-10-18 11:57 - 2016-09-12 14:08 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-10-18 11:57 - 2016-09-12 14:08 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-10-18 11:57 - 2016-09-12 14:08 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-10-18 11:57 - 2016-09-12 14:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll
2016-10-18 11:57 - 2016-09-12 14:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-10-18 11:57 - 2016-09-12 13:49 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-10-18 11:57 - 2016-09-12 13:49 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-10-18 11:57 - 2016-09-12 13:49 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-10-18 11:57 - 2016-09-12 13:49 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-10-18 11:57 - 2016-09-12 13:49 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-10-18 11:57 - 2016-09-12 13:49 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-10-18 11:57 - 2016-09-12 13:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-10-18 11:57 - 2016-09-12 13:49 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsmsext.dll
2016-10-18 11:57 - 2016-09-12 13:37 - 03218944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-10-18 11:57 - 2016-09-12 13:32 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-10-18 11:57 - 2016-09-12 13:32 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-10-18 11:57 - 2016-09-12 13:32 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-10-18 11:57 - 2016-09-12 12:08 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2016-10-18 11:57 - 2016-09-12 11:43 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2016-10-18 11:57 - 2016-09-12 11:43 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2016-10-18 11:57 - 2016-09-10 09:19 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2016-10-18 11:57 - 2016-09-10 08:53 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2016-10-18 11:57 - 2016-09-09 11:29 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-10-18 11:57 - 2016-09-09 11:26 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-10-18 11:57 - 2016-09-09 11:23 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-10-18 11:57 - 2016-09-09 11:20 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-10-18 11:57 - 2016-09-09 11:20 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-10-18 11:57 - 2016-09-09 11:20 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-10-18 11:57 - 2016-09-09 11:20 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-10-18 11:57 - 2016-09-09 11:20 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-10-18 11:57 - 2016-09-09 11:01 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-10-18 11:57 - 2016-09-09 10:59 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-10-18 11:57 - 2016-09-09 10:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-10-18 11:57 - 2016-09-08 13:34 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2016-10-18 11:57 - 2016-09-08 13:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2016-10-18 11:57 - 2016-09-08 13:34 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2016-10-18 11:57 - 2016-09-08 13:34 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2016-10-18 11:57 - 2016-09-08 07:55 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-10-18 11:57 - 2016-09-08 07:55 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2016-10-18 11:57 - 2016-08-12 10:02 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-10-18 11:57 - 2016-08-12 10:02 - 12574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-10-18 11:57 - 2016-08-12 10:02 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2016-10-18 11:57 - 2016-08-12 10:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2016-10-18 11:57 - 2016-08-12 10:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2016-10-18 11:57 - 2016-08-12 09:47 - 12574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2016-10-18 11:57 - 2016-08-12 09:47 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-10-18 11:57 - 2016-08-12 09:31 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2016-10-18 11:57 - 2016-08-12 09:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2016-10-18 11:57 - 2016-08-12 09:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2016-10-18 11:57 - 2016-08-12 09:26 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2016-10-18 11:57 - 2016-08-06 08:31 - 02023424 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2016-10-18 11:57 - 2016-08-06 08:31 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2016-10-18 11:57 - 2016-08-06 08:31 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2016-10-18 11:57 - 2016-08-06 08:31 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2016-10-18 11:57 - 2016-08-06 08:31 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll
2016-10-18 11:57 - 2016-08-06 08:31 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll
2016-10-18 11:57 - 2016-08-06 08:15 - 01178112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2016-10-18 11:57 - 2016-08-06 08:15 - 00249344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2016-10-18 11:57 - 2016-08-06 08:15 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2016-10-18 11:57 - 2016-08-06 08:15 - 00146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2016-10-18 11:57 - 2016-08-06 08:15 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmRes.dll
2016-10-18 11:57 - 2016-08-06 08:01 - 00266752 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2016-10-18 11:57 - 2016-08-06 08:01 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe
2016-10-18 11:57 - 2016-08-06 07:53 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2016-10-18 11:57 - 2016-08-06 07:53 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmprovhost.exe
2016-10-18 11:57 - 2016-08-06 07:53 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmplpxy.dll
2016-10-18 11:57 - 2016-06-14 10:21 - 00094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2016-10-18 11:57 - 2016-06-14 10:16 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-10-18 11:57 - 2016-06-14 10:16 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-10-18 11:57 - 2016-06-14 10:16 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-10-18 11:57 - 2016-06-14 10:16 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2016-10-18 11:57 - 2016-06-14 10:16 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2016-10-18 11:57 - 2016-06-14 10:16 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2016-10-18 11:57 - 2016-06-14 10:16 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2016-10-18 11:57 - 2016-06-14 10:16 - 00680448 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2016-10-18 11:57 - 2016-06-14 10:16 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2016-10-18 11:57 - 2016-06-14 10:16 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-10-18 11:57 - 2016-06-14 10:16 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2016-10-18 11:57 - 2016-06-14 10:16 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2016-10-18 11:57 - 2016-06-14 10:16 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2016-10-18 11:57 - 2016-06-14 10:16 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-10-18 11:57 - 2016-06-14 10:16 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-10-18 11:57 - 2016-06-14 10:16 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2016-10-18 11:57 - 2016-06-14 10:16 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2016-10-18 11:57 - 2016-06-14 10:16 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2016-10-18 11:57 - 2016-06-14 10:16 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-10-18 11:57 - 2016-06-14 10:16 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-10-18 11:57 - 2016-06-14 10:16 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-10-18 11:57 - 2016-06-14 10:16 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2016-10-18 11:57 - 2016-06-14 10:16 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2016-10-18 11:57 - 2016-06-14 10:16 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2016-10-18 11:57 - 2016-06-14 10:16 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2016-10-18 11:57 - 2016-06-14 10:16 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2016-10-18 11:57 - 2016-06-14 10:16 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2016-10-18 11:57 - 2016-06-14 10:11 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2016-10-18 11:57 - 2016-06-14 08:21 - 03209216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-10-18 11:57 - 2016-06-14 08:21 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-10-18 11:57 - 2016-06-14 08:21 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2016-10-18 11:57 - 2016-06-14 08:21 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2016-10-18 11:57 - 2016-06-14 08:21 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2016-10-18 11:57 - 2016-06-14 08:21 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2016-10-18 11:57 - 2016-06-14 08:21 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-10-18 11:57 - 2016-06-14 08:21 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2016-10-18 11:57 - 2016-06-14 08:21 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-10-18 11:57 - 2016-06-14 08:21 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2016-10-18 11:57 - 2016-06-14 08:21 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2016-10-18 11:57 - 2016-06-14 08:21 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2016-10-18 11:57 - 2016-06-14 08:21 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-10-18 11:57 - 2016-06-14 08:21 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2016-10-18 11:57 - 2016-06-14 08:21 - 00195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2016-10-18 11:57 - 2016-06-14 08:21 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-10-18 11:57 - 2016-06-14 08:21 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2016-10-18 11:57 - 2016-06-14 08:15 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2016-10-18 11:57 - 2016-06-14 08:15 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-10-18 11:57 - 2016-06-14 08:15 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-10-18 11:57 - 2016-06-14 08:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-10-18 11:57 - 2016-06-14 08:05 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-10-18 11:57 - 2016-06-14 08:00 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2016-10-18 11:57 - 2016-06-14 08:00 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2016-10-18 11:56 - 2016-09-29 23:41 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-10-18 11:56 - 2016-09-29 23:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-10-18 11:56 - 2016-09-29 22:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-10-18 11:56 - 2016-09-29 22:35 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-10-18 11:56 - 2016-09-12 14:08 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-10-18 11:56 - 2016-09-12 14:08 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-10-18 11:56 - 2016-09-12 14:08 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-10-18 11:56 - 2016-09-12 14:08 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-10-18 11:56 - 2016-09-12 14:08 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-10-18 11:56 - 2016-09-12 14:08 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-10-18 11:56 - 2016-09-12 14:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-10-18 11:56 - 2016-09-12 13:49 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-10-18 11:56 - 2016-09-12 13:49 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-10-18 11:56 - 2016-09-12 13:49 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-10-18 11:56 - 2016-09-12 13:49 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-10-18 11:56 - 2016-09-12 13:49 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-10-18 11:56 - 2016-09-12 13:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-10-18 11:56 - 2016-09-12 13:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-10-18 11:56 - 2016-09-12 13:49 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-10-18 11:56 - 2016-09-12 13:39 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-10-18 11:56 - 2016-09-12 13:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-10-18 11:56 - 2016-09-12 13:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-10-18 11:56 - 2016-09-12 13:25 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 11:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 11:00 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-10-18 11:56 - 2016-09-09 11:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-10-18 11:56 - 2016-09-09 11:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-10-18 11:56 - 2016-09-09 11:00 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-10-18 11:56 - 2016-09-09 10:59 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-10-18 11:56 - 2016-09-09 10:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-10-18 11:56 - 2016-09-09 10:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 10:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 10:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 10:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 10:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 10:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 10:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 10:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 10:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 10:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 10:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 10:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 10:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 10:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 10:51 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-10-18 11:56 - 2016-09-09 10:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-10-18 11:56 - 2016-09-09 10:51 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-10-18 11:56 - 2016-09-09 10:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-10-18 11:56 - 2016-09-09 10:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-10-18 11:56 - 2016-09-09 10:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-10-18 11:56 - 2016-09-09 10:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-10-18 11:56 - 2016-09-09 10:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-10-18 11:56 - 2016-09-09 10:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-10-18 11:56 - 2016-09-09 10:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 10:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 10:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-10-18 11:56 - 2016-09-09 10:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-10-18 11:56 - 2016-06-14 10:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-10-18 11:56 - 2016-06-14 08:21 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2016-10-18 11:56 - 2016-06-14 08:21 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2016-10-18 11:56 - 2016-06-14 08:21 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2016-10-18 11:56 - 2016-06-14 08:21 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2016-10-18 11:56 - 2016-06-14 08:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-10-18 11:55 - 2016-09-12 14:17 - 00077032 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-10-18 11:55 - 2016-09-12 14:08 - 01226752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-10-18 11:55 - 2016-09-09 08:54 - 01629184 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-10-18 11:55 - 2016-09-09 08:54 - 00586752 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-10-18 11:55 - 2016-09-09 08:54 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-10-18 11:55 - 2016-09-09 08:54 - 00314368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-10-18 11:55 - 2016-09-09 08:54 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-10-18 11:55 - 2016-09-09 08:54 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-10-18 11:55 - 2016-09-09 08:54 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-10-18 11:55 - 2016-08-16 13:40 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2016-10-18 11:55 - 2016-08-16 13:40 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2016-10-18 11:55 - 2016-08-16 13:40 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2016-10-18 11:55 - 2016-08-16 13:40 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2016-10-18 11:55 - 2016-08-16 13:40 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2016-10-18 11:55 - 2016-08-16 13:40 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2016-10-18 11:55 - 2016-08-16 13:40 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2016-10-18 11:54 - 2016-08-29 08:31 - 14183424 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-10-18 11:54 - 2016-08-29 08:31 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-10-18 11:54 - 2016-08-29 08:31 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-10-18 11:54 - 2016-08-29 08:12 - 12880384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-10-18 11:54 - 2016-08-29 08:12 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-10-18 11:54 - 2016-08-29 08:12 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-10-18 11:54 - 2016-08-29 08:04 - 03229696 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-10-18 11:54 - 2016-08-29 07:55 - 02972672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-10-18 11:54 - 2016-07-22 07:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2016-10-18 11:54 - 2016-07-22 07:51 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2016-10-07 22:52 - 2016-10-07 22:52 - 00443632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp140.dll
2016-10-07 22:52 - 2016-10-07 22:52 - 00394496 _____ (Microsoft Corporation) C:\Windows\system32\vccorlib140.dll
2016-10-07 22:52 - 2016-10-07 22:52 - 00334608 _____ (Microsoft Corporation) C:\Windows\system32\concrt140.dll
2016-10-07 22:52 - 2016-10-07 22:52 - 00089328 _____ (Microsoft Corporation) C:\Windows\system32\vcruntime140.dll
2016-10-07 22:52 - 2016-10-07 22:52 - 00085744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vcruntime140.dll
2016-10-07 22:49 - 2016-10-07 22:49 - 00639728 _____ (Microsoft Corporation) C:\Windows\system32\msvcp140.dll
2016-10-07 22:49 - 2016-10-07 22:49 - 00244504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\concrt140.dll
2016-10-07 22:45 - 2016-10-07 22:45 - 00271112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vccorlib140.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-11-04 08:54 - 2009-07-13 21:45 - 00025424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-04 08:54 - 2009-07-13 21:45 - 00025424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-04 08:53 - 2016-07-17 16:44 - 00000000 ____D C:\Users\Suzanne\AppData\Roaming\Skype
2016-11-04 08:52 - 2011-05-27 10:54 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-04 08:49 - 2014-01-24 11:40 - 00000990 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2016-11-04 08:48 - 2011-05-27 10:54 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-04 08:47 - 2011-03-14 14:23 - 00000000 ____D C:\ProgramData\NVIDIA
2016-11-04 08:47 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-04 08:46 - 2011-03-14 17:22 - 00062308 _____ C:\Windows\system32\BMXStateBkp-{00000001-00000000-00000000-00001102-0000000B-00441102}.rfx
2016-11-04 08:46 - 2011-03-14 17:22 - 00062308 _____ C:\Windows\system32\BMXState-{00000001-00000000-00000000-00001102-0000000B-00441102}.rfx
2016-11-04 08:46 - 2011-03-14 17:22 - 00000820 _____ C:\Windows\system32\DVCState-{00000001-00000000-00000000-00001102-0000000B-00441102}.rfx
2016-11-04 08:42 - 2011-03-25 08:10 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-151233617-2686695857-2843107125-1001UA.job
2016-11-04 08:39 - 2016-01-28 20:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\honestech TVR 2.5
2016-11-04 08:38 - 2015-09-27 10:33 - 00000000 ____D C:\ProgramData\BDLogging
2016-11-04 08:18 - 2014-02-06 15:11 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-151233617-2686695857-2843107125-1001UA1cf23886a25815c.job
2016-11-04 07:47 - 2014-11-15 18:11 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-151233617-2686695857-2843107125-1001UA1d0013a3ffd0f14.job
2016-11-04 00:00 - 2011-03-18 12:30 - 00000000 ____D C:\ProgramData\LogMeIn
2016-11-03 20:33 - 2011-03-18 13:39 - 00003942 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{5F1214C0-A7BC-412C-83C5-45F631CD7E30}
2016-11-03 19:49 - 2016-09-06 13:37 - 00000000 ____D C:\Users\Suzanne\Documents\Outlook Files
2016-11-03 19:48 - 2011-03-21 17:42 - 00000000 ____D C:\Users\Suzanne\AppData\Roaming\ESRI
2016-11-03 18:15 - 2016-05-20 17:37 - 00000000 ___HD C:\Users\Suzanne\AppData\Local\ESRI_Licensing
2016-11-03 17:55 - 2016-01-17 11:20 - 00000000 ____D C:\Job Invoices
2016-11-03 16:18 - 2014-02-06 15:11 - 00000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-151233617-2686695857-2843107125-1001Core1cf23885969d023.job
2016-11-03 15:47 - 2014-11-15 18:11 - 00000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-151233617-2686695857-2843107125-1001Core1d0013a3e4c6110.job
2016-11-03 15:38 - 2015-10-12 17:13 - 00001080 _____ C:\Windows\system32\settingsbkup.sfm
2016-11-03 15:38 - 2015-10-12 17:13 - 00001080 _____ C:\Windows\system32\settings.sfm
2016-11-03 15:12 - 2011-03-18 12:15 - 00000000 ___HD C:\Users\Suzanne\AppData\Roaming\Adobe
2016-11-03 13:42 - 2011-03-25 08:10 - 00000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-151233617-2686695857-2843107125-1001Core.job
2016-11-03 09:15 - 2011-03-21 09:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcGIS
2016-11-02 10:36 - 2011-03-21 17:42 - 00000000 ____D C:\Users\Suzanne\Documents\ArcGIS
2016-11-02 10:22 - 2016-07-12 21:31 - 00264312 ____H C:\Windows\system32\mlfcache.dat
2016-11-02 03:01 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2016-11-01 14:21 - 2013-09-29 11:12 - 00003428 _____ C:\Windows\System32\Tasks\Apple Diagnostics
2016-11-01 12:17 - 2011-03-25 08:10 - 00000000 ___HD C:\Users\Suzanne\AppData\Local\Google
2016-10-31 13:51 - 2014-05-25 18:09 - 00000000 ____D C:\Program Files (x86)\Logitech
2016-10-31 13:50 - 2014-05-25 18:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2016-10-31 10:36 - 2012-07-01 15:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2016-10-31 10:36 - 2012-07-01 14:55 - 00000000 ____D C:\Program Files (x86)\HP
2016-10-30 19:57 - 2016-10-04 22:31 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-10-30 19:57 - 2016-07-17 16:43 - 00000000 ____D C:\ProgramData\Skype
2016-10-30 16:28 - 2015-03-14 17:37 - 00000871 _____ C:\messages.xml
2016-10-30 16:24 - 2016-05-24 13:02 - 00000000 ____D C:\Users\Suzanne\.matplotlib
2016-10-27 13:59 - 2015-03-06 12:44 - 00000000 ____D C:\Ed
2016-10-26 20:42 - 2011-03-14 14:44 - 00000000 ____D C:\ProgramData\Sonic
2016-10-26 20:41 - 2009-07-13 22:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2016-10-26 18:28 - 2011-08-18 17:12 - 00038400 ___SH C:\Users\Suzanne\Thumbs.db
2016-10-26 17:37 - 2009-07-13 22:13 - 00786578 _____ C:\Windows\system32\PerfStringBackup.INI
2016-10-26 17:08 - 2011-09-09 15:40 - 00000000 ___HD C:\Users\Suzanne\AppData\Local\Windows Live
2016-10-26 16:08 - 2009-07-13 21:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-10-26 11:14 - 2016-09-15 15:30 - 00000000 ____D C:\Users\Suzanne\AppData\Roaming\Add-in Express
2016-10-26 07:50 - 2014-01-24 13:16 - 00000000 ____D C:\Windows\Minidump
2016-10-25 20:14 - 2011-11-15 20:26 - 00000000 ____D C:\Windows\system32\Macromed
2016-10-25 20:14 - 2011-08-24 13:57 - 00000000 ____D C:\Program Files (x86)\Citrix
2016-10-25 20:14 - 2011-03-14 14:28 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-10-25 14:42 - 2016-09-14 10:58 - 00003676 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-151233617-2686695857-2843107125-1001
2016-10-25 14:42 - 2016-09-14 10:58 - 00003580 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-151233617-2686695857-2843107125-1001
2016-10-25 10:25 - 2016-08-02 14:16 - 00000000 ____D C:\Users\Suzanne\Documents\MoreThanMapps
2016-10-25 08:16 - 2011-03-25 08:11 - 00002388 _____ C:\Users\Suzanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-10-24 21:41 - 2012-06-04 15:49 - 00268864 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2016-10-24 20:01 - 2011-09-05 19:46 - 00000000 ___HD C:\Users\Suzanne\AppData\Local\ElevatedDiagnostics
2016-10-24 19:47 - 2011-03-21 09:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-10-24 16:34 - 2016-09-15 08:37 - 00000000 ____D C:\2016_Upwork
2016-10-24 15:13 - 2011-03-26 09:19 - 00000000 ____D C:\Users\Dorothy
2016-10-24 14:58 - 2011-08-27 18:06 - 00000000 ____D C:\Users\Suzanne\AppData\Roaming\Orbit
2016-10-24 14:52 - 2011-03-18 14:01 - 00184210 _____ C:\bdlog.txt
2016-10-23 14:10 - 2016-10-04 09:55 - 00000000 ____D C:\Users\Suzanne\AppData\Roaming\MicrocoftUrdateNT
2016-10-21 14:43 - 2011-03-18 12:30 - 00000000 ____D C:\Program Files (x86)\LogMeIn
2016-10-21 10:52 - 2011-03-18 12:30 - 00122400 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
2016-10-21 10:52 - 2011-03-18 12:30 - 00107520 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll
2016-10-20 12:32 - 2011-03-21 17:42 - 00000000 ___HD C:\Users\Suzanne\AppData\Local\ESRI
2016-10-20 11:13 - 2015-11-08 11:28 - 00000000 ____D C:\Users\Suzanne\AppData\Roaming\ProjectTimer
2016-10-19 04:43 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2016-10-19 03:41 - 2009-07-13 21:45 - 02498824 _____ C:\Windows\system32\FNTCACHE.DAT
2016-10-19 03:39 - 2013-03-13 03:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-10-19 03:39 - 2013-03-13 03:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-10-19 03:35 - 2014-12-10 04:26 - 00000000 ____D C:\Windows\system32\appraiser
2016-10-19 03:35 - 2014-04-30 03:00 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-10-19 03:35 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-10-19 03:35 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\Dism
2016-10-19 03:17 - 2013-07-16 03:00 - 00000000 ____D C:\Windows\system32\MRT
2016-10-19 03:06 - 2011-03-18 13:58 - 143495576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-10-19 03:05 - 2013-03-13 03:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-10-18 17:30 - 2011-09-01 18:50 - 00007597 ____H C:\Users\Suzanne\AppData\Local\Resmon.ResmonCfg
2016-10-18 15:21 - 2015-10-28 18:03 - 00000000 ____D C:\Users\Suzanne\AppData\Local\Apple Inc
2016-10-18 15:21 - 2011-03-18 14:09 - 00000000 ___HD C:\Users\Suzanne
2016-10-18 15:18 - 2011-03-18 13:15 - 00000000 ___HD C:\Users\Suzanne\AppData\Local\Apple Computer
2016-10-18 15:17 - 2011-03-18 13:15 - 00000000 ___HD C:\Users\Suzanne\AppData\Roaming\Apple Computer
2016-10-18 11:54 - 2015-11-08 11:07 - 00000000 ____D C:\JasonNov
2016-10-18 11:46 - 2016-09-06 13:16 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-10-18 11:35 - 2011-03-18 13:44 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-10-18 11:14 - 2012-04-13 09:22 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
 
==================== Files in the root of some directories =======
 
2011-09-01 18:50 - 2016-10-18 17:30 - 0007597 ____H () C:\Users\Suzanne\AppData\Local\Resmon.ResmonCfg
2016-10-24 14:55 - 2016-10-24 14:55 - 0240686 _____ () C:\ProgramData\1477345837.bdinstall.bin
2016-10-31 10:31 - 2016-10-31 10:31 - 0028662 _____ () C:\ProgramData\agent.1477935068.bdinstall.bin
2016-01-28 20:12 - 2016-01-28 20:12 - 0000016 _____ () C:\ProgramData\mntemp
2016-01-28 20:12 - 2016-01-28 20:12 - 0004881 _____ () C:\ProgramData\rxsmznjf.zcp
 
Files to move or delete:
====================
C:\Users\Suzanne\ExporttoKML.dll
C:\Users\Suzanne\ExporttoKML.reg
C:\Users\Suzanne\ExporttoKML_64bit.reg
C:\Users\Suzanne\ExporttoKML_INSTALL.bat
C:\Users\Suzanne\ExporttoKML_UNINSTALL.bat
 
 
Some files in TEMP:
====================
C:\Users\Suzanne\AppData\Local\Temp\qc_e3f0f3ef_27e6_4ca8_8a7c_a3d761aa54bb_64.exe
C:\Users\Suzanne\AppData\Local\Temp\SkypeSetup.exe
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-11-04 00:18
 
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-11-2016
Ran by Suzanne (04-11-2016 09:00:31)
Running from C:\Users\Suzanne\Desktop
Windows 7 Professional Service Pack 1 (X64) (2011-03-18 21:08:59)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-151233617-2686695857-2843107125-500 - Administrator - Disabled)
Guest (S-1-5-21-151233617-2686695857-2843107125-501 - Limited - Disabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-151233617-2686695857-2843107125-1002 - Limited - Enabled)
LogMeInRemoteUser (S-1-5-21-151233617-2686695857-2843107125-1003 - Administrator - Enabled) => C:\Users\LogMeInRemoteUser
Suzanne (S-1-5-21-151233617-2686695857-2843107125-1001 - Administrator - Enabled) => C:\Users\Suzanne
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Kaspersky Total Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AS: Kaspersky Total Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Total Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 7.2.4 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 16.04 (HKLM-x32\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Add or Remove Adobe Creative Suite 3 Design Premium (HKLM-x32\...\Adobe_498b43b77cac072081a5692bfc52804) (Version: 1.0 - Adobe Systems Incorporated)
Adobe Acrobat 8.1.5 - CPSID_49013 (HKLM-x32\...\Adobe Acrobat 8 Professional_815) (Version:  - Adobe Systems Incorporated)
Adobe Acrobat 8.1.5 Professional (HKLM-x32\...\Adobe Acrobat 8 Professional) (Version: 8.1.5 - )
Adobe Color Common Settings (HKLM-x32\...\Adobe_6c8e2cb4fd241c55406016127a6ab2e) (Version: 1.0.1 - Adobe Systems Incorporated)
Adobe ExtendScript Toolkit 2 (HKLM-x32\...\Adobe_3e054d2218e7aa282c2369d939e58ff) (Version: 2.0.2 - Adobe Systems Incorporated)
Adobe Flash Player 9 Plugin (HKLM-x32\...\{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}) (Version: 9.0.45.0 - Adobe Systems, Inc.)
AHV content for Acrobat and Flash (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Akamai NetSession Interface (HKU\S-1-5-21-151233617-2686695857-2843107125-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
Apple Application Support (32-bit) (HKLM-x32\...\{29DB9165-5FC1-48F0-9188-26123F526848}) (Version: 5.0.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{5905C8CF-1C88-4478-A48E-4E458AD1BC7E}) (Version: 5.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D4D86CB2-2370-4691-8272-3869EDED6C64}) (Version: 10.0.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ArcGIS 10.4 for Desktop (HKLM-x32\...\ArcGIS 10.4 for Desktop) (Version: 10.4.5524 - Environmental Systems Research Institute, Inc.)
ArcGIS 10.4 for Desktop (x32 Version: 10.4.5524 - Environmental Systems Research Institute, Inc.) Hidden
ArcGIS ArcReader 10 (HKLM-x32\...\ArcGIS ArcReader 10) (Version: 10.0.2414 - Environmental Systems Research Institute, Inc.)
ArcGIS Earth (HKLM\...\ArcGIS Earth) (Version: 1.0.1214 - Environmental Systems Research Institute, Inc.)
ArcGIS Earth (Version: 1.0.1214 - Environmental Systems Research Institute, Inc.) Hidden
ArcGIS License Manager 10 (HKLM-x32\...\ArcGIS License Manager 10) (Version: 10.0.2414 - Environmental Systems Research Institute, Inc.)
ArcGIS Pro (HKLM\...\ArcGISPro) (Version: 1.3.5861 - Environmental Systems Research Institute, Inc.)
ArcGIS Pro (Version: 1.3.5861 - Environmental Systems Research Institute, Inc.) Hidden
Bing Bar (HKLM-x32\...\{FF6DD716-7B10-4269-9F19-FFB07AC4CD95}) (Version: 7.3.124.0 - Microsoft Corporation)
Bing Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.470.0 - Microsoft Corporation)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
BioAPI Framework (Version: 1.0.2 - Dell Inc.) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Box Tools (HKLM-x32\...\{56647361-687B-452B-8999-6179125FFD63}) (Version: 3.2.10.1533 - Box)
Broadcom NetXtreme-I Netlink Driver and Management Installer (HKLM\...\{982E1601-0DFC-4FD3-A427-AC6570697858}) (Version: 14.0.3.2 - Broadcom Corporation)
CameraHelperMsi (x32 Version: 13.40.836.0 - Logitech) Hidden
Citrix Online Launcher (HKLM-x32\...\{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}) (Version: 1.0.408 - Citrix)
Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 3.00 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: 1.02 - Creative Technology Limited)
Custom (Version: 12.34.56.789 - Wave Systems Corp.) Hidden
CyberLink PowerDVD 9.5 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.3225 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Data Protection | Access (HKLM-x32\...\{A7D91856-258D-4C87-8041-B170851CE432}) (Version: 2.0.00000.085 - Dell Inc.)
Dell Data Protection | Access (Version: 01.01.00.085 - Wave Systems Corp) Hidden
Dell Data Protection | Access | Drivers (HKLM-x32\...\{4E4E65EE-C456-45AC-B5AD-C62C3A325BD0}) (Version: 1.00.011 - Dell Inc.)
Dell Data Protection | Access | Middleware (HKLM-x32\...\{841CBDD5-4BB5-403E-AEE3-2FADC3890BE8}) (Version: 1.00.005 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell System Manager (HKLM\...\{0DB0EA38-E806-44ED-A892-489F2E305080}) (Version: 1.5.00000 - Dell Inc.)
DellAccess (Version: 01.01.00.053 - Wave Systems Corp.) Hidden
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
EMBASSY Security Center (Version: 04.03.00.067 - Wave Systems Corp.) Hidden
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Esri CityEngine 2016.0 (HKLM\...\Esri CityEngine 2016.0) (Version: 16.0.100 - Environmental Systems Research Institute, Inc.)
Esri CityEngine 2016.0 (Version: 16.0.100 - Environmental Systems Research Institute, Inc.) Hidden
FME Desktop 2016.1.2.1 (Build 16674 - win64) (HKLM\...\{C6197A42-6BFE-1014-B1BC-EE2AC0F79D75}) (Version: 7.22.16674 - Safe Software Inc.)
Fushicai VIDEO DVR (HKLM-x32\...\{989BAFE8-E777-43D7-9749-9810E0E9FF48}) (Version: 2013.5.6 - Fushicai)
Gemalto (Version: 01.64.01.0010 - Wave Systems Corp) Hidden
Google Chrome (HKU\S-1-5-21-151233617-2686695857-2843107125-1001\...\Google Chrome) (Version: 54.0.2840.71 - Google Inc.)
Google Chrome (HKU\S-1-5-21-151233617-2686695857-2843107125-1003\...\Google Chrome) (Version: 15.0.874.121 - Google Inc.)
Google Drive (HKLM-x32\...\{459CE109-4E46-4340-92BC-054642BC3BC2}) (Version: 1.31.2873.2758 - Google, Inc.)
Google Earth (HKLM-x32\...\{A0C18B96-AB79-46BD-8321-6FA83E6D25B9}) (Version: 7.1.7.2606 - Google)
Google Earth Pro (HKLM-x32\...\{1C63D1F0-DE50-11E2-BB78-B8AC6F98CCE3}) (Version: 7.1.1.1871 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
GoToMeeting 5.0.0.799 (HKU\S-1-5-21-151233617-2686695857-2843107125-1003\...\GoToMeeting) (Version: 5.0.0.799 - CitrixOnline)
honestechTVR2.5 (HKLM-x32\...\{ABADD11D-1B48-4F23-BEBA-6B22CE8F5E58}) (Version: 2.5 - honestech)
honestechTVR2.5 (x32 Version: 2.5 - honestech) Hidden
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
hppLaserJetService (x32 Version: 002.015.00599 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{CE29BC77-C5AE-49D8-A8C0-FDAF6ACF74DF}) (Version: 6.0.1.41 - Apple Inc.)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{9946A4F7-E0FD-4A33-82D1-06CBFFBBB9F9}) (Version: 12.5.1.21 - Apple Inc.)
Java 8 Update 112 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180112F0}) (Version: 8.0.1120.15 - Oracle Corporation)
Java™ 6 Update 23 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416023FF}) (Version: 6.0.230 - Oracle)
JavaFX 2.1.0 (HKLM-x32\...\{1111706F-666A-4037-7777-210328764D10}) (Version: 2.1.0 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab)
Kaspersky Secure Connection (x32 Version: 17.0.0.611 - Kaspersky Lab) Hidden
Kaspersky Total Security (HKLM-x32\...\InstallWIX_{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab)
Kaspersky Total Security (x32 Version: 17.0.0.611 - Kaspersky Lab) Hidden
Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.40 - Logitech Inc.)
LogMeIn (HKLM-x32\...\{D3AE96EE-2876-4B3F-847C-D3A4AD689E43}) (Version: 4.1.1578 - LogMeIn, Inc.)
LogMeIn Client (HKLM-x32\...\{D2300C4F-CC9B-4D00-BC53-B4C806A6C7AB}) (Version: 1.3.1675 - LogMeIn, Inc.)
LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional 2016 - en-us (HKLM\...\ProfessionalRetail - en-us) (Version: 16.0.7369.2038 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movavi Video Editor 11 (HKLM-x32\...\Movavi Video Editor 11) (Version: 11.2.0 - Movavi)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyHarmony (HKU\S-1-5-21-151233617-2686695857-2843107125-1001\...\036a0e4fc6a247ec) (Version: 1.0.1.257 - Logitech)
NTRU TCG Software Stack (Version: 2.1.34 - Security Innovation) Hidden
NVIDIA 3D Vision Driver 358.91 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 358.91 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5929 - NVIDIA Corporation)
NVIDIA Graphics Driver 358.91 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 358.91 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA nView 146.78 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 146.78 - NVIDIA Corporation)
NVIDIA WMI 2.24.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVWMI) (Version: 2.24.0 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7369.2038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7369.2038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7369.2038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7369.2038 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
PC-CCID (Version: 2.0.0 - Gemalto) Hidden
PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
Preboot Manager (Version: 03.03.00.049 - Wave Systems Corp.) Hidden
Private Information Manager (Version: 07.01.00.007 - Wave Systems Corp.) Hidden
Python 2.5 numpy-1.0.3 (HKLM-x32\...\numpy-py2.5) (Version:  - )
Python 2.5 numpy-1.0.3 (HKLM-x32\...\Python 2.5 numpy-1.0.3) (Version:  - )
Python 2.5.1 (HKLM-x32\...\Python 2.5.1) (Version:  - )
QGIS 2.16 2.16.2 Nødebo (HKLM\...\QGIS 2.16) (Version:  - QGIS Development Team)
Quicken 2012 (HKLM-x32\...\{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}) (Version: 21.1.7.18 - Intuit)
Quicken 2015 (HKLM-x32\...\{00C2D443-43D9-4550-ABEA-318288E23E57}) (Version: 24.1.11.1 - Intuit)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
Rosetta Stone Language Training (HKLM-x32\...\{00384623-4937-4D7D-BDD9-23513D1C50AB}) (Version: 5.0.37.0 - Rosetta Stone, Ltd)
Rosetta Stone Ltd Services (HKLM-x32\...\{3165E4A6-D5DE-46B0-8597-D55E2B826B84}) (Version: 3.2.21 - Rosetta Stone Ltd.)
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Sentinel System Driver(64-bit) 7.2.2 (HKLM\...\{97407E09-4EA8-49F0-A513-2C1776A6DEC0}) (Version: 7.2.2 - SafeNet, Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 7.29 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.29.102 - Skype Technologies S.A.)
Smilebox (HKU\S-1-5-21-151233617-2686695857-2843107125-1003\...\Smilebox) (Version: 1.1.1.1 - Smilebox, Inc.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
SPBA 5.9 (Version: 5.9.4.6686 - UPEK Inc.) Hidden
Trusted Drive Manager (Version: 4.0.0.512 - Wave Systems Corp.) Hidden
Upek Touchchip Fingerprint Reader (Version: 1.2.004 - Dell Inc.) Hidden
Wave Infrastructure Installer (Version: 07.66.40.0008 - Wave Systems Corp) Hidden
Wave Support Software Installer (Version: 05.13.00.014 - Wave Systems Corp) Hidden
Windows Driver Package - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinZip 16.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240D3}) (Version: 16.5.10095 - WinZip Computing, S.L. )
XnConvert 1.73 (HKLM\...\XnConvert_is1) (Version: 1.73 - Gougelet Pierre-e)
Yahoo! BrowserPlus 2.9.8 (HKU\S-1-5-21-151233617-2686695857-2843107125-1003\...\Yahoo! BrowserPlus) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileCoAuthLib64.dll => No Fil (the data entry has 1 more characters).
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll => No Fil (the data entry has 1 more characters).
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll => No Fil (the data entry has 1 more characters).
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Suzanne\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe => No File
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll => No Fil (the data entry has 1 more characters).
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll => No Fil (the data entry has 1 more characters).
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll => No Fil (the data entry has 1 more characters).
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll => No Fil (the data entry has 1 more characters).
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll => No Fil (the data entry has 1 more characters).
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll => No Fil (the data entry has 1 more characters).
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll => No Fil (the data entry has 1 more characters).
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncApi64.dll => No File
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0DC59238-B059-4EFF-9CF9-9A8CA49C9C53} - System32\Tasks\{0413D07A-8D30-4D5A-BE61-486976FB485F} => C:\Program Files (x86)\iTunes\iTunes.exe
Task: {15D894C6-8C07-4502-817B-3633CBC2F6A0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: {16E7A5FB-0D27-4FFC-935D-CB64441A4BD1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-151233617-2686695857-2843107125-1001Core1cf23885969d023 => C:\Users\Suzanne\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {19E720E5-12AA-4EE3-9C27-83BF10CA2419} - System32\Tasks\{A4BA670A-111C-4595-88DE-44B1BC131F3C} => C:\Program Files (x86)\iTunes\iTunes.exe
Task: {296820CE-CF2E-4BF6-A702-4363873404AB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-151233617-2686695857-2843107125-1001Core => C:\Users\Suzanne\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {3B786855-FB5F-4C15-B445-7A740D115058} - System32\Tasks\{04FF8751-D100-4F82-BE83-D96DAFA59B39} => C:\Program Files (x86)\iTunes\iTunes.exe
Task: {48239E39-A010-47DA-A4BA-F13478A0CAE6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-151233617-2686695857-2843107125-1001UA => C:\Users\Suzanne\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {65729D44-5252-401D-B2CF-BAF410DE527B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {66732F40-8D0E-4B61-A60C-AEBCC6F3114C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {6B1929ED-F652-45B4-91AF-2B689541E8D6} - System32\Tasks\RegClean Pro_UPDATES => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {708F24B9-28BC-47E9-B04A-16B31A1C6744} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-151233617-2686695857-2843107125-1001UA1cf23886a25815c => C:\Users\Suzanne\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {87B96AB0-7AB8-4E37-A083-9C8B6952E13E} - System32\Tasks\{4D5AC19A-5FF4-4A2F-A1AF-3E5DD0BAAB0C} => D:\autorun.exe
Task: {964025AA-7830-4AC4-B364-E67585C17F61} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-08] (Microsoft Corporation)
Task: {A9C69709-F628-4E15-AA80-357F047BB55C} - System32\Tasks\G2MUpdateTask-S-1-5-21-151233617-2686695857-2843107125-1001 => C:\Program Files (x86)\Citrix\GoToMeeting\5742\g2mupdate.exe
Task: {B24AE1E3-4FF1-4DF0-8E8A-FFEAF516B368} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-08] (Microsoft Corporation)
Task: {B2AEA276-409F-468F-9DE6-98B2696BD095} - System32\Tasks\RegClean Pro_DEFAULT => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {B85041F5-4507-4DF4-B32F-2120AD6A00B5} - System32\Tasks\{89B37D2F-F8B6-4666-BC35-FCBF4333D964} => D:\autorun.exe
Task: {CEABA74D-1DA7-4D11-8436-1C4F8EC1EA84} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-151233617-2686695857-2843107125-1001UA1d0013a3ffd0f14 => C:\Users\Suzanne\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {CFB72B10-B94B-4668-8030-98F6B2092CD2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {D7A62CBC-23FA-462F-8ED9-5EDD61ED59C7} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe
Task: {D957B3D7-A0E7-47BE-A2B1-44A42E4C19DF} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2016-09-09] (Apple Inc.)
Task: {DC286D2F-C572-45D8-9115-DB9BC8B91E53} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-151233617-2686695857-2843107125-1001Core1d0013a3e4c6110 => C:\Users\Suzanne\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {E69A5AB1-5E51-4F59-AA96-C7F1360BDE91} - System32\Tasks\DigitalSite => C:\Users\Suzanne\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {F3F98508-023D-412B-A62A-F3C4D70BB29E} - System32\Tasks\G2MUploadTask-S-1-5-21-151233617-2686695857-2843107125-1001 => C:\Program Files (x86)\Citrix\GoToMeeting\5742\g2mupload.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\DigitalSite.job => C:\Users\Suzanne\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-151233617-2686695857-2843107125-1001Core.job => C:\Users\Suzanne\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-151233617-2686695857-2843107125-1001Core1cf23885969d023.job => C:\Users\Suzanne\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-151233617-2686695857-2843107125-1001Core1d0013a3e4c6110.job => C:\Users\Suzanne\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-151233617-2686695857-2843107125-1001UA.job => C:\Users\Suzanne\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-151233617-2686695857-2843107125-1001UA1cf23886a25815c.job => C:\Users\Suzanne\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-151233617-2686695857-2843107125-1001UA1d0013a3ffd0f14.job => C:\Users\Suzanne\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\RegClean Pro_DEFAULT.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: C:\Windows\Tasks\RegClean Pro_UPDATES.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Web Applications\pinterest.com\http_80\Pinterest _ Goodies.lnk -> C:\Users\Suzanne\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --app=hxxp://pinterest.com/about/goodies/
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-01-28 10:39 - 2015-11-10 02:32 - 03088712 _____ () C:\Windows\system32\nvwmi64.exe
2016-09-01 18:12 - 2016-09-01 18:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-09-01 18:12 - 2016-09-01 18:12 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-01-28 10:38 - 2015-11-05 08:13 - 00116528 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-09-06 13:21 - 2016-10-08 00:52 - 08923840 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-01-28 10:39 - 2015-11-10 02:26 - 01941304 _____ () C:\Program Files\NVIDIA Corporation\nView\nViewH64.dll
2013-06-13 17:07 - 2013-03-25 10:57 - 00727952 _____ () C:\Windows\SysWOW64\WSCM64.dll
2016-01-28 10:39 - 2015-11-10 02:26 - 01315128 _____ () C:\Program Files\NVIDIA Corporation\nView\nViewMain64.exe
2016-01-28 10:39 - 2015-11-10 02:26 - 01187656 _____ () C:\Program Files\NVIDIA Corporation\nView\nViewMain.exe
2016-01-28 20:32 - 2009-11-03 10:19 - 00409088 _____ () C:\Program Files (x86)\honestech\honestech TVR 2.5\scheduleTV.exe
2010-11-17 08:35 - 2010-11-17 08:35 - 00514544 ____N () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
2011-11-11 14:07 - 2011-11-11 14:07 - 00265240 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2011-08-12 12:19 - 2011-08-12 12:19 - 00680984 _____ () C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
2016-06-28 00:19 - 2016-06-28 00:19 - 00865232 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\kpcengine.2.3.dll
2016-10-04 09:55 - 2016-01-01 02:00 - 00100352 ___SH () c:\users\suzanne\appdata\roaming\microcofturdatent\msimg32.dll
2016-10-04 09:55 - 2016-01-01 02:00 - 00100352 ___SH () C:\Users\Suzanne\AppData\Roaming\MicrocoftUrdateNT\MSIMG32.dll
2016-01-28 10:39 - 2015-11-10 02:26 - 01582408 _____ () C:\Program Files\NVIDIA Corporation\nView\nViewH.dll
2016-11-04 08:50 - 2016-11-04 08:50 - 00098816 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI57842\win32api.pyd
2016-11-04 08:50 - 2016-11-04 08:50 - 00110080 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI57842\pywintypes27.dll
2016-11-04 08:50 - 2016-11-04 08:50 - 00364544 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI57842\pythoncom27.dll
2016-11-04 08:50 - 2016-11-04 08:50 - 00320512 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI57842\win32com.shell.shell.pyd
2016-11-04 08:50 - 2016-11-04 08:50 - 00776704 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI57842\_hashlib.pyd
2016-11-04 08:50 - 2016-11-04 08:50 - 01176576 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI57842\wx._core_.pyd
2016-11-04 08:50 - 2016-11-04 08:50 - 00806400 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI57842\wx._gdi_.pyd
2016-11-04 08:50 - 2016-11-04 08:50 - 00816128 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI57842\wx._windows_.pyd
2016-11-04 08:50 - 2016-11-04 08:50 - 01067008 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI57842\wx._controls_.pyd
2016-11-04 08:50 - 2016-11-04 08:50 - 00733184 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI57842\wx._misc_.pyd
2016-11-04 08:50 - 2016-11-04 08:50 - 00682496 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI57842\pysqlite2._sqlite.pyd
2016-11-04 08:50 - 2016-11-04 08:50 - 00088064 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI57842\_ctypes.pyd
2016-11-04 08:50 - 2016-11-04 08:50 - 00119808 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI57842\win32file.pyd
2016-11-04 08:50 - 2016-11-04 08:50 - 00108544 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI57842\win32security.pyd
2016-11-04 08:50 - 2016-11-04 08:50 - 00007168 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI57842\hashobjs_ext.pyd
2016-11-04 08:50 - 2016-11-04 08:50 - 00017920 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI57842\thumbnails_ext.pyd
2016-11-04 08:50 - 2016-11-04 08:50 - 00088064 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI57842\usb_ext.pyd
2016-11-04 08:50 - 2016-11-04 08:50 - 00012800 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI57842\common.time34.pyd
2016-11-04 08:50 - 2016-11-04 08:50 - 00018432 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI57842\win32event.pyd
2016-11-04 08:50 - 2016-11-04 08:50 - 00167936 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI57842\win32gui.pyd
2016-11-04 08:50 - 2016-11-04 08:50 - 00046080 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI57842\_socket.pyd
2016-11-04 08:50 - 2016-11-04 08:50 - 01208320 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI57842\_ssl.pyd
2016-11-04 08:50 - 2016-11-04 08:50 - 00128512 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI57842\_elementtree.pyd
2016-11-04 08:50 - 2016-11-04 08:50 - 00127488 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI57842\pyexpat.pyd
2016-11-04 08:50 - 2016-11-04 08:50 - 00038912 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI57842\win32inet.pyd
2016-11-04 08:50 - 2016-11-04 08:50 - 00036864 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI57842\_psutil_windows.pyd
2016-11-04 08:50 - 2016-11-04 08:50 - 00525208 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI57842\windows._lib_cacheinvalidation.pyd
2016-11-04 08:50 - 2016-11-04 08:50 - 00011264 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI57842\win32crypt.pyd
2016-11-04 08:50 - 2016-11-04 08:50 - 00077312 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI57842\wx._html2.pyd
2016-11-04 08:50 - 2016-11-04 08:50 - 00027136 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI57842\_multiprocessing.pyd
2016-11-04 08:50 - 2016-11-04 08:50 - 00020480 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI57842\_yappi.pyd
2016-11-04 08:50 - 2016-11-04 08:50 - 00035840 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI57842\win32process.pyd
2016-11-04 08:50 - 2016-11-04 08:50 - 00686080 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI57842\unicodedata.pyd
2016-11-04 08:50 - 2016-11-04 08:50 - 00078848 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI57842\wx._animate.pyd
2016-11-04 08:50 - 2016-11-04 08:50 - 00123392 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI57842\wx._wizard.pyd
2016-11-04 08:50 - 2016-11-04 08:50 - 00024064 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI57842\win32pipe.pyd
2016-11-04 08:50 - 2016-11-04 08:50 - 00010240 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI57842\select.pyd
2016-11-04 08:50 - 2016-11-04 08:50 - 00025600 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI57842\win32pdh.pyd
2016-11-04 08:50 - 2016-11-04 08:50 - 00017408 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI57842\win32profile.pyd
2016-11-04 08:50 - 2016-11-04 08:50 - 00022528 ____R () C:\Users\Suzanne\AppData\Local\Temp\_MEI57842\win32ts.pyd
2016-09-01 18:13 - 2016-09-01 18:13 - 01041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-09-01 18:13 - 2016-09-01 18:13 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2016-09-01 18:12 - 2016-09-01 18:12 - 00189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2016-01-28 20:32 - 2008-04-27 19:06 - 00053248 _____ () C:\Program Files (x86)\honestech\honestech TVR 2.5\ReadRemoteKey.dll
2010-11-24 20:44 - 2010-11-24 20:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 02145304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 07956504 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 00342552 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 00029208 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2011-11-11 14:08 - 2011-11-11 14:08 - 00128536 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2011-12-12 15:44 - 2011-12-12 15:44 - 00336408 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2016-09-12 23:03 - 2016-09-12 23:03 - 01359320 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\KasperskyLab.Ksde.NativeInterop.dll
2016-10-25 08:16 - 2016-10-20 01:47 - 01819240 _____ () C:\Users\Suzanne\AppData\Local\Google\Chrome\Application\54.0.2840.71\libglesv2.dll
2016-10-25 08:16 - 2016-10-20 01:47 - 00093288 _____ () C:\Users\Suzanne\AppData\Local\Google\Chrome\Application\54.0.2840.71\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Windows\SysWOW64\ractrlkeyhook.dll:BDU [22]
AlternateDataStreams: C:\Windows\SysWOW64\TABCTL32.htm:BDU [22]
AlternateDataStreams: C:\Users\Suzanne\Downloads\ArcGISPro_5023_149395.exe:BDU [0]
AlternateDataStreams: C:\Users\Suzanne\Downloads\ArcGIS_Desktop_104_149411.exe:BDU [0]
AlternateDataStreams: C:\Users\Suzanne\Downloads\ArcGIS_Earth_x64_Setup_1.0.exe:BDU [0]
AlternateDataStreams: C:\Users\Suzanne\Downloads\BoxEditInstaller.exe:BDU [0]
AlternateDataStreams: C:\Users\Suzanne\Downloads\ChromeSetup.exe:BDU [0]
AlternateDataStreams: C:\Users\Suzanne\Downloads\CityEngine_2016_0_150261.exe:BDU [0]
AlternateDataStreams: C:\Users\Suzanne\Downloads\Driver207win (1).exe:BDU [0]
AlternateDataStreams: C:\Users\Suzanne\Downloads\Driver207win.exe:BDU [0]
AlternateDataStreams: C:\Users\Suzanne\Downloads\easycapture_setup_1.2.0.exe:BDU [0]
AlternateDataStreams: C:\Users\Suzanne\Downloads\PatchFinder.exe:BDU [0]
AlternateDataStreams: C:\Users\Suzanne\Downloads\Setup.X86.en-US_ProfessionalRetail_bd258168-37e4-471a-92f1-93d2ff205f62_TX_PR_.exe:BDU [0]
AlternateDataStreams: C:\Users\Suzanne\Downloads\wlsetup-web.exe:BDU [0]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2016-10-24 14:41 - 00003072 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-151233617-2686695857-2843107125-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Suzanne\Pictures\gumby.jpg
HKU\S-1-5-21-151233617-2686695857-2843107125-501\Control Panel\Desktop\\Wallpaper -> C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{41422E44-3406-4A93-B450-2D312C87D6E1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{D4A758E9-3C0D-44E8-ADB2-854FC98DFE5D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{3157DD3A-319D-4D65-B6AB-93ADB4D0C653}] => (Allow) LPort=3703
FirewallRules: [{441D9186-92A4-4803-BA11-81797D55FA23}] => (Allow) LPort=3704
FirewallRules: [{DEB659CD-54F8-41A1-80B9-58AA05256D7E}] => (Allow) LPort=50900
FirewallRules: [{91D4E84B-47C9-40A2-AD72-5E88730A454E}] => (Allow) LPort=50901
FirewallRules: [{88989606-90A7-4BB1-BD7C-1CE9214F2628}] => (Allow) C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
FirewallRules: [{EF737E9D-43CF-4486-8F8D-DA1CD805EBB2}] => (Allow) C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
FirewallRules: [TCP Query User{3657E126-8208-4A49-AF8E-8C2F67290776}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{A8990542-A0F9-4F21-A280-9B40215B48F5}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{35C514E1-2A7C-414C-9DBF-3CFD2041C813}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [UDP Query User{8D9A34C2-1F86-4732-9B17-16CDEF0FA141}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [{744D57AA-4761-4FD7-AC38-DB3F978D2CD5}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{2CE9DC3A-C8E0-4E2B-ABEA-63A5EA4C8B6E}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [TCP Query User{BA4A4083-E4AE-4689-8489-6853D6966CA5}C:\program files (x86)\orbitdownloader\orbitnet.exe] => (Allow) C:\program files (x86)\orbitdownloader\orbitnet.exe
FirewallRules: [UDP Query User{8A3E9F7D-57F0-4896-92D0-9AD22349AD68}C:\program files (x86)\orbitdownloader\orbitnet.exe] => (Allow) C:\program files (x86)\orbitdownloader\orbitnet.exe
FirewallRules: [TCP Query User{FB2964C2-23C2-45D0-AD6C-63A6609EF4C6}C:\program files (x86)\arcgis\desktop10.0\bin\arcmap.exe] => (Allow) C:\program files (x86)\arcgis\desktop10.0\bin\arcmap.exe
FirewallRules: [UDP Query User{FB3D0B7A-D1E0-4659-A4CD-B16994194ABE}C:\program files (x86)\arcgis\desktop10.0\bin\arcmap.exe] => (Allow) C:\program files (x86)\arcgis\desktop10.0\bin\arcmap.exe
FirewallRules: [TCP Query User{F150EBA6-1731-46CF-84A8-C7CAE1819E92}C:\program files (x86)\orbitdownloader\orbitnet.exe] => (Allow) C:\program files (x86)\orbitdownloader\orbitnet.exe
FirewallRules: [UDP Query User{1BE6857F-5A65-4110-955F-0879D273B82F}C:\program files (x86)\orbitdownloader\orbitnet.exe] => (Allow) C:\program files (x86)\orbitdownloader\orbitnet.exe
FirewallRules: [{84C9C5E3-7B7F-4CCE-BB5C-56554272AACC}] => (Allow) %ProgramFiles% (x86)\iTunes\iTunes.exe
FirewallRules: [TCP Query User{ABFFB7A9-9081-4825-A3F0-E7F43010878B}C:\users\suzanne\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\suzanne\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{8B3ED360-E7F8-4AD0-AF68-9A97502C9E20}C:\users\suzanne\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\suzanne\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{CED04AFF-E697-456D-9774-CFE97754AEED}C:\users\suzanne\appdata\local\temp\lmi1467.tmp\logmein client.exe] => (Allow) C:\users\suzanne\appdata\local\temp\lmi1467.tmp\logmein client.exe
FirewallRules: [UDP Query User{5595BF07-86BD-492A-B9BF-CD836622E16C}C:\users\suzanne\appdata\local\temp\lmi1467.tmp\logmein client.exe] => (Allow) C:\users\suzanne\appdata\local\temp\lmi1467.tmp\logmein client.exe
FirewallRules: [TCP Query User{99EA1E7D-E49D-4A49-AEBB-E07858ECDF90}C:\users\suzanne\appdata\local\logmein client\logmein client.exe] => (Allow) C:\users\suzanne\appdata\local\logmein client\logmein client.exe
FirewallRules: [UDP Query User{4C89C0BD-E6C6-436C-B0DF-97C7E2082B7E}C:\users\suzanne\appdata\local\logmein client\logmein client.exe] => (Allow) C:\users\suzanne\appdata\local\logmein client\logmein client.exe
FirewallRules: [TCP Query User{B5C8AFCC-5C87-4757-B0DD-F995D841735B}C:\users\suzanne\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\suzanne\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{A3463A72-67CB-4961-9734-66F4D88F62DD}C:\users\suzanne\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\suzanne\appdata\local\akamai\netsession_win.exe
FirewallRules: [{732EAA20-57DD-4604-9510-F1A736F7BAD8}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdServices.exe
FirewallRules: [{9655D171-2832-45E1-B9C0-6776DE56CFA1}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdServices.exe
FirewallRules: [{B5B9EB9D-00F6-4463-8971-C64EBAF5BBD5}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
FirewallRules: [{83CACCBF-39E6-4BD9-9EFD-D20D2004CDAC}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
FirewallRules: [TCP Query User{23D6FAE3-CFF4-49F6-8D2C-23C474FE0321}C:\users\suzanne\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\suzanne\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{E6DC87CD-29DA-44C9-8F95-6687908B57BF}C:\users\suzanne\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\suzanne\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{67A479B6-923D-4EBE-9C6C-46EB93EFE929}C:\users\suzanne\appdata\local\logmein client\lmiignition.exe] => (Allow) C:\users\suzanne\appdata\local\logmein client\lmiignition.exe
FirewallRules: [UDP Query User{C3F93811-B9A0-4376-89C2-C672A2C25C12}C:\users\suzanne\appdata\local\logmein client\lmiignition.exe] => (Allow) C:\users\suzanne\appdata\local\logmein client\lmiignition.exe
FirewallRules: [TCP Query User{AC34F27F-9FE1-414A-A6D1-996DF99FC468}C:\program files (x86)\logmein\ignition\lmiignition.exe] => (Allow) C:\program files (x86)\logmein\ignition\lmiignition.exe
FirewallRules: [UDP Query User{A0452389-3C2D-4086-9FDF-A72BC9984728}C:\program files (x86)\logmein\ignition\lmiignition.exe] => (Allow) C:\program files (x86)\logmein\ignition\lmiignition.exe
FirewallRules: [TCP Query User{B701E11A-7F07-48BB-A60F-083DD8563891}C:\program files (x86)\arcgis\desktop10.2\bin\arcmap.exe] => (Allow) C:\program files (x86)\arcgis\desktop10.2\bin\arcmap.exe
FirewallRules: [UDP Query User{822A887B-A1DA-4BCE-AF99-228B45B6115D}C:\program files (x86)\arcgis\desktop10.2\bin\arcmap.exe] => (Allow) C:\program files (x86)\arcgis\desktop10.2\bin\arcmap.exe
FirewallRules: [TCP Query User{FBDB9957-690B-46CA-9507-A55E39F321D2}C:\program files (x86)\arcgis\desktop10.2\bin\arccatalog.exe] => (Allow) C:\program files (x86)\arcgis\desktop10.2\bin\arccatalog.exe
FirewallRules: [UDP Query User{B19595DA-CF6D-4993-9589-8DA867853C46}C:\program files (x86)\arcgis\desktop10.2\bin\arccatalog.exe] => (Allow) C:\program files (x86)\arcgis\desktop10.2\bin\arccatalog.exe
FirewallRules: [{F451F5B4-04F5-4F2E-A2A5-A1913F4A7038}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F62383D0-7692-43D3-B48C-6C655144597E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{68FE5D4D-2129-4A80-B807-3394670D2B14}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7AF72695-1DCE-40D2-8B00-9F43872CAE9E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{58D8F0A2-EA3F-42E9-8E80-DC8D20C21CED}C:\program files (x86)\logmein ignition\lmiignition.exe] => (Allow) C:\program files (x86)\logmein ignition\lmiignition.exe
FirewallRules: [UDP Query User{4402769C-36F7-4AED-9682-C563834A6BA0}C:\program files (x86)\logmein ignition\lmiignition.exe] => (Allow) C:\program files (x86)\logmein ignition\lmiignition.exe
FirewallRules: [{71A8EF7F-EC4E-4034-A704-E825B4EA9F49}] => (Allow) LPort=49384
FirewallRules: [{E1F7B4C3-9119-46DB-9117-AAE5FFEC99B8}] => (Allow) LPort=5000
FirewallRules: [{7B0CB2F1-0228-4081-B443-9B03EB4463B9}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{4A855208-1C2D-4AD7-997C-62367249E94C}] => (Allow) LPort=2869
FirewallRules: [{18298327-6A1A-4BB3-B212-C95EA99A50E6}] => (Allow) LPort=1900
FirewallRules: [{6F69F51A-0A4B-4F38-8731-194E3124255B}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [TCP Query User{0F13D120-B627-4479-BF00-9C512AE3C600}C:\users\suzanne\appdata\local\temp\g2_1826\g2viewer.exe] => (Allow) C:\users\suzanne\appdata\local\temp\g2_1826\g2viewer.exe
FirewallRules: [UDP Query User{028224AD-E439-4657-A5AC-9562C1035FED}C:\users\suzanne\appdata\local\temp\g2_1826\g2viewer.exe] => (Allow) C:\users\suzanne\appdata\local\temp\g2_1826\g2viewer.exe
FirewallRules: [{4A41CC16-99B3-4869-9F40-7F7FCA0D1336}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{96BECEC8-C48A-4B9B-B6E7-0E9B28B08B26}C:\users\suzanne\appdata\local\temp\g2_1875\g2viewer.exe] => (Allow) C:\users\suzanne\appdata\local\temp\g2_1875\g2viewer.exe
FirewallRules: [UDP Query User{15CE6E14-27AE-4F1B-82AB-40680753D602}C:\users\suzanne\appdata\local\temp\g2_1875\g2viewer.exe] => (Allow) C:\users\suzanne\appdata\local\temp\g2_1875\g2viewer.exe
FirewallRules: [TCP Query User{89D3265B-BB7B-410D-B259-7EA747FA1386}C:\program files\esri\cityengine2016.0\cityengine.exe] => (Allow) C:\program files\esri\cityengine2016.0\cityengine.exe
FirewallRules: [UDP Query User{9A2A33F9-F5FA-42F3-AA18-83D84CE63C12}C:\program files\esri\cityengine2016.0\cityengine.exe] => (Allow) C:\program files\esri\cityengine2016.0\cityengine.exe
FirewallRules: [TCP Query User{1429D159-427C-44DE-93EC-9CDA37841971}C:\program files (x86)\adobe\adobe dreamweaver cs3\dreamweaver.exe] => (Allow) C:\program files (x86)\adobe\adobe dreamweaver cs3\dreamweaver.exe
FirewallRules: [UDP Query User{5293B334-C0B4-400D-BD84-54557DD9465B}C:\program files (x86)\adobe\adobe dreamweaver cs3\dreamweaver.exe] => (Allow) C:\program files (x86)\adobe\adobe dreamweaver cs3\dreamweaver.exe
FirewallRules: [{DA9B2384-EFC5-4F09-B4F7-BC349D18D701}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{97284FD0-7786-4CB2-89B3-EDFC047DD166}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{3D6C4DCB-D476-41B7-BA83-8A2B70ACE023}] => (Allow) LPort=49265
FirewallRules: [{0CC91500-002A-4D41-B0B4-5523DBBEE0F6}] => (Allow) C:\Program Files\FME\fme.exe
FirewallRules: [{9AF969F5-A10B-4B61-B44C-296DE23664B9}] => (Allow) LPort=3389
FirewallRules: [{C66743B9-C5BF-4B60-8FF4-B16356BC9521}] => (Allow) LPort=443
FirewallRules: [{21DEDBCE-7291-4012-828A-B5536B025A0E}] => (Allow) LPort=443
FirewallRules: [{8FAFAC91-9911-4ACC-A07A-E1EB32FF4382}] => (Allow) LPort=443
FirewallRules: [{DB9B0B58-343A-483B-BB9A-D3C61817B2B6}] => (Allow) LPort=443
FirewallRules: [{81B805D5-9DA0-4078-B38E-7EB1D72198BA}] => (Allow) LPort=443
FirewallRules: [{EC95BDCC-0E2B-4806-BA68-E63AE97F21C9}] => (Allow) LPort=443
FirewallRules: [{1F5EFC2F-C3C2-4433-9248-D1D2C954819B}] => (Allow) C:\Users\Suzanne\AppData\Local\Google\Chrome\Application\chrome.exe
FirewallRules: [{4FFC1687-42E8-4AA2-8A72-2FE7264159B9}] => (Allow) C:\Program Files (x86)\HP\csiInstaller\5C069542-CA13-4f1b-B90C-28C6430F4992\Installer\hpbcsiInstaller.exe
FirewallRules: [{153D02CF-2359-4776-86E8-E89CEE3E760B}] => (Allow) C:\Program Files (x86)\HP\csiInstaller\5C069542-CA13-4f1b-B90C-28C6430F4992\Installer\hpbcsiInstaller.exe
FirewallRules: [{BC38B5F9-6CAC-4834-8BC5-56F34020E727}] => (Allow) LPort=49378
FirewallRules: [{B75E9004-E009-4B4C-B8CC-B5F656C49299}] => (Allow) LPort=5000
DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7
 
==================== Restore Points =========================
 
31-10-2016 10:30:17 Removed HP FWUpdateEDO3
31-10-2016 13:44:15 Windows Update
02-11-2016 03:00:11 Windows Update
03-11-2016 03:00:11 Windows Update
04-11-2016 03:00:12 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Name: Unknown Device
Description: Unknown Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: 
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/04/2016 03:01:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: spoolsv.exe, version: 6.1.7601.17777, time stamp: 0x4f35fc1d
Faulting module name: hppdcompio.dll, version: 1.3.0.24, time stamp: 0x4c9685da
Exception code: 0xc0000417
Fault offset: 0x000000000000552c
Faulting process id: 0x654
Faulting application start time: 0x01d236264c6c7b33
Faulting application path: C:\Windows\System32\spoolsv.exe
Faulting module path: C:\Windows\system32\spool\DRIVERS\x64\3\hppdcompio.dll
Report Id: a4d0a634-a275-11e6-ac71-bc305bd66386
 
Error: (11/03/2016 07:51:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program OUTLOOK.EXE version 16.0.7369.2038 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 15e8
 
Start Time: 01d23632cb967887
 
Termination Time: 4638
 
Application Path: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
 
Report Id: 67e59a0c-a239-11e6-ac71-bc305bd66386
 
Error: (11/03/2016 07:47:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program ArcGISPro.exe version 1.3.0.5861 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 5d0
 
Start Time: 01d236388c9502c7
 
Termination Time: 6845
 
Application Path: C:\Program Files\ArcGIS\Pro\bin\ArcGISPro.exe
 
Report Id: e9020dea-a238-11e6-ac71-bc305bd66386
 
Error: (11/03/2016 07:29:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program ksdeui.exe version 17.0.0.643 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1014
 
Start Time: 01d236276001ae21
 
Termination Time: 578
 
Application Path: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe
 
Report Id: 6d6e141c-a236-11e6-ac71-bc305bd66386
 
Error: (11/03/2016 03:33:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Photoshop.exe version 10.0.1.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 664
 
Start Time: 01d2361f5baf2f93
 
Termination Time: 60000
 
Application Path: C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Photoshop.exe
 
Report Id: 5d98212d-a215-11e6-9f94-bc305bd66386
 
Error: (11/03/2016 10:23:16 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program rundll32.exe version 6.1.7600.16385 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 2450
 
Start Time: 01d235f6c50d1c1a
 
Termination Time: 5
 
Application Path: C:\Windows\System32\rundll32.exe
 
Report Id: 3118d096-a1ea-11e6-9f94-bc305bd66386
 
Error: (11/03/2016 03:02:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: spoolsv.exe, version: 6.1.7601.17777, time stamp: 0x4f35fc1d
Faulting module name: hppdcompio.dll, version: 1.3.0.24, time stamp: 0x4c9685da
Exception code: 0xc0000417
Fault offset: 0x000000000000552c
Faulting process id: 0x1ee4
Faulting application start time: 0x01d234f04f1ac6d3
Faulting application path: C:\Windows\System32\spoolsv.exe
Faulting module path: C:\Windows\system32\spool\DRIVERS\x64\3\hppdcompio.dll
Report Id: 95f2eb3a-a1ac-11e6-9f94-bc305bd66386
 
Error: (11/02/2016 03:02:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: spoolsv.exe, version: 6.1.7601.17777, time stamp: 0x4f35fc1d
Faulting module name: hppdcompio.dll, version: 1.3.0.24, time stamp: 0x4c9685da
Exception code: 0xc0000417
Fault offset: 0x000000000000552c
Faulting process id: 0x654
Faulting application start time: 0x01d2345a893813a6
Faulting application path: C:\Windows\System32\spoolsv.exe
Faulting module path: C:\Windows\system32\spool\DRIVERS\x64\3\hppdcompio.dll
Report Id: 65f2d74a-a0e3-11e6-9f94-bc305bd66386
 
Error: (10/31/2016 10:35:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HPLaserJetService.exe, version: 2.15.599.0, time stamp: 0x4cc5ee57
Faulting module name: hppccompio.DLL, version: 1.3.0.24, time stamp: 0x4c9685d0
Exception code: 0xc0000417
Fault offset: 0x000073bf
Faulting process id: 0xb14
Faulting application start time: 0x01d2339d3202c95f
Faulting application path: C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
Faulting module path: C:\Windows\system32\hppccompio.DLL
Report Id: 7042091e-9f90-11e6-8663-bc305bd66386
 
Error: (10/31/2016 10:35:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HPLaserJetService.exe, version: 2.15.599.0, time stamp: 0x4cc5ee57
Faulting module name: hppccompio.DLL, version: 1.3.0.24, time stamp: 0x4c9685d0
Exception code: 0xc0000417
Fault offset: 0x000073bf
Faulting process id: 0x8e4
Faulting application start time: 0x01d2339d2b45ae8c
Faulting application path: C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
Faulting module path: C:\Windows\system32\hppccompio.DLL
Report Id: 69795560-9f90-11e6-8663-bc305bd66386
 
 
System errors:
=============
Error: (11/04/2016 08:49:25 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Sentinel service failed to start due to the following error: 
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Error: (11/04/2016 08:47:20 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The NTRU TSS v1.2.1.34 TCS service depends the following service: TBS. This service might not be installed.
 
Error: (11/04/2016 03:03:42 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800706be: HP - Printers - HP LaserJet Professional CP1520 Series PCL 6.
 
Error: (11/04/2016 03:01:34 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (11/03/2016 05:37:30 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
 
Error: (11/03/2016 05:37:30 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
 
Error: (11/03/2016 05:37:30 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
 
Error: (11/03/2016 05:37:30 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
 
Error: (11/03/2016 05:37:29 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
 
Error: (11/03/2016 05:37:09 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
 
 
CodeIntegrity:
===================================
  Date: 2016-11-04 08:49:25.913
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\Sentinel64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-11-04 08:49:25.757
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\Sentinel64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-11-03 16:06:53.877
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\Sentinel64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-11-03 16:06:53.647
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\Sentinel64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-11-03 15:44:38.068
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\Sentinel64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-11-03 15:44:37.898
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\Sentinel64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-11-01 09:12:23.699
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\Sentinel64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-11-01 09:12:23.528
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\Sentinel64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-10-31 14:54:41.728
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\Sentinel64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-10-31 14:54:41.541
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\Sentinel64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Xeon® CPU W3530 @ 2.80GHz
Percentage of memory in use: 56%
Total physical RAM: 6141.55 MB
Available physical RAM: 2683.07 MB
Total Virtual: 12281.29 MB
Available Virtual: 8774.84 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:464.99 GB) (Free:139.93 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: C648A420)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=750 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=465 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

  • 0

#10
Jr0x
Posted 04 November 2016 - 11:08 AM

Jr0x

    Malware removal team

  • Malware Removal
  • 1,830 posts
Hi skysuz,

FRST.gifFix with FRST
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste.
  • Save it on the desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

Start
CreateRestorePoint:
CloseProcesses:

HKLM\...\Run: [update_w32.exe] => "C:\Windows\SysWOW64\regsvr32.exe" /s "C:\Users\Suzanne\AppData\Roaming\MicrocoftUrdateNT\MSIMG32.dll" C:\Users\Suzanne\AppData\Roaming\MicrocoftUrdateNT\update_w32.exe <===== ATTENTION
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-151233617-2686695857-2843107125-1001\...\Run: [Bitdefender Wallet Agent] => "C:\Program Files\BitDefender\Bitdefender 2016\bdwtxag.exe"
HKU\S-1-5-21-151233617-2686695857-2843107125-1001\...\MountPoints2: {bf8c87ee-5192-11e0-bc42-806e6f6e6963} - "E:\WD SmartWare.exe" autoplay=true
ShortcutTarget: Driver performer.lnk -> C:\Users\Suzanne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ALTNH929\DriverPerformer_V15[1].exe (No File)
ShortcutTarget: Windows Update Manager.lnk -> C:\Users\Suzanne\AppData\Roaming\MicrocoftUrdateNT\update_w32.exe (TeamViewer GmbH)
ShortcutTarget: Windows Update Manager.lnk -> C:\Users\Suzanne\AppData\Roaming\MicrocoftUrdateNT\update_w32.exe (TeamViewer GmbH)
ShortcutTarget: Windows Update Manager.lnk -> C:\Users\Suzanne\AppData\Roaming\MicrocoftUrdateNT\update_w32.exe (TeamViewer GmbH)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-151233617-2686695857-2843107125-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKU\S-1-5-21-151233617-2686695857-2843107125-1001 - (No Name) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - No File
URLSearchHook: HKU\S-1-5-21-151233617-2686695857-2843107125-1001 - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
SearchScopes: HKLM-x32 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2438727
SearchScopes: HKU\S-1-5-21-151233617-2686695857-2843107125-1001 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3317816&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP09882FE0-F102-47D6-91B3-397840C39B62&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-151233617-2686695857-2843107125-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3317816&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP09882FE0-F102-47D6-91B3-397840C39B62&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-151233617-2686695857-2843107125-1001 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.doko-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=6CEFBC305BD66386&affID=125830&tsp=5036
SearchScopes: HKU\S-1-5-21-151233617-2686695857-2843107125-1001 -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = 
SearchScopes: HKU\S-1-5-21-151233617-2686695857-2843107125-1001 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2438727
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
Toolbar: HKU\S-1-5-21-151233617-2686695857-2843107125-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-151233617-2686695857-2843107125-1001 -> No Name - {7B13EC3E-999A-4B70-B9CB-2617B8323822} -  No File
Toolbar: HKU\S-1-5-21-151233617-2686695857-2843107125-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-151233617-2686695857-2843107125-1001 -> No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
R2 usbhubsvc3; C:\Users\Suzanne\AppData\Roaming\MicrocoftUrdateNT\MSIMG32.dll [100352 2016-01-01] () [File not signed]
S4 LMIRfsClientNP; no ImagePath
2016-10-04 09:56 - 2016-10-04 09:56 - 00035112 ___SH (TeamViewer GmbH) C:\Windows\system32\Drivers\teamviewervpn.sys
2016-10-04 09:55 - 2016-10-23 14:10 - 00000000 ____D C:\Users\Suzanne\AppData\Roaming\MicrocoftUrdateNT
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileCoAuthLib64.dll => No Fil (the data entry has 1 more characters).
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll => No Fil (the data entry has 1 more characters).
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll => No Fil (the data entry has 1 more characters).
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Suzanne\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe => No File
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll => No Fil (the data entry has 1 more characters).
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll => No Fil (the data entry has 1 more characters).
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll => No Fil (the data entry has 1 more characters).
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll => No Fil (the data entry has 1 more characters).
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll => No Fil (the data entry has 1 more characters).
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll => No Fil (the data entry has 1 more characters).
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll => No Fil (the data entry has 1 more characters).
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncApi64.dll => No File
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
Task: {6B1929ED-F652-45B4-91AF-2B689541E8D6} - System32\Tasks\RegClean Pro_UPDATES => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {B2AEA276-409F-468F-9DE6-98B2696BD095} - System32\Tasks\RegClean Pro_DEFAULT => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {E69A5AB1-5E51-4F59-AA96-C7F1360BDE91} - System32\Tasks\DigitalSite => C:\Users\Suzanne\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\DigitalSite.job => C:\Users\Suzanne\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\RegClean Pro_DEFAULT.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: C:\Windows\Tasks\RegClean Pro_UPDATES.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
2016-10-04 09:55 - 2016-01-01 02:00 - 00100352 ___SH () c:\users\suzanne\appdata\roaming\microcofturdatent\msimg32.dll
2016-10-04 09:55 - 2016-01-01 02:00 - 00100352 ___SH () C:\Users\Suzanne\AppData\Roaming\MicrocoftUrdateNT\MSIMG32.dll
AlternateDataStreams: C:\Windows\SysWOW64\ractrlkeyhook.dll:BDU [22]
AlternateDataStreams: C:\Windows\SysWOW64\TABCTL32.htm:BDU [22]
AlternateDataStreams: C:\Users\Suzanne\Downloads\ArcGISPro_5023_149395.exe:BDU [0]
AlternateDataStreams: C:\Users\Suzanne\Downloads\ArcGIS_Desktop_104_149411.exe:BDU [0]
AlternateDataStreams: C:\Users\Suzanne\Downloads\ArcGIS_Earth_x64_Setup_1.0.exe:BDU [0]
AlternateDataStreams: C:\Users\Suzanne\Downloads\BoxEditInstaller.exe:BDU [0]
AlternateDataStreams: C:\Users\Suzanne\Downloads\ChromeSetup.exe:BDU [0]
AlternateDataStreams: C:\Users\Suzanne\Downloads\CityEngine_2016_0_150261.exe:BDU [0]
AlternateDataStreams: C:\Users\Suzanne\Downloads\Driver207win (1).exe:BDU [0]
AlternateDataStreams: C:\Users\Suzanne\Downloads\Driver207win.exe:BDU [0]
AlternateDataStreams: C:\Users\Suzanne\Downloads\easycapture_setup_1.2.0.exe:BDU [0]
AlternateDataStreams: C:\Users\Suzanne\Downloads\PatchFinder.exe:BDU [0]
AlternateDataStreams: C:\Users\Suzanne\Downloads\Setup.X86.en-US_ProfessionalRetail_bd258168-37e4-471a-92f1-93d2ff205f62_TX_PR_.exe:BDU [0]
AlternateDataStreams: C:\Users\Suzanne\Downloads\wlsetup-web.exe:BDU [0]

C:\Program Files (x86)\RegClean Pro
C:\Users\Suzanne\AppData\Roaming\DIGITA~1

Emptytemp:
Hosts:
End
NOTICEThis script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.

Note: Your machine will reboot after the fix.


adwcleaner_new.pngScan with AdwCleaner

Download AdwCleaner from here or from here. Save the file to the Desktop.

Note: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.
  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:
    post-235300-0-92853400-1471390762_thumb.
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove. Please Do Notdelete anything at this time.
  • Do not click the Cleaning button.
  • Click the Logfile button to get the log.
  • Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt.
  • Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.
In your next reply, please include the following:
  • FRST fixlog
  • AdwCleaner scan log

  • 0

Advertisements

#11
skysuz
Posted 04 November 2016 - 11:41 AM

skysuz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

So I was looking through my Kaspersky and I think I found the culprit --a folder in my appData Roaming related to teamviewer which I know Upwork uses and I don't--the folder has a misspelling  its "MicrocoftUrdateNT"

 

should I delete that first?


  • 0

#12
Jr0x
Posted 04 November 2016 - 11:43 AM

Jr0x

    Malware removal team

  • Malware Removal
  • 1,830 posts

Hi skysuz,

 

Do not worry about that. 

 

Follow my instruction and we'll get rid of those (malware) soon enough.

 

Do not try to remove anything by yourself without my instruction.


  • 0

#13
skysuz
Posted 04 November 2016 - 12:29 PM

skysuz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Yay--the teamviewer stuff isn't showing up on my Kaspersky anymore.

 

# AdwCleaner v6.030 - Logfile created 04/11/2016 at 11:14:23
# Updated on 19/10/2016 by Malwarebytes
# Database : 2016-11-04.1 [Server]
# Operating System : Windows 7 Professional Service Pack 1 (X64)
# Username : Suzanne - SUZANNE-PC
# Running from : C:\Users\Suzanne\Desktop\AdwCleaner.exe
# Mode: Scan
 
 
 
***** [ Services ] *****
 
Service Found:  YahooAUService
 
 
***** [ Folders ] *****
 
Folder Found:  C:\Users\Suzanne\AppData\Local\Conduit
Folder Found:  C:\Users\Suzanne\AppData\Local\genienext
Folder Found:  C:\Users\Suzanne\AppData\Local\Mobogenie
Folder Found:  C:\Users\Suzanne\AppData\LocalLow\Conduit
Folder Found:  C:\Users\Suzanne\AppData\LocalLow\Doko-Toolbar
Folder Found:  C:\Users\Suzanne\AppData\LocalLow\Yahoo!\Companion
Folder Found:  C:\Users\Suzanne\AppData\Roaming\download Manager
Folder Found:  C:\Users\Suzanne\AppData\Roaming\GrabPro
Folder Found:  C:\Users\Suzanne\AppData\Roaming\newnext.me
Folder Found:  C:\Users\Suzanne\AppData\Roaming\OpenCandy
Folder Found:  C:\Users\Suzanne\AppData\Roaming\ProgSense
Folder Found:  C:\Users\Suzanne\AppData\Roaming\Systweak
Folder Found:  C:\Users\Suzanne\AppData\Roaming\ValueApps
Folder Found:  C:\Users\Suzanne\Documents\Mobogenie
Folder Found:  C:\Users\Guest\AppData\Roaming\ProgSense
Folder Found:  C:\Program Files\Conduit
Folder Found:  C:\ProgramData\Ask
Folder Found:  C:\ProgramData\Babylon
Folder Found:  C:\ProgramData\Application Data\Ask
Folder Found:  C:\ProgramData\Application Data\Babylon
Folder Found:  C:\Program Files (x86)\Conduit
Folder Found:  C:\Program Files (x86)\Mobogenie
Folder Found:  C:\Program Files (x86)\Uninstaller
Folder Found:  C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar
 
 
***** [ Files ] *****
 
File Found:  C:\Users\Suzanne\daemonprocess.txt
File Found:  C:\END
File Found:  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Driver Performer.lnk
 
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
 
***** [ WMI ] *****
 
No malicious keys found.
 
 
***** [ Shortcuts ] *****
 
No infected shortcut found.
 
 
***** [ Scheduled Tasks ] *****
 
No malicious task found.
 
 
***** [ Registry ] *****
 
Key Found:  HKLM\SOFTWARE\5d558b8fe06fe949
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{1EFB6596-857C-11D1-B16A-00C0F0283628}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{DD9DA666-8594-11D1-B16A-00C0F0283628}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{8E3867A3-8586-11D1-B16A-00C0F0283628}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{BDD1F04B-858B-11D1-B16A-00C0F0283628}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{C27CCE32-8596-11D1-B16A-00C0F0283628}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{C27CCE33-8596-11D1-B16A-00C0F0283628}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{C27CCE34-8596-11D1-B16A-00C0F0283628}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{C27CCE35-8596-11D1-B16A-00C0F0283628}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{C27CCE36-8596-11D1-B16A-00C0F0283628}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{C27CCE37-8596-11D1-B16A-00C0F0283628}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{C27CCE38-8596-11D1-B16A-00C0F0283628}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{C27CCE39-8596-11D1-B16A-00C0F0283628}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{C27CCE3A-8596-11D1-B16A-00C0F0283628}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{C27CCE3B-8596-11D1-B16A-00C0F0283628}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{C27CCE3C-8596-11D1-B16A-00C0F0283628}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{C27CCE3D-8596-11D1-B16A-00C0F0283628}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{C27CCE3E-8596-11D1-B16A-00C0F0283628}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{C27CCE3F-8596-11D1-B16A-00C0F0283628}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{C27CCE40-8596-11D1-B16A-00C0F0283628}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{C27CCE41-8596-11D1-B16A-00C0F0283628}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{C27CCE42-8596-11D1-B16A-00C0F0283628}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{C74190B6-8589-11D1-B16A-00C0F0283628}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{F08DF954-8592-11D1-B16A-00C0F0283628}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{35053A22-8589-11D1-B16A-00C0F0283628}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{2C247F23-8591-11D1-B16A-00C0F0283628}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found:  HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Found:  HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found:  HKU\S-1-5-21-151233617-2686695857-2843107125-1001\Software\BABSOLUTION
Key Found:  HKU\S-1-5-21-151233617-2686695857-2843107125-1001\Software\Conduit
Key Found:  HKU\S-1-5-21-151233617-2686695857-2843107125-1001\Software\DataMngr
Key Found:  HKU\S-1-5-21-151233617-2686695857-2843107125-1001\Software\DataMngr_Toolbar
Key Found:  HKU\S-1-5-21-151233617-2686695857-2843107125-1001\Software\Doko-Toolbar
Key Found:  HKU\S-1-5-21-151233617-2686695857-2843107125-1001\Software\DriverUpdaterPro
Key Found:  HKU\S-1-5-21-151233617-2686695857-2843107125-1001\Software\dsiteproducts
Key Found:  HKU\S-1-5-21-151233617-2686695857-2843107125-1001\Software\InstallCore
Key Found:  HKU\S-1-5-21-151233617-2686695857-2843107125-1001\Software\ProgSense
Key Found:  HKU\S-1-5-21-151233617-2686695857-2843107125-1001\Software\Yahoo\Companion
Key Found:  HKU\S-1-5-21-151233617-2686695857-2843107125-1001\Software\Yahoo\YFriendsBar
Key Found:  HKU\S-1-5-21-151233617-2686695857-2843107125-1001\Software\YahooPartnerToolbar
Key Found:  HKU\S-1-5-21-151233617-2686695857-2843107125-1001\Software\Datamngr
Key Found:  HKU\S-1-5-21-151233617-2686695857-2843107125-1001\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found:  HKU\S-1-5-21-151233617-2686695857-2843107125-1001\Software\AppDataLow\Software\Conduit
Key Found:  HKU\S-1-5-21-151233617-2686695857-2843107125-1001\Software\AppDataLow\Software\Toolbar
Key Found:  HKU\S-1-5-21-151233617-2686695857-2843107125-1001\Software\AppDataLow\Software\Yahoo\Companion
Key Found:  HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-151233617-2686695857-2843107125-1001\Software\SweetIM
Key Found:  HKU\S-1-5-18\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found:  HKCU\Software\BABSOLUTION
Key Found:  HKCU\Software\Conduit
Key Found:  HKCU\Software\DataMngr
Key Found:  HKCU\Software\DataMngr_Toolbar
Key Found:  HKCU\Software\Doko-Toolbar
Key Found:  HKCU\Software\DriverUpdaterPro
Key Found:  HKCU\Software\dsiteproducts
Key Found:  HKCU\Software\InstallCore
Key Found:  HKCU\Software\ProgSense
Key Found:  HKCU\Software\Yahoo\Companion
Key Found:  HKCU\Software\Yahoo\YFriendsBar
Key Found:  HKCU\Software\YahooPartnerToolbar
Key Found:  HKCU\Software\Datamngr
Key Found:  HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found:  HKCU\Software\AppDataLow\Software\Conduit
Key Found:  HKCU\Software\AppDataLow\Software\Toolbar
Key Found:  HKCU\Software\AppDataLow\Software\Yahoo\Companion
Key Found:  HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found:  HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found:  HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found:  HKLM\SOFTWARE\DataMngr
Key Found:  HKLM\SOFTWARE\Doko-Toolbar
Key Found:  HKLM\SOFTWARE\DomaIQ
Key Found:  HKLM\SOFTWARE\Yahoo\Companion
Key Found:  HKLM\SOFTWARE\systweak
Key Found:  HKLM\SOFTWARE\Datamngr
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-151233617-2686695857-2843107125-1001\Software\SweetIM
Key Found:  [x64] HKCU\Software\BABSOLUTION
Key Found:  [x64] HKCU\Software\Conduit
Key Found:  [x64] HKCU\Software\DataMngr
Key Found:  [x64] HKCU\Software\DataMngr_Toolbar
Key Found:  [x64] HKCU\Software\Doko-Toolbar
Key Found:  [x64] HKCU\Software\DriverUpdaterPro
Key Found:  [x64] HKCU\Software\dsiteproducts
Key Found:  [x64] HKCU\Software\InstallCore
Key Found:  [x64] HKCU\Software\ProgSense
Key Found:  [x64] HKCU\Software\Yahoo\Companion
Key Found:  [x64] HKCU\Software\Yahoo\YFriendsBar
Key Found:  [x64] HKCU\Software\YahooPartnerToolbar
Key Found:  [x64] HKCU\Software\Datamngr
Key Found:  [x64] HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found:  [x64] HKCU\Software\AppDataLow\Software\Conduit
Key Found:  [x64] HKCU\Software\AppDataLow\Software\Toolbar
Key Found:  [x64] HKCU\Software\AppDataLow\Software\Yahoo\Companion
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
 
 
***** [ Web browsers ] *****
 
No malicious Firefox based browser items found.
No malicious Chromium based browser items found.
 
*************************
 
C:\AdwCleaner\AdwCleaner[S0].txt - [10117 Bytes] - [04/11/2016 11:14:23]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10191 Bytes] ##########
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 04-11-2016
Ran by Suzanne (04-11-2016 10:54:18) Run:1
Running from C:\Users\Suzanne\Desktop
Loaded Profiles: Suzanne (Available Profiles: Suzanne & LogMeInRemoteUser & Guest)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
 
HKLM\...\Run: [update_w32.exe] => "C:\Windows\SysWOW64\regsvr32.exe" /s "C:\Users\Suzanne\AppData\Roaming\MicrocoftUrdateNT\MSIMG32.dll" C:\Users\Suzanne\AppData\Roaming\MicrocoftUrdateNT\update_w32.exe <===== ATTENTION
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-151233617-2686695857-2843107125-1001\...\Run: [Bitdefender Wallet Agent] => "C:\Program Files\BitDefender\Bitdefender 2016\bdwtxag.exe"
HKU\S-1-5-21-151233617-2686695857-2843107125-1001\...\MountPoints2: {bf8c87ee-5192-11e0-bc42-806e6f6e6963} - "E:\WD SmartWare.exe" autoplay=true
ShortcutTarget: Driver performer.lnk -> C:\Users\Suzanne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ALTNH929\DriverPerformer_V15[1].exe (No File)
ShortcutTarget: Windows Update Manager.lnk -> C:\Users\Suzanne\AppData\Roaming\MicrocoftUrdateNT\update_w32.exe (TeamViewer GmbH)
ShortcutTarget: Windows Update Manager.lnk -> C:\Users\Suzanne\AppData\Roaming\MicrocoftUrdateNT\update_w32.exe (TeamViewer GmbH)
ShortcutTarget: Windows Update Manager.lnk -> C:\Users\Suzanne\AppData\Roaming\MicrocoftUrdateNT\update_w32.exe (TeamViewer GmbH)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-151233617-2686695857-2843107125-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKU\S-1-5-21-151233617-2686695857-2843107125-1001 - (No Name) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - No File
URLSearchHook: HKU\S-1-5-21-151233617-2686695857-2843107125-1001 - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
SearchScopes: HKLM-x32 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2438727
SearchScopes: HKU\S-1-5-21-151233617-2686695857-2843107125-1001 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3317816&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP09882FE0-F102-47D6-91B3-397840C39B62&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-151233617-2686695857-2843107125-1001 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/Results.aspx?ctid=CT3317816&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP09882FE0-F102-47D6-91B3-397840C39B62&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-151233617-2686695857-2843107125-1001 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.doko-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=6CEFBC305BD66386&affID=125830&tsp=5036
SearchScopes: HKU\S-1-5-21-151233617-2686695857-2843107125-1001 -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = 
SearchScopes: HKU\S-1-5-21-151233617-2686695857-2843107125-1001 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2438727
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
Toolbar: HKU\S-1-5-21-151233617-2686695857-2843107125-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-151233617-2686695857-2843107125-1001 -> No Name - {7B13EC3E-999A-4B70-B9CB-2617B8323822} -  No File
Toolbar: HKU\S-1-5-21-151233617-2686695857-2843107125-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-151233617-2686695857-2843107125-1001 -> No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
R2 usbhubsvc3; C:\Users\Suzanne\AppData\Roaming\MicrocoftUrdateNT\MSIMG32.dll [100352 2016-01-01] () [File not signed]
S4 LMIRfsClientNP; no ImagePath
2016-10-04 09:56 - 2016-10-04 09:56 - 00035112 ___SH (TeamViewer GmbH) C:\Windows\system32\Drivers\teamviewervpn.sys
2016-10-04 09:55 - 2016-10-23 14:10 - 00000000 ____D C:\Users\Suzanne\AppData\Roaming\MicrocoftUrdateNT
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileCoAuthLib64.dll => No Fil (the data entry has 1 more characters).
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll => No Fil (the data entry has 1 more characters).
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll => No Fil (the data entry has 1 more characters).
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Suzanne\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe => No File
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll => No Fil (the data entry has 1 more characters).
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll => No Fil (the data entry has 1 more characters).
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll => No Fil (the data entry has 1 more characters).
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll => No Fil (the data entry has 1 more characters).
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll => No Fil (the data entry has 1 more characters).
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll => No Fil (the data entry has 1 more characters).
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll => No Fil (the data entry has 1 more characters).
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncApi64.dll => No File
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
Task: {6B1929ED-F652-45B4-91AF-2B689541E8D6} - System32\Tasks\RegClean Pro_UPDATES => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {B2AEA276-409F-468F-9DE6-98B2696BD095} - System32\Tasks\RegClean Pro_DEFAULT => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {E69A5AB1-5E51-4F59-AA96-C7F1360BDE91} - System32\Tasks\DigitalSite => C:\Users\Suzanne\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\DigitalSite.job => C:\Users\Suzanne\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\RegClean Pro_DEFAULT.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: C:\Windows\Tasks\RegClean Pro_UPDATES.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
2016-10-04 09:55 - 2016-01-01 02:00 - 00100352 ___SH () c:\users\suzanne\appdata\roaming\microcofturdatent\msimg32.dll
2016-10-04 09:55 - 2016-01-01 02:00 - 00100352 ___SH () C:\Users\Suzanne\AppData\Roaming\MicrocoftUrdateNT\MSIMG32.dll
AlternateDataStreams: C:\Windows\SysWOW64\ractrlkeyhook.dll:BDU [22]
AlternateDataStreams: C:\Windows\SysWOW64\TABCTL32.htm:BDU [22]
AlternateDataStreams: C:\Users\Suzanne\Downloads\ArcGISPro_5023_149395.exe:BDU [0]
AlternateDataStreams: C:\Users\Suzanne\Downloads\ArcGIS_Desktop_104_149411.exe:BDU [0]
AlternateDataStreams: C:\Users\Suzanne\Downloads\ArcGIS_Earth_x64_Setup_1.0.exe:BDU [0]
AlternateDataStreams: C:\Users\Suzanne\Downloads\BoxEditInstaller.exe:BDU [0]
AlternateDataStreams: C:\Users\Suzanne\Downloads\ChromeSetup.exe:BDU [0]
AlternateDataStreams: C:\Users\Suzanne\Downloads\CityEngine_2016_0_150261.exe:BDU [0]
AlternateDataStreams: C:\Users\Suzanne\Downloads\Driver207win (1).exe:BDU [0]
AlternateDataStreams: C:\Users\Suzanne\Downloads\Driver207win.exe:BDU [0]
AlternateDataStreams: C:\Users\Suzanne\Downloads\easycapture_setup_1.2.0.exe:BDU [0]
AlternateDataStreams: C:\Users\Suzanne\Downloads\PatchFinder.exe:BDU [0]
AlternateDataStreams: C:\Users\Suzanne\Downloads\Setup.X86.en-US_ProfessionalRetail_bd258168-37e4-471a-92f1-93d2ff205f62_TX_PR_.exe:BDU [0]
AlternateDataStreams: C:\Users\Suzanne\Downloads\wlsetup-web.exe:BDU [0]
 
C:\Program Files (x86)\RegClean Pro
C:\Users\Suzanne\AppData\Roaming\DIGITA~1
 
Emptytemp:
Hosts:
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\update_w32.exe => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-21-151233617-2686695857-2843107125-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Bitdefender Wallet Agent => value not found.
"HKU\S-1-5-21-151233617-2686695857-2843107125-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bf8c87ee-5192-11e0-bc42-806e6f6e6963}" => key removed successfully
HKCR\CLSID\{bf8c87ee-5192-11e0-bc42-806e6f6e6963} => key not found. 
C:\Users\Suzanne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ALTNH929\DriverPerformer_V15[1].exe => not found.
C:\Users\Suzanne\AppData\Roaming\MicrocoftUrdateNT\update_w32.exe => moved successfully
C:\Users\Suzanne\AppData\Roaming\MicrocoftUrdateNT\update_w32.exe => not found.
C:\Users\Suzanne\AppData\Roaming\MicrocoftUrdateNT\update_w32.exe => not found.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKU\S-1-5-21-151233617-2686695857-2843107125-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-151233617-2686695857-2843107125-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{7b13ec3e-999a-4b70-b9cb-2617b8323822} => value removed successfully
HKU\S-1-5-21-151233617-2686695857-2843107125-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} => value removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => key removed successfully
HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}" => key removed successfully
HKCR\Wow6432Node\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => key not found. 
HKU\S-1-5-21-151233617-2686695857-2843107125-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-151233617-2686695857-2843107125-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => key removed successfully
HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => key not found. 
"HKU\S-1-5-21-151233617-2686695857-2843107125-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}" => key removed successfully
HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => key not found. 
"HKU\S-1-5-21-151233617-2686695857-2843107125-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}" => key removed successfully
HKCR\CLSID\{49606DC7-976D-4030-A74E-9FB5C842FA68} => key not found. 
"HKU\S-1-5-21-151233617-2686695857-2843107125-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}" => key removed successfully
HKCR\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => key removed successfully
HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => key not found. 
HKU\S-1-5-21-151233617-2686695857-2843107125-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value removed successfully
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => key not found. 
HKU\S-1-5-21-151233617-2686695857-2843107125-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7B13EC3E-999A-4B70-B9CB-2617B8323822} => value removed successfully
HKCR\CLSID\{7B13EC3E-999A-4B70-B9CB-2617B8323822} => key not found. 
HKU\S-1-5-21-151233617-2686695857-2843107125-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found. 
HKU\S-1-5-21-151233617-2686695857-2843107125-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} => value removed successfully
HKCR\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} => key not found. 
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
usbhubsvc3 => Service stopped successfully.
usbhubsvc3 => service removed successfully
LMIRfsClientNP => service removed successfully
C:\Windows\system32\Drivers\teamviewervpn.sys => moved successfully
C:\Users\Suzanne\AppData\Roaming\MicrocoftUrdateNT => moved successfully
"HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => key removed successfully
"HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}" => key removed successfully
"HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}" => key removed successfully
"HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}" => key removed successfully
"HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => key removed successfully
"HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}" => key removed successfully
"HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}" => key removed successfully
"HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}" => key removed successfully
"HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}" => key removed successfully
"HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}" => key removed successfully
"HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}" => key removed successfully
"HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}" => key removed successfully
"HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}" => key removed successfully
"HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => key removed successfully
"HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" => key removed successfully
"HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}" => key removed successfully
"HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}" => key removed successfully
"HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => key removed successfully
"HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}" => key removed successfully
"HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}" => key removed successfully
"HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => key removed successfully
"HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}" => key removed successfully
"HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" => key removed successfully
"HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}" => key removed successfully
"HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6B1929ED-F652-45B4-91AF-2B689541E8D6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6B1929ED-F652-45B4-91AF-2B689541E8D6}" => key removed successfully
C:\Windows\System32\Tasks\RegClean Pro_UPDATES => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro_UPDATES" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B2AEA276-409F-468F-9DE6-98B2696BD095}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B2AEA276-409F-468F-9DE6-98B2696BD095}" => key removed successfully
C:\Windows\System32\Tasks\RegClean Pro_DEFAULT => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro_DEFAULT" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E69A5AB1-5E51-4F59-AA96-C7F1360BDE91}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E69A5AB1-5E51-4F59-AA96-C7F1360BDE91}" => key removed successfully
C:\Windows\System32\Tasks\DigitalSite => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DigitalSite" => key removed successfully
C:\Windows\Tasks\DigitalSite.job => moved successfully
C:\Windows\Tasks\RegClean Pro_DEFAULT.job => moved successfully
C:\Windows\Tasks\RegClean Pro_UPDATES.job => moved successfully
"c:\users\suzanne\appdata\roaming\microcofturdatent\msimg32.dll" => not found.
"C:\Users\Suzanne\AppData\Roaming\MicrocoftUrdateNT\MSIMG32.dll" => not found.
C:\Windows\SysWOW64\ractrlkeyhook.dll => ":BDU" ADS removed successfully.
C:\Windows\SysWOW64\TABCTL32.htm => ":BDU" ADS removed successfully.
C:\Users\Suzanne\Downloads\ArcGISPro_5023_149395.exe => ":BDU" ADS removed successfully.
C:\Users\Suzanne\Downloads\ArcGIS_Desktop_104_149411.exe => ":BDU" ADS removed successfully.
C:\Users\Suzanne\Downloads\ArcGIS_Earth_x64_Setup_1.0.exe => ":BDU" ADS removed successfully.
C:\Users\Suzanne\Downloads\BoxEditInstaller.exe => ":BDU" ADS removed successfully.
C:\Users\Suzanne\Downloads\ChromeSetup.exe => ":BDU" ADS removed successfully.
C:\Users\Suzanne\Downloads\CityEngine_2016_0_150261.exe => ":BDU" ADS removed successfully.
C:\Users\Suzanne\Downloads\Driver207win (1).exe => ":BDU" ADS removed successfully.
C:\Users\Suzanne\Downloads\Driver207win.exe => ":BDU" ADS removed successfully.
C:\Users\Suzanne\Downloads\easycapture_setup_1.2.0.exe => ":BDU" ADS removed successfully.
C:\Users\Suzanne\Downloads\PatchFinder.exe => ":BDU" ADS removed successfully.
C:\Users\Suzanne\Downloads\Setup.X86.en-US_ProfessionalRetail_bd258168-37e4-471a-92f1-93d2ff205f62_TX_PR_.exe => ":BDU" ADS removed successfully.
C:\Users\Suzanne\Downloads\wlsetup-web.exe => ":BDU" ADS removed successfully.
"C:\Program Files (x86)\RegClean Pro" => not found.
C:\Users\Suzanne\AppData\Roaming\DIGITA~1 => moved successfully
"C:\Windows\System32\Drivers\etc\hosts" => Could not move.
Could not restore Hosts.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 110573504 B
Java, Flash, Steam htmlcache => 559 B
Windows/system/drivers => 34025123141 B
Edge => 0 B
Chrome => 1028372638 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 42488962 B
systemprofile32 => 1757851 B
LocalService => 56246276 B
NetworkService => 68714 B
Suzanne => 1242898221 B
LogMeInRemoteUser => 66228 B
Guest => 415461641 B
 
RecycleBin => 15451645 B
EmptyTemp: => 34.4 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 10:57:15 ====

  • 0

#14
skysuz
Posted 04 November 2016 - 12:59 PM

skysuz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

In my network traffic I also see a Microsoft Office Click-to-run (SxS) that was modified around the time I was having these problems.  I don't have Office 365. I blocked it from my network traffic and my office products still work. Do you think this might be a problem also?


  • 0

#15
Jr0x
Posted 05 November 2016 - 10:14 PM

Jr0x

    Malware removal team

  • Malware Removal
  • 1,830 posts

Hi skysuz,

 

Apologies for the delay response.
 

In my network traffic I also see a Microsoft Office Click-to-run (SxS) that was modified around the time I was having these problems.

 

You have nothing to worry about, it's a regular windows/software update for Microsoft Office.


JRTbythisisu.png Fix with Junkware Removal Tool

Please download JRT by Thisisu and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on JRTbythisisu.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow the prompts and let this process run uninterrupted.
  • This scan can take a while, depending on your System specs.
  • Upon completion, a log (JRT.txt) will open on your desktop.

Please include the contents of that file in your reply.

Do not forget to re-enable your previously switched off protection software!
Please also manually reboot your machine after this procedure.


adwcleaner_new.pngRe-run AdwCleaner

Close all open windows and browsers.

Re-open AdwCleaner

  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  • Click the Scan button and wait for the scan to finish.
  • Everything left checked will be deleted.
  • Now click the Cleaning button.
  • Once done it will ask to reboot, allow this.
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C1].txt

In your next reply, please include the following:

  • JRT log
  • AdwCleaner log
  • How's your system running now?

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP