Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malicious link from Upwork site [Solved]


  • This topic is locked This topic is locked

#16
skysuz

skysuz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Oh No problem.  I really appreciate your help with this!

 

Here are the logs and everything seems to be running well1

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows 7 Professional x64 
Ran by Suzanne (Administrator) on Sun 11/06/2016 at 11:03:32.68
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 23 
 
Successfully deleted: C:\ProgramData\1477345837.bdinstall.bin (File) 
Successfully deleted: C:\ProgramData\ask (Folder) 
Successfully deleted: C:\ProgramData\babylon (Folder) 
Successfully deleted: C:\ProgramData\mntemp (File) 
Successfully deleted: C:\Users\Suzanne\AppData\Local\{0E4421FC-AA3D-4DF2-B602-DA8F228EDC88} (Empty Folder)
Successfully deleted: C:\Users\Suzanne\AppData\Local\{2BB384F0-9B81-4BE3-82BE-56D9AFFB2037} (Empty Folder)
Successfully deleted: C:\Users\Suzanne\AppData\Local\{5591432B-15B5-40F0-80ED-2C3C1338EE56} (Empty Folder)
Successfully deleted: C:\Users\Suzanne\AppData\Local\{6F1AD638-61EC-4DB0-A358-111D997FE122} (Empty Folder)
Successfully deleted: C:\Users\Suzanne\AppData\Local\{86902216-9C8F-4DFA-8BB7-449BB2B65596} (Empty Folder)
Successfully deleted: C:\Users\Suzanne\AppData\Local\conduit (Folder) 
Successfully deleted: C:\Users\Suzanne\AppData\Local\genienext (Folder) 
Successfully deleted: C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj (Folder) 
Successfully deleted: C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bmnlcjabgnpnenekpadlanbbkooimhnj (Folder) 
Successfully deleted: C:\Users\Suzanne\AppData\Local\mobogenie (Folder) 
Successfully deleted: C:\Users\Suzanne\Appdata\LocalLow\Doko-Toolbar (Folder) 
Successfully deleted: C:\Users\Suzanne\AppData\Roaming\download manager (Folder) 
Successfully deleted: C:\Users\Suzanne\AppData\Roaming\newnext.me (Folder) 
Successfully deleted: C:\Users\Suzanne\AppData\Roaming\opencandy (Folder) 
Successfully deleted: C:\Users\Suzanne\AppData\Roaming\systweak (Folder) 
Successfully deleted: C:\Users\Suzanne\Documents\optimizer pro (Folder) 
Successfully deleted: C:\Program Files (x86)\conduit (Folder) 
Successfully deleted: C:\Program Files (x86)\mobogenie (Folder) 
Successfully deleted: C:\Program Files\conduit (Folder) 
 
 
 
Registry: 5 
 
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\BrowserPlugInHelper (Registry Value) 
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\YahooAUService (Registry Key) 
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2E38825B-8815-42CF-9126-C58BC28D4591} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2E38825B-8815-42CF-9126-C58BC28D4591} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{093F479D-712E-46CD-9E06-62E734A05F68} (Registry Value) 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 11/06/2016 at 11:06:37.20
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# AdwCleaner v6.030 - Logfile created 06/11/2016 at 11:10:11
# Updated on 19/10/2016 by Malwarebytes
# Database : 2016-11-05.1 [Server]
# Operating System : Windows 7 Professional Service Pack 1 (X64)
# Username : Suzanne - SUZANNE-PC
# Running from : C:\Users\Suzanne\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : hxxps://www.malwarebytes.com/support
 
 
 
***** [ Services ] *****
 
[-] Service deleted: YahooAUService
 
 
***** [ Folders ] *****
 
[-] Folder deleted: C:\Users\Suzanne\AppData\LocalLow\Conduit
[-] Folder deleted: C:\Users\Suzanne\AppData\LocalLow\Yahoo!\Companion
[-] Folder deleted: C:\Users\Suzanne\AppData\Roaming\GrabPro
[-] Folder deleted: C:\Users\Suzanne\AppData\Roaming\ProgSense
[-] Folder deleted: C:\Users\Suzanne\AppData\Roaming\ValueApps
[-] Folder deleted: C:\Users\Suzanne\Documents\Mobogenie
[-] Folder deleted: C:\Users\Guest\AppData\Roaming\ProgSense
[-] Folder deleted: C:\Program Files (x86)\Uninstaller
[-] Folder deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\AVG SafeGuard toolbar
 
 
***** [ Files ] *****
 
[-] File deleted: C:\Users\Suzanne\daemonprocess.txt
[-] File deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Driver Performer.lnk
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
[-] Key deleted: HKLM\SOFTWARE\5d558b8fe06fe949
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{D879A501-50A7-BEFC-A4C5-32DC6E0CB208}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key deleted: HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Key deleted: HKU\S-1-5-21-151233617-2686695857-2843107125-1001\Software\BABSOLUTION
[-] Key deleted: HKU\S-1-5-21-151233617-2686695857-2843107125-1001\Software\Conduit
[-] Key deleted: HKU\S-1-5-21-151233617-2686695857-2843107125-1001\Software\DataMngr
[-] Key deleted: HKU\S-1-5-21-151233617-2686695857-2843107125-1001\Software\DataMngr_Toolbar
[-] Key deleted: HKU\S-1-5-21-151233617-2686695857-2843107125-1001\Software\Doko-Toolbar
[-] Key deleted: HKU\S-1-5-21-151233617-2686695857-2843107125-1001\Software\DriverUpdaterPro
[-] Key deleted: HKU\S-1-5-21-151233617-2686695857-2843107125-1001\Software\dsiteproducts
[-] Key deleted: HKU\S-1-5-21-151233617-2686695857-2843107125-1001\Software\InstallCore
[-] Key deleted: HKU\S-1-5-21-151233617-2686695857-2843107125-1001\Software\ProgSense
[-] Key deleted: HKU\S-1-5-21-151233617-2686695857-2843107125-1001\Software\Yahoo\Companion
[-] Key deleted: HKU\S-1-5-21-151233617-2686695857-2843107125-1001\Software\Yahoo\YFriendsBar
[-] Key deleted: HKU\S-1-5-21-151233617-2686695857-2843107125-1001\Software\YahooPartnerToolbar
[#] Key deleted on reboot: HKU\S-1-5-21-151233617-2686695857-2843107125-1001\Software\Datamngr
[-] Key deleted: HKU\S-1-5-21-151233617-2686695857-2843107125-1001\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Key deleted: HKU\S-1-5-21-151233617-2686695857-2843107125-1001\Software\AppDataLow\Software\Conduit
[-] Key deleted: HKU\S-1-5-21-151233617-2686695857-2843107125-1001\Software\AppDataLow\Software\Toolbar
[-] Key deleted: HKU\S-1-5-21-151233617-2686695857-2843107125-1001\Software\AppDataLow\Software\Yahoo\Companion
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-151233617-2686695857-2843107125-1001\Software\SweetIM
[#] Key deleted on reboot: HKU\S-1-5-18\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[#] Key deleted on reboot: HKCU\Software\BABSOLUTION
[#] Key deleted on reboot: HKCU\Software\Conduit
[#] Key deleted on reboot: HKCU\Software\DataMngr
[#] Key deleted on reboot: HKCU\Software\DataMngr_Toolbar
[#] Key deleted on reboot: HKCU\Software\Doko-Toolbar
[#] Key deleted on reboot: HKCU\Software\DriverUpdaterPro
[#] Key deleted on reboot: HKCU\Software\dsiteproducts
[#] Key deleted on reboot: HKCU\Software\InstallCore
[#] Key deleted on reboot: HKCU\Software\ProgSense
[#] Key deleted on reboot: HKCU\Software\Yahoo\Companion
[#] Key deleted on reboot: HKCU\Software\Yahoo\YFriendsBar
[#] Key deleted on reboot: HKCU\Software\YahooPartnerToolbar
[#] Key deleted on reboot: HKCU\Software\Datamngr
[#] Key deleted on reboot: HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\Conduit
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\Toolbar
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key deleted: HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
[-] Key deleted: HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Key deleted: HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
[-] Key deleted: HKLM\SOFTWARE\DataMngr
[-] Key deleted: HKLM\SOFTWARE\Doko-Toolbar
[-] Key deleted: HKLM\SOFTWARE\DomaIQ
[-] Key deleted: HKLM\SOFTWARE\Yahoo\Companion
[-] Key deleted: HKLM\SOFTWARE\systweak
[#] Key deleted on reboot: HKLM\SOFTWARE\Datamngr
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-151233617-2686695857-2843107125-1001\Software\SweetIM
[#] Key deleted on reboot: [x64] HKCU\Software\BABSOLUTION
[#] Key deleted on reboot: [x64] HKCU\Software\Conduit
[#] Key deleted on reboot: [x64] HKCU\Software\DataMngr
[#] Key deleted on reboot: [x64] HKCU\Software\DataMngr_Toolbar
[#] Key deleted on reboot: [x64] HKCU\Software\Doko-Toolbar
[#] Key deleted on reboot: [x64] HKCU\Software\DriverUpdaterPro
[#] Key deleted on reboot: [x64] HKCU\Software\dsiteproducts
[#] Key deleted on reboot: [x64] HKCU\Software\InstallCore
[#] Key deleted on reboot: [x64] HKCU\Software\ProgSense
[#] Key deleted on reboot: [x64] HKCU\Software\Yahoo\Companion
[#] Key deleted on reboot: [x64] HKCU\Software\Yahoo\YFriendsBar
[#] Key deleted on reboot: [x64] HKCU\Software\YahooPartnerToolbar
[#] Key deleted on reboot: [x64] HKCU\Software\Datamngr
[#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\Conduit
[#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\Toolbar
[#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
 
 
***** [ Web browsers ] *****
 
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [7951 Bytes] - [06/11/2016 11:10:11]
C:\AdwCleaner\AdwCleaner[S0].txt - [10343 Bytes] - [04/11/2016 10:14:23]
C:\AdwCleaner\AdwCleaner[S1].txt - [7520 Bytes] - [06/11/2016 11:09:04]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [8171 Bytes] ##########
 Thank you so much!
 

  • 0

Advertisements


#17
Jr0x

Jr0x

    Malware removal team

  • Malware Removal
  • 1,825 posts
Hi skysuz,
 
Glad that it's working well for you, but we still have a few more things to go before we're done here.
 
JHlUMFt.png Malwarebytes Anti-Malware
  • Download Malwarebytes Anti-Malware to your Desktop
  • Double click the file to open it. Install the program.
  • Before you click Finish, make sure that:
    • Enable free trial of Malwarebytes Anti-Malware Premium is unchecked
    • Launch Malwarebytes Anti-Malware is checked
  • In Database version section, click Update Now
  • Once the update is done, click Settings>Detection and Protection
  • Make sure that all three boxes under Detection Options are checked
    vG7pLOy.png
  • Go back to Dashboard and click the big, green Scan Now button.
  • Wait for Malwarebytes Anti-Malware to finish the scan
  • If the program will detect anything, click Remove Selected. The program might want to reboot the system. Allow it it wants to.
  • Once the deletion is done (or after reboot), go to History, select Application Logs and click the latest Scan Log.
  • Click Export, then click Copy to Clipboard.
  • Paste (CTRL+V) the log into your next reply.
Scan with ESET Online Scanner

This step can only be done using Internet ExplorerGoogle Chrome or Mozilla Firefox.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Please visit ESET Online Scanner website.
Click there Run ESET Online Scanner.

If using Internet Explorer:
  • Accept the Terms of Use and click Start.
  • Allow the running of add-on.
If using Mozilla Firefox or Google Chrome:
  • Download esetsmartinstaller_enu.exe that you'll be given link to.
  • Double click esetsmartinstaller_enu.exe.
  • Allow the Terms of Use and click Start.
To perform the scan:
  • Make sure that Enable detection of potentially unwanted applications is checked.
  • In the Advanced Settings dropdown menu:
    • Make sure that Remove found threats is unchecked.
    • Scan archives is checked.
    • Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.
    • Use custom proxy settings is unchecked.
  • Click Start
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan.
  • When the scan is done, click Finish.
  • A logfile will be created at C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt. Open it using Notepad.
Please include this logfile in your next reply.
Don't forget to re-enable previously switched-off protection software!
 
FRST.gif Re-Scan with Farbar's Recovery Scan Tool (FRST)
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File).
  • Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • Because you selected the Addition.txt check box this log will be created as well. Please also paste that along with the FRST.txt into your reply.
In your next reply, please include the following:
  • FRST log
  • FRST Addition log
  • MalwareBytes log
  • ESET log
  • Let me know if there is still any other issue

  • 0

#18
skysuz

skysuz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

HI

Malwarebytes ran OK--but I can't seem to make ESET work.  It runs about halfway then blacks out part of my screen.  here are the logs for Malware and FRST

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 11/8/2016
Scan Time: 7:13 AM
Logfile: 
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.11.08.11
Rootkit Database: v2016.10.31.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Suzanne
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 493894
Time Elapsed: 37 min, 29 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 5
PUP.Optional.ValueApps, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{93DBF2BB-A2B3-4683-A92E-57E60751F346}, Quarantined, [eeed239a8f0bfd39d2a7fa99976bfb05], 
PUP.Optional.ValueApps, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{93DBF2BB-A2B3-4683-A92E-57E60751F346}, Quarantined, [eeed239a8f0bfd39d2a7fa99976bfb05], 
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\CLASSES\Toolbar.CT2438727, Quarantined, [20bbe3daf3a7f93d371ac0d1ce35a35d], 
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Toolbar.CT2438727, Quarantined, [7e5db40916843ef8a7aa385937ccb24e], 
PUP.Optional.Conduit, HKU\S-1-5-21-151233617-2686695857-2843107125-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}, Quarantined, [6f6c65587e1c9d99a8c08319e023ac54], 
 
Registry Values: 1
PUP.Optional.Conduit, HKU\S-1-5-21-151233617-2686695857-2843107125-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{afdbddaa-5d3f-42ee-b79c-185a7020515b}|URL, http://search.condui...ctid=CT2438727,Quarantined, [6f6c65587e1c9d99a8c08319e023ac54]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 4
PUP.Optional.OpenCandy, C:\downloads\winzip155.exe, Quarantined, [6a719e1fd1c9cf67174dd2b7956fb749], 
Trojan.Agent.Generic, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Windows Update Manager.lnk, Quarantined, [8c4f1ba27228f046eb63765edf233dc3], 
Trojan.Agent.Generic, C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Update Manager.lnk, Quarantined, [726994292c6e50e6e36b8c484db5be42], 
Trojan.Agent.Generic, C:\Users\Suzanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Update Manager.lnk, Quarantined, [84579b22e5b5d5615fefd400976bcb35], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-11-2016
Ran by Suzanne (administrator) on SUZANNE-PC (08-11-2016 14:12:22)
Running from C:\Users\Suzanne\Desktop
Loaded Profiles: Suzanne (Available Profiles: Suzanne & LogMeInRemoteUser & Guest)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Windows\System32\nvwmi64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Windows\System32\nvwmi64.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avp.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(Rosetta Stone Ltd.) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.EXE
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avpui.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Akamai Technologies, Inc.) C:\Users\Suzanne\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Suzanne\AppData\Local\Akamai\netsession_win.exe
(Box, Inc.) C:\Users\Suzanne\AppData\Local\Box\Box Edit\Box Edit.exe
(Box, Inc.) C:\Users\Suzanne\AppData\Local\Box\Box Local Com Server\Box Local Com Service.exe
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\PanelHelper32.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Flexera Software LLC) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
() C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
(Google Inc.) C:\Users\Suzanne\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Suzanne\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Users\Suzanne\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Suzanne\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Suzanne\AppData\Local\Google\Chrome\Application\chrome.exe
(Esri) C:\Program Files (x86)\Common Files\ArcGIS\bin\ArcGISCacheMgr.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Users\Suzanne\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Suzanne\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Suzanne\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Esri) C:\Program Files (x86)\ArcGIS\Desktop10.4\bin\ArcMap.exe
(Esri) C:\Program Files (x86)\Common Files\ArcGIS\bin\ArcGISConnection.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Esri) C:\Program Files (x86)\ArcGIS\Desktop10.4\bin\AppROT.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Users\Suzanne\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-08-07] (Intel Corporation)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2010-09-17] (LogMeIn, Inc.)
HKLM-x32\...\Run: [SoundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1314816 2009-04-23] (Analog Devices, Inc.)
HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-04-29] (CyberLink Corp.)
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [623992 2008-10-14] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe_ID0EYTHM] => C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe [1884160 2007-03-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2368736 2014-06-03] (Microsoft Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKU\S-1-5-21-151233617-2686695857-2843107125-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Suzanne\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-151233617-2686695857-2843107125-1001\...\Run: [QuickenScheduledUpdates] => C:\Program Files (x86)\Quicken\bagent.exe [77248 2016-04-12] (Intuit Inc.)
HKU\S-1-5-21-151233617-2686695857-2843107125-1001\...\Run: [Box Edit] => C:\Users\Suzanne\AppData\Local\Box\Box Edit\Box Edit.exe [919280 2016-08-15] (Box, Inc.)
HKU\S-1-5-21-151233617-2686695857-2843107125-1001\...\Run: [Box Local Com Server] => C:\Users\Suzanne\AppData\Local\Box\Box Local Com Server\Box Local Com Service.exe [121072 2016-08-15] (Box, Inc.)
HKU\S-1-5-21-151233617-2686695857-2843107125-1001\...\MountPoints2: {bf8c87ee-5192-11e0-bc42-806e6f6e6963} - "E:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-151233617-2686695857-2843107125-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [477696 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [CTAutoUpdate] => C:\Program Files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe [623416 2009-06-19] (Creative Technology Ltd)
Lsa: [Authentication Packages] msv1_0 wvauth
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-10-12] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-10-12] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-10-12] (Google)
ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2010-10-16] (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2010-10-16] (Wave Systems Corp.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell System Manager.lnk [2011-03-14]
ShortcutTarget: Dell System Manager.lnk -> C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe (Dell Inc.)
Startup: C:\Users\Suzanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk [2016-11-03]
ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)
Startup: C:\Users\Suzanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-09-30]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.10.1
Tcpip\..\Interfaces\{ABD0FBC1-D7C9-4998-B256-9E7E2EFC42C1}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{DD2ABD81-8CBC-4327-864B-6CA8A461820B}: [DhcpNameServer] 192.168.10.1
Tcpip\..\Interfaces\{EE1CEDF6-DC37-4E1E-B9B8-793698419F43}: [DhcpNameServer] 172.20.10.1
 
Internet Explorer:
==================
HKU\S-1-5-21-151233617-2686695857-2843107125-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://igoogle.com/
hxxp://yahoo.com/
hxxp://bing.com/
SearchScopes: HKLM -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-151233617-2686695857-2843107125-1001 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}
BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\IEExt\ie_plugin.dll [2016-06-28] (AO Kaspersky Lab)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-10-08] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2016-10-08] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-10-07] (Microsoft Corporation)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll [2013-12-16] (Microsoft Corporation.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-03-14] (Sun Microsystems, Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_112\bin\ssv.dll [2016-10-24] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2016-10-07] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll [2013-12-16] (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_112\bin\jp2ssv.dll [2016-10-24] (Oracle Corporation)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll [2013-12-16] (Microsoft Corporation.)
Toolbar: HKLM - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\IEExt\ie_plugin.dll [2016-06-28] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll [2013-12-16] (Microsoft Corporation.)
DPF: HKLM-x32 {2B497CAF-D938-4059-BA76-0DA5DB77EA0A} hxxps://remote.gdcre.com/Remote/BuiltIns/FS/Wssg.Web.FileAccess.RichUpload.cab
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://mystores.genpt.com/dana-cached/sc/JuniperSetupClient.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com//activex/ractrl.cab?lmi=2862
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-18] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-18] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-18] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-18] (Microsoft Corporation)
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2016-06-27]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-03-14] (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.112.2 -> C:\Program Files (x86)\Java\jre1.8.0_112\bin\dtplugin\npDeployJava1.dll [2016-10-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.112.2 -> C:\Program Files (x86)\Java\jre1.8.0_112\bin\plugin2\npjp2.dll [2016-10-24] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-10-07] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-11-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-11-05] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-151233617-2686695857-2843107125-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Suzanne\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-07-13] (Citrix Online)
FF Plugin HKU\S-1-5-21-151233617-2686695857-2843107125-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-151233617-2686695857-2843107125-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/ig
CHR StartupUrls: Default -> "hxxps://www.yahoo.com/","hxxp://www.bing.com/"
CHR Plugin: (Shockwave Flash) - C:\Users\Suzanne\AppData\Local\Google\Chrome\Application\54.0.2840.71\gcswf32.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll => No File
CHR Plugin: (Java™ Platform SE 6 U29) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll => No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll => No File
CHR Plugin: (Native Client) - C:\Users\Suzanne\AppData\Local\Google\Chrome\Application\54.0.2840.71\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Suzanne\AppData\Local\Google\Chrome\Application\54.0.2840.71\pdf.dll => No File
CHR Plugin: (WinZip Courier) - C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilckobikkmajlmhhdenkhonjkoaneclk\3.0.2_0\wzwmcgc.dll => No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Users\Suzanne\AppData\Local\Google\Update\1.3.21.81\npGoogleUpdate3.dll => No File
CHR Plugin: (Musicnotes) - C:\Program Files (x86)\Musicnotes\npmusicn.dll => No File
CHR Plugin: (ScorchPlugin) - C:\Program Files (x86)\Musicnotes\npsibelius.dll => No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll => No File
CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) - C:\Users\Suzanne\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll => No File
CHR Profile: C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default [2016-11-08]
CHR Extension: (Google Drive) - C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (Honey) - C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2016-11-08]
CHR Extension: (Kaspersky Protection) - C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib [2016-10-24]
CHR Extension: (Google Docs Offline) - C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Pinterest Save Button) - C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2016-10-31]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (LogMeIn) - C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\omkjapkpkiciphacnalicgmmcelfolon [2013-10-04]
CHR Extension: (Chrome Media Router) - C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-25]
CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
CHR HKU\S-1-5-21-151233617-2686695857-2843107125-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Suzanne\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-10-24]
CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
StartMenuInternet: Google Chrome - C:\Users\Suzanne\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-08-05] (Apple Inc.)
R2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173792 2014-06-03] (Microsoft Corp.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3291848 2016-10-08] (Microsoft Corporation)
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2011-12-04] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) [File not signed]
S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [145920 2010-10-25] (HP) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29728 2016-08-15] (HP Inc.)
S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\vssbridge64.exe [77328 2016-06-28] (AO Kaspersky Lab)
R2 KSDE1.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-28] (AO Kaspersky Lab)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [419336 2016-10-21] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2010-11-08] (LogMeIn, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NVWMI; C:\Windows\system32\nvwmi64.exe [3088712 2015-11-10] ()
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
S3 SecureStorageService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe [2117120 2010-11-03] (Wave Systems Corp.) [File not signed]
S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1629696 2010-07-13] () [File not signed]
R2 TermService; C:\Program Files\RDP Wrapper\rdpwrap.dll [116736 2016-10-04] (Stas'M Corp.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-07] (AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [86352 2016-06-14] (AO Kaspersky Lab)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [189264 2016-06-26] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [305496 2016-09-12] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1027984 2016-09-12] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [50008 2016-09-12] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [52144 2016-05-18] (AO Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45488 2016-05-31] (AO Kaspersky Lab)
R3 kltap; C:\Windows\System32\DRIVERS\kltap.sys [52152 2016-06-07] (The OpenVPN Project)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [75696 2016-05-17] (AO Kaspersky Lab)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [126360 2016-09-12] (AO Kaspersky Lab)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [194480 2016-06-14] (AO Kaspersky Lab)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-05-29] (LogMeIn, Inc.)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S2 Sentinel; C:\Windows\System32\Drivers\SENTINEL64.SYS [141888 2006-04-20] (SafeNet, Inc.)
S3 SNTUSB64; C:\Windows\System32\DRIVERS\SNTUSB64.SYS [54192 2006-04-20] (SafeNet, Inc.)
S3 X86BDA; C:\Windows\System32\DRIVERS\OEMDrv.sys [268416 2011-06-08] ( )
S3 b06bdrv; \SystemRoot\system32\DRIVERS\bxvbda.sys [X]
S3 teamviewervpn; system32\DRIVERS\teamviewervpn.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-11-08 14:12 - 2016-11-08 14:14 - 00029987 _____ C:\Users\Suzanne\Desktop\FRST.txt
2016-11-08 14:08 - 2016-11-08 14:08 - 00002736 _____ C:\malware.txt
2016-11-08 13:09 - 2016-11-08 13:09 - 00000000 ____D C:\Program Files\Common Files\Safe Software Shared
2016-11-08 12:45 - 2016-11-08 12:45 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.5
2016-11-08 09:44 - 2016-11-08 09:44 - 06761600 _____ (ESET spol. s r.o.) C:\Users\Suzanne\Downloads\esetonlinescanner_enu (1).exe
2016-11-08 08:02 - 2016-11-08 08:02 - 00000000 ____D C:\Users\Suzanne\AppData\Local\ESET
2016-11-08 08:01 - 2016-11-08 08:01 - 06761600 _____ (ESET spol. s r.o.) C:\Users\Suzanne\Downloads\esetonlinescanner_enu.exe
2016-11-08 07:11 - 2016-11-08 14:07 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-11-08 07:10 - 2016-11-08 07:10 - 00001104 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-11-08 07:10 - 2016-11-08 07:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-11-08 07:10 - 2016-11-08 07:10 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-11-08 07:10 - 2016-11-08 07:10 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-11-08 07:10 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-11-08 07:10 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-11-08 07:10 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-11-08 07:07 - 2016-11-08 07:07 - 22851472 _____ (Malwarebytes ) C:\Users\Suzanne\Desktop\mbam-setup-2.2.1.1043.exe
2016-11-07 16:23 - 2016-11-07 16:23 - 05245554 _____ C:\Users\Suzanne\Downloads\Building Footprints.zip
2016-11-07 13:02 - 2016-11-07 13:02 - 00538476 _____ C:\Users\Suzanne\Desktop\Suzanne Signature.psd
2016-11-07 12:40 - 2016-11-07 12:40 - 00389358 _____ C:\Users\Suzanne\Desktop\grange copy.pdf
2016-11-06 18:35 - 2016-11-06 18:35 - 00000000 ____D C:\Windows\System32\Tasks\Hewlett-Packard
2016-11-06 18:35 - 2016-11-06 18:35 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2016-11-06 18:31 - 2016-11-06 18:32 - 04039392 _____ (Oleg N. Scherbakov) C:\Users\Suzanne\Downloads\HPSupportSolutionsFramework-12.5.26.37.exe
2016-11-06 18:09 - 2016-11-07 21:53 - 00000000 ____D C:\amelbourne
2016-11-06 17:02 - 2016-11-06 17:04 - 00000000 ____D C:\Users\Suzanne\GIS Data
2016-11-06 14:51 - 2016-11-06 14:51 - 05058872 _____ (LogMeIn, Inc.) C:\Users\Suzanne\Downloads\LogMeIn Client (6).exe
2016-11-06 14:51 - 2016-11-06 14:51 - 05058872 _____ (LogMeIn, Inc.) C:\Users\Suzanne\Downloads\LogMeIn Client (5).exe
2016-11-06 14:51 - 2016-11-06 14:51 - 05058872 _____ (LogMeIn, Inc.) C:\Users\Suzanne\Downloads\LogMeIn Client (4).exe
2016-11-06 14:51 - 2016-11-06 14:51 - 05058872 _____ (LogMeIn, Inc.) C:\Users\Suzanne\Downloads\LogMeIn Client (3).exe
2016-11-06 14:31 - 2016-11-06 14:31 - 05058872 _____ (LogMeIn, Inc.) C:\Users\Suzanne\Downloads\LogMeIn Client (2).exe
2016-11-06 14:30 - 2016-11-06 14:31 - 05058872 _____ (LogMeIn, Inc.) C:\Users\Suzanne\Downloads\LogMeIn Client.exe
2016-11-06 13:59 - 2016-11-06 14:07 - 00000000 ____D C:\Users\Suzanne\Documents\ViberDownloads
2016-11-06 13:53 - 2016-11-08 09:43 - 00000000 ____D C:\Users\Suzanne\AppData\Local\Viber
2016-11-06 13:51 - 2016-11-06 13:51 - 70277904 _____ (Viber Media Inc.) C:\Users\Suzanne\Downloads\ViberSetup (1).exe
2016-11-06 13:49 - 2016-11-06 13:50 - 70277904 _____ (Viber Media Inc.) C:\Users\Suzanne\Downloads\ViberSetup.exe
2016-11-06 13:24 - 2016-11-06 13:24 - 00649134 _____ C:\Users\Suzanne\Desktop\Town Planning Workflow.pdf
2016-11-06 11:12 - 2016-11-06 11:12 - 00001368 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-11-06 11:06 - 2016-11-06 11:06 - 00003189 _____ C:\Users\Suzanne\Desktop\JRT.txt
2016-11-04 10:10 - 2016-11-06 11:10 - 00000000 ____D C:\AdwCleaner
2016-11-04 09:54 - 2016-11-04 09:57 - 00025810 _____ C:\Users\Suzanne\Desktop\Fixlog.txt
2016-11-04 08:07 - 2016-11-04 08:07 - 00000000 ____D C:\Program Files\Common Files\AV
2016-11-03 15:07 - 2016-11-03 15:07 - 00000000 ____D C:\Users\Suzanne\Downloads\FRST-OlderVersion
2016-11-03 14:42 - 2016-11-03 14:42 - 11646112 _____ (ESET) C:\Users\Suzanne\Downloads\avremover_nt64_enu (1).exe
2016-11-03 13:44 - 2016-11-07 22:10 - 00000000 ____D C:\Grange
2016-11-02 02:00 - 2016-11-02 02:00 - 00000000 ____D C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2016-10-31 17:20 - 2016-11-08 14:12 - 00000000 ____D C:\Users\Suzanne\Desktop\FRST-OlderVersion
2016-10-31 17:19 - 2016-11-07 13:43 - 00000000 ____D C:\Users\Suzanne\Desktop\New folder
2016-10-31 12:57 - 2016-10-31 12:57 - 00000000 ____D C:\Users\Suzanne\AppData\Local\Logitech® Webcam Software
2016-10-31 12:55 - 2016-10-31 12:55 - 00000000 ____D C:\ProgramData\LogiShrd
2016-10-31 12:51 - 2016-10-31 12:51 - 00000000 ____D C:\Users\Suzanne\AppData\Roaming\Leadertech
2016-10-31 12:50 - 2016-10-31 12:50 - 00000000 ____D C:\ProgramData\Logitech
2016-10-31 12:44 - 2016-10-31 12:51 - 00000000 ____D C:\Program Files\Common Files\logishrd
2016-10-31 12:05 - 2016-10-31 12:05 - 03199319 _____ C:\Users\Suzanne\Downloads\Attachments_20161031.zip
2016-10-31 09:31 - 2016-10-31 09:31 - 00028662 _____ C:\ProgramData\agent.1477935068.bdinstall.bin
2016-10-26 16:05 - 2016-10-26 16:22 - 00000000 ____D C:\Users\Suzanne\AppData\Roaming\XnConvert
2016-10-26 16:05 - 2016-10-26 16:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XnConvert
2016-10-26 16:05 - 2016-10-26 16:05 - 00000000 ____D C:\Program Files\XnConvert
2016-10-26 16:04 - 2016-10-26 16:04 - 15171912 _____ (Gougelet Pierre-e ) C:\Users\Suzanne\Downloads\XnConvert-win-x64.exe
2016-10-26 16:01 - 2016-10-26 16:01 - 00057278 _____ C:\Users\Suzanne\Downloads\26243_03 (1) (1).SFW
2016-10-26 16:00 - 2016-10-26 16:00 - 00057278 _____ C:\Users\Suzanne\Downloads\26243_03 (3).SFW
2016-10-26 16:00 - 2016-10-26 16:00 - 00057278 _____ C:\Users\Suzanne\Downloads\26243_03 (2).SFW
2016-10-26 16:00 - 2016-10-26 16:00 - 00057278 _____ C:\Users\Suzanne\Downloads\26243_03 (1).SFW
2016-10-26 15:59 - 2016-10-26 15:59 - 00057278 _____ C:\Users\Suzanne\Downloads\26243_03.SFW
2016-10-26 06:14 - 2016-10-26 06:14 - 00067932 _____ C:\Users\Suzanne\Downloads\Addition.txt
2016-10-25 19:53 - 2016-11-08 14:12 - 00000000 ____D C:\FRST
2016-10-25 19:52 - 2016-11-08 14:12 - 02410496 _____ (Farbar) C:\Users\Suzanne\Desktop\FRST64.exe
2016-10-25 19:03 - 2016-10-25 19:03 - 212514840 _____ (Emsisoft Ltd. ) C:\Users\Suzanne\Downloads\EmsisoftAntiMalwareSetup_bc.exe
2016-10-25 19:00 - 2016-10-25 19:00 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Suzanne\Downloads\iExplore.exe
2016-10-25 17:58 - 2016-10-25 17:58 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Suzanne\Downloads\rkill.com
2016-10-25 17:55 - 2016-10-25 19:09 - 00088806 _____ C:\Windows\ntbtlog.txt
2016-10-24 20:43 - 2016-10-24 20:43 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-10-24 20:43 - 2016-10-24 20:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-10-24 20:43 - 2016-10-24 20:43 - 00000000 ____D C:\Program Files (x86)\Java
2016-10-24 20:41 - 2016-10-24 20:41 - 00000000 ____D C:\Users\Default\AppData\Roaming\Sun
2016-10-24 20:41 - 2016-10-24 20:41 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Sun
2016-10-24 20:40 - 2016-10-24 20:40 - 00000000 ____D C:\ProgramData\Oracle
2016-10-24 14:16 - 2016-11-08 12:27 - 00003032 _____ C:\Windows\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2016-10-24 14:15 - 2016-10-24 14:15 - 00001376 _____ C:\Users\Public\Desktop\Kaspersky Secure Connection.lnk
2016-10-24 14:15 - 2016-10-24 14:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection
2016-10-24 14:14 - 2016-10-24 14:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Total Security
2016-10-24 14:14 - 2016-10-24 14:13 - 00002113 _____ C:\Users\Public\Desktop\Kaspersky Total Security.lnk
2016-10-24 14:12 - 2013-05-06 07:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2016-10-24 14:11 - 2016-11-08 12:45 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-10-24 14:11 - 2016-10-24 14:15 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2016-10-24 14:11 - 2016-10-24 14:11 - 00000000 ____D C:\Windows\ELAMBKUP
2016-10-24 14:10 - 2016-09-12 22:03 - 01027984 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2016-10-24 14:10 - 2016-09-12 22:03 - 00305496 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys
2016-10-24 14:10 - 2016-06-26 14:10 - 00189264 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys
2016-10-24 13:55 - 2016-10-24 13:56 - 184386592 _____ (Kaspersky Lab) C:\Users\Suzanne\Downloads\kts17.0.0.611aben_11549.exe
2016-10-22 01:52 - 2016-10-22 01:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2016-10-20 11:38 - 2016-10-20 11:38 - 00004096 _____ C:\new.lyr
2016-10-20 11:23 - 2016-10-20 11:23 - 00106510 _____ C:\Users\Suzanne\Downloads\CityBoundaries.zip
2016-10-18 14:21 - 2016-11-04 13:20 - 00000000 ___RD C:\Users\Suzanne\iCloudDrive
2016-10-18 14:21 - 2016-10-18 14:21 - 00000000 ____D C:\Users\Suzanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iCloud
2016-10-18 10:57 - 2016-09-30 12:13 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-10-18 10:57 - 2016-09-30 11:28 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-10-18 10:57 - 2016-09-30 07:37 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-10-18 10:57 - 2016-09-30 07:20 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-10-18 10:57 - 2016-09-30 07:20 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-10-18 10:57 - 2016-09-29 23:55 - 25765376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-10-18 10:57 - 2016-09-29 22:26 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-10-18 10:57 - 2016-09-29 22:25 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-10-18 10:57 - 2016-09-29 22:25 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-10-18 10:57 - 2016-09-29 22:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-10-18 10:57 - 2016-09-29 22:25 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-10-18 10:57 - 2016-09-29 22:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-10-18 10:57 - 2016-09-29 22:18 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-10-18 10:57 - 2016-09-29 22:17 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-10-18 10:57 - 2016-09-29 22:14 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-10-18 10:57 - 2016-09-29 22:13 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-10-18 10:57 - 2016-09-29 22:13 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-10-18 10:57 - 2016-09-29 22:12 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-10-18 10:57 - 2016-09-29 22:12 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-10-18 10:57 - 2016-09-29 22:09 - 06048256 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-10-18 10:57 - 2016-09-29 22:05 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-10-18 10:57 - 2016-09-29 22:02 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-10-18 10:57 - 2016-09-29 21:55 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-10-18 10:57 - 2016-09-29 21:54 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-10-18 10:57 - 2016-09-29 21:51 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-10-18 10:57 - 2016-09-29 21:50 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-10-18 10:57 - 2016-09-29 21:47 - 20306944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-10-18 10:57 - 2016-09-29 21:47 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-10-18 10:57 - 2016-09-29 21:46 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-10-18 10:57 - 2016-09-29 21:42 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-10-18 10:57 - 2016-09-29 21:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-10-18 10:57 - 2016-09-29 21:42 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-10-18 10:57 - 2016-09-29 21:42 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-10-18 10:57 - 2016-09-29 21:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-10-18 10:57 - 2016-09-29 21:38 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-10-18 10:57 - 2016-09-29 21:36 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-10-18 10:57 - 2016-09-29 21:35 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-10-18 10:57 - 2016-09-29 21:33 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-10-18 10:57 - 2016-09-29 21:33 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-10-18 10:57 - 2016-09-29 21:32 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-10-18 10:57 - 2016-09-29 21:32 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-10-18 10:57 - 2016-09-29 21:32 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-10-18 10:57 - 2016-09-29 21:32 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-10-18 10:57 - 2016-09-29 21:31 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-10-18 10:57 - 2016-09-29 21:31 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-10-18 10:57 - 2016-09-29 21:24 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-10-18 10:57 - 2016-09-29 21:21 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-10-18 10:57 - 2016-09-29 21:19 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-10-18 10:57 - 2016-09-29 21:19 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-10-18 10:57 - 2016-09-29 21:17 - 02920960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-10-18 10:57 - 2016-09-29 21:17 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-10-18 10:57 - 2016-09-29 21:15 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-10-18 10:57 - 2016-09-29 21:14 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-10-18 10:57 - 2016-09-29 21:13 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-10-18 10:57 - 2016-09-29 21:12 - 04608512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-10-18 10:57 - 2016-09-29 21:07 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-10-18 10:57 - 2016-09-29 21:05 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-10-18 10:57 - 2016-09-29 21:05 - 01544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-10-18 10:57 - 2016-09-29 21:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-10-18 10:57 - 2016-09-29 21:05 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-10-18 10:57 - 2016-09-29 21:03 - 13653504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-10-18 10:57 - 2016-09-29 20:54 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-10-18 10:57 - 2016-09-29 20:46 - 02444288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-10-18 10:57 - 2016-09-29 20:43 - 01312768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-10-18 10:57 - 2016-09-29 20:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-10-18 10:57 - 2016-09-15 07:30 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-10-18 10:57 - 2016-09-15 07:30 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-10-18 10:57 - 2016-09-15 07:15 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-10-18 10:57 - 2016-09-15 07:15 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2016-10-18 10:57 - 2016-09-12 13:13 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-10-18 10:57 - 2016-09-12 13:13 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-10-18 10:57 - 2016-09-12 13:08 - 01465344 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-10-18 10:57 - 2016-09-12 13:08 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-10-18 10:57 - 2016-09-12 13:08 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-10-18 10:57 - 2016-09-12 13:08 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-10-18 10:57 - 2016-09-12 13:08 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-10-18 10:57 - 2016-09-12 13:08 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-10-18 10:57 - 2016-09-12 13:08 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-10-18 10:57 - 2016-09-12 13:08 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-10-18 10:57 - 2016-09-12 13:08 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-10-18 10:57 - 2016-09-12 13:08 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-10-18 10:57 - 2016-09-12 13:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll
2016-10-18 10:57 - 2016-09-12 13:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-10-18 10:57 - 2016-09-12 12:49 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-10-18 10:57 - 2016-09-12 12:49 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-10-18 10:57 - 2016-09-12 12:49 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-10-18 10:57 - 2016-09-12 12:49 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-10-18 10:57 - 2016-09-12 12:49 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-10-18 10:57 - 2016-09-12 12:49 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-10-18 10:57 - 2016-09-12 12:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-10-18 10:57 - 2016-09-12 12:49 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsmsext.dll
2016-10-18 10:57 - 2016-09-12 12:37 - 03218944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-10-18 10:57 - 2016-09-12 12:32 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-10-18 10:57 - 2016-09-12 12:32 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-10-18 10:57 - 2016-09-12 12:32 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-10-18 10:57 - 2016-09-12 11:08 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2016-10-18 10:57 - 2016-09-12 10:43 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2016-10-18 10:57 - 2016-09-12 10:43 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2016-10-18 10:57 - 2016-09-10 08:19 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2016-10-18 10:57 - 2016-09-10 07:53 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2016-10-18 10:57 - 2016-09-09 10:29 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-10-18 10:57 - 2016-09-09 10:26 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-10-18 10:57 - 2016-09-09 10:23 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-10-18 10:57 - 2016-09-09 10:20 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-10-18 10:57 - 2016-09-09 10:20 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-10-18 10:57 - 2016-09-09 10:20 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-10-18 10:57 - 2016-09-09 10:20 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-10-18 10:57 - 2016-09-09 10:20 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-10-18 10:57 - 2016-09-09 10:01 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-10-18 10:57 - 2016-09-09 09:59 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-10-18 10:57 - 2016-09-09 09:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-10-18 10:57 - 2016-09-08 12:34 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2016-10-18 10:57 - 2016-09-08 12:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2016-10-18 10:57 - 2016-09-08 12:34 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2016-10-18 10:57 - 2016-09-08 12:34 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2016-10-18 10:57 - 2016-09-08 06:55 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-10-18 10:57 - 2016-09-08 06:55 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2016-10-18 10:57 - 2016-08-12 09:02 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-10-18 10:57 - 2016-08-12 09:02 - 12574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-10-18 10:57 - 2016-08-12 09:02 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2016-10-18 10:57 - 2016-08-12 09:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2016-10-18 10:57 - 2016-08-12 09:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2016-10-18 10:57 - 2016-08-12 08:47 - 12574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2016-10-18 10:57 - 2016-08-12 08:47 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-10-18 10:57 - 2016-08-12 08:31 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2016-10-18 10:57 - 2016-08-12 08:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2016-10-18 10:57 - 2016-08-12 08:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2016-10-18 10:57 - 2016-08-12 08:26 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2016-10-18 10:57 - 2016-08-06 07:31 - 02023424 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2016-10-18 10:57 - 2016-08-06 07:31 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2016-10-18 10:57 - 2016-08-06 07:31 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2016-10-18 10:57 - 2016-08-06 07:31 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2016-10-18 10:57 - 2016-08-06 07:31 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll
2016-10-18 10:57 - 2016-08-06 07:31 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll
2016-10-18 10:57 - 2016-08-06 07:15 - 01178112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2016-10-18 10:57 - 2016-08-06 07:15 - 00249344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2016-10-18 10:57 - 2016-08-06 07:15 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2016-10-18 10:57 - 2016-08-06 07:15 - 00146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2016-10-18 10:57 - 2016-08-06 07:15 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmRes.dll
2016-10-18 10:57 - 2016-08-06 07:01 - 00266752 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2016-10-18 10:57 - 2016-08-06 07:01 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe
2016-10-18 10:57 - 2016-08-06 06:53 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2016-10-18 10:57 - 2016-08-06 06:53 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmprovhost.exe
2016-10-18 10:57 - 2016-08-06 06:53 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmplpxy.dll
2016-10-18 10:57 - 2016-06-14 09:21 - 00094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2016-10-18 10:57 - 2016-06-14 09:16 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-10-18 10:57 - 2016-06-14 09:16 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-10-18 10:57 - 2016-06-14 09:16 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-10-18 10:57 - 2016-06-14 09:16 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2016-10-18 10:57 - 2016-06-14 09:16 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2016-10-18 10:57 - 2016-06-14 09:16 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2016-10-18 10:57 - 2016-06-14 09:16 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2016-10-18 10:57 - 2016-06-14 09:16 - 00680448 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2016-10-18 10:57 - 2016-06-14 09:16 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2016-10-18 10:57 - 2016-06-14 09:16 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-10-18 10:57 - 2016-06-14 09:16 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2016-10-18 10:57 - 2016-06-14 09:16 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2016-10-18 10:57 - 2016-06-14 09:16 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2016-10-18 10:57 - 2016-06-14 09:16 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-10-18 10:57 - 2016-06-14 09:16 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-10-18 10:57 - 2016-06-14 09:16 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2016-10-18 10:57 - 2016-06-14 09:16 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2016-10-18 10:57 - 2016-06-14 09:16 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2016-10-18 10:57 - 2016-06-14 09:16 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-10-18 10:57 - 2016-06-14 09:16 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-10-18 10:57 - 2016-06-14 09:16 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-10-18 10:57 - 2016-06-14 09:16 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2016-10-18 10:57 - 2016-06-14 09:16 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2016-10-18 10:57 - 2016-06-14 09:16 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2016-10-18 10:57 - 2016-06-14 09:16 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2016-10-18 10:57 - 2016-06-14 09:16 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2016-10-18 10:57 - 2016-06-14 09:16 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2016-10-18 10:57 - 2016-06-14 09:11 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2016-10-18 10:57 - 2016-06-14 07:21 - 03209216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-10-18 10:57 - 2016-06-14 07:21 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-10-18 10:57 - 2016-06-14 07:21 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2016-10-18 10:57 - 2016-06-14 07:21 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2016-10-18 10:57 - 2016-06-14 07:21 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2016-10-18 10:57 - 2016-06-14 07:21 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2016-10-18 10:57 - 2016-06-14 07:21 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-10-18 10:57 - 2016-06-14 07:21 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2016-10-18 10:57 - 2016-06-14 07:21 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-10-18 10:57 - 2016-06-14 07:21 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2016-10-18 10:57 - 2016-06-14 07:21 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2016-10-18 10:57 - 2016-06-14 07:21 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2016-10-18 10:57 - 2016-06-14 07:21 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-10-18 10:57 - 2016-06-14 07:21 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2016-10-18 10:57 - 2016-06-14 07:21 - 00195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2016-10-18 10:57 - 2016-06-14 07:21 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-10-18 10:57 - 2016-06-14 07:21 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2016-10-18 10:57 - 2016-06-14 07:15 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2016-10-18 10:57 - 2016-06-14 07:15 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-10-18 10:57 - 2016-06-14 07:15 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-10-18 10:57 - 2016-06-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-10-18 10:57 - 2016-06-14 07:05 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-10-18 10:57 - 2016-06-14 07:00 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2016-10-18 10:57 - 2016-06-14 07:00 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2016-10-18 10:56 - 2016-09-29 22:41 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-10-18 10:56 - 2016-09-29 22:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-10-18 10:56 - 2016-09-29 21:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-10-18 10:56 - 2016-09-29 21:35 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-10-18 10:56 - 2016-09-12 13:08 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-10-18 10:56 - 2016-09-12 13:08 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-10-18 10:56 - 2016-09-12 13:08 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-10-18 10:56 - 2016-09-12 13:08 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-10-18 10:56 - 2016-09-12 13:08 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-10-18 10:56 - 2016-09-12 13:08 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-10-18 10:56 - 2016-09-12 13:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-10-18 10:56 - 2016-09-12 12:49 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-10-18 10:56 - 2016-09-12 12:49 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-10-18 10:56 - 2016-09-12 12:49 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-10-18 10:56 - 2016-09-12 12:49 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-10-18 10:56 - 2016-09-12 12:49 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-10-18 10:56 - 2016-09-12 12:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-10-18 10:56 - 2016-09-12 12:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-10-18 10:56 - 2016-09-12 12:49 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-10-18 10:56 - 2016-09-12 12:39 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-10-18 10:56 - 2016-09-12 12:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-10-18 10:56 - 2016-09-12 12:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-10-18 10:56 - 2016-09-12 12:25 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-10-18 10:56 - 2016-09-09 10:20 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-10-18 10:56 - 2016-09-09 10:20 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-10-18 10:56 - 2016-09-09 10:20 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-10-18 10:56 - 2016-09-09 10:20 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-10-18 10:56 - 2016-09-09 10:20 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-10-18 10:56 - 2016-09-09 10:20 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-10-18 10:56 - 2016-09-09 10:20 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-10-18 10:56 - 2016-09-09 10:20 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-10-18 10:56 - 2016-09-09 10:20 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-10-18 10:56 - 2016-09-09 10:20 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-10-18 10:56 - 2016-09-09 10:20 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-10-18 10:56 - 2016-09-09 10:20 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-10-18 10:56 - 2016-09-09 10:20 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-10-18 10:56 - 2016-09-09 10:20 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-10-18 10:56 - 2016-09-09 10:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-10-18 10:56 - 2016-09-09 10:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-10-18 10:56 - 2016-09-09 10:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-10-18 10:56 - 2016-09-09 10:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-10-18 10:56 - 2016-09-09 10:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-10-18 10:56 - 2016-09-09 10:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-10-18 10:56 - 2016-09-09 10:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-10-18 10:56 - 2016-09-09 10:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-10-18 10:56 - 2016-09-09 10:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-10-18 10:56 - 2016-09-09 10:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-10-18 10:56 - 2016-09-09 10:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-10-18 10:56 - 2016-09-09 10:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-10-18 10:56 - 2016-09-09 10:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-10-18 10:56 - 2016-09-09 10:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-10-18 10:56 - 2016-09-09 10:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-10-18 10:56 - 2016-09-09 10:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-10-18 10:56 - 2016-09-09 10:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-10-18 10:56 - 2016-09-09 10:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-10-18 10:56 - 2016-09-09 10:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-10-18 10:56 - 2016-09-09 10:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-10-18 10:56 - 2016-09-09 10:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-10-18 10:56 - 2016-09-09 10:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-10-18 10:56 - 2016-09-09 10:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-10-18 10:56 - 2016-09-09 10:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-10-18 10:56 - 2016-09-09 10:00 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-10-18 10:56 - 2016-09-09 10:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-10-18 10:56 - 2016-09-09 10:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-10-18 10:56 - 2016-09-09 10:00 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-10-18 10:56 - 2016-09-09 09:59 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-10-18 10:56 - 2016-09-09 09:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-10-18 10:56 - 2016-09-09 09:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-10-18 10:56 - 2016-09-09 09:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-10-18 10:56 - 2016-09-09 09:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-10-18 10:56 - 2016-09-09 09:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-10-18 10:56 - 2016-09-09 09:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-10-18 10:56 - 2016-09-09 09:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-10-18 10:56 - 2016-09-09 09:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-10-18 10:56 - 2016-09-09 09:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-10-18 10:56 - 2016-09-09 09:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-10-18 10:56 - 2016-09-09 09:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-10-18 10:56 - 2016-09-09 09:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-10-18 10:56 - 2016-09-09 09:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-10-18 10:56 - 2016-09-09 09:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-10-18 10:56 - 2016-09-09 09:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-10-18 10:56 - 2016-09-09 09:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-10-18 10:56 - 2016-09-09 09:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-10-18 10:56 - 2016-09-09 09:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-10-18 10:56 - 2016-09-09 09:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-10-18 10:56 - 2016-09-09 09:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-10-18 10:56 - 2016-09-09 09:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-10-18 10:56 - 2016-09-09 09:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-10-18 10:56 - 2016-09-09 09:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-10-18 10:56 - 2016-09-09 09:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-10-18 10:56 - 2016-09-09 09:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-10-18 10:56 - 2016-09-09 09:51 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-10-18 10:56 - 2016-09-09 09:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-10-18 10:56 - 2016-09-09 09:51 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-10-18 10:56 - 2016-09-09 09:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-10-18 10:56 - 2016-09-09 09:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-10-18 10:56 - 2016-09-09 09:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-10-18 10:56 - 2016-09-09 09:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-10-18 10:56 - 2016-09-09 09:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-10-18 10:56 - 2016-09-09 09:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-10-18 10:56 - 2016-09-09 09:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-10-18 10:56 - 2016-09-09 09:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-10-18 10:56 - 2016-09-09 09:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-10-18 10:56 - 2016-09-09 09:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-10-18 10:56 - 2016-06-14 09:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-10-18 10:56 - 2016-06-14 07:21 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2016-10-18 10:56 - 2016-06-14 07:21 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2016-10-18 10:56 - 2016-06-14 07:21 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2016-10-18 10:56 - 2016-06-14 07:21 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2016-10-18 10:56 - 2016-06-14 07:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-10-18 10:55 - 2016-09-12 13:17 - 00077032 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-10-18 10:55 - 2016-09-12 13:08 - 01226752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-10-18 10:55 - 2016-09-09 07:54 - 01629184 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-10-18 10:55 - 2016-09-09 07:54 - 00586752 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-10-18 10:55 - 2016-09-09 07:54 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-10-18 10:55 - 2016-09-09 07:54 - 00314368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-10-18 10:55 - 2016-09-09 07:54 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-10-18 10:55 - 2016-09-09 07:54 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-10-18 10:55 - 2016-09-09 07:54 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-10-18 10:55 - 2016-08-16 12:40 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2016-10-18 10:55 - 2016-08-16 12:40 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2016-10-18 10:55 - 2016-08-16 12:40 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2016-10-18 10:55 - 2016-08-16 12:40 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2016-10-18 10:55 - 2016-08-16 12:40 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2016-10-18 10:55 - 2016-08-16 12:40 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2016-10-18 10:55 - 2016-08-16 12:40 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2016-10-18 10:54 - 2016-08-29 07:31 - 14183424 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-10-18 10:54 - 2016-08-29 07:31 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-10-18 10:54 - 2016-08-29 07:31 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-10-18 10:54 - 2016-08-29 07:12 - 12880384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-10-18 10:54 - 2016-08-29 07:12 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-10-18 10:54 - 2016-08-29 07:12 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-10-18 10:54 - 2016-08-29 07:04 - 03229696 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-10-18 10:54 - 2016-08-29 06:55 - 02972672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-10-18 10:54 - 2016-07-22 06:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2016-10-18 10:54 - 2016-07-22 06:51 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-11-08 14:07 - 2016-05-24 12:02 - 00000000 ____D C:\Users\Suzanne\.matplotlib
2016-11-08 13:58 - 2016-07-17 15:44 - 00000000 ____D C:\Users\Suzanne\AppData\Roaming\Skype
2016-11-08 13:56 - 2015-03-14 16:37 - 00000828 _____ C:\messages.xml
2016-11-08 13:51 - 2011-05-27 09:54 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-08 13:51 - 2011-05-27 09:54 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-08 13:47 - 2014-11-15 17:11 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-151233617-2686695857-2843107125-1001UA1d0013a3ffd0f14.job
2016-11-08 13:42 - 2011-03-25 07:10 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-151233617-2686695857-2843107125-1001UA.job
2016-11-08 13:42 - 2011-03-25 07:10 - 00000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-151233617-2686695857-2843107125-1001Core.job
2016-11-08 13:28 - 2011-12-04 10:22 - 00172984 _____ C:\Windows\system32\GDIPFONTCACHEV1.DAT
2016-11-08 13:27 - 2011-12-04 11:18 - 00172984 _____ C:\Windows\SysWOW64\GDIPFONTCACHEV1.DAT
2016-11-08 13:22 - 2013-09-29 10:12 - 00003428 _____ C:\Windows\System32\Tasks\Apple Diagnostics
2016-11-08 13:18 - 2014-02-06 14:11 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-151233617-2686695857-2843107125-1001UA1cf23886a25815c.job
2016-11-08 13:10 - 2016-10-02 11:15 - 00000000 ___HD C:\Users\Suzanne\Documents\My FME Workspaces
2016-11-08 13:10 - 2016-10-02 11:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FME Desktop 2016.1.2.1
2016-11-08 13:10 - 2016-10-02 11:15 - 00000000 ____D C:\Program Files\FME
2016-11-08 12:46 - 2016-09-06 12:37 - 00000000 ___HD C:\Users\Suzanne\Documents\Outlook Files
2016-11-08 12:18 - 2009-07-13 21:13 - 00786578 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-08 12:18 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2016-11-08 12:17 - 2009-07-13 20:45 - 00025424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-08 12:17 - 2009-07-13 20:45 - 00025424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-08 12:11 - 2014-01-24 10:40 - 00000990 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2016-11-08 12:10 - 2011-03-14 13:23 - 00000000 ____D C:\ProgramData\NVIDIA
2016-11-08 12:10 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-08 12:09 - 2011-03-14 16:22 - 00062308 _____ C:\Windows\system32\BMXStateBkp-{00000001-00000000-00000000-00001102-0000000B-00441102}.rfx
2016-11-08 12:09 - 2011-03-14 16:22 - 00062308 _____ C:\Windows\system32\BMXState-{00000001-00000000-00000000-00001102-0000000B-00441102}.rfx
2016-11-08 12:09 - 2011-03-14 16:22 - 00000820 _____ C:\Windows\system32\DVCState-{00000001-00000000-00000000-00001102-0000000B-00441102}.rfx
2016-11-08 08:54 - 2011-03-18 11:30 - 00000000 ____D C:\ProgramData\LogMeIn
2016-11-07 22:18 - 2011-03-18 11:15 - 00000000 ___HD C:\Users\Suzanne\AppData\Roaming\Adobe
2016-11-07 21:02 - 2012-07-01 14:00 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2016-11-07 16:18 - 2014-02-06 14:11 - 00000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-151233617-2686695857-2843107125-1001Core1cf23885969d023.job
2016-11-07 15:47 - 2014-11-15 17:11 - 00000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-151233617-2686695857-2843107125-1001Core1d0013a3e4c6110.job
2016-11-07 15:36 - 2016-08-05 14:22 - 00000000 ____D C:\More Than Maps
2016-11-07 14:53 - 2013-10-24 12:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-11-07 14:27 - 2016-02-01 12:56 - 00000000 ___HD C:\Users\Suzanne\Documents\invoices 2016
2016-11-07 13:43 - 2016-09-30 06:03 - 00000000 ____D C:\Users\Suzanne\Desktop\Texas
2016-11-07 13:43 - 2016-09-15 14:27 - 00000000 ____D C:\Users\Suzanne\Desktop\italy
2016-11-07 13:43 - 2016-08-10 19:24 - 00000000 ____D C:\Users\Suzanne\Desktop\moni
2016-11-07 13:21 - 2009-07-13 20:45 - 02504504 _____ C:\Windows\system32\FNTCACHE.DAT
2016-11-07 13:02 - 2011-03-18 13:09 - 00000000 ___HD C:\Users\Suzanne
2016-11-07 12:10 - 2011-03-18 12:39 - 00003942 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{5F1214C0-A7BC-412C-83C5-45F631CD7E30}
2016-11-07 00:03 - 2015-01-16 08:05 - 00000000 ____D C:\Users\Suzanne\AppData\Local\LogMeInIgnition
2016-11-06 21:03 - 2011-03-21 16:42 - 00000000 ____D C:\Users\Suzanne\AppData\Roaming\ESRI
2016-11-06 15:05 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2016-11-06 13:24 - 2016-09-06 12:21 - 00002374 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2016-11-06 13:20 - 2016-07-12 20:31 - 00262356 ____H C:\Windows\system32\mlfcache.dat
2016-11-06 11:09 - 2011-05-27 18:56 - 00000000 ___HD C:\Users\Suzanne\AppData\LocalLow\Yahoo!
2016-11-06 09:59 - 2013-01-04 14:39 - 00000000 ____D C:\Users\Guest
2016-11-06 09:59 - 2011-03-21 06:41 - 00000000 ____D C:\Users\LogMeInRemoteUser
2016-11-06 07:55 - 2011-09-01 17:50 - 00007619 ____H C:\Users\Suzanne\AppData\Local\Resmon.ResmonCfg
2016-11-04 12:53 - 2011-03-18 12:44 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-11-04 12:50 - 2009-07-13 23:46 - 00000000 ____D C:\Windows\ShellNew
2016-11-04 12:49 - 2011-03-18 12:45 - 00000000 ____D C:\Program Files\Microsoft Office
2016-11-04 12:46 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-11-04 12:02 - 2016-01-28 19:32 - 00000000 ____D C:\Program Files (x86)\honestech
2016-11-04 09:56 - 2011-03-24 16:15 - 00000000 ___SD C:\Users\Suzanne\AppData\LocalLow\Temp
2016-11-04 07:38 - 2015-09-27 09:33 - 00000000 ____D C:\ProgramData\BDLogging
2016-11-03 17:15 - 2016-05-20 16:37 - 00000000 ___HD C:\Users\Suzanne\AppData\Local\ESRI_Licensing
2016-11-03 16:55 - 2016-01-17 10:20 - 00000000 ____D C:\Job Invoices
2016-11-03 14:38 - 2015-10-12 16:13 - 00001080 _____ C:\Windows\system32\settingsbkup.sfm
2016-11-03 14:38 - 2015-10-12 16:13 - 00001080 _____ C:\Windows\system32\settings.sfm
2016-11-03 08:15 - 2011-03-21 08:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcGIS
2016-11-02 09:36 - 2011-03-21 16:42 - 00000000 ___HD C:\Users\Suzanne\Documents\ArcGIS
2016-11-01 11:17 - 2011-03-25 07:10 - 00000000 ___HD C:\Users\Suzanne\AppData\Local\Google
2016-10-31 12:51 - 2014-05-25 17:09 - 00000000 ____D C:\Program Files (x86)\Logitech
2016-10-31 12:50 - 2014-05-25 17:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2016-10-31 09:36 - 2012-07-01 14:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2016-10-31 09:36 - 2012-07-01 13:55 - 00000000 ____D C:\Program Files (x86)\HP
2016-10-30 18:57 - 2016-10-04 21:31 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-10-30 18:57 - 2016-07-17 15:43 - 00000000 ____D C:\ProgramData\Skype
2016-10-27 12:59 - 2015-03-06 11:44 - 00000000 ____D C:\Ed
2016-10-26 19:42 - 2011-03-14 13:44 - 00000000 ____D C:\ProgramData\Sonic
2016-10-26 19:41 - 2009-07-13 21:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2016-10-26 17:28 - 2011-08-18 16:12 - 00038400 ___SH C:\Users\Suzanne\Thumbs.db
2016-10-26 16:08 - 2011-09-09 14:40 - 00000000 ___HD C:\Users\Suzanne\AppData\Local\Windows Live
2016-10-26 15:08 - 2009-07-13 20:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-10-26 10:14 - 2016-09-15 14:30 - 00000000 ____D C:\Users\Suzanne\AppData\Roaming\Add-in Express
2016-10-26 06:50 - 2014-01-24 12:16 - 00000000 ____D C:\Windows\Minidump
2016-10-25 19:14 - 2011-11-15 19:26 - 00000000 ____D C:\Windows\system32\Macromed
2016-10-25 19:14 - 2011-08-24 12:57 - 00000000 ____D C:\Program Files (x86)\Citrix
2016-10-25 19:14 - 2011-03-14 13:28 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-10-25 13:42 - 2016-09-14 09:58 - 00003676 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-151233617-2686695857-2843107125-1001
2016-10-25 13:42 - 2016-09-14 09:58 - 00003580 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-151233617-2686695857-2843107125-1001
2016-10-25 09:25 - 2016-08-02 13:16 - 00000000 ___HD C:\Users\Suzanne\Documents\MoreThanMapps
2016-10-25 07:16 - 2011-03-25 07:11 - 00002388 _____ C:\Users\Suzanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-10-24 20:41 - 2012-06-04 14:49 - 00268864 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2016-10-24 19:01 - 2011-09-05 18:46 - 00000000 ___HD C:\Users\Suzanne\AppData\Local\ElevatedDiagnostics
2016-10-24 18:47 - 2011-03-21 08:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-10-24 15:34 - 2016-09-15 07:37 - 00000000 ____D C:\2016_Upwork
2016-10-24 14:13 - 2011-03-26 08:19 - 00000000 ____D C:\Users\Dorothy
2016-10-24 13:58 - 2011-08-27 17:06 - 00000000 ____D C:\Users\Suzanne\AppData\Roaming\Orbit
2016-10-24 13:52 - 2011-03-18 13:01 - 00184210 _____ C:\bdlog.txt
2016-10-21 13:43 - 2011-03-18 11:30 - 00000000 ____D C:\Program Files (x86)\LogMeIn
2016-10-21 09:52 - 2011-03-18 11:30 - 00122400 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
2016-10-21 09:52 - 2011-03-18 11:30 - 00107520 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll
2016-10-20 11:32 - 2011-03-21 16:42 - 00000000 ___HD C:\Users\Suzanne\AppData\Local\ESRI
2016-10-20 10:13 - 2015-11-08 10:28 - 00000000 ____D C:\Users\Suzanne\AppData\Roaming\ProjectTimer
2016-10-19 03:43 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2016-10-19 02:39 - 2013-03-13 02:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-10-19 02:39 - 2013-03-13 02:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-10-19 02:35 - 2014-12-10 03:26 - 00000000 ____D C:\Windows\system32\appraiser
2016-10-19 02:35 - 2014-04-30 02:00 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-10-19 02:35 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-10-19 02:35 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\Dism
2016-10-19 02:17 - 2013-07-16 02:00 - 00000000 ____D C:\Windows\system32\MRT
2016-10-19 02:06 - 2011-03-18 12:58 - 143495576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-10-19 02:05 - 2013-03-13 02:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-10-18 14:21 - 2015-10-28 17:03 - 00000000 ____D C:\Users\Suzanne\AppData\Local\Apple Inc
2016-10-18 14:18 - 2011-03-18 12:15 - 00000000 ___HD C:\Users\Suzanne\AppData\Local\Apple Computer
2016-10-18 14:17 - 2011-03-18 12:15 - 00000000 ___HD C:\Users\Suzanne\AppData\Roaming\Apple Computer
2016-10-18 10:54 - 2015-11-08 10:07 - 00000000 ____D C:\JasonNov
2016-10-18 10:46 - 2016-09-06 12:16 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-10-18 10:14 - 2012-04-13 08:22 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
 
==================== Files in the root of some directories =======
 
2011-09-01 17:50 - 2016-11-06 07:55 - 0007619 ____H () C:\Users\Suzanne\AppData\Local\Resmon.ResmonCfg
2016-10-31 09:31 - 2016-10-31 09:31 - 0028662 _____ () C:\ProgramData\agent.1477935068.bdinstall.bin
2016-01-28 19:12 - 2016-01-28 19:12 - 0004881 _____ () C:\ProgramData\rxsmznjf.zcp
 
Files to move or delete:
====================
C:\Users\Suzanne\ExporttoKML.dll
C:\Users\Suzanne\ExporttoKML.reg
C:\Users\Suzanne\ExporttoKML_64bit.reg
C:\Users\Suzanne\ExporttoKML_INSTALL.bat
C:\Users\Suzanne\ExporttoKML_UNINSTALL.bat
 
 
Some files in TEMP:
====================
C:\Users\Suzanne\AppData\Local\Temp\libeay32.dll
C:\Users\Suzanne\AppData\Local\Temp\msvcr120.dll
C:\Users\Suzanne\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-11-04 08:32
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-11-2016
Ran by Suzanne (08-11-2016 14:15:14)
Running from C:\Users\Suzanne\Desktop
Windows 7 Professional Service Pack 1 (X64) (2011-03-18 21:08:59)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-151233617-2686695857-2843107125-500 - Administrator - Disabled)
Guest (S-1-5-21-151233617-2686695857-2843107125-501 - Limited - Disabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-151233617-2686695857-2843107125-1002 - Limited - Enabled)
LogMeInRemoteUser (S-1-5-21-151233617-2686695857-2843107125-1003 - Administrator - Enabled) => C:\Users\LogMeInRemoteUser
Suzanne (S-1-5-21-151233617-2686695857-2843107125-1001 - Administrator - Enabled) => C:\Users\Suzanne
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Kaspersky Total Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AS: Kaspersky Total Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Total Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 7.2.4 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 16.04 (HKLM-x32\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Add or Remove Adobe Creative Suite 3 Design Premium (HKLM-x32\...\Adobe_498b43b77cac072081a5692bfc52804) (Version: 1.0 - Adobe Systems Incorporated)
Adobe Acrobat 8.1.5 - CPSID_49013 (HKLM-x32\...\Adobe Acrobat 8 Professional_815) (Version:  - Adobe Systems Incorporated)
Adobe Acrobat 8.1.5 Professional (HKLM-x32\...\Adobe Acrobat 8 Professional) (Version: 8.1.5 - )
Adobe Color Common Settings (HKLM-x32\...\Adobe_6c8e2cb4fd241c55406016127a6ab2e) (Version: 1.0.1 - Adobe Systems Incorporated)
Adobe ExtendScript Toolkit 2 (HKLM-x32\...\Adobe_3e054d2218e7aa282c2369d939e58ff) (Version: 2.0.2 - Adobe Systems Incorporated)
Adobe Flash Player 9 Plugin (HKLM-x32\...\{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}) (Version: 9.0.45.0 - Adobe Systems, Inc.)
AHV content for Acrobat and Flash (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Akamai NetSession Interface (HKU\S-1-5-21-151233617-2686695857-2843107125-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
Apple Application Support (32-bit) (HKLM-x32\...\{29DB9165-5FC1-48F0-9188-26123F526848}) (Version: 5.0.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{5905C8CF-1C88-4478-A48E-4E458AD1BC7E}) (Version: 5.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D4D86CB2-2370-4691-8272-3869EDED6C64}) (Version: 10.0.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ArcGIS 10.4 for Desktop (HKLM-x32\...\ArcGIS 10.4 for Desktop) (Version: 10.4.5524 - Environmental Systems Research Institute, Inc.)
ArcGIS 10.4 for Desktop (x32 Version: 10.4.5524 - Environmental Systems Research Institute, Inc.) Hidden
ArcGIS ArcReader 10 (HKLM-x32\...\ArcGIS ArcReader 10) (Version: 10.0.2414 - Environmental Systems Research Institute, Inc.)
ArcGIS Earth (HKLM\...\ArcGIS Earth) (Version: 1.0.1214 - Environmental Systems Research Institute, Inc.)
ArcGIS Earth (Version: 1.0.1214 - Environmental Systems Research Institute, Inc.) Hidden
ArcGIS License Manager 10 (HKLM-x32\...\ArcGIS License Manager 10) (Version: 10.0.2414 - Environmental Systems Research Institute, Inc.)
ArcGIS Pro (HKLM\...\ArcGISPro) (Version: 1.3.5861 - Environmental Systems Research Institute, Inc.)
ArcGIS Pro (Version: 1.3.5861 - Environmental Systems Research Institute, Inc.) Hidden
Bing Bar (HKLM-x32\...\{FF6DD716-7B10-4269-9F19-FFB07AC4CD95}) (Version: 7.3.124.0 - Microsoft Corporation)
Bing Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.470.0 - Microsoft Corporation)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
BioAPI Framework (Version: 1.0.2 - Dell Inc.) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Box Tools (HKLM-x32\...\{56647361-687B-452B-8999-6179125FFD63}) (Version: 3.2.10.1533 - Box)
Broadcom NetXtreme-I Netlink Driver and Management Installer (HKLM\...\{982E1601-0DFC-4FD3-A427-AC6570697858}) (Version: 14.0.3.2 - Broadcom Corporation)
CameraHelperMsi (x32 Version: 13.40.836.0 - Logitech) Hidden
Citrix Online Launcher (HKLM-x32\...\{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}) (Version: 1.0.408 - Citrix)
Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 3.00 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: 1.02 - Creative Technology Limited)
Custom (Version: 12.34.56.789 - Wave Systems Corp.) Hidden
CyberLink PowerDVD 9.5 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.3225 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Data Protection | Access (HKLM-x32\...\{A7D91856-258D-4C87-8041-B170851CE432}) (Version: 2.0.00000.085 - Dell Inc.)
Dell Data Protection | Access (Version: 01.01.00.085 - Wave Systems Corp) Hidden
Dell Data Protection | Access | Drivers (HKLM-x32\...\{4E4E65EE-C456-45AC-B5AD-C62C3A325BD0}) (Version: 1.00.011 - Dell Inc.)
Dell Data Protection | Access | Middleware (HKLM-x32\...\{841CBDD5-4BB5-403E-AEE3-2FADC3890BE8}) (Version: 1.00.005 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell System Manager (HKLM\...\{0DB0EA38-E806-44ED-A892-489F2E305080}) (Version: 1.5.00000 - Dell Inc.)
DellAccess (Version: 01.01.00.053 - Wave Systems Corp.) Hidden
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
EMBASSY Security Center (Version: 04.03.00.067 - Wave Systems Corp.) Hidden
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Esri CityEngine 2016.0 (HKLM\...\Esri CityEngine 2016.0) (Version: 16.0.100 - Environmental Systems Research Institute, Inc.)
Esri CityEngine 2016.0 (Version: 16.0.100 - Environmental Systems Research Institute, Inc.) Hidden
FME Desktop 2016.1.2.1 (Build 16674 - win64) (HKLM\...\{C6197A42-6BFE-1014-B1BC-EE2AC0F79D75}) (Version: 7.22.16674 - Safe Software Inc.)
Fushicai VIDEO DVR (HKLM-x32\...\{989BAFE8-E777-43D7-9749-9810E0E9FF48}) (Version: 2013.5.6 - Fushicai)
Gemalto (Version: 01.64.01.0010 - Wave Systems Corp) Hidden
Google Chrome (HKU\S-1-5-21-151233617-2686695857-2843107125-1001\...\Google Chrome) (Version: 54.0.2840.71 - Google Inc.)
Google Drive (HKLM-x32\...\{3D7AB4D4-2E45-4986-BAC5-5B3CEED21FAA}) (Version: 1.32.3592.6117 - Google, Inc.)
Google Earth (HKLM-x32\...\{A0C18B96-AB79-46BD-8321-6FA83E6D25B9}) (Version: 7.1.7.2606 - Google)
Google Earth Pro (HKLM-x32\...\{1C63D1F0-DE50-11E2-BB78-B8AC6F98CCE3}) (Version: 7.1.1.1871 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
HP Support Solutions Framework (HKLM-x32\...\{2B5A1E68-6617-406D-B797-5DAB5B4630B8}) (Version: 12.5.32.37 - HP Inc.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
hppLaserJetService (x32 Version: 002.015.00599 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{CE29BC77-C5AE-49D8-A8C0-FDAF6ACF74DF}) (Version: 6.0.1.41 - Apple Inc.)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{9946A4F7-E0FD-4A33-82D1-06CBFFBBB9F9}) (Version: 12.5.1.21 - Apple Inc.)
Java 8 Update 112 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180112F0}) (Version: 8.0.1120.15 - Oracle Corporation)
Java™ 6 Update 23 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416023FF}) (Version: 6.0.230 - Oracle)
JavaFX 2.1.0 (HKLM-x32\...\{1111706F-666A-4037-7777-210328764D10}) (Version: 2.1.0 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab)
Kaspersky Secure Connection (x32 Version: 17.0.0.611 - Kaspersky Lab) Hidden
Kaspersky Total Security (HKLM-x32\...\InstallWIX_{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab)
Kaspersky Total Security (x32 Version: 17.0.0.611 - Kaspersky Lab) Hidden
Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.40 - Logitech Inc.)
LogMeIn (HKLM-x32\...\{D3AE96EE-2876-4B3F-847C-D3A4AD689E43}) (Version: 4.1.1578 - LogMeIn, Inc.)
LogMeIn Client (HKLM-x32\...\{D2300C4F-CC9B-4D00-BC53-B4C806A6C7AB}) (Version: 1.3.1675 - LogMeIn, Inc.)
LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional 2016 - en-us (HKLM\...\ProfessionalRetail - en-us) (Version: 16.0.7369.2038 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movavi Video Editor 11 (HKLM-x32\...\Movavi Video Editor 11) (Version: 11.2.0 - Movavi)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyHarmony (HKU\S-1-5-21-151233617-2686695857-2843107125-1001\...\036a0e4fc6a247ec) (Version: 1.0.1.257 - Logitech)
NTRU TCG Software Stack (Version: 2.1.34 - Security Innovation) Hidden
NVIDIA 3D Vision Driver 358.91 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 358.91 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5929 - NVIDIA Corporation)
NVIDIA Graphics Driver 358.91 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 358.91 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA nView 146.78 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 146.78 - NVIDIA Corporation)
NVIDIA WMI 2.24.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVWMI) (Version: 2.24.0 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7369.2038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7369.2038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7369.2038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7369.2038 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
PC-CCID (Version: 2.0.0 - Gemalto) Hidden
PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
Preboot Manager (Version: 03.03.00.049 - Wave Systems Corp.) Hidden
Private Information Manager (Version: 07.01.00.007 - Wave Systems Corp.) Hidden
Python 2.5 numpy-1.0.3 (HKLM-x32\...\numpy-py2.5) (Version:  - )
Python 2.5 numpy-1.0.3 (HKLM-x32\...\Python 2.5 numpy-1.0.3) (Version:  - )
Python 2.5.1 (HKLM-x32\...\Python 2.5.1) (Version:  - )
QGIS 2.16 2.16.2 Nødebo (HKLM\...\QGIS 2.16) (Version:  - QGIS Development Team)
Quicken 2012 (HKLM-x32\...\{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}) (Version: 21.1.7.18 - Intuit)
Quicken 2015 (HKLM-x32\...\{00C2D443-43D9-4550-ABEA-318288E23E57}) (Version: 24.1.11.1 - Intuit)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
Rosetta Stone Language Training (HKLM-x32\...\{00384623-4937-4D7D-BDD9-23513D1C50AB}) (Version: 5.0.37.0 - Rosetta Stone, Ltd)
Rosetta Stone Ltd Services (HKLM-x32\...\{3165E4A6-D5DE-46B0-8597-D55E2B826B84}) (Version: 3.2.21 - Rosetta Stone Ltd.)
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Sentinel System Driver(64-bit) 7.2.2 (HKLM\...\{97407E09-4EA8-49F0-A513-2C1776A6DEC0}) (Version: 7.2.2 - SafeNet, Inc.)
Skype™ 7.29 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.29.102 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
SPBA 5.9 (Version: 5.9.4.6686 - UPEK Inc.) Hidden
Trusted Drive Manager (Version: 4.0.0.512 - Wave Systems Corp.) Hidden
Upek Touchchip Fingerprint Reader (Version: 1.2.004 - Dell Inc.) Hidden
Wave Infrastructure Installer (Version: 07.66.40.0008 - Wave Systems Corp) Hidden
Wave Support Software Installer (Version: 05.13.00.014 - Wave Systems Corp) Hidden
Windows Driver Package - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinZip 16.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240D3}) (Version: 16.5.10095 - WinZip Computing, S.L. )
XnConvert 1.73 (HKLM\...\XnConvert_is1) (Version: 1.73 - Gougelet Pierre-e)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-151233617-2686695857-2843107125-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0DC59238-B059-4EFF-9CF9-9A8CA49C9C53} - System32\Tasks\{0413D07A-8D30-4D5A-BE61-486976FB485F} => C:\Program Files (x86)\iTunes\iTunes.exe
Task: {15D894C6-8C07-4502-817B-3633CBC2F6A0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: {16E7A5FB-0D27-4FFC-935D-CB64441A4BD1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-151233617-2686695857-2843107125-1001Core1cf23885969d023 => C:\Users\Suzanne\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {19E720E5-12AA-4EE3-9C27-83BF10CA2419} - System32\Tasks\{A4BA670A-111C-4595-88DE-44B1BC131F3C} => C:\Program Files (x86)\iTunes\iTunes.exe
Task: {212BF5A7-A5A8-4B84-B341-856E5929BB4E} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2016-08-23] (AO Kaspersky Lab)
Task: {296820CE-CF2E-4BF6-A702-4363873404AB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-151233617-2686695857-2843107125-1001Core => C:\Users\Suzanne\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {3B786855-FB5F-4C15-B445-7A740D115058} - System32\Tasks\{04FF8751-D100-4F82-BE83-D96DAFA59B39} => C:\Program Files (x86)\iTunes\iTunes.exe
Task: {48239E39-A010-47DA-A4BA-F13478A0CAE6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-151233617-2686695857-2843107125-1001UA => C:\Users\Suzanne\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {65729D44-5252-401D-B2CF-BAF410DE527B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {66732F40-8D0E-4B61-A60C-AEBCC6F3114C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {708F24B9-28BC-47E9-B04A-16B31A1C6744} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-151233617-2686695857-2843107125-1001UA1cf23886a25815c => C:\Users\Suzanne\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {7FD29370-9E52-4570-BD4C-85704D903571} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.)
Task: {87B96AB0-7AB8-4E37-A083-9C8B6952E13E} - System32\Tasks\{4D5AC19A-5FF4-4A2F-A1AF-3E5DD0BAAB0C} => D:\autorun.exe
Task: {964025AA-7830-4AC4-B364-E67585C17F61} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-08] (Microsoft Corporation)
Task: {A9C69709-F628-4E15-AA80-357F047BB55C} - System32\Tasks\G2MUpdateTask-S-1-5-21-151233617-2686695857-2843107125-1001 => C:\Program Files (x86)\Citrix\GoToMeeting\5742\g2mupdate.exe
Task: {B24AE1E3-4FF1-4DF0-8E8A-FFEAF516B368} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-08] (Microsoft Corporation)
Task: {B85041F5-4507-4DF4-B32F-2120AD6A00B5} - System32\Tasks\{89B37D2F-F8B6-4666-BC35-FCBF4333D964} => D:\autorun.exe
Task: {CEABA74D-1DA7-4D11-8436-1C4F8EC1EA84} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-151233617-2686695857-2843107125-1001UA1d0013a3ffd0f14 => C:\Users\Suzanne\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {CFB72B10-B94B-4668-8030-98F6B2092CD2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {D957B3D7-A0E7-47BE-A2B1-44A42E4C19DF} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2016-09-09] (Apple Inc.)
Task: {DC286D2F-C572-45D8-9115-DB9BC8B91E53} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-151233617-2686695857-2843107125-1001Core1d0013a3e4c6110 => C:\Users\Suzanne\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {E17E379B-C888-4F20-86EE-933892009BF5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-07-04] (HP Inc.)
Task: {F3F98508-023D-412B-A62A-F3C4D70BB29E} - System32\Tasks\G2MUploadTask-S-1-5-21-151233617-2686695857-2843107125-1001 => C:\Program Files (x86)\Citrix\GoToMeeting\5742\g2mupload.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-151233617-2686695857-2843107125-1001Core.job => C:\Users\Suzanne\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-151233617-2686695857-2843107125-1001Core1cf23885969d023.job => C:\Users\Suzanne\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-151233617-2686695857-2843107125-1001Core1d0013a3e4c6110.job => C:\Users\Suzanne\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-151233617-2686695857-2843107125-1001UA.job => C:\Users\Suzanne\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-151233617-2686695857-2843107125-1001UA1cf23886a25815c.job => C:\Users\Suzanne\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-151233617-2686695857-2843107125-1001UA1d0013a3ffd0f14.job => C:\Users\Suzanne\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Web Applications\pinterest.com\http_80\Pinterest _ Goodies.lnk -> C:\Users\Suzanne\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --app=hxxp://pinterest.com/about/goodies/
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-01-28 09:39 - 2015-11-10 01:32 - 03088712 _____ () C:\Windows\system32\nvwmi64.exe
2016-01-28 09:38 - 2015-11-05 07:13 - 00116528 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-09-01 17:12 - 2016-09-01 17:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-09-01 17:12 - 2016-09-01 17:12 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-09-06 12:21 - 2016-10-07 23:52 - 08923840 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2013-06-13 16:07 - 2013-03-25 09:57 - 00727952 _____ () C:\Windows\SysWOW64\WSCM64.dll
2011-11-11 13:07 - 2011-11-11 13:07 - 00265240 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2011-08-12 11:19 - 2011-08-12 11:19 - 00680984 _____ () C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
2016-06-27 23:19 - 2016-06-27 23:19 - 00865232 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\kpcengine.2.3.dll
2011-11-11 13:08 - 2011-11-11 13:08 - 02145304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2011-11-11 13:08 - 2011-11-11 13:08 - 07956504 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2011-11-11 13:08 - 2011-11-11 13:08 - 00342552 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2011-11-11 13:08 - 2011-11-11 13:08 - 00029208 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2011-11-11 13:08 - 2011-11-11 13:08 - 00128536 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2011-12-12 14:44 - 2011-12-12 14:44 - 00336408 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2016-09-06 12:15 - 2016-10-18 10:32 - 03593408 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\gfx.dll
2016-10-25 07:16 - 2016-10-20 00:47 - 01819240 _____ () C:\Users\Suzanne\AppData\Local\Google\Chrome\Application\54.0.2840.71\libglesv2.dll
2016-10-25 07:16 - 2016-10-20 00:47 - 00093288 _____ () C:\Users\Suzanne\AppData\Local\Google\Chrome\Application\54.0.2840.71\libegl.dll
2015-12-23 13:25 - 2015-12-23 13:25 - 00056832 _____ () C:\Program Files (x86)\ArcGIS\Desktop10.4\bin\SIFT.dll
2015-12-23 13:25 - 2015-12-23 13:25 - 00817152 _____ () C:\Program Files (x86)\ArcGIS\Desktop10.4\bin\netcdf.dll
2015-12-23 13:25 - 2015-12-23 13:25 - 02142720 _____ () C:\Program Files (x86)\ArcGIS\Desktop10.4\bin\opencv_core2411.dll
2015-12-23 13:25 - 2015-12-23 13:25 - 00510464 _____ () C:\Program Files (x86)\ArcGIS\Desktop10.4\bin\opencv_ml2411.dll
2015-12-01 14:45 - 2015-12-01 14:45 - 01041408 _____ () C:\Python27\ArcGIS10.4\lib\site-packages\numpy\core\multiarray.pyd
2015-12-01 14:45 - 2015-12-01 14:45 - 00371200 _____ () C:\Python27\ArcGIS10.4\lib\site-packages\numpy\core\umath.pyd
2015-12-01 14:45 - 2015-12-01 14:45 - 05875200 _____ () C:\Python27\ArcGIS10.4\lib\site-packages\numpy\core\_dotblas.pyd
2015-12-01 14:45 - 2015-12-01 14:45 - 00141312 _____ () C:\Python27\ArcGIS10.4\lib\site-packages\numpy\core\scalarmath.pyd
2015-05-23 07:41 - 2015-05-23 07:41 - 00910336 _____ () C:\Python27\ArcGIS10.4\DLLs\_hashlib.pyd
2015-12-01 14:45 - 2015-12-01 14:45 - 00023552 _____ () C:\Python27\ArcGIS10.4\lib\site-packages\numpy\lib\_compiled_base.pyd
2015-12-01 14:46 - 2015-12-01 14:46 - 04963328 _____ () C:\Python27\ArcGIS10.4\lib\site-packages\numpy\linalg\lapack_lite.pyd
2015-12-01 14:46 - 2015-12-01 14:46 - 20909568 _____ () C:\Python27\ArcGIS10.4\lib\site-packages\numpy\linalg\_umath_linalg.pyd
2015-12-01 14:46 - 2015-12-01 14:46 - 00058880 _____ () C:\Python27\ArcGIS10.4\lib\site-packages\numpy\fft\fftpack_lite.pyd
2015-12-01 14:46 - 2015-12-01 14:46 - 00441856 _____ () C:\Python27\ArcGIS10.4\lib\site-packages\numpy\random\mtrand.pyd
2015-05-23 07:40 - 2015-05-23 07:40 - 00088064 _____ () C:\Python27\ArcGIS10.4\DLLs\_ctypes.pyd
2015-05-23 07:40 - 2015-05-23 07:40 - 00046080 _____ () C:\Python27\ArcGIS10.4\DLLs\_socket.pyd
2015-05-23 07:40 - 2015-05-23 07:40 - 01315328 _____ () C:\Python27\ArcGIS10.4\DLLs\_ssl.pyd
2015-02-15 13:29 - 2015-02-15 13:29 - 00142848 _____ () C:\Python27\ArcGIS10.4\lib\site-packages\matplotlib\_path.pyd
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 18:34 - 2016-10-24 13:41 - 00003072 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-151233617-2686695857-2843107125-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Suzanne\Pictures\gumby.jpg
DNS Servers: 192.168.10.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: Google Update => "C:\Users\Suzanne\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: iCloudDrive => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
MSCONFIG\startupreg: iCloudPhotos => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: nwiz => "C:\Program Files\NVIDIA Corporation\nview\nwiz.exe" /installquiet
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{41422E44-3406-4A93-B450-2D312C87D6E1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{D4A758E9-3C0D-44E8-ADB2-854FC98DFE5D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{3157DD3A-319D-4D65-B6AB-93ADB4D0C653}] => (Allow) LPort=3703
FirewallRules: [{441D9186-92A4-4803-BA11-81797D55FA23}] => (Allow) LPort=3704
FirewallRules: [{DEB659CD-54F8-41A1-80B9-58AA05256D7E}] => (Allow) LPort=50900
FirewallRules: [{91D4E84B-47C9-40A2-AD72-5E88730A454E}] => (Allow) LPort=50901
FirewallRules: [{88989606-90A7-4BB1-BD7C-1CE9214F2628}] => (Allow) C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
FirewallRules: [{EF737E9D-43CF-4486-8F8D-DA1CD805EBB2}] => (Allow) C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
FirewallRules: [TCP Query User{3657E126-8208-4A49-AF8E-8C2F67290776}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{A8990542-A0F9-4F21-A280-9B40215B48F5}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{35C514E1-2A7C-414C-9DBF-3CFD2041C813}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [UDP Query User{8D9A34C2-1F86-4732-9B17-16CDEF0FA141}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [{744D57AA-4761-4FD7-AC38-DB3F978D2CD5}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{2CE9DC3A-C8E0-4E2B-ABEA-63A5EA4C8B6E}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [TCP Query User{BA4A4083-E4AE-4689-8489-6853D6966CA5}C:\program files (x86)\orbitdownloader\orbitnet.exe] => (Allow) C:\program files (x86)\orbitdownloader\orbitnet.exe
FirewallRules: [UDP Query User{8A3E9F7D-57F0-4896-92D0-9AD22349AD68}C:\program files (x86)\orbitdownloader\orbitnet.exe] => (Allow) C:\program files (x86)\orbitdownloader\orbitnet.exe
FirewallRules: [TCP Query User{FB2964C2-23C2-45D0-AD6C-63A6609EF4C6}C:\program files (x86)\arcgis\desktop10.0\bin\arcmap.exe] => (Allow) C:\program files (x86)\arcgis\desktop10.0\bin\arcmap.exe
FirewallRules: [UDP Query User{FB3D0B7A-D1E0-4659-A4CD-B16994194ABE}C:\program files (x86)\arcgis\desktop10.0\bin\arcmap.exe] => (Allow) C:\program files (x86)\arcgis\desktop10.0\bin\arcmap.exe
FirewallRules: [TCP Query User{F150EBA6-1731-46CF-84A8-C7CAE1819E92}C:\program files (x86)\orbitdownloader\orbitnet.exe] => (Allow) C:\program files (x86)\orbitdownloader\orbitnet.exe
FirewallRules: [UDP Query User{1BE6857F-5A65-4110-955F-0879D273B82F}C:\program files (x86)\orbitdownloader\orbitnet.exe] => (Allow) C:\program files (x86)\orbitdownloader\orbitnet.exe
FirewallRules: [{84C9C5E3-7B7F-4CCE-BB5C-56554272AACC}] => (Allow) %ProgramFiles% (x86)\iTunes\iTunes.exe
FirewallRules: [TCP Query User{ABFFB7A9-9081-4825-A3F0-E7F43010878B}C:\users\suzanne\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\suzanne\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{8B3ED360-E7F8-4AD0-AF68-9A97502C9E20}C:\users\suzanne\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\suzanne\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{CED04AFF-E697-456D-9774-CFE97754AEED}C:\users\suzanne\appdata\local\temp\lmi1467.tmp\logmein client.exe] => (Allow) C:\users\suzanne\appdata\local\temp\lmi1467.tmp\logmein client.exe
FirewallRules: [UDP Query User{5595BF07-86BD-492A-B9BF-CD836622E16C}C:\users\suzanne\appdata\local\temp\lmi1467.tmp\logmein client.exe] => (Allow) C:\users\suzanne\appdata\local\temp\lmi1467.tmp\logmein client.exe
FirewallRules: [TCP Query User{99EA1E7D-E49D-4A49-AEBB-E07858ECDF90}C:\users\suzanne\appdata\local\logmein client\logmein client.exe] => (Allow) C:\users\suzanne\appdata\local\logmein client\logmein client.exe
FirewallRules: [UDP Query User{4C89C0BD-E6C6-436C-B0DF-97C7E2082B7E}C:\users\suzanne\appdata\local\logmein client\logmein client.exe] => (Allow) C:\users\suzanne\appdata\local\logmein client\logmein client.exe
FirewallRules: [TCP Query User{B5C8AFCC-5C87-4757-B0DD-F995D841735B}C:\users\suzanne\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\suzanne\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{A3463A72-67CB-4961-9734-66F4D88F62DD}C:\users\suzanne\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\suzanne\appdata\local\akamai\netsession_win.exe
FirewallRules: [{732EAA20-57DD-4604-9510-F1A736F7BAD8}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdServices.exe
FirewallRules: [{9655D171-2832-45E1-B9C0-6776DE56CFA1}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdServices.exe
FirewallRules: [{B5B9EB9D-00F6-4463-8971-C64EBAF5BBD5}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
FirewallRules: [{83CACCBF-39E6-4BD9-9EFD-D20D2004CDAC}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
FirewallRules: [TCP Query User{23D6FAE3-CFF4-49F6-8D2C-23C474FE0321}C:\users\suzanne\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\suzanne\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{E6DC87CD-29DA-44C9-8F95-6687908B57BF}C:\users\suzanne\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\suzanne\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{67A479B6-923D-4EBE-9C6C-46EB93EFE929}C:\users\suzanne\appdata\local\logmein client\lmiignition.exe] => (Allow) C:\users\suzanne\appdata\local\logmein client\lmiignition.exe
FirewallRules: [UDP Query User{C3F93811-B9A0-4376-89C2-C672A2C25C12}C:\users\suzanne\appdata\local\logmein client\lmiignition.exe] => (Allow) C:\users\suzanne\appdata\local\logmein client\lmiignition.exe
FirewallRules: [TCP Query User{AC34F27F-9FE1-414A-A6D1-996DF99FC468}C:\program files (x86)\logmein\ignition\lmiignition.exe] => (Allow) C:\program files (x86)\logmein\ignition\lmiignition.exe
FirewallRules: [UDP Query User{A0452389-3C2D-4086-9FDF-A72BC9984728}C:\program files (x86)\logmein\ignition\lmiignition.exe] => (Allow) C:\program files (x86)\logmein\ignition\lmiignition.exe
FirewallRules: [TCP Query User{B701E11A-7F07-48BB-A60F-083DD8563891}C:\program files (x86)\arcgis\desktop10.2\bin\arcmap.exe] => (Allow) C:\program files (x86)\arcgis\desktop10.2\bin\arcmap.exe
FirewallRules: [UDP Query User{822A887B-A1DA-4BCE-AF99-228B45B6115D}C:\program files (x86)\arcgis\desktop10.2\bin\arcmap.exe] => (Allow) C:\program files (x86)\arcgis\desktop10.2\bin\arcmap.exe
FirewallRules: [TCP Query User{FBDB9957-690B-46CA-9507-A55E39F321D2}C:\program files (x86)\arcgis\desktop10.2\bin\arccatalog.exe] => (Allow) C:\program files (x86)\arcgis\desktop10.2\bin\arccatalog.exe
FirewallRules: [UDP Query User{B19595DA-CF6D-4993-9589-8DA867853C46}C:\program files (x86)\arcgis\desktop10.2\bin\arccatalog.exe] => (Allow) C:\program files (x86)\arcgis\desktop10.2\bin\arccatalog.exe
FirewallRules: [{F451F5B4-04F5-4F2E-A2A5-A1913F4A7038}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F62383D0-7692-43D3-B48C-6C655144597E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{68FE5D4D-2129-4A80-B807-3394670D2B14}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7AF72695-1DCE-40D2-8B00-9F43872CAE9E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{58D8F0A2-EA3F-42E9-8E80-DC8D20C21CED}C:\program files (x86)\logmein ignition\lmiignition.exe] => (Allow) C:\program files (x86)\logmein ignition\lmiignition.exe
FirewallRules: [UDP Query User{4402769C-36F7-4AED-9682-C563834A6BA0}C:\program files (x86)\logmein ignition\lmiignition.exe] => (Allow) C:\program files (x86)\logmein ignition\lmiignition.exe
FirewallRules: [{71A8EF7F-EC4E-4034-A704-E825B4EA9F49}] => (Allow) LPort=49384
FirewallRules: [{E1F7B4C3-9119-46DB-9117-AAE5FFEC99B8}] => (Allow) LPort=5000
FirewallRules: [{7B0CB2F1-0228-4081-B443-9B03EB4463B9}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{4A855208-1C2D-4AD7-997C-62367249E94C}] => (Allow) LPort=2869
FirewallRules: [{18298327-6A1A-4BB3-B212-C95EA99A50E6}] => (Allow) LPort=1900
FirewallRules: [{6F69F51A-0A4B-4F38-8731-194E3124255B}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [TCP Query User{0F13D120-B627-4479-BF00-9C512AE3C600}C:\users\suzanne\appdata\local\temp\g2_1826\g2viewer.exe] => (Allow) C:\users\suzanne\appdata\local\temp\g2_1826\g2viewer.exe
FirewallRules: [UDP Query User{028224AD-E439-4657-A5AC-9562C1035FED}C:\users\suzanne\appdata\local\temp\g2_1826\g2viewer.exe] => (Allow) C:\users\suzanne\appdata\local\temp\g2_1826\g2viewer.exe
FirewallRules: [{4A41CC16-99B3-4869-9F40-7F7FCA0D1336}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{96BECEC8-C48A-4B9B-B6E7-0E9B28B08B26}C:\users\suzanne\appdata\local\temp\g2_1875\g2viewer.exe] => (Allow) C:\users\suzanne\appdata\local\temp\g2_1875\g2viewer.exe
FirewallRules: [UDP Query User{15CE6E14-27AE-4F1B-82AB-40680753D602}C:\users\suzanne\appdata\local\temp\g2_1875\g2viewer.exe] => (Allow) C:\users\suzanne\appdata\local\temp\g2_1875\g2viewer.exe
FirewallRules: [TCP Query User{89D3265B-BB7B-410D-B259-7EA747FA1386}C:\program files\esri\cityengine2016.0\cityengine.exe] => (Allow) C:\program files\esri\cityengine2016.0\cityengine.exe
FirewallRules: [UDP Query User{9A2A33F9-F5FA-42F3-AA18-83D84CE63C12}C:\program files\esri\cityengine2016.0\cityengine.exe] => (Allow) C:\program files\esri\cityengine2016.0\cityengine.exe
FirewallRules: [TCP Query User{1429D159-427C-44DE-93EC-9CDA37841971}C:\program files (x86)\adobe\adobe dreamweaver cs3\dreamweaver.exe] => (Allow) C:\program files (x86)\adobe\adobe dreamweaver cs3\dreamweaver.exe
FirewallRules: [UDP Query User{5293B334-C0B4-400D-BD84-54557DD9465B}C:\program files (x86)\adobe\adobe dreamweaver cs3\dreamweaver.exe] => (Allow) C:\program files (x86)\adobe\adobe dreamweaver cs3\dreamweaver.exe
FirewallRules: [{97284FD0-7786-4CB2-89B3-EDFC047DD166}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{3D6C4DCB-D476-41B7-BA83-8A2B70ACE023}] => (Allow) LPort=49265
FirewallRules: [{9AF969F5-A10B-4B61-B44C-296DE23664B9}] => (Allow) LPort=3389
FirewallRules: [{C66743B9-C5BF-4B60-8FF4-B16356BC9521}] => (Allow) LPort=443
FirewallRules: [{21DEDBCE-7291-4012-828A-B5536B025A0E}] => (Allow) LPort=443
FirewallRules: [{8FAFAC91-9911-4ACC-A07A-E1EB32FF4382}] => (Allow) LPort=443
FirewallRules: [{DB9B0B58-343A-483B-BB9A-D3C61817B2B6}] => (Allow) LPort=443
FirewallRules: [{81B805D5-9DA0-4078-B38E-7EB1D72198BA}] => (Allow) LPort=443
FirewallRules: [{EC95BDCC-0E2B-4806-BA68-E63AE97F21C9}] => (Allow) LPort=443
FirewallRules: [{1F5EFC2F-C3C2-4433-9248-D1D2C954819B}] => (Allow) C:\Users\Suzanne\AppData\Local\Google\Chrome\Application\chrome.exe
FirewallRules: [{4FFC1687-42E8-4AA2-8A72-2FE7264159B9}] => (Allow) C:\Program Files (x86)\HP\csiInstaller\5C069542-CA13-4f1b-B90C-28C6430F4992\Installer\hpbcsiInstaller.exe
FirewallRules: [{153D02CF-2359-4776-86E8-E89CEE3E760B}] => (Allow) C:\Program Files (x86)\HP\csiInstaller\5C069542-CA13-4f1b-B90C-28C6430F4992\Installer\hpbcsiInstaller.exe
FirewallRules: [{5457D126-6FB2-42AD-B62B-F0CD3F3B0A91}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{6773A25E-535B-42E5-92B8-54873648A5A0}] => (Allow) LPort=49325
FirewallRules: [{327BF990-6EA1-41EB-B23A-25A0EDA2F8A7}] => (Allow) LPort=5000
FirewallRules: [{3097C2F5-993F-4E90-803C-F495118AD5DB}] => (Allow) C:\Program Files\FME\fme.exe
DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7
 
==================== Restore Points =========================
 
06-11-2016 11:03:33 JRT Pre-Junkware Removal
06-11-2016 18:33:01 Installed HP Support Solutions Framework
08-11-2016 12:49:51 Removed FME Desktop 2016.1.2.1 (Build 16674 - win64)
 
==================== Faulty Device Manager Devices =============
 
Name: Unknown Device
Description: Unknown Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: 
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/08/2016 12:08:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: esetonlinescanner_enu (1).exe, version: 2.0.12.0, time stamp: 0x57ac3e59
Faulting module name: esetonlinescanner_enu (1).exe, version: 2.0.12.0, time stamp: 0x57ac3e59
Exception code: 0xc0000005
Fault offset: 0x000361d1
Faulting process id: 0x1ae4
Faulting application start time: 0x01d239e7cd06a99e
Faulting application path: C:\Users\Suzanne\Downloads\esetonlinescanner_enu (1).exe
Faulting module path: C:\Users\Suzanne\Downloads\esetonlinescanner_enu (1).exe
Report Id: 2f388436-a5ef-11e6-ad33-bc305bd66386
 
Error: (11/07/2016 01:25:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.1.7601.23537 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: ebc
 
Start Time: 01d2393cd8652eb2
 
Termination Time: 0
 
Application Path: C:\Windows\Explorer.EXE
 
Report Id: 9c3b7daa-a530-11e6-b90a-bc305bd66386
 
Error: (11/07/2016 12:54:45 PM) (Source: Adobe Version Cue CS3) (EventID: 3) (User: )
Description: AssetServicesCS3: BIBError: invalid encoding
 
Error: (11/07/2016 12:54:45 PM) (Source: Adobe Version Cue CS3) (EventID: 3) (User: )
Description: AssetServicesCS3: BIBError: invalid encoding
 
Error: (11/07/2016 12:39:54 PM) (Source: Adobe Version Cue CS3) (EventID: 3) (User: )
Description: AssetServicesCS3: BIBError: invalid encoding
 
Error: (11/07/2016 12:39:54 PM) (Source: Adobe Version Cue CS3) (EventID: 3) (User: )
Description: AssetServicesCS3: BIBError: invalid encoding
 
Error: (11/06/2016 09:02:53 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: ArcGISPro.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Exception
   at ArcGIS.Desktop.Core.CoreModule+<>c__DisplayClass9a.<PutModuleSettingsAsync>b__99()
   at System.Threading.Tasks.Task.Execute()
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(System.Threading.Tasks.Task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(System.Threading.Tasks.Task)
   at ArcGIS.Desktop.Layouts.LayoutsModule+<>c__DisplayClass1+<<OnProjectSave>b__0>d__3.MoveNext()
 
Exception Info: System.AggregateException
   at System.Threading.Tasks.TaskExceptionHolder.Finalize()
 
Error: (11/06/2016 06:30:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: spoolsv.exe, version: 6.1.7601.17777, time stamp: 0x4f35fc1d
Faulting module name: hppdcompio.dll, version: 1.3.0.24, time stamp: 0x4c9685da
Exception code: 0xc0000417
Fault offset: 0x000000000000552c
Faulting process id: 0x684
Faulting application start time: 0x01d23861baba0109
Faulting application path: C:\Windows\System32\spoolsv.exe
Faulting module path: C:\Windows\system32\spool\DRIVERS\x64\3\hppdcompio.dll
Report Id: 249e722a-a492-11e6-9328-bc305bd66386
 
Error: (11/06/2016 06:20:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.23537, time stamp: 0x57c44efe
Faulting module name: hppdcompio.dll, version: 1.3.0.24, time stamp: 0x4c9685da
Exception code: 0xc0000417
Fault offset: 0x000000000000552c
Faulting process id: 0xdf8
Faulting application start time: 0x01d238621e19f598
Faulting application path: C:\Windows\Explorer.EXE
Faulting module path: C:\Windows\system32\spool\DRIVERS\x64\3\hppdcompio.dll
Report Id: b5da5b5d-a490-11e6-9328-bc305bd66386
 
Error: (11/06/2016 10:25:11 AM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: The backup was not successful. The error is: Windows Backup encountered an error when accessing the remote shared folder. (0x81000039).
 
 
System errors:
=============
Error: (11/08/2016 12:11:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Sentinel service failed to start due to the following error: 
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Error: (11/08/2016 12:10:40 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The NTRU TSS v1.2.1.34 TCS service depends the following service: TBS. This service might not be installed.
 
Error: (11/08/2016 09:47:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
This driver has been blocked from loading
 
Error: (11/08/2016 09:47:02 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Suzanne\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (11/08/2016 09:47:01 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
This driver has been blocked from loading
 
Error: (11/08/2016 09:47:01 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Suzanne\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (11/08/2016 09:47:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
This driver has been blocked from loading
 
Error: (11/08/2016 09:47:00 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Suzanne\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (11/08/2016 09:46:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
This driver has been blocked from loading
 
Error: (11/08/2016 09:46:57 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Suzanne\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
 
CodeIntegrity:
===================================
  Date: 2016-11-08 12:11:49.584
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\Sentinel64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-11-08 12:11:49.397
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\Sentinel64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-11-08 09:38:53.810
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\Sentinel64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-11-08 09:38:53.639
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\Sentinel64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-11-08 07:56:01.791
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\Sentinel64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-11-08 07:56:01.479
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\Sentinel64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-11-07 13:24:05.171
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\Sentinel64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-11-07 13:24:04.484
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\Sentinel64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-11-06 11:14:54.087
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\Sentinel64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-11-06 11:14:53.916
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\Sentinel64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Xeon® CPU W3530 @ 2.80GHz
Percentage of memory in use: 61%
Total physical RAM: 6141.55 MB
Available physical RAM: 2390.15 MB
Total Virtual: 12281.29 MB
Available Virtual: 7331.64 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:464.99 GB) (Free:176.89 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: C648A420)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=750 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=465 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

  • 0

#19
Jr0x

Jr0x

    Malware removal team

  • Malware Removal
  • 1,825 posts

Hi skysuz,

 

Please run with BitDefender instead.

 

Scan with BitDefender Online Scanner

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Please run a free on line scan with BitDefender Online Scanner.

  • Click the green Start Scanner button
  • Click the green Scan Now button and wait a few seconds until a request appears from Bitdefender
  • Accept the plugin installation
  • Restart your browser in Administation mode if requested
  • Click the green Scan Now button again
  • Accept the eula agreement if asked
  • The scan should start. It will be relatively quick.
  • Click View report (note: this is not the green button - Free download - just click on the words View report under the black button "Get QuickScan for your website")
  • Notepad will open with a log
  • Save to your desktop
  • Copy and paste the report back here

  • 0

#20
skysuz

skysuz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Here it is:

Thanks

 
QuickScan 32-bit v0.9.9.118
---------------------------
Scan date:  Wed Nov 09 12:28:08 2016
Machine ID: 6CEFDC58
 
 
 
No infection found.
-------------------
 
 
 
Processes
---------
            AcroTray - Adobe Acrobat Distiller help  5344    C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
            Akamai NetSession Client                 3480    C:\Users\Suzanne\AppData\Local\Akamai\netsession_win.exe
            Akamai NetSession Client                 3384    C:\Users\Suzanne\AppData\Local\Akamai\netsession_win.exe
            ArcGIS                                   3712    C:\Program Files (x86)\Common Files\ArcGIS\bin\ArcGISCacheMgr.exe
            Bing Bar                                 4776    C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.EXE
            Bing Desktop                             2052    C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
            Box Edit                                 1664    C:\Users\Suzanne\AppData\Local\Box\Box Edit\Box Edit.exe
            Box Local Com Service                    1824    C:\Users\Suzanne\AppData\Local\Box\Box Local Com Server\Box Local Com Service.exe
            CameraHelperShell.exe                    6016    C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
            COCIManager.exe                          5504    C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe
            Creative Audio Service                   1268    C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
            FlexNet Publisher (32 bit)               6068    C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
            Google Chrome                            4404    C:\Users\Suzanne\AppData\Local\Google\Chrome\Application\chrome.exe
            Google Chrome                            4632    C:\Users\Suzanne\AppData\Local\Google\Chrome\Application\chrome.exe
            Google Chrome                            4788    C:\Users\Suzanne\AppData\Local\Google\Chrome\Application\chrome.exe
            Google Chrome                            8608    C:\Users\Suzanne\AppData\Local\Google\Chrome\Application\chrome.exe
            Google Chrome                           10104    C:\Users\Suzanne\AppData\Local\Google\Chrome\Application\chrome.exe
            Google Update                            5112    C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
            Internet Explorer                         916    C:\Program Files (x86)\Internet Explorer\iexplore.exe
            Kaspersky Anti-Virus                     3452    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe
            Kaspersky Anti-Virus                     1372    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe
            Kaspersky Anti-Virus                     1964    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avp.exe
            Kaspersky Anti-Virus                     3492    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avpui.exe
            Logitech Camera Software                 5748    C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
            Logitech Webcam Software                 1156    C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
            Microsoft OneNote                        5364    C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
            PanelHelper32.exe                        5952    C:\Program Files\Dell\Dell System Manager\PanelHelper32.exe
            PowerDVD RC Service                      4896    C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
            RAID Event Monitor                       3708    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
            RAID Monitor                             3772    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
            Rosetta Stone Daemon                     2584    C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
            SMax4PNP Application                     1492    C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
            Stereo Vision Control Panel API Server   1012    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
 
 
Network activity
----------------
Process iexplore.exe (916) connected on port 80 (HTTP) --> 13.107.21.200
Process iexplore.exe (916) connected on port 80 (HTTP) --> 13.107.21.200
Process iexplore.exe (916) connected on port 80 (HTTP) --> 172.217.5.100
Process iexplore.exe (916) connected on port 80 (HTTP) --> 172.217.5.100
Process iexplore.exe (916) connected on port 80 (HTTP) --> 204.79.197.200
Process iexplore.exe (916) connected on port 80 (HTTP) --> 204.79.197.200
Process iexplore.exe (916) connected on port 443 (HTTP over SSL) --> 172.217.5.100
Process iexplore.exe (916) connected on port 443 (HTTP over SSL) --> 172.217.5.100
Process iexplore.exe (916) connected on port 80 (HTTP) --> 98.139.183.24
Process iexplore.exe (916) connected on port 80 (HTTP) --> 204.79.197.200
Process iexplore.exe (916) connected on port 80 (HTTP) --> 204.79.197.200
Process iexplore.exe (916) connected on port 443 (HTTP over SSL) --> 172.217.5.100
Process iexplore.exe (916) connected on port 443 (HTTP over SSL) --> 172.217.5.100
Process iexplore.exe (916) connected on port 443 (HTTP over SSL) --> 172.217.5.100
Process iexplore.exe (916) connected on port 443 (HTTP over SSL) --> 216.58.192.131
Process iexplore.exe (916) connected on port 443 (HTTP over SSL) --> 216.58.192.131
Process iexplore.exe (916) connected on port 443 (HTTP over SSL) --> 216.115.100.123
Process iexplore.exe (916) connected on port 443 (HTTP over SSL) --> 216.115.100.123
Process iexplore.exe (916) connected on port 443 (HTTP over SSL) --> 216.115.100.123
Process iexplore.exe (916) connected on port 443 (HTTP over SSL) --> 216.115.100.123
Process iexplore.exe (916) connected on port 443 (HTTP over SSL) --> 172.217.6.3
Process iexplore.exe (916) connected on port 443 (HTTP over SSL) --> 172.217.6.3
Process iexplore.exe (916) connected on port 80 (HTTP) --> 204.79.197.200
Process iexplore.exe (916) connected on port 443 (HTTP over SSL) --> 216.115.100.123
Process iexplore.exe (916) connected on port 443 (HTTP over SSL) --> 216.115.100.123
Process iexplore.exe (916) connected on port 443 (HTTP over SSL) --> 172.217.6.14
Process iexplore.exe (916) connected on port 443 (HTTP over SSL) --> 172.217.6.14
Process iexplore.exe (916) connected on port 443 (HTTP over SSL) --> 104.125.226.11
Process iexplore.exe (916) connected on port 443 (HTTP over SSL) --> 172.217.4.226
Process iexplore.exe (916) connected on port 443 (HTTP over SSL) --> 172.217.4.226
Process iexplore.exe (916) connected on port 443 (HTTP over SSL) --> 216.39.55.13
Process iexplore.exe (916) connected on port 443 (HTTP over SSL) --> 98.137.170.32
Process iexplore.exe (916) connected on port 443 (HTTP over SSL) --> 98.137.170.32
Process iexplore.exe (916) connected on port 443 (HTTP over SSL) --> 131.253.61.68
Process iexplore.exe (916) connected on port 443 (HTTP over SSL) --> 216.58.216.66
Process iexplore.exe (916) connected on port 443 (HTTP over SSL) --> 216.58.216.66
Process iexplore.exe (916) connected on port 443 (HTTP over SSL) --> 216.58.216.98
Process iexplore.exe (916) connected on port 443 (HTTP over SSL) --> 216.58.216.98
Process iexplore.exe (916) connected on port 443 (HTTP over SSL) --> 204.79.197.200
Process iexplore.exe (916) connected on port 443 (HTTP over SSL) --> 208.71.44.31
Process iexplore.exe (916) connected on port 443 (HTTP over SSL) --> 208.71.44.31
Process iexplore.exe (916) connected on port 443 (HTTP over SSL) --> 54.192.143.63
Process iexplore.exe (916) connected on port 80 (HTTP) --> 104.80.88.115
Process iexplore.exe (916) connected on port 80 (HTTP) --> 104.80.88.115
Process iexplore.exe (916) connected on port 443 (HTTP over SSL) --> 208.71.44.31
Process iexplore.exe (916) connected on port 443 (HTTP over SSL) --> 208.71.44.31
Process iexplore.exe (916) connected on port 443 (HTTP over SSL) --> 172.217.4.97
Process iexplore.exe (916) connected on port 443 (HTTP over SSL) --> 172.217.4.97
Process iexplore.exe (916) connected on port 443 (HTTP over SSL) --> 172.217.4.97
Process iexplore.exe (916) connected on port 443 (HTTP over SSL) --> 98.136.223.38
Process iexplore.exe (916) connected on port 443 (HTTP over SSL) --> 98.136.223.38
Process iexplore.exe (916) connected on port 443 (HTTP over SSL) --> 216.115.100.124
Process iexplore.exe (916) connected on port 443 (HTTP over SSL) --> 208.71.45.91
Process iexplore.exe (916) connected on port 443 (HTTP over SSL) --> 208.71.45.91
Process iexplore.exe (916) connected on port 443 (HTTP over SSL) --> 208.71.45.91
Process iexplore.exe (916) connected on port 443 (HTTP over SSL) --> 208.71.45.91
Process iexplore.exe (916) connected on port 443 (HTTP over SSL) --> 208.71.45.91
Process iexplore.exe (916) connected on port 443 (HTTP over SSL) --> 208.71.45.91
Process iexplore.exe (916) connected on port 443 (HTTP over SSL) --> 216.115.100.124
Process iexplore.exe (916) connected on port 443 (HTTP over SSL) --> 216.115.100.124
Process iexplore.exe (916) connected on port 443 (HTTP over SSL) --> 52.33.58.61
Process iexplore.exe (916) connected on port 443 (HTTP over SSL) --> 52.33.58.61
Process iexplore.exe (916) connected on port 80 (HTTP) --> 199.101.114.72
Process iexplore.exe (916) connected on port 80 (HTTP) --> 199.101.114.72
Process iexplore.exe (916) connected on port 80 (HTTP) --> 31.13.76.107
Process iexplore.exe (916) connected on port 80 (HTTP) --> 31.13.76.107
Process iexplore.exe (916) connected on port 80 (HTTP) --> 192.229.210.142
Process iexplore.exe (916) connected on port 80 (HTTP) --> 216.58.192.226
Process iexplore.exe (916) connected on port 80 (HTTP) --> 216.58.192.226
Process iexplore.exe (916) connected on port 80 (HTTP) --> 63.140.35.161
Process iexplore.exe (916) connected on port 80 (HTTP) --> 172.217.6.14
Process iexplore.exe (916) connected on port 80 (HTTP) --> 172.217.6.14
Process iexplore.exe (916) connected on port 443 (HTTP over SSL) --> 216.58.192.226
Process iexplore.exe (916) connected on port 443 (HTTP over SSL) --> 72.21.81.200
Process avp.exe (1964) connected on port 443 (HTTP over SSL) --> 213.155.156.77
Process ksde.exe (3452) connected on port 443 (HTTP over SSL) --> 213.155.156.80
Process chrome.exe (10104) connected on port 5228 --> 173.194.196.188
Process chrome.exe (10104) connected on port 443 (HTTP over SSL) --> 104.109.165.83
Process chrome.exe (10104) connected on port 80 (HTTP) --> 104.80.88.115
Process chrome.exe (10104) connected on port 443 (HTTP over SSL) --> 173.194.198.100
Process chrome.exe (10104) connected on port 443 (HTTP over SSL) --> 172.217.6.10
Process chrome.exe (10104) connected on port 443 (HTTP over SSL) --> 216.58.192.237
Process chrome.exe (10104) connected on port 443 (HTTP over SSL) --> 173.241.244.199
Process chrome.exe (10104) connected on port 443 (HTTP over SSL) --> 216.58.192.162
Process chrome.exe (10104) connected on port 443 (HTTP over SSL) --> 172.217.4.97
Process chrome.exe (10104) connected on port 443 (HTTP over SSL) --> 216.58.216.78
Process chrome.exe (10104) connected on port 443 (HTTP over SSL) --> 216.58.192.131
Process chrome.exe (10104) connected on port 80 (HTTP) --> 172.217.6.8
Process chrome.exe (10104) connected on port 443 (HTTP over SSL) --> 192.229.163.25
Process chrome.exe (10104) connected on port 443 (HTTP over SSL) --> 172.217.5.100
Process chrome.exe (10104) connected on port 80 (HTTP) --> 54.192.140.193
Process chrome.exe (10104) connected on port 80 (HTTP) --> 23.49.138.37
Process chrome.exe (10104) connected on port 80 (HTTP) --> 23.49.138.37
Process chrome.exe (10104) connected on port 80 (HTTP) --> 54.192.141.28
Process chrome.exe (10104) connected on port 80 (HTTP) --> 216.58.192.230
Process chrome.exe (10104) connected on port 80 (HTTP) --> 216.58.192.230
Process chrome.exe (10104) connected on port 443 (HTTP over SSL) --> 216.58.216.70
Process chrome.exe (10104) connected on port 80 (HTTP) --> 72.21.206.140
Process chrome.exe (10104) connected on port 80 (HTTP) --> 216.58.192.230
Process chrome.exe (10104) connected on port 80 (HTTP) --> 216.58.192.230
Process chrome.exe (10104) connected on port 80 (HTTP) --> 199.59.150.44
Process chrome.exe (10104) connected on port 80 (HTTP) --> 199.59.150.44
Process chrome.exe (10104) connected on port 80 (HTTP) --> 172.217.6.6
Process chrome.exe (10104) connected on port 443 (HTTP over SSL) --> 172.217.6.2
Process chrome.exe (10104) connected on port 443 (HTTP over SSL) --> 199.16.157.105
Process chrome.exe (10104) connected on port 443 (HTTP over SSL) --> 199.59.150.42
Process chrome.exe (10104) connected on port 443 (HTTP over SSL) --> 172.217.4.110
Process chrome.exe (10104) connected on port 80 (HTTP) --> 107.178.243.85
Process chrome.exe (10104) connected on port 443 (HTTP over SSL) --> 216.58.216.66
Process chrome.exe (10104) connected on port 443 (HTTP over SSL) --> 216.58.192.238
Process chrome.exe (10104) connected on port 80 (HTTP) --> 107.178.243.85
Process chrome.exe (10104) connected on port 80 (HTTP) --> 107.178.243.85
Process chrome.exe (10104) connected on port 443 (HTTP over SSL) --> 216.58.192.206
Process chrome.exe (10104) connected on port 443 (HTTP over SSL) --> 173.194.198.100
Process chrome.exe (10104) connected on port 443 (HTTP over SSL) --> 216.58.216.110
 
 
 
Autoruns and critical files
---------------------------
             Adobe Version Cue CS3                   C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe
            AcroTray - Adobe Acrobat Distiller help  C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
            Akamai NetSession Client                 C:\Users\Suzanne\AppData\Local\Akamai\netsession_win.exe
            Bing Desktop                             C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe
            Box Edit                                 C:\Users\Suzanne\AppData\Local\Box\Box Edit\Box Edit.exe
            Box Local Com Service                    C:\Users\Suzanne\AppData\Local\Box\Box Local Com Server\Box Local Com Service.exe
            CommonSDK                                C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe
            Dell System Manager                      C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
            Google Update                            C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
            Google Update                            C:\Users\Suzanne\AppData\Local\Google\Update\GoogleUpdate.exe
            Java Platform SE Auto Updater            C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
            Logitech Camera Software                 C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
            LogMeIn                                  C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
            Microsoft OneNote                        C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
            Microsoft® Windows® Operating System     C:\Windows\system32\PhotoScreensaver.scr
            Microsoft® Windows® Operating System     C:\Windows\system32\userinit.exe
            PowerDVD Language Application            C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe
            PowerDVD RC Service                      C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
            PowerReg                                 C:\Program Files (x86)\Logitech\Ereg\eReg.exe
            Quicken for Windows                      C:\Program Files (x86)\Quicken\bagent.exe
            RAID Event Monitor                       C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
            SMax4PNP Application                     C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
 
 
Browser plugins
---------------
            Adobe PDF Toolbar for IE                 c:\program files (x86)\adobe\acrobat 8.0\acrobat\acroiefavclient.dll
            Bing Bar                                 c:\program files (x86)\microsoft\bingbar\7.3.124.0\bingext.dll
            Bitdefender QuickScan                    C:\Windows\Downloaded Program Files\qsax.dll
            Bonjour                                  C:\Program Files (x86)\Bonjour\mdnsNSP.dll
            Bonjour                                  C:\Program Files\Bonjour\mdnsNSP.dll
            ChromeLogMeIn.dll                        C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\omkjapkpkiciphacnalicgmmcelfolon\1.0.0.1037_0\ChromeLogMeIn.dll
            Citrix Online Web Deployment Plugin 1.0  C:\Users\Suzanne\AppData\Local\Citrix\Plugins\104\npappdetector.dll
            Google Earth Plugin                      C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
            Google Update                            C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll
            Google Update                            C:\Users\Suzanne\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll
            InstallShield Update Service             C:\Windows\Downloaded Program Files\isusweb.dll
            Internet Explorer                        c:\windows\syswow64\ieframe.dll
            Java Deployment Toolkit 8.0.1120.15      C:\Program Files (x86)\Java\jre1.8.0_112\bin\dtplugin\npDeployJava1.dll
            Java™ Platform SE 8 U112              C:\Program Files (x86)\Java\jre1.8.0_112\bin\jp2ssv.dll
            Java™ Platform SE 8 U112              C:\Program Files (x86)\Java\jre1.8.0_112\bin\plugin2\npjp2.dll
            Java™ Platform SE 8 U112              c:\program files (x86)\java\jre1.8.0_112\bin\ssv.dll
            LMIGuardianDll                           C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\omkjapkpkiciphacnalicgmmcelfolon\1.0.0.1037_0\LMIGuardianDll.dll
            LMIGuardianEvt                           C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\omkjapkpkiciphacnalicgmmcelfolon\1.0.0.1037_0\LMIGuardianEvt.dll
            LMIGuardianSvc                           C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\omkjapkpkiciphacnalicgmmcelfolon\1.0.0.1037_0\LMIGuardian.exe
            LMIGuardianSvc                           C:\Windows\Downloaded Program Files\LMIGuardian.exe
            LMIProxyHelper.exe                       C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\omkjapkpkiciphacnalicgmmcelfolon\1.0.0.1037_0\LMIProxyHelper.exe
            LogMeIn, Inc. Remote Access Components   C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\omkjapkpkiciphacnalicgmmcelfolon\1.0.0.1037_0\avutil-51.dll
            LogMeIn, Inc. Remote Access Components   C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\omkjapkpkiciphacnalicgmmcelfolon\1.0.0.1037_0\swscale-2.dll
            LogMeIn, Inc. Remote Access Components   C:\Windows\Downloaded Program Files\LMIBroker.exe
            Microsoft Office 2010                    C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL
            Microsoft Office 2016                    C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL
            Microsoft® CoReXT                        c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll
            Microsoft® CoReXT                        C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
            Microsoft® CoReXT                        C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
            Microsoft® Windows® Operating System     C:\Windows\system32\mswsock.dll
            Microsoft® Windows® Operating System     C:\Windows\System32\nlaapi.dll
            NVIDIA 3D Vision                         C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
            NVIDIA 3D VISION                         C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
            Photo Gallery                            C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
            RACtrl.dll                               C:\Windows\Downloaded Program Files\RACtrl.dll
            ractrlkeyhook.dll                        C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\omkjapkpkiciphacnalicgmmcelfolon\1.0.0.1037_0\ractrlkeyhook.dll
            Silverlight Plug-In                      C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll
(verified)  Microsoft® Windows® Operating System     C:\Windows\system32\napinsp.dll
(verified)  Microsoft® Windows® Operating System     C:\Windows\system32\pnrpnsp.dll
(verified)  Microsoft® Windows® Operating System     C:\Windows\System32\winrnr.dll
 
 
Scan
----
MD5: ff29e3fb75e7726ee002b65a9f2d4a6e  c:\program files (x86)\adobe\acrobat 8.0\acrobat\acroiefavclient.dll
MD5: 4a0bbdf88636f2ef08420bdcd343d286  C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
MD5: de519c164f3300d83f4efb4a23dad2ac  C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\adobe_epic.dll
MD5: 4970cda5fc955a8a0b6eaee92bbd22ab  C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\adobe_pcd.dll
MD5: 3fb0f47b4c0c048ee97b0e2b4ff9c67d  C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\adobe_personalization.dll
MD5: 4b88bd98983a2cd9be90f368b4f59f0a  C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\asneu.dll
MD5: 6f2e09108202e5eb008c69488fafd27c  C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\FNP_Act_Installer.dll
MD5: e8ef46e036a0a01f175b013da4537e15  C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
MD5: b408667c864e727fb4ad8522c10415c9  C:\Program Files (x86)\Analog Devices\Core\smwdmif.dll
MD5: f6d02735de16705c1ebe6429592cd355  C:\Program Files (x86)\Bonjour\mdnsNSP.dll
MD5: 14c23516c990dcd6052152cf034dde40  C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
MD5: c1873d880786b6b03af781e23835d925  C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe
MD5: 3ea46664a508b5f40451d37260b27761  C:\Program Files (x86)\Common Files\ArcGIS\bin\ArcGISCacheMgr.exe
MD5: fd5cabbe52272bd76007b68186ebaf00  C:\Program Files (x86)\Common Files\ArcGIS\bin\MSVCP120.dll
MD5: 034ccadc1c073e4216e9466b720f9849  C:\Program Files (x86)\Common Files\ArcGIS\bin\MSVCR120.dll
MD5: c0ead9f8ab83d41ff07303c75589c2b8  C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
MD5: d59ac27a725cce9d80eb865bf075dd26  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
MD5: 902054d6b4292329f9594fff24ee02db  C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe
MD5: 280c7e63290b46532114799e596a39fa  C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManagerPS.dll
MD5: aebe8f338432f9de5ae0cae4d4baed76  C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
MD5: 73776f184c2ca18e0b1f4a4f4f725b32  C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\CameraControls_Core.dll
MD5: 1f3a00ea7405bdf4b9f93fccd427cce0  C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\CameraControlsUI.dll
MD5: cf7b0dc42301e4578793ecbd5139c4bb  C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\CameraHelperUI.dll
MD5: 9d004e43665a048478dcd615be43c25d  C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MD5: 7585f996503ad999ea1c6e4283b9af02  C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\VFXCore.dll
MD5: 722303f713f64e2ce02c04a817cb11d2  C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\VideoEffects.dll
MD5: c7d86c2d1b9ff1db41dd12aa068d25a4  C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\HelpMain\Main_Help.dll
MD5: b036ba28dac35bc9d4845023e8043cd6  C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
MD5: 63511820a101c1c5db95b9ecffeda089  C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
MD5: e527fac0ec3aa363c09c2e0ad13bc882  c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll
MD5: 4355cf8bd07b0e48c111fc3d2f36d313  C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
MD5: 3c957189b31c34d3ad21967b12b6aed7  C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
MD5: 2b73088cc2ca757a172b425c9398e5bc  C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
MD5: a7749965a3923d024922a86baaecaff4  C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe
MD5: 7731f46ec0d687a931cba063e8f90ef0  C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
MD5: 5ce3d0e1d1b3832ee052cfc442eee0fa  C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
MD5: 652b4e6919ab957e202057fd60d1b42a  C:\Program Files (x86)\CyberLink\PowerDVD9\CLRCEngine3.dll
MD5: 38dd8c528516755c37619db364826055  C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe
MD5: 1020c0c4bac624daf56712ea6d5865ce  C:\Program Files (x86)\CyberLink\PowerDVD9\MSVCR71.dll
MD5: f5fba8724de219e96d9abaf4772d31a3  C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
MD5: 073b9d80f013e1b10c70c4660859a407  C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
MD5: 58332c83c4a329a744b0b98f934934bb  C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
MD5: 3ee8ae0ecfe5d79de1737a855ad1e84c  C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll
MD5: dd7423abbe2913e70d50e9318ad57ee4  C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
MD5: 02f1253476b7f5f818364443dfed3264  C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
MD5: d1e9cb573a9edf7be12e9c57f32e97f7  C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
MD5: c0ce1fd30ce222852a061207a579a6fc  C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\ENU\IAAMon_ENU.dll
MD5: f8ba8a317b5675629854fc9700f8af6d  C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\ENU\PlugInRAID_ENU.dll
MD5: 0b1b7568ced61abf5fd717f28175c96a  C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
MD5: 0e899d0db39617aa0b2f992e7e95b5eb  C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
MD5: 5621d03adc16eade46d2242c39e1a99c  C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\ISDI.dll
MD5: 363f96ba6ac6a3522977fb6caaa0b94c  C:\Program Files (x86)\Internet Explorer\ieproxy.dll
MD5: c4661dad2cc20b2529e9436a308806a2  C:\Program Files (x86)\Internet Explorer\IEShims.dll
MD5: 7af9a81331124a275bc06850eafba703  C:\Program Files (x86)\Internet Explorer\iexplore.exe
MD5: f2fbfed7fe87b059115777143bae4fa7  C:\Program Files (x86)\Internet Explorer\sqmapi.dll
MD5: 3828330c7eb197e96c638d54a2e083bf  C:\Program Files (x86)\Java\jre1.8.0_112\bin\dtplugin\npDeployJava1.dll
MD5: 171f9247fdf666fd0b50719a4e082f07  C:\Program Files (x86)\Java\jre1.8.0_112\bin\jp2ssv.dll
MD5: bf38660a9125935658cfa3e53fdc7d65  C:\Program Files (x86)\Java\jre1.8.0_112\bin\msvcr100.dll
MD5: 6090344bb3c5a1b9f2b871c46804196e  C:\Program Files (x86)\Java\jre1.8.0_112\bin\plugin2\npjp2.dll
MD5: 148bad1859eb2dfa14c0c91011c31650  c:\program files (x86)\java\jre1.8.0_112\bin\ssv.dll
MD5: 8c8632aa45a1f765966ff9b0474f8881  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\app_core_legacy.dll
MD5: f4e105951d21c7d2bbe78b3fe79c067b  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\avpmain.dll
MD5: 0b52ca78ebe7c885d64116eab5253ba1  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\avpservice.dll
MD5: a1ade15399130ef0f6ec19e34d79bfca  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\bl_ksde.ppl
MD5: c47009fe6f9587b6930bda60142786b4  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\cbi.dll
MD5: 6a8ed00602e4d612939c5528b6923419  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\crypto_ssl.dll
MD5: 57579fb647d45f6287d2c78bf3ce7a23  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\dblite.dll
MD5: 797b68fbf17fac2ee57c157232354aca  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\dtreg.ppl
MD5: 45a916a97a898d9ba9f5f30658cb33ef  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\DumpWriter.dll
MD5: 43747bbe5addf23aa8f3067cb4f393f2  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\instrumental_services.dll
MD5: d4ff6ae1c7fed7e6b7b14b8e309bf4f9  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\kl_service.DLL
MD5: eff5ea6088db81c6ef6edcda5ee79909  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe
MD5: bdb3d8437752ebcd11db04082b1fe8a5  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe
MD5: 33c915a6fc6c40176584449843e1131b  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeuimain.dll
MD5: 0a8a67b428b54f09fcfe2b2b57e4ca17  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksn_facade.dll
MD5: bc83108b18756547013ed443b8cdb31b  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\MSVCP100.dll
MD5: 0e37fbfa79d349d672456923ec5fbbe3  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\MSVCR100.dll
MD5: 75952ca68d43cda2fc5e20b40a835900  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ndetect.ppl
MD5: 4617aebe63af12fbd30675086875dcb4  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\nfio.ppl
MD5: f58c31930cfcaaaf7e6e9627a003ec2e  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\params.ppl
MD5: 364d27249ae0e407f9383157c2d831ad  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\prcore.dll
MD5: 7b4e3f4f5fcc3b78e8d234746a82a666  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\product_info.dll
MD5: 1e4136cdd53dfe99a7f6eeaeaef529b2  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\product_metainfo.dll
MD5: d37ddc1c27c0eec0e9e500d7008e02d9  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\propmap.ppl
MD5: b46182c07a118af8898bc68fd1bc4ba1  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\prremote.DLL
MD5: d300d4ec0122214965f15202af7c7aee  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\pxstub.ppl
MD5: 56a379c81e560a3936b3dcaf7252b339  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\regmap.ppl
MD5: e14b2d6a1af563a468dfda58b75c0dda  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\reportdb.ppl
MD5: b8c44e0e00d241a8ad6b08c01099626d  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\schedule.ppl
MD5: 233dfe39942e7e68ee80e4fc9484aeed  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\storage.dll
MD5: 8fb5e25f72cbc5d5726d0f0264bb73bf  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\thpimpl.ppl
MD5: a97242d28ae6a1e58be47790a397dc92  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\timer.ppl
MD5: 4020c5d669020cf5f6a03a80eb47de96  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\tm.ppl
MD5: 953c7e3c120adcfe06a0fee2a52c6b37  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ucp_agent.dll
MD5: 0c99ccb4563a6e4fed05f4e5ea0fdda7  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ushata.dll
MD5: cd51fe428282db6d916aac46ef3a40ce  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\winreg.ppl
MD5: 03b45c52179e8dae51a0f685c30d06d6  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avp.exe
MD5: e14f3c1c1833a0bb3b639d1bd5f55bf5  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avpui.exe
MD5: 48b4e14571bea9ebefbf44d01dce24b7  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\inproc_agent.dll
MD5: d4ff6ae1c7fed7e6b7b14b8e309bf4f9  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\kl_service.dll
MD5: bc83108b18756547013ed443b8cdb31b  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\MSVCP100.dll
MD5: 0e37fbfa79d349d672456923ec5fbbe3  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\MSVCR100.dll
MD5: f58c31930cfcaaaf7e6e9627a003ec2e  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\params.ppl
MD5: d78f94ac95bb8c877452c670e7134a6b  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\plugins_meta.dll
MD5: 364d27249ae0e407f9383157c2d831ad  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\prcore.dll
MD5: 654ec0f4d63c5a48623b62674346a129  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\product_info.dll
MD5: 1e4136cdd53dfe99a7f6eeaeaef529b2  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\product_metainfo.dll
MD5: b46182c07a118af8898bc68fd1bc4ba1  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\prremote.dll
MD5: d300d4ec0122214965f15202af7c7aee  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\pxstub.ppl
MD5: 5d08f9eddea96fd74bf99b5c1398ff9c  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\remote_eka_prague_loader.dll
MD5: d7f0b46844565e2ed68ac99af0f4263f  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\vssbridge64.exe
MD5: 5512238db69736055565e6f5de62574a  C:\Program Files (x86)\Logitech\Ereg\eReg.exe
MD5: 550b8cb98a8fa1d7a1a7371055a38dda  C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MD5: b993d86c9b667e947e855cd9b868b91d  C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
MD5: 8ea841d06e423d0d26547e41c64782d4  C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
MD5: a2418d3c557c0a0c634da713a8ac3789  C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
MD5: 0dcc8d11d9693a499596b0d52a495c29  C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
MD5: 546292c8eca0664287a87f9875a17557  C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
MD5: e51657b59cfa340fefddc12d6988a789  C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
MD5: ecd02c1a449d198811421a6d32f14f1a  C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
MD5: d3760bc17e1755091b7120cf32dbf56b  C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
MD5: 223a96bac91792e1a954bfeb49fbe02c  C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
MD5: 0f28935ecf1fbdec22baf720a5a94564  C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
MD5: 35134f90976facd077dca990afa06a9f  C:\Program Files (x86)\Microsoft Office\Root\Office16\1033\ONINTL.DLL
MD5: f2b47e94f55c3ad9062edd869e8af456  C:\Program Files (x86)\Microsoft Office\root\Office16\MSOHEV.DLL
MD5: e1e253d02bc8bcb302d246d8d41467b2  C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL
MD5: a84a7275b5bb2975b038b58fb1d51ed6  C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
MD5: 3bf8a9a5dc0459fb35bdaad24e4a1933  C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL
MD5: cddae185ace26369b2dc18d494baf018  C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll
MD5: f2e8cefc8cf4d6454f4121c5ff93136a  C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.exe
MD5: 51c123a2f833440a24878756d114f8c1  c:\program files (x86)\microsoft\bingbar\7.3.124.0\bingext.dll
MD5: 6e1bcc590c9d30fee8fc14dbd053ce94  C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.EXE
MD5: 30ee672ad2c53bfb7dd4be6993b07c71  C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe
MD5: 9bf7ed72685e81bf8763b1585d40c57f  C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
MD5: e42d560e2163480e7b586b14abeb3386  C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
MD5: 3de0b45d32cd757c99e6e526fe2dc4a6  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
MD5: 08c60b6cce998a06120dbb3cc3de95d2  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
MD5: 40379b224da646778048e62a24e05d63  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPI.dll
MD5: c34dc8be844a286ba824a6d3322a7328  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
MD5: 6b67dcccf79dd3595275ccfaf3d6e9e0  C:\Program Files (x86)\Quicken\bagent.exe
MD5: 683f16b716b677f07ce3e193a0a88a1b  C:\Program Files (x86)\RosettaStoneLtdServices\ActivationDaemonPlugin.DLL
MD5: 53d78d468902a0c0c610fb1247486bb0  C:\Program Files (x86)\RosettaStoneLtdServices\DataInstaller.dll
MD5: c3c19376829c964677b7411c46e3b713  C:\Program Files (x86)\RosettaStoneLtdServices\DataInstallerDaemonPlugin.DLL
MD5: 56ca5011b792347dd808107bfa5ccedd  C:\Program Files (x86)\RosettaStoneLtdServices\FNInterface.dll
MD5: 59ef0e75e8cff14befa264dec72f736a  C:\Program Files (x86)\RosettaStoneLtdServices\FNP_Act_Installer.dll
MD5: 69fa4f98b801a936b5828237aa0a6a6d  C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.DLL
MD5: cc465ecbc1700b2d91e152ed9165994a  C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
MD5: f201517e55e724b4f81e876711583863  C:\Program Files (x86)\RosettaStoneLtdServices\SREDaemonPlugin.DLL
MD5: f3aab7df6408431c762d8721b68f46e4  C:\Program Files (x86)\Skype\Updater\Updater.exe
MD5: 2b2687d326eb5bb5c367473e033bbeec  C:\Program Files (x86)\Windows Defender\MpOav.dll
MD5: 7b4c82899a967a7eb22dab502770ae8e  C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
MD5: f0e80e561c3f715db01accc97b72463a  C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
MD5: 83a6c2cafe236652d1559640594a0ea8  C:\Program Files (x86)\WinPcap\rpcapd.exe
MD5: eaaa2b83c4764fdcfbee4a4d6546de92  C:\Program Files\Bonjour\mdnsNSP.dll
MD5: b5c2f92ee1106dfe7bb1cce4d35b6037  C:\Program Files\Bonjour\mDNSResponder.exe
MD5: 885888f8aad89108a5ee2d0174690220  C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
MD5: 365bfa8d4884a562643db3773a1a85ca  C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
MD5: 2ffc3a679cf4ff05aa762e2b8d095574  C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
MD5: fe9c0029e1af26350d9985d00520e5c8  C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
MD5: af528b4eca925f63d437f76e87d8971d  C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
MD5: 357cabbf155afd1d3926e62539d2a3a7  C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
MD5: f3d951071c624137430fe65a67541ef9  C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe
MD5: 347d6407c90c0b6ac82f8249eba9a482  C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
MD5: d544030dae030f6b0d1da332c8171fa8  C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
MD5: 230bfb96a86ab29da6deb234f8985d34  c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
MD5: d7ac4ac6e9ef75937c4f4313330e41c6  C:\Program Files\Dell\Dell System Manager\PanelHelper32.exe
MD5: 16a6d49e7698fc6f1730d3ff9f5561a8  C:\Program Files\iPod\bin\iPodService.exe
MD5: 461ade40b800ae80a40985594e1ac236  C:\Program Files\RDP Wrapper\rdpwrap.dll
MD5: 7cbb1d4d13dc62d7f529d87151fd3cd3  C:\Program Files\Windows Defender\mpsvc.dll
MD5: a9f3bfc9345f49614d5859ec95b9e994  C:\Program Files\Windows Media Player\wmpnetwk.exe
MD5: e379d58e382465c29ca595f7c383e150  C:\ProgramData\Kaspersky Lab\AVP17.0.0\Bases\klsihk.dll
MD5: f2ad1b265908797f8a5e21e0312f2f25  C:\Users\Suzanne\AppData\Local\Akamai\netsession_win.exe
MD5: 765f9b74d067fcf50fca516eb443011b  C:\Users\Suzanne\AppData\Local\Box\Box Edit\Box Edit.exe
MD5: 7b1573aae21fc7d48efd1f65ee8055b9  C:\Users\Suzanne\AppData\Local\Box\Box Local Com Server\Box Local Com Service.exe
MD5: e3b4ea121f7bdeb0f6366e2ba9608cb5  C:\Users\Suzanne\AppData\Local\Citrix\Plugins\104\npappdetector.dll
MD5: 00c36ae47c7e16937834705dda03ef7e  C:\Users\Suzanne\AppData\Local\Google\Chrome\Application\54.0.2840.71\chrome.dll
MD5: 6848d69d5550119ed5e5df9b334b6537  C:\Users\Suzanne\AppData\Local\Google\Chrome\Application\54.0.2840.71\chrome_child.dll
MD5: c4b3022907fb6c0748df860dde1e9ee9  C:\Users\Suzanne\AppData\Local\Google\Chrome\Application\54.0.2840.71\chrome_elf.dll
MD5: 02e034cd47aa9a633f6aaef348dbbba0  C:\Users\Suzanne\AppData\Local\Google\Chrome\Application\54.0.2840.71\D3DCompiler_47.dll
MD5: 98a53cfa1945b99656db4332d89c9328  C:\Users\Suzanne\AppData\Local\Google\Chrome\Application\54.0.2840.71\libegl.dll
MD5: d1df316e69e13e0911ed19c80e8500c8  C:\Users\Suzanne\AppData\Local\Google\Chrome\Application\54.0.2840.71\libglesv2.dll
MD5: d07d7bc13e6c433593eb476a3bef99e8  C:\Users\Suzanne\AppData\Local\Google\Chrome\Application\chrome.exe
MD5: 61ea514986dc85e82893325b94e4fb96  C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\omkjapkpkiciphacnalicgmmcelfolon\1.0.0.1037_0\avutil-51.dll
MD5: d7ddaa380b2dc9d37294231221255035  C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\omkjapkpkiciphacnalicgmmcelfolon\1.0.0.1037_0\ChromeLogMeIn.dll
MD5: 5d61f11a02265b72c6ed8ce41ccf327a  C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\omkjapkpkiciphacnalicgmmcelfolon\1.0.0.1037_0\LMIGuardian.exe
MD5: 99d08e4430b1b1e221331cd65ee19375  C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\omkjapkpkiciphacnalicgmmcelfolon\1.0.0.1037_0\LMIGuardianDll.dll
MD5: ebe162d491d698f27c6af8891aa737ab  C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\omkjapkpkiciphacnalicgmmcelfolon\1.0.0.1037_0\LMIGuardianEvt.dll
MD5: c7e11a530a596edda78948bc2d729f3a  C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\omkjapkpkiciphacnalicgmmcelfolon\1.0.0.1037_0\ractrlkeyhook.dll
MD5: d7f3db0454889ad2827e500b09cebaec  C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\omkjapkpkiciphacnalicgmmcelfolon\1.0.0.1037_0\swscale-2.dll
MD5: 3ee8ae0ecfe5d79de1737a855ad1e84c  C:\Users\Suzanne\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll
MD5: dd7423abbe2913e70d50e9318ad57ee4  C:\Users\Suzanne\AppData\Local\Google\Update\GoogleUpdate.exe
MD5: 8248cae69ef9baff2bf7ea84a0d5128e  C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\affcb83bba04f782c2586a1788330891\mscorlib.ni.dll
MD5: 26f24b0fab44b411bea252e1642ef7c1  C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\7ab1680c39bc1c41f147f78cbe0db0f2\PresentationFramework.Aero.ni.dll
MD5: d06d3c58849ea6ce295b37b3613aa743  C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\f96faf473ed69af52095444a4e9d581e\PresentationFramework-SystemXml.ni.dll
MD5: f292568366b09f12d88c96bf294efb80  C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\850b1b2f3ba808cabfaa84b4703213cb\PresentationFramework.ni.dll
MD5: 3cbe0d84a1f85a1f301128b4edfcc549  C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\86d8696483cc81f030d41061c629fa41\PresentationCore.ni.dll
MD5: 461f4d22d22975e5e418c97b5fa9d27c  C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\32b270a7b4daf4731cf1c36ecd660297\SMDiagnostics.ni.dll
MD5: 2b2861900777e502eca812097fca35ad  C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\6b3bc806e6d6a2c73c6d9f1429395698\System.Configuration.ni.dll
MD5: a6cbb834a3c76530087eccb5e8aa8c51  C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\a57805cc2d492d82e327b83ab24fad62\System.Core.ni.dll
MD5: 11db4abea69e9da5b998f835f456c4f9  C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\24e2acca9a146b2ed3b28e52c7aeab31\System.Data.ni.dll
MD5: 25a94ccf77067284881a8e57165113ff  C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\48453ce4573683172752f7fdc00f8820\System.Drawing.ni.dll
MD5: a8c4eb4cd60b43ef717de826dbf0effa  C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\f8271755b1dde51c6fd403c7f03c89aa\System.Numerics.ni.dll
MD5: ad201b54a15362b81eb67c1286983bdc  C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\ffbd00c458124054f2049e9a25a7cca8\System.Runtime.Serialization.ni.dll
MD5: d74f3a6a05bfd515123d7ab7242069f2  C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\779476f7b8e5cf194303e03c06653cc1\System.ServiceProcess.ni.dll
MD5: e667628e392570414ab35f9a071e4a08  C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\e2ab3c1c7be8727fb1f36945861e780b\System.ServiceModel.Internals.ni.dll
MD5: 515ccd86560d0d4590e7d2cfe51d83c8  C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\458817680c33d8cdf0e033cd65772906\System.Web.ni.dll
MD5: d2d3210727cb85e94502d15a0d6abf1b  C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\7b437291b260f008653ebc86553ab462\System.Windows.Forms.ni.dll
MD5: 9f420c4d95f6b25f890350d8520ff88c  C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\347ba862763b7e7c80bdef8764ae72dc\System.Xaml.ni.dll
MD5: caf98e927c477a6069ccc57ad6ee6b58  C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\71a060bc38158376f5e6dda8d62b6c7c\System.Xml.Linq.ni.dll
MD5: ddbaf127dd146968372826c9b3dceb3d  C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\36599a72e79974ff4c004c43df9fce2b\System.Xml.ni.dll
MD5: 0164f46ac064ce771fa1f1a47ab5fd40  C:\Windows\assembly\NativeImages_v4.0.30319_32\System\d03eb8a47500f40d5428f9c6875f8e56\System.ni.dll
MD5: 92dd4c529b003351694f98947f8b98c0  C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\4f0e851ac0426baeb8f222a120b7712a\UIAutomationTypes.ni.dll
MD5: 965ccac5493fb5b8ce33308e0094ff88  C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\778c4647568c87adb6930daa13e24b88\WindowsBase.ni.dll
MD5: 1245e33c050e61191059eaa33d9ce6c9  C:\Windows\Downloaded Program Files\isusweb.dll
MD5: d810e7ac8843479415c5de695c460c18  C:\Windows\Downloaded Program Files\LMIBroker.exe
MD5: ab9651b5f7cf1550a24dcfd8dcc7c7a6  C:\Windows\Downloaded Program Files\LMIGuardian.exe
MD5: 56940b50ab0e5923822f47b0e4463885  C:\Windows\Downloaded Program Files\qsax.dll
MD5: f33327ab75cac1f28649ef4fac430ecf  C:\Windows\Downloaded Program Files\RACtrl.dll
MD5: c4002b6b41975f057d98c439030cea07  C:\Windows\ehome\ehRecvr.exe
MD5: 38ae1b3c38faef56fe4907922f0385ba  C:\Windows\Explorer.exe
MD5: d71f700da358442d2b941b1112c15f22  C:\Windows\Microsoft.Net\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
MD5: b4d73f04e9bc076f7cdac4327df636bb  C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
MD5: c98a5b9d932430ad8eebd3ef73756ef7  C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
MD5: a8b7f3818ab65695e3a0bb3279f6dce6  C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
MD5: 660d597b7a78256734d7f3230b21b355  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
MD5: 1400c75ff021d6cface46ac41b60770e  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
MD5: 15cba881e10968e33b43d31be6097ba3  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
MD5: f13ec8a783e0cb0d6dc26a3ca848b7b8  C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
MD5: 6faa411f45271a95a8445a715f129b5e  C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
MD5: cb3111a9107c1048f501b4642dd7b403  C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
MD5: d4e0b7eb9e72ed2c1f61c2e7b6ae02e9  C:\Windows\Microsoft.NET\Framework\v4.0.30319\diasymreader.dll
MD5: bd460a85e005b5d22328f02944f476bc  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
MD5: ab4cd527befcc43ee441e6c50cce54c8  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
MD5: dad626cf7ed7df94c745c95d26822fad  C:\Windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
MD5: 998f21ec6f4e0aa355a1949d82d05cc1  C:\Windows\Microsoft.NET\Framework\v4.0.30319\webengine4.dll
MD5: f3d75515c2475cb2b4fea22f5ef77bfa  C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationNative_v0400.dll
MD5: fc184b997e98f3fbb6c3f5a90d027fee  C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\wpfgfx_v0400.dll
MD5: 773212b2aaa24c1e31f10246b15b276c  C:\Windows\servicing\TrustedInstaller.exe
MD5: 833e9fda58712b91b724accfba4dc50d  C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
MD5: 9dfaa1d0e66de6f2a34cc5d8c6cd701c  C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
MD5: e061bb4951619a71050d3dc9366a7def  C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
MD5: 7a19cddcc8eb92dd8fecd2bd41dda44e  C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
MD5: 09119fc84e679cddcde94966ff2f33ba  C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
MD5: d5f22be2feaa5a1b615777a7cea48008  C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
MD5: 765dad31d7fb062ae2054c64ca6a06bd  C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
MD5: 11a771fc68fb315ad3ddb1d73d4353ed  C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
MD5: 57b17fd79b22fff75f1e34b1b680383c  C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
MD5: b0fcce4a03d9a88c74b9aaccbd9b1082  C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
MD5: f05694d4217a79afb209c96f063b7f6a  C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
MD5: 2398dac8db9e3cc4f39a9551a38ac016  C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
MD5: 90691b43926eb821888a5b833f4b7c18  C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
MD5: 432cc3b0f1af171d26a89a447245573f  C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
MD5: 7c0b587166f3e255fb12d4bdc7a13ae8  C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
MD5: 83d00d9303375b674e6cfc4365321c72  C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
MD5: cbd13994585ab8cf8e31fc93f111aec1  C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
MD5: 06ea1fcebad959fa43343ab96362fb86  C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
MD5: 1f5d349c2b94dd19a7b2aa0375c57541  C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
MD5: 1b71e40632f1ecc1d1b7246387e5fc6a  C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
MD5: 4c8f1246a8ff193ae9b8b15b8c2a413a  C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
MD5: 8b6469a60ac366b9d8be25c81da3ba16  C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
MD5: d34ac714c338c2d4a3d98c5a4a81313f  C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
MD5: 4b93b739cc7a832556e4015d1a0cb51d  C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
MD5: ed1ec8a06a276d93f4f6c3af16d84a87  C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
MD5: c26542774a404ab01f2e8da047a82255  C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
MD5: 0164a6d40db37a37b2c6e155d19ecf73  C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
MD5: 1d70f80d1cfde11571054e56b45c15c2  C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
MD5: e35ddf92ba02262cfc249372b9aa3581  C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
MD5: 9ed828b9dd8730bb3ed86a5ca7f5ce73  C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
MD5: c6cbaacb8f1d8d1c9da89c1e9c21925b  C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
MD5: 6fbd1a01dde3fb1c0f11aa2e8ad84cba  C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
MD5: b187db76f494b64d90b4344dc4873bb5  C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
MD5: 522226c519cdd233360bf0ce80b0ceba  C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
MD5: e37ec711d51aaf9fd8570739ed8a1ac0  C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
MD5: bcbe1bd34aa5e3e585e8a186ece49fa0  C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
MD5: db9feff915f895be960e9d1d47639324  C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
MD5: b05d416f3162d1686914606e9c794997  C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
MD5: 924e2f51de0177d08aabab725421d70c  C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
MD5: 74126d3bed0e43de875b66c63c608f42  C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
MD5: d07f2e1ff3ca24a06adde429a0130e50  C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
MD5: 1d96a0d2ef83c6c1176806c02f96384a  C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
MD5: 0e9d1bce1bb8a5e25b505ce7b52cce74  C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
MD5: e5de5f75ff6739ac9aabbdd4740b22a9  C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
MD5: 3a2e6016ff209066f3129543660be0b5  C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
MD5: 6a13b4f3b3f575f1e24b877b9359aaba  C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
MD5: 49aca548b2423f1c67898e6ac719a9a6  C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
MD5: 1c60e09ca1c3a045bc4d367f67c915b7  C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
MD5: 60f4aefa103d421ea4a40e31409b4756  C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
MD5: 6951562dc4625eefc6eacd52ad165866  C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
MD5: 007863e45f25aa47a4c30d0930bbfd85  C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
MD5: fba9ac08297fa36fbb828e2f0c0f0e51  C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
MD5: d5afc3a476925ce740b7079d9bd2d269  C:\Windows\system32\apphelp.dll
MD5: b2aba92f93b3b1bd241ec284bbf53de1  C:\Windows\system32\AUDIOSES.DLL
MD5: e3d5e244807ad655787fcd25477cc1bc  C:\Windows\system32\bthprops.cpl
MD5: 7a6986dd659b96398a11af5173892715  C:\Windows\system32\Cabinet.dll
MD5: ad7b9c14083b52bc532fba5948342b98  C:\Windows\system32\cmd.exe
MD5: c614e69b6c89c1f3908a97d45cc31011  C:\Windows\system32\credssp.dll
MD5: e9bb0cd09da17c71fd1b9954d75aeef7  C:\Windows\system32\credui.dll
MD5: 8b51433ac5e699c1bb694f64778071b9  C:\Windows\system32\cryptnet.dll
MD5: d161cb594609d47c8e9b7599f3195e56  C:\Windows\system32\CRYPTSP.dll
MD5: 6f8e0d147e53d4ce2f4d975ab976e80a  C:\Windows\system32\cryptsvc.dll
MD5: 465bea35f7ed4a4a57686dea7ea10f47  C:\Windows\system32\cscapi.dll
MD5: 14800bd31701a5047ac3145bb1e698ae  C:\Windows\system32\d2d1.dll
MD5: 8098ed20e478cc1bcbb335fff6764ef2  C:\Windows\system32\D3D10Level9.dll
MD5: 6de66fe7c526637e74cd066461c7c871  C:\Windows\system32\d3d11.dll
MD5: 6ef5f3f18413c367195f06e503ab86a6  C:\Windows\system32\d3d9.dll
MD5: 53223b673a3fa2f9a4d1c31c8d3f6cd8  C:\Windows\system32\dbghelp.dll
MD5: 162d247e995eaebf3ef4289069e1111c  C:\Windows\system32\DEVRTL.dll
MD5: e9e01eb683c132f7fa27cd607b8a2b63  C:\Windows\system32\dhcpcore.dll
MD5: 81f6c1ae23b1c493d9e996c3103915d7  C:\Windows\system32\dhcpcsvc6.DLL
MD5: b40420876b9288e0a1c8cca8a84e5dc9  C:\Windows\system32\DNSAPI.dll
MD5: 52213d271f6804aaa44f57aefd2b778a  C:\Windows\system32\dwmapi.dll
MD5: 71683207cc0b8bf691bbb3c815ab50a7  C:\Windows\system32\DWrite.dll
MD5: d4f264fe23f8953d840904418220c15e  C:\Windows\system32\dxgi.dll
MD5: a9b552f2f039119661a388b986ef3dca  C:\Windows\system32\EVR.dll
MD5: 6ddca324434ffa506cf7dc4e51db7935  C:\Windows\system32\explorer.exe
MD5: 6ddba73dd781d6cc3cc5a2e8a3e99092  C:\Windows\system32\explorerframe.dll
MD5: f0d0e883ebbdc7615dc9edea0ffb2817  C:\Windows\System32\fwpuclnt.dll
MD5: fbe4e7975289230f84d9da2222448ac3  C:\Windows\system32\GPAPI.dll
MD5: f7b6e341f4b1947bec0e14eebe3c627e  C:\Windows\system32\IEADVPACK.DLL
MD5: 1ac745643b0ae02d72d1aa535a5893d2  C:\Windows\system32\IEFRAME.dll
MD5: 5619e8b473abf30f65994765f43eb727  C:\Windows\system32\IEUI.dll
MD5: 6eb0b7301e00f717bd68a742d1391faf  C:\Windows\system32\ImgUtil.dll
MD5: a6f09e5669d9a19035f6d942caa15882  C:\Windows\system32\IMM32.DLL
MD5: a90dc9abd65db1a8902f361103029952  C:\Windows\system32\IPHLPAPI.DLL
MD5: 9b8701a380cee1b05d651b4ed4048c8f  C:\Windows\system32\jsIntl.dll
MD5: a4c85f362ebb7815676f1cd9cfc5ba59  C:\Windows\system32\ksuser.dll
MD5: 8eb808138dee25ba53d331a14bfd39d8  C:\Windows\system32\MF.dll
MD5: 6211282edfb9577773ccfffa8d97ed67  C:\Windows\system32\MFPlat.DLL
MD5: 243974ec02f7ae49e4179c54624143ab  C:\Windows\System32\MMDevApi.dll
MD5: 7f8678c59f188528d60104e697c2361e  C:\Windows\system32\mscms.dll
MD5: d83947a58613e9091b4c9cc0f1546a8d  C:\Windows\system32\mscoree.dll
MD5: 45fb05f743e626d9e239e52602cea041  C:\Windows\system32\msctfui.dll
MD5: 4f564ad743b4eff167bfbd89359d383b  C:\Windows\system32\MSHTML.dll
MD5: 4278ac87e451c1964e935d3f22d9e6e0  C:\Windows\system32\MSHTMLMedia.dll
MD5: 804a445357c35467fd9eb025619860c0  C:\Windows\system32\msi.dll
MD5: 2b857fd18ba4b5be6409bd6ce79eb4bd  C:\Windows\system32\msiexec.exe
MD5: 7c135c38ec6586f7562cfbc184a514e2  C:\Windows\system32\msmpeg2vdec.dll
MD5: 159da5f654afeb91efbff9493e18a4a0  C:\Windows\system32\MSVCP140.dll
MD5: 856da04454a75cf6e7453d53cd90a29d  C:\Windows\system32\MSVCR120_CLR0400.dll
MD5: a88241c2a519afd2c99a40000f9113e6  C:\Windows\system32\mswsock.dll
MD5: 8007e4c5c9b40fb30f816f6e74284df1  C:\Windows\System32\msxml3.dll
MD5: 2032b7698a8dca5e157fd4ed153e9a76  C:\Windows\System32\msxml6.dll
MD5: 6f2b4ddc665655632af06c5a8cdf5673  C:\Windows\system32\ncrypt.dll
MD5: 2fca0d2c59a855c54bafa22aa329df0f  C:\Windows\system32\NETAPI32.dll
MD5: 20b3934db73eaba2b49b7177873cb81f  C:\Windows\system32\netutils.dll
MD5: fe48346938c1cdddf4e4097db9b99764  C:\Windows\System32\nlaapi.dll
MD5: 03f3b770dfbed6131653ceda8ca780f0  C:\Windows\system32\ntshrui.dll
MD5: ca8a4f4180caecdd92cfafe19690dc1c  C:\Windows\system32\nvapi.dll
MD5: fa4a4cc22bf68e050bf77f90226ba9fc  C:\Windows\system32\nvd3dum.dll
MD5: 9715bef30b2165d72f0f1e3db34a9b05  C:\Windows\system32\nvwgf2um.dll
MD5: 8e01332cc4b68bc6b5b7effe374442aa  C:\Windows\system32\OLEACC.DLL
MD5: 487f44b08efeaf5ad087878357b9403d  C:\Windows\system32\pdh.dll
MD5: 0ba4982fe2c21d3d4a68b81fb25474d7  C:\Windows\system32\PhotoScreensaver.scr
MD5: 414bba67a3ded1d28437eb66aeb8a720  C:\Windows\system32\pla.dll
MD5: 12c45e3cb6d65f73209549e2d02eca7a  C:\Windows\system32\PROPSYS.dll
MD5: dbc02d918fff1cad628acbe0c0eaa8e8  C:\Windows\system32\provsvc.dll
MD5: 5997d769cdb108390dcfaebf442bf816  C:\Windows\system32\RpcRtRemote.dll
MD5: 0915c4db6dbc3bb9e11b7ecbbe4b7159  C:\Windows\system32\rtutils.dll
MD5: 68ecca523ed760aafc03c5d587569859  C:\Windows\system32\samcli.dll
MD5: 795f356f6027fca3fd4ad5f3ccd904b7  C:\Windows\system32\SAMLIB.dll
MD5: 236f286e103fd44bd85fdd93097fd5dd  C:\Windows\system32\SearchIndexer.exe
MD5: c30573a3c216cb8205e94b9bdf8b428b  C:\Windows\system32\Secur32.dll
MD5: 4ae380f39a0032eab7dd953030b26d28  C:\Windows\system32\sessenv.dll
MD5: 2c4a87ca8c00e98efdcfa2e8ec9a3503  C:\Windows\System32\shdocvw.dll
MD5: 414da952a35bf5d50192e28263b40577  C:\Windows\System32\shsvcs.dll
MD5: 4b9e4ce667df26ada061aa81e9aa841d  C:\Windows\system32\SPFILEQ.dll
MD5: 5ccdcd40e732d54e0f7451ac66ac1c87  C:\Windows\system32\srvcli.dll
MD5: 919001d2bb17df06ca3f8ac16ad039f6  C:\Windows\system32\SXS.DLL
MD5: 6b140b1382f1fe04ba57b196aeb19725  C:\Windows\system32\T2EMBED.DLL
MD5: 613bf4820361543956909043a265c6ac  C:\Windows\System32\tapisrv.dll
MD5: 3df1d7da8c1493a5a00c0474323fef20  C:\Windows\system32\ucrtbase.DLL
MD5: 8b285bdab7735fdfb18e6f7122923b77  C:\Windows\System32\UIAnimation.dll
MD5: 61ac3efdfacfdd3f0f11dd4fd4044223  C:\Windows\system32\userinit.exe
MD5: b273e21b7afe74a36893d4076c70d39b  C:\Windows\system32\VCRUNTIME140.dll
MD5: cfc7d8289d2b5f3cf8d16e2db7f93d4a  C:\Windows\system32\wbem\fastprox.dll
MD5: 704314fd398c81d5f342caa5df7b7f21  C:\Windows\system32\wbemcomn.dll
MD5: 34eee0dfaadb4f691d6d5308a51315dc  C:\Windows\System32\wcncsvc.dll
MD5: dde994e9159497d0d5ab2cdf66d1ead6  C:\Windows\system32\wdi.dll
MD5: d205c24a9d069049fe2df2a1b38726a7  C:\Windows\system32\wdmaud.drv
MD5: dc54d7a40b6e18e5c7f592f836d163ff  C:\Windows\System32\webclnt.dll
MD5: cb52def1b1e1b9950f29548f2f19115a  C:\Windows\system32\webio.dll
MD5: 525b93b761dccb2d33a58ed603178228  C:\Windows\system32\windowscodecs.dll
MD5: ead314f2142162ae4de91355580f6607  C:\Windows\system32\winhttp.dll
MD5: d5aefad57c08349a4393d987df7c715d  C:\Windows\system32\WINMM.dll
MD5: 9e4b0e7472b4ceba9e17f440b8cb0ab8  C:\Windows\system32\WINSPOOL.DRV
MD5: fd67683fba9b2c4bb551780bd8846f64  C:\Windows\system32\WINSTA.dll
MD5: e5a4a1326a02f8e7b59e6c3270ce7202  C:\Windows\system32\wkscli.dll
MD5: 43c9cf6825cea58f1815b7c3dbbb385c  C:\Windows\System32\Wpc.dll
MD5: 8949a93520f7008c3b7ad320a0eea267  C:\Windows\system32\WsmSvc.dll
MD5: 6a6b2ee4565a178035be2a4ff6f2c968  C:\Windows\system32\WTSAPI32.dll
MD5: edf2a5e96bec469da3f64e9bdd386111  C:\Windows\system32\XmlLite.dll
MD5: b50ec01c850927644abedd32e19b45f4  C:\Windows\syswow64\advapi32.DLL
MD5: 6a13b4f3b3f575f1e24b877b9359aaba  C:\Windows\syswow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
MD5: 2e33dfd10f28f86c3fc40ee123cc3904  C:\Windows\syswow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
MD5: 1c60e09ca1c3a045bc4d367f67c915b7  C:\Windows\syswow64\api-ms-win-downlevel-ole32-l1-1-0.dll
MD5: 6951562dc4625eefc6eacd52ad165866  C:\Windows\syswow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
MD5: 589cbc4989f750e1da35625ab481cf43  C:\Windows\syswow64\api-ms-win-downlevel-user32-l1-1-0.dll
MD5: 3be0d923aa45a4dbe091c2d84f0b4fe7  C:\Windows\syswow64\api-ms-win-downlevel-version-l1-1-0.dll
MD5: 6b98026761228f913e9fa3f974920a20  C:\Windows\SysWOW64\bcryptprimitives.dll
MD5: f436e847fa799ecd75ad8c313673f450  C:\Windows\syswow64\CFGMGR32.dll
MD5: edb8f80672dbf24c6c522a29f5854f14  C:\Windows\SysWOW64\colorcnv.dll
MD5: d1de1eafde97be41cf6585027ff3e732  C:\Windows\syswow64\comdlg32.dll
MD5: b87cea4e4ac19b13026fb2026ce2adab  C:\Windows\syswow64\CRYPT32.dll
MD5: 1512b0d94f550d5dabd2fdbc7cba5b5b  C:\Windows\syswow64\CRYPTBASE.dll
MD5: 66eb4c814bf7bd76cf7cbc7f562234ba  C:\Windows\SysWOW64\devenum.dll
MD5: 2eeff4502f5e13b1bed4a04ccad64c08  C:\Windows\syswow64\DEVOBJ.dll
MD5: a9b552f2f039119661a388b986ef3dca  C:\Windows\SysWOW64\EVR.dll
MD5: 59e1493ea47eb958a4125da4e9a71c34  C:\Windows\syswow64\GDI32.dll
MD5: 1ac745643b0ae02d72d1aa535a5893d2  c:\windows\syswow64\ieframe.dll
MD5: f7bd5c949705d30eea3303f4f8a3c38e  C:\Windows\syswow64\iertutil.dll
MD5: e7b9d5ff20ffdd4aae2ef1d1b8c27a37  C:\Windows\syswow64\imagehlp.dll
MD5: a6f09e5669d9a19035f6d942caa15882  C:\Windows\syswow64\IMM32.dll
MD5: 5e670db58e98133ca56038f732a30955  C:\Windows\SysWOW64\jscript9.dll
MD5: 007f92891add2f4785abbd84966b51ef  C:\Windows\syswow64\kernel32.dll
MD5: d8ec0d7a9928c79777192a0738032186  C:\Windows\syswow64\KERNELBASE.dll
MD5: d5fee6bbf541655933c6c929505cece7  C:\Windows\syswow64\LPK.dll
MD5: 938f39b50bafe13d6f58c7790682c010  C:\Windows\syswow64\MSASN1.dll
MD5: 84b460bb65567ed42dd605fa044db370  C:\Windows\syswow64\MSCTF.dll
MD5: 7069aab8536f29ed7323140973a2894b  C:\Windows\SysWOW64\msdmo.dll
MD5: 7c135c38ec6586f7562cfbc184a514e2  C:\Windows\SysWOW64\msmpeg2vdec.dll
MD5: 913abcafea57db95e25397fc6166466d  C:\Windows\SysWOW64\msv1_0.DLL
MD5: 9dc80a8aaaaac397bdab3c67165a824e  C:\Windows\syswow64\msvcrt.dll
MD5: a99dc5055602563a57066b2252b574f1  C:\Windows\SysWOW64\ntdll.dll
MD5: e518b37f8c82a4320732352e4da9bf41  C:\Windows\syswow64\ole32.dll
MD5: 61b2a783334b96d790fed4b9554e23cd  C:\Windows\syswow64\OLEAUT32.dll
MD5: dc0fd519e8847eeeb5374ccec534fcf5  C:\Windows\syswow64\RPCRT4.dll
MD5: abb33f9bc14a4b37c5e6017d99e0fb91  C:\Windows\SysWOW64\schannel.dll
MD5: 65a5e27c2217d606e212b6088ccd6104  C:\Windows\SysWOW64\sechost.dll
MD5: 10fb16b50affda6d44588f3c445dc273  C:\Windows\syswow64\SETUPAPI.dll
MD5: abc113054366c0102f134d181162cb86  C:\Windows\syswow64\shell32.DLL
MD5: 8cc3c111d653e96f3ea1590891491d71  C:\Windows\syswow64\shlwapi.DLL
MD5: 6483297a4c78a4c6f4cc86c22f2c1d4c  C:\Windows\syswow64\SspiCli.dll
MD5: 03ad13543f3ede1e17d66f25adb80d2e  C:\Windows\syswow64\urlmon.dll
MD5: 0fbc0e335b65ee5a0175631237817510  C:\Windows\syswow64\user32.DLL
MD5: d15618a0ff8dbc2c5bf3726bacc75a0b  C:\Windows\syswow64\USERENV.dll
MD5: 3553707b119ad5aaf1f31bff5517a093  C:\Windows\syswow64\USP10.dll
MD5: 8637fc90a832686af8bef11231a17d42  C:\Windows\SysWOW64\wdigest.dll
MD5: 61677b630a8bf2c21391c21537facbe6  C:\Windows\syswow64\WININET.dll
MD5: bad7422556d0f387ffa49f9f983970db  C:\Windows\syswow64\WINTRUST.dll
MD5: a8bb45f9ecad993461e0fef8e2a99152  C:\Windows\syswow64\WLDAP32.dll
MD5: 59ea5753ebdae42cf92fd5b6e7ae4d53  C:\Windows\syswow64\WS2_32.dll
MD5: 0b3595a4ff0b36d68e5fc67fd7d70fdc  C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCP80.dll
MD5: c9564cf4976e7e96b4052737aa2492b4  C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll
MD5: 13d0c0b903d843d82897c0432c1fcb96  C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.7523_none_508f21ccbcbbb7a8\MSVCP90.dll
MD5: 8fb39073ebb7a91a0ec4209edb46d933  C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.7523_none_508f21ccbcbbb7a8\MSVCR90.dll
MD5: 58788565442368b0615ddaf1d452b843  C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\COMCTL32.dll
MD5: 885e18b2d0a445fb637850282530eb72  C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
MD5: 119d4401abc76e0fffab4397b5b13233  C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23545_none_5c06d189a00e2c29\gdiplus.dll
 
 
No file uploaded.
 
Scan finished - communication took 3 sec
Total traffic - 0.02 MB sent, 1.27 KB recvd
Scanned 531 files and modules - 47 seconds
 
==============================================================================

  • 0

#21
Jr0x

Jr0x

    Malware removal team

  • Malware Removal
  • 1,825 posts

Hi skysuz,

Remove missing Chrome Plugin

  • Open Chrome
  • Copy and paste the following in the address bar and press Enter:

    chrome://plugins
  • You will get a page with all the plugins listed.
  • Press "Disable" on the following Plugins.

    Shockwave Flash
    QuickTime Plug-in 7.7.1
    Java Deployment Toolkit 6.0.290.11
    Java Platform SE 6 U29
    Silverlight Plug-In
    Native Client
    Chrome PDF Viewer
    WinZip Courier
    Google Update
    Musicnotes
    ScorchPlugin
    iTunes Application Detector
    BrowserPlus (from Yahoo!) v2.9.8
  • Then press "Enable".
  • Close Chrome.

FRST.gifFix with FRST

  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste.
  • Save it on the desktop as fixlist.txt

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

 

Start
CreateRestorePoint:
CloseProcesses:

HKU\S-1-5-21-151233617-2686695857-2843107125-1001\...\MountPoints2: {bf8c87ee-5192-11e0-bc42-806e6f6e6963} - "E:\WD SmartWare.exe" autoplay=true
S3 b06bdrv; \SystemRoot\system32\DRIVERS\bxvbda.sys [X]
S3 teamviewervpn; system32\DRIVERS\teamviewervpn.sys [X]

C:\Windows\system32\DRIVERS\bxvbda.sys
C:\Windows\system32\DRIVERS\teamviewervpn.sys

Emptytemp:
Hosts:
End

NOTICEThis script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.

Note: Your machine will reboot after the fix.

In your next reply, please include the following:

  • FRST fixlog
  • Any other issue you wish to highlight?

  • 0

#22
skysuz

skysuz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Hi!

 

Here it is :)

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 04-11-2016
Ran by Suzanne (10-11-2016 13:55:36) Run:2
Running from C:\Users\Suzanne\Desktop
Loaded Profiles: Suzanne (Available Profiles: Suzanne & LogMeInRemoteUser & Guest)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
 
HKU\S-1-5-21-151233617-2686695857-2843107125-1001\...\MountPoints2: {bf8c87ee-5192-11e0-bc42-806e6f6e6963} - "E:\WD SmartWare.exe" autoplay=true
S3 b06bdrv; \SystemRoot\system32\DRIVERS\bxvbda.sys [X]
S3 teamviewervpn; system32\DRIVERS\teamviewervpn.sys [X]
 
C:\Windows\system32\DRIVERS\bxvbda.sys
C:\Windows\system32\DRIVERS\teamviewervpn.sys
 
Emptytemp:
Hosts:
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-21-151233617-2686695857-2843107125-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bf8c87ee-5192-11e0-bc42-806e6f6e6963}" => key removed successfully
HKCR\CLSID\{bf8c87ee-5192-11e0-bc42-806e6f6e6963} => key not found. 
b06bdrv => service removed successfully
teamviewervpn => service removed successfully
"C:\Windows\system32\DRIVERS\bxvbda.sys" => not found.
"C:\Windows\system32\DRIVERS\teamviewervpn.sys" => not found.
"C:\Windows\System32\Drivers\etc\hosts" => Could not move.
Could not restore Hosts.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 18963973 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 4103806504 B
Edge => 0 B
Chrome => 539456450 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 0 B
Suzanne => 96253570 B
LogMeInRemoteUser => 0 B
Guest => 0 B
 
RecycleBin => 17394489 B
EmptyTemp: => 4.5 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 13:56:56 ====

  • 0

#23
Jr0x

Jr0x

    Malware removal team

  • Malware Removal
  • 1,825 posts
OK! Well done. :thumbsup:  Here is the best part of the process! The mullygrubs are gone! That's a technical term for your log(s) appear to be clean! If you have no further issues with your computer, please complete the housekeeping procedures outlined below.
The first thing we need to do is to remove all the tools that we have used. This is so that should you ever be re-infected, you will download updated versions.
 
Tools CleanUp with DelFix

Download Delfix and save it to the Desktop.
  • Right click the 34079650-4cb0ca87s.jpg and click Run as Administrator.
  • Ensure ALL boxes are checked.
    delfix.JPG
  • Click the Run button.
  • The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.
Delete the following Files and Folders (If Present):

Delete any other .bat, .log, .reg, .txt, and any other files created or downloaded during this process, and left on the desktop and empty the Recycle Bin.

Keeping your software updated

Windows Updates
  • Please go to Start Menu -> Control Panel
  • Under View by: select Large Icons, then tap or click Windows Update.
  • Click on Change Settings

    CheckForUpdates.JPG[/b]
  • Select "Install updates automatically (recommended)" from the Important updates drop-down.

    WUChangeSettings.JPG
  • Choose a day and a time when you know the computer will be on and connected to the internet. The default is 3:00AM every day.
  • Ensure that all of the other check boxes are checked.
  • Click OK.
Malwarebytes Anti-Malware

I recommend keeping Malwarebytes Anti-Malware installed. Make sure to update it and run it at least once a week. If it finds things such as PUP's (Potentially Unwanted Programs) you can delete those with no worries. However, if it finds something like a trojan, come see us.

Keep Java Updated

Java has become the #1 program exploited by thieves and hackers as of today. It's gotten so bad, the Department of Homeland Security recently recommended that users disable Java on their machines.

For more information regarding this, see the two articles below:

Forbes: US Department of Homeland Security Calls on user do disable Java

US warns on Java software

Unless you have software on your machine that absolutely requires Java, I highly recommend you completely remove it from your system.
If you do have software that requires it, then disable it until such time as it's needed by those programs.
Please click the link below for instructions to disable and uninstall Java.

How to Disable Java in your Web Browser

How to Completely Remove and Uninstall Java From Windows PC

Filehippo Updatechecker

Another weapon against malicious programs and viruses is to keeping other programs updated. There are several programs out there that can check for out of date programs on your computer. One is Filehippo. You can run this on a weekly or monthly basis to check your programs for updates and then it will provide a link for you to download them.

Download Filehippo Updatechecker

Tips, Information, and Optional Installation

Watch what you open in your emails. If you get an email from an unknown source with any attached files, do not open it.

Be careful of the websites you visit.

When installing new programs, don't be "click happy" and click through the screens. Many programs come with adware in them and are set to install them by default. Several programs require that you uncheck or select no to prevent the installation. Take you time and read each screen as you go.

To help protect yourself while on the web, I recommend you read Answers to common security questions - Best Practices

Installation of Unchecky (Optional)

This is a very good little program that will automatically uncheck any boxes during a software installation. This helps prevent the software from installing any malware that is by default checked while the program is being installed.

Click here to be taken to Unchecky.com

Click the very large Download button.

Click Save

Once downloaded, double click the program (Vista, Win 7, and 8, right click and Run as Administrator)

Once open, click the Install button.

eF6qWPr.jpg

Then click Finish

1YmbKwi.jpg

Unchecky is now installed and will help you keep unwanted check boxes unchecked.

Installation of CryptoPrevent (Optional)

CryptoPrevent is a free program that prevents CryptoLocker / ransomware from infecting your PC by locking down the OS so the malware can not get a grip on your system. You may read more about this here.

To download and install:
  • Click CryptoPrevent
  • Under the Free Edition column, enter your name and email and click on Request Download Link button to request for a download link
  • Once received a link in your email (may need to check your Junk mail), download the tool to your Desktop
  • Open the program by clicking Run when prompted from your browser or by going to the Desktop where the file was saved and right-click and select Run as Administrator
  • Accept all the defaults during the install. The last screen of the install has a checkmark in "Launch CryptoPrevent". This is good and will launch the program once you click Finish.
  • You will get a prompt asking if you purchased a Product Key for Automatic Updates. You can answer No.
  • You will then be prompted to learn more about automatic updates or if you want to purchase a key. This is up to you but you don't have to.
  • You will be prompted to click OK to continue and select your protection level. Go ahead and click OK.
  • Click the Apply button to set Default protection.
  • You may get a message stating that Windows Sidebar and Desktop Gadgets are a major security vulnerability and asking you if you want to disable them. If you don't use these features, answer Yes.
  • That's it. The protection is in place.
Note: The free version doesn't provide automatic updates. Periodically, you should open up the program (there is a shortcut on your desktop now) and select the Updates! menu....and select Check for Updates to see if there are any as this infection has serious consequences.

If you have any other questions, please feel free to ask me. 
  • 0

#24
skysuz

skysuz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Thank you very much for all your assistance! I really appreciate it :)


  • 0

#25
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP