My friend said that he has seen some popups and that the computer startup is slow. I think that what he was seeing for popups was that flash needed to be updated. After updating flash, I'm not seeing any more notification popups. The log files for MSE and the last run of MBAM look good. I don't think there is any infection but I'm not sure.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-06-2017 01
Ran by 2Gs (administrator) on 2GS-PC (08-06-2017 19:40:25)
Running from C:\Users\2Gs\Desktop
Loaded Profiles: 2Gs (Available Profiles: 2Gs)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(UASSOFT.COM) C:\Program Files (x86)\Mouse Driver\KMWDSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Stardock Corporation) C:\Program Files (x86)\[]TOOLS[]\CursorFX\CursorFX.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1140302389-1250498145-2741308867-1000\...\Run: [CursorFX] => C:\Program Files (x86)\[]TOOLS[]\CursorFX\CursorFX.exe [417280 2010-03-23] (Stardock Corporation)
HKU\S-1-5-21-1140302389-1250498145-2741308867-1000\...\Run: [HP Officejet 4630 series (NET)] => C:\Program Files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-1140302389-1250498145-2741308867-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [477696 2010-11-20] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{33DDD567-0017-4305-B5A1-659C73C27E60}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7C2738DF-E7B1-4346-BD52-BEA1DA77EA71}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{DC280063-7327-4FF6-A31B-D7201B2E404F}: [DhcpNameServer] 172.20.10.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-1140302389-1250498145-2741308867-1000 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll [2013-12-18] (IObit)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2013-10-22] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\2Gs\AppData\Roaming\Mozilla\Firefox\Profiles\stzus0xv.default-1446250190895 [2017-06-08]
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\stzus0xv.default-1446250190895 -> Google
FF Homepage: Mozilla\Firefox\Profiles\stzus0xv.default-1446250190895 -> chrome://fastdial/content/fastdial.html
FF Extension: (EdgeWise) - C:\Users\2Gs\AppData\Roaming\Mozilla\Firefox\Profiles\stzus0xv.default-1446250190895\Extensions\[email protected] [2017-04-20]
FF Extension: (Fast Dial) - C:\Users\2Gs\AppData\Roaming\Mozilla\Firefox\Profiles\stzus0xv.default-1446250190895\Extensions\[email protected] [2016-12-13]
FF Extension: (Weather Forecast Plus) - C:\Users\2Gs\AppData\Roaming\Mozilla\Firefox\Profiles\stzus0xv.default-1446250190895\Extensions\[email protected] [2016-09-28]
FF Extension: (Menu Icons Plus) - C:\Users\2Gs\AppData\Roaming\Mozilla\Firefox\Profiles\stzus0xv.default-1446250190895\Extensions\[email protected] [2016-04-28]
FF Extension: (Restartless Restart) - C:\Users\2Gs\AppData\Roaming\Mozilla\Firefox\Profiles\stzus0xv.default-1446250190895\Extensions\[email protected] [2016-04-27]
FF Extension: (Download Manager (S3)) - C:\Users\2Gs\AppData\Roaming\Mozilla\Firefox\Profiles\stzus0xv.default-1446250190895\Extensions\[email protected] [2017-06-05]
FF Extension: (Super Drag) - C:\Users\2Gs\AppData\Roaming\Mozilla\Firefox\Profiles\stzus0xv.default-1446250190895\Extensions\[email protected] [2016-04-27]
FF Extension: (Thumbnail Zoom Plus) - C:\Users\2Gs\AppData\Roaming\Mozilla\Firefox\Profiles\stzus0xv.default-1446250190895\Extensions\[email protected] [2017-06-08]
FF Extension: (uBlock Origin) - C:\Users\2Gs\AppData\Roaming\Mozilla\Firefox\Profiles\stzus0xv.default-1446250190895\Extensions\[email protected] [2017-05-15]
FF Extension: (IE Tab 2 (FF 3.6+)) - C:\Users\2Gs\AppData\Roaming\Mozilla\Firefox\Profiles\stzus0xv.default-1446250190895\Extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} [2016-02-20]
FF Extension: (Unhide Passwords) - C:\Users\2Gs\AppData\Roaming\Mozilla\Firefox\Profiles\stzus0xv.default-1446250190895\Extensions\{2e17e2b2-b8d4-4a67-8d7b-fafa6cc9d1d0}.xpi [2016-04-28]
FF Extension: (Follow-on Search Telemetry) - C:\Users\2Gs\AppData\Roaming\Mozilla\Firefox\Profiles\stzus0xv.default-1446250190895\features\{8b28b5f5-c37d-44ca-b4fd-2be3f261a80c}\[email protected] [2017-06-06]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-06-08] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\[]TOOLS[]\PDF-XChange\PDF Viewer\npPDFXCviewNPPlugin.dll [2011-04-12] (Tracker Software Products Ltd.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-06-08] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll [2008-10-15] (CANON INC.)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\[]TOOLS[]\PDF-XChange\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2011-04-12] (Tracker Software Products Ltd.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=1.1.9 -> C:\Program Files (x86)\[]TOOLS[]\VideoLAN\VLC\npvlc.dll [2011-04-11] (the VideoLAN Team)
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\[]TOOLS[]\Mozilla Firefox\firefox.exe
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 KMWDSERVICE; C:\Program Files (x86)\Mouse Driver\KMWDSrv.exe [208896 2007-04-05] (UASSOFT.COM) [File not signed]
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-07-31] (IObit)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 L1C; C:\Windows\System32\DRIVERS\L1C60x64.sys [75888 2010-09-27] (Atheros Communications, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-06-08 19:40 - 2017-06-08 19:41 - 00010579 _____ C:\Users\2Gs\Desktop\FRST.txt
2017-06-08 19:40 - 2017-06-08 19:40 - 00000000 ____D C:\FRST
2017-06-08 18:38 - 2017-06-08 18:38 - 02435072 _____ (Farbar) C:\Users\2Gs\Desktop\FRST64.exe
2017-06-08 18:32 - 2017-06-08 18:32 - 00004324 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-05-14 06:27 - 2017-04-27 18:14 - 05547240 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-05-14 06:27 - 2017-04-27 18:09 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-05-14 06:27 - 2017-04-26 07:59 - 03220992 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-05-14 06:27 - 2017-04-17 08:37 - 02065408 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-05-14 06:27 - 2017-04-16 01:51 - 02899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-05-14 06:27 - 2017-04-16 01:35 - 25741312 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-05-14 06:27 - 2017-04-16 01:18 - 05977600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-05-14 06:27 - 2017-04-16 01:01 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-05-14 06:27 - 2017-04-16 00:53 - 02290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-05-14 06:27 - 2017-04-16 00:49 - 20278272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-05-14 06:27 - 2017-04-16 00:10 - 15250944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-05-14 06:27 - 2017-04-16 00:08 - 04548608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-05-14 06:27 - 2017-04-16 00:04 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-05-14 06:27 - 2017-04-15 23:53 - 13661184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-05-14 06:27 - 2017-04-15 23:50 - 01544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-05-14 06:27 - 2017-04-15 23:37 - 02767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-05-14 06:27 - 2017-04-15 23:34 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-05-14 06:27 - 2017-04-12 08:32 - 01483776 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2017-05-14 06:27 - 2017-04-04 08:34 - 01895656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2017-05-14 06:26 - 2017-04-27 18:14 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-05-14 06:26 - 2017-04-27 18:14 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-05-14 06:26 - 2017-04-27 18:14 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-05-14 06:26 - 2017-04-27 18:14 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-05-14 06:26 - 2017-04-27 18:11 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-05-14 06:26 - 2017-04-27 18:10 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-05-14 06:26 - 2017-04-27 18:10 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-05-14 06:26 - 2017-04-27 18:10 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-05-14 06:26 - 2017-04-27 18:10 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-05-14 06:26 - 2017-04-27 18:10 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-05-14 06:26 - 2017-04-27 18:10 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-05-14 06:26 - 2017-04-27 18:10 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-05-14 06:26 - 2017-04-27 18:10 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-05-14 06:26 - 2017-04-27 18:10 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-05-14 06:26 - 2017-04-27 18:10 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-05-14 06:26 - 2017-04-27 18:10 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-05-14 06:26 - 2017-04-27 18:10 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-05-14 06:26 - 2017-04-27 18:10 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-05-14 06:26 - 2017-04-27 18:10 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-05-14 06:26 - 2017-04-27 18:10 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-05-14 06:26 - 2017-04-27 18:10 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-05-14 06:26 - 2017-04-27 18:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-05-14 06:26 - 2017-04-27 18:10 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-05-14 06:26 - 2017-04-27 18:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-05-14 06:26 - 2017-04-27 18:10 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-05-14 06:26 - 2017-04-27 18:10 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-05-14 06:26 - 2017-04-27 18:10 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-05-14 06:26 - 2017-04-27 18:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-05-14 06:26 - 2017-04-27 18:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-05-14 06:26 - 2017-04-27 18:09 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-05-14 06:26 - 2017-04-27 18:09 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-05-14 06:26 - 2017-04-27 18:09 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-05-14 06:26 - 2017-04-27 18:09 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-05-14 06:26 - 2017-04-27 18:09 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-05-14 06:26 - 2017-04-27 18:09 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-05-14 06:26 - 2017-04-27 18:09 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-05-14 06:26 - 2017-04-27 18:09 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-05-14 06:26 - 2017-04-27 18:09 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-05-14 06:26 - 2017-04-27 18:09 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 18:09 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 18:09 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 18:09 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 18:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 18:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 18:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 18:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 18:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 18:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 18:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 18:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 18:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 18:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 18:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 18:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 18:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 18:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 18:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 18:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 18:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 18:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 18:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 18:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 18:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 18:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 18:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 18:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 17:36 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-05-14 06:26 - 2017-04-27 17:36 - 03945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-05-14 06:26 - 2017-04-27 17:34 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-05-14 06:26 - 2017-04-27 17:32 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-05-14 06:26 - 2017-04-27 17:32 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-05-14 06:26 - 2017-04-27 17:32 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-05-14 06:26 - 2017-04-27 17:32 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-05-14 06:26 - 2017-04-27 17:32 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-05-14 06:26 - 2017-04-27 17:32 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-05-14 06:26 - 2017-04-27 17:32 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-05-14 06:26 - 2017-04-27 17:32 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-05-14 06:26 - 2017-04-27 17:32 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-05-14 06:26 - 2017-04-27 17:32 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-05-14 06:26 - 2017-04-27 17:32 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-05-14 06:26 - 2017-04-27 17:32 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-05-14 06:26 - 2017-04-27 17:32 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-05-14 06:26 - 2017-04-27 17:32 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-05-14 06:26 - 2017-04-27 17:32 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-05-14 06:26 - 2017-04-27 17:32 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-05-14 06:26 - 2017-04-27 17:32 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-05-14 06:26 - 2017-04-27 17:32 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-05-14 06:26 - 2017-04-27 17:32 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-05-14 06:26 - 2017-04-27 17:32 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-05-14 06:26 - 2017-04-27 17:32 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-05-14 06:26 - 2017-04-27 17:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-05-14 06:26 - 2017-04-27 17:32 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 17:32 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-05-14 06:26 - 2017-04-27 17:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 17:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 17:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 17:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 17:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 17:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 17:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 17:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 17:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 17:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 17:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 17:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 17:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 17:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 17:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 17:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 17:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 17:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 17:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 17:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 17:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 17:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 17:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 17:19 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-05-14 06:26 - 2017-04-27 17:19 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-05-14 06:26 - 2017-04-27 17:19 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-05-14 06:26 - 2017-04-27 17:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-05-14 06:26 - 2017-04-27 17:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-05-14 06:26 - 2017-04-27 17:14 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-05-14 06:26 - 2017-04-27 17:12 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-05-14 06:26 - 2017-04-27 17:11 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-05-14 06:26 - 2017-04-27 17:11 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-05-14 06:26 - 2017-04-27 17:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-05-14 06:26 - 2017-04-27 17:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-05-14 06:26 - 2017-04-27 17:10 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-05-14 06:26 - 2017-04-27 17:08 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-05-14 06:26 - 2017-04-27 17:08 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-05-14 06:26 - 2017-04-27 17:08 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-05-14 06:26 - 2017-04-27 17:08 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-05-14 06:26 - 2017-04-27 17:07 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-05-14 06:26 - 2017-04-27 17:07 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 17:07 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 17:07 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-05-14 06:26 - 2017-04-27 17:07 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-05-14 06:26 - 2017-04-21 08:34 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2017-05-14 06:26 - 2017-04-21 08:15 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2017-05-14 06:26 - 2017-04-19 17:00 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-05-14 06:26 - 2017-04-19 16:16 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-05-14 06:26 - 2017-04-17 08:37 - 00876544 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2017-05-14 06:26 - 2017-04-17 08:37 - 00512000 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2017-05-14 06:26 - 2017-04-17 08:37 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2017-05-14 06:26 - 2017-04-17 08:37 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2017-05-14 06:26 - 2017-04-17 08:12 - 01417728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2017-05-14 06:26 - 2017-04-17 08:12 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2017-05-14 06:26 - 2017-04-17 08:12 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
2017-05-14 06:26 - 2017-04-17 07:54 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
2017-05-14 06:26 - 2017-04-16 02:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-05-14 06:26 - 2017-04-16 02:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-05-14 06:26 - 2017-04-16 01:57 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-05-14 06:26 - 2017-04-16 01:55 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-05-14 06:26 - 2017-04-16 01:55 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-05-14 06:26 - 2017-04-16 01:54 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-05-14 06:26 - 2017-04-16 01:54 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-05-14 06:26 - 2017-04-16 01:44 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-05-14 06:26 - 2017-04-16 01:43 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-05-14 06:26 - 2017-04-16 01:38 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-05-14 06:26 - 2017-04-16 01:37 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-05-14 06:26 - 2017-04-16 01:37 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-05-14 06:26 - 2017-04-16 01:36 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-05-14 06:26 - 2017-04-16 01:36 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-05-14 06:26 - 2017-04-16 01:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-05-14 06:26 - 2017-04-16 01:21 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-05-14 06:26 - 2017-04-16 01:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-05-14 06:26 - 2017-04-16 01:11 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-05-14 06:26 - 2017-04-16 01:10 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-05-14 06:26 - 2017-04-16 01:09 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-05-14 06:26 - 2017-04-16 01:04 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-05-14 06:26 - 2017-04-16 01:03 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-05-14 06:26 - 2017-04-16 01:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-05-14 06:26 - 2017-04-16 01:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-05-14 06:26 - 2017-04-16 01:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-05-14 06:26 - 2017-04-16 01:00 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-05-14 06:26 - 2017-04-16 01:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-05-14 06:26 - 2017-04-16 00:57 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-05-14 06:26 - 2017-04-16 00:52 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-05-14 06:26 - 2017-04-16 00:52 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-05-14 06:26 - 2017-04-16 00:48 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-05-14 06:26 - 2017-04-16 00:47 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-05-14 06:26 - 2017-04-16 00:47 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-05-14 06:26 - 2017-04-16 00:46 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-05-14 06:26 - 2017-04-16 00:43 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-05-14 06:26 - 2017-04-16 00:40 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-05-14 06:26 - 2017-04-16 00:40 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-05-14 06:26 - 2017-04-16 00:37 - 02132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-05-14 06:26 - 2017-04-16 00:37 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-05-14 06:26 - 2017-04-16 00:35 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-05-14 06:26 - 2017-04-16 00:30 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-05-14 06:26 - 2017-04-16 00:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-05-14 06:26 - 2017-04-16 00:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-05-14 06:26 - 2017-04-16 00:25 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-05-14 06:26 - 2017-04-16 00:24 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-05-14 06:26 - 2017-04-16 00:22 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-05-14 06:26 - 2017-04-16 00:20 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-05-14 06:26 - 2017-04-16 00:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-05-14 06:26 - 2017-04-16 00:10 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-05-14 06:26 - 2017-04-16 00:08 - 02057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-05-14 06:26 - 2017-04-16 00:08 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-05-14 06:26 - 2017-04-15 23:40 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-05-14 06:26 - 2017-04-15 23:34 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-05-14 06:26 - 2017-04-12 08:32 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2017-05-14 06:26 - 2017-04-12 08:32 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2017-05-14 06:26 - 2017-04-12 08:32 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2017-05-14 06:26 - 2017-04-12 08:26 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2017-05-14 06:26 - 2017-04-12 08:25 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2017-05-14 06:26 - 2017-04-12 08:25 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2017-05-14 06:26 - 2017-04-12 08:25 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2017-05-14 06:26 - 2017-04-07 08:34 - 00986856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-05-14 06:26 - 2017-04-07 08:34 - 00265448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-05-14 06:26 - 2017-04-07 08:30 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-05-14 06:26 - 2017-04-07 08:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2017-05-14 06:26 - 2017-04-07 08:22 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-05-14 06:26 - 2017-04-05 07:55 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-05-14 06:26 - 2017-04-05 07:55 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-05-14 06:26 - 2017-04-05 07:55 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-05-14 06:26 - 2017-04-04 08:34 - 00377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2017-05-14 06:26 - 2017-04-04 08:34 - 00287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2017-05-14 06:26 - 2017-04-04 07:53 - 00496128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2017-05-14 06:26 - 2017-04-04 07:53 - 00117760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-05-14 06:26 - 2017-03-10 09:32 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\pla.dll
2017-05-14 06:26 - 2017-03-10 09:32 - 00300544 _____ (Microsoft Corporation) C:\Windows\system32\pdh.dll
2017-05-14 06:26 - 2017-03-10 09:20 - 01508352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pla.dll
2017-05-14 06:26 - 2017-03-10 09:20 - 00237056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pdh.dll
2017-05-14 06:26 - 2017-03-10 08:57 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\plasrv.exe
2017-05-14 06:26 - 2017-03-10 08:55 - 00205312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2017-05-14 06:26 - 2017-03-10 08:55 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\exfat.sys
2017-05-14 06:26 - 2017-03-09 09:34 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-05-14 06:26 - 2017-03-09 09:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-06-08 18:45 - 2014-09-13 07:35 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-06-08 18:43 - 2016-11-25 06:27 - 00000000 ____D C:\Users\2Gs\AppData\LocalLow\Mozilla
2017-06-08 18:43 - 2009-07-13 21:45 - 00024048 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-06-08 18:43 - 2009-07-13 21:45 - 00024048 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-06-08 18:39 - 2016-09-24 12:11 - 00000000 ____D C:\Users\2Gs\AppData\Local\Adobe
2017-06-08 18:32 - 2012-05-05 17:03 - 00803320 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-06-08 18:32 - 2012-05-05 17:03 - 00144888 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-06-08 18:31 - 2012-05-05 17:02 - 00000000 ____D C:\Windows\system32\Macromed
2017-06-08 18:31 - 2011-04-19 10:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-06-08 18:08 - 2011-11-19 12:24 - 00000266 _____ C:\Windows\Tasks\AutoKMS.job
2017-06-08 18:08 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-06-08 08:00 - 2013-04-16 12:14 - 00000000 ____D C:\Users\2Gs\Documents\Travel Gordy
2017-06-08 05:32 - 2013-12-18 20:38 - 00000000 ____D C:\ProgramData\ProductData
2017-05-31 07:56 - 2011-04-23 08:41 - 00000000 ____D C:\Users\2Gs\Documents\Getta
2017-05-31 05:55 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF
2017-05-30 13:45 - 2011-04-19 00:13 - 00565416 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2017-05-26 07:37 - 2011-04-23 09:43 - 00000000 ____D C:\Users\2Gs\Documents\Financial Information
2017-05-26 07:29 - 2011-04-23 09:43 - 00000000 ____D C:\Users\2Gs\Documents\Miscellaneous Household Items
2017-05-26 04:40 - 2012-05-05 16:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-05-25 07:03 - 2013-07-17 07:55 - 00000000 ____D C:\Windows\system32\MRT
2017-05-25 07:02 - 2011-04-19 00:46 - 132223576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-05-25 07:01 - 2011-04-23 08:40 - 00000000 ____D C:\Users\2Gs\Documents\Gordy
2017-05-25 06:30 - 2011-04-19 10:22 - 00000000 ____D C:\Program Files (x86)\[]TOOLS[]
2017-05-20 09:00 - 2009-07-13 22:08 - 00032568 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-05-20 07:22 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2017-05-15 17:41 - 2009-07-13 22:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2017-05-15 17:41 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2017-05-15 17:34 - 2009-07-13 21:45 - 00409256 _____ C:\Windows\system32\FNTCACHE.DAT
2017-05-15 17:31 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-05-14 06:41 - 2011-04-19 11:52 - 00775084 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
==================== Files in the root of some directories =======
2012-12-04 15:47 - 2012-12-04 15:47 - 0000057 _____ () C:\ProgramData\Ament.ini
2011-12-27 10:35 - 2017-02-02 14:57 - 0001705 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-06-08 07:55
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-06-2017 01
Ran by 2Gs (08-06-2017 19:42:07)
Running from C:\Users\2Gs\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2011-04-18 23:00:16)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
2Gs (S-1-5-21-1140302389-1250498145-2741308867-1000 - Administrator - Enabled) => C:\Users\2Gs
Administrator (S-1-5-21-1140302389-1250498145-2741308867-500 - Administrator - Disabled)
Guest (S-1-5-21-1140302389-1250498145-2741308867-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1140302389-1250498145-2741308867-1004 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.21beta (HKLM-x32\...\7-Zip) (Version: - )
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon Digital Camera Solution Disk 40-46 Software Starter Guide (HKLM-x32\...\SoftwareStarterGuide-DCSD40_46) (Version: 1.1.0.1 - Canon Inc.)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.7.0.4 - Canon Inc.)
Canon Internet Library for ZoomBrowser EX (HKLM-x32\...\Canon Internet Library for ZoomBrowser EX) (Version: 1.6.3.9 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.0.0.20 - Canon Inc.)
Canon Personal Printing Guide (HKLM-x32\...\Personal Printing Guide) (Version: 1.0.0.1 - Canon Inc.)
Canon PowerShot SD1200 IS_IXUS 95 IS Camera User Guide (HKLM-x32\...\CameraUserGuide-PSSD1200IS_IXUS95IS) (Version: 1.0.0.1 - Canon Inc.)
Canon Utilities CameraWindow (HKLM-x32\...\CameraWindowLauncher) (Version: 7.2.0.2 - Canon Inc.)
Canon Utilities CameraWindow DC (HKLM-x32\...\CameraWindowDC) (Version: 7.4.0.9 - Canon Inc.)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (HKLM-x32\...\CameraWindowDVC6) (Version: 6.5.0.3 - Canon Inc.)
Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 7.2.0.4 - Canon Inc.)
Canon Utilities MyCamera DC (HKLM-x32\...\MyCameraDC) (Version: 7.2.0.5 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (HKLM-x32\...\RemoteCaptureTask) (Version: 1.8.0.1 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.3.0.7 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.2.0.9 - Canon Inc.)
Content Manager (HKLM-x32\...\{B64BC516-2406-43AE-A21A-1E387A2343B1}) (Version: 0.5 - Magellan)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated)
CursorFX (HKLM-x32\...\CursorFX) (Version: - Stardock Corporation)
CursorFX (x32 Version: 2.00 - Stardock Corporation) Hidden
Evernote v. 5.0.3 (HKLM-x32\...\{32D39568-3B77-11E3-88CE-00163E98E7D0}) (Version: 5.0.3.1614 - Evernote Corp.)
Family Tree Heritage (HKLM-x32\...\Family Tree Heritage) (Version: - )
Family Tree Heritage Collaboration Support (HKLM-x32\...\InstallShield_{50BD0B15-5197-4EAF-8BCD-81117D1324B1}) (Version: 1.10.0010 - Individual Software)
Family Tree Heritage Collaboration Support (x32 Version: 1.10.0010 - Individual Software) Hidden
GetDiz (HKLM-x32\...\GetDiz) (Version: 4.6 - Outertech)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
HP Deskjet 3520 series Basic Device Software (HKLM\...\{E80963EC-EED7-411A-8AC0-149EC57FB0F9}) (Version: 27.0.847.0 - Hewlett-Packard Co.)
HP Deskjet 3520 series Help (HKLM-x32\...\{C13E1F46-84FE-4D3B-8581-0F2F624C7EEC}) (Version: 27.0.0 - Hewlett Packard)
HP Deskjet 3520 series Product Improvement Study (HKLM\...\{177F4FEE-E119-4AB7-9B32-ECF6A1D03719}) (Version: 27.0.847.0 - Hewlett-Packard Co.)
HP Deskjet 3520 series Setup Guide (HKLM-x32\...\{AEEDCEB7-00B8-4BE1-B492-AB04803D5F1E}) (Version: 27.0.0 - Hewlett Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet 4630 series Basic Device Software (HKLM\...\{38037A50-E9F1-41E4-9AA3-2E0A5A2FC4C5}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP Officejet 4630 series Help (HKLM-x32\...\{9F79230F-EE1C-407E-94E1-D69021954C9B}) (Version: 31.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3341 - HP Photo Creations Powered by RocketLife)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 3.0.4.922 - IObit)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.28 - Irfan Skiljan)
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
Living Trust Maker (HKLM-x32\...\Living Trust Maker) (Version: - Nolo)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Access database engine 2010 (English) (HKLM-x32\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Standard 2010 (HKLM-x32\...\Office14.STANDARD) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)
Microsoft Streets & Trips 2011 (HKLM-x32\...\{C82185E8-C27B-4EF4-2011-4444BC2C2B6D}) (Version: 18.0.26.0201 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mouse Driver (HKLM-x32\...\InstallShield_{55BFC356-5A7B-482F-A213-9ACFDDFF6037}) (Version: 5.1 - Driver Builder)
Mouse Driver (x32 Version: 5.1 - Driver Builder) Hidden
Mozilla Firefox 53.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 53.0.3 (x86 en-US)) (Version: 53.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 53.0.3.6347 - Mozilla)
PDF-XChange 3 (HKLM\...\PDF-XChange 3_is1) (Version: - Tracker Software)
PDF-XChange Viewer (HKLM\...\{9ED333F8-3E6C-4A38-BAFA-728454121CDA}) (Version: 2.5.195.0 - Tracker Software Products Ltd.)
Product Improvement Study for HP Officejet 4630 series (HKLM\...\{EE629820-EACD-4AAE-966D-DF1560A0ED2D}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
Quicken WillMaker Plus 2014 (HKLM-x32\...\{44160FDE-C190-45C1-B8E1-23F00228E572}) (Version: 1.0.0.0 - Nolo)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: - )
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
TurboTax 2015 (HKLM-x32\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
TurboTax 2016 (HKLM-x32\...\TurboTax 2016) (Version: 2016.0 - Intuit, Inc)
VLC media player 1.1.9 (HKLM-x32\...\VLC media player) (Version: 1.1.9 - VideoLAN)
Windows 7 Logon Background Changer (HKLM-x32\...\{76423878-BF55-4C2F-AC25-2A82CE9AFB7A}) (Version: 1.3.4 - Julien MANICI)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0ECBC5A7-6E80-41ED-9C12-5B4D386762C8} - System32\Tasks\HP AR Program Upload - 42ca828796d44242890563b46835eca3963eb7cfe5b44473af046ef5d2f85d89 => C:\Program Files\HP\HP Officejet 4630 series\bin\HPRewards.exe [2014-07-21] (TODO: <Company name>)
Task: {14A094A7-3B50-46AF-B07B-ECE0D3C51037} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {16777363-DE87-4574-B641-6E51FAE45CA8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-06-08] (Adobe Systems Incorporated)
Task: {6623C058-32E8-4F22-AD41-102CE4EA7363} - System32\Tasks\HP AR Program Upload - cae64b7f34844db7817eb2047a50939c4dfad2e267b3472da59861e173824da5 => C:\Program Files\HP\HP Officejet 4630 series\bin\HPRewards.exe [2014-07-21] (TODO: <Company name>)
Task: {6D79C42F-AD39-4135-9EC6-BFF0A1BDC362} - System32\Tasks\HP AR Program Upload - b7725f92e012415197f51fabed45d519cdcf2b324c134127a2d95491fcbcd90f => C:\Program Files\HP\HP Officejet 4630 series\bin\HPRewards.exe [2014-07-21] (TODO: <Company name>)
Task: {9100981C-D09F-4F30-9ADF-C37FF833F74C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {93913CB2-CE29-495E-A11E-542C0F319685} - System32\Tasks\HP Deskjet 3520 series.exe_{71219116-8F4B-43D4-8E88-6878214B8E1C} => C:\Program Files\HP\HP Deskjet 3520 series\Bin\HP Deskjet 3520 series.exe [2012-01-31] (Hewlett-Packard Co.)
Task: {983E3069-66A1-425C-996A-E1EEDE4683CD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {9AABBD0B-0D25-4369-B85D-873E3159DAB6} - System32\Tasks\HPCustParticipation HP Officejet 4630 series => C:\Program Files\HP\HP Officejet 4630 series\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP)
Task: {9E577837-7AE1-4A76-A8D7-17E449A55D19} - System32\Tasks\HPCustParticipation HP Deskjet 3520 series => C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPCustPartic.exe [2012-01-31] (Hewlett-Packard Co.)
Task: {A721CF8A-D808-4614-B17C-F17D528C5710} - System32\Tasks\{321BE577-2F14-482D-8759-8E2BEFC025EC} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2015-12-17 19:38 - 2015-12-17 19:38 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-12-17 19:38 - 2015-12-17 19:38 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-03-23 07:17 - 2010-03-23 07:17 - 00059904 _____ () C:\Program Files (x86)\[]TOOLS[]\CursorFX\zlib1.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1140302389-1250498145-2741308867-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\2Gs\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\startupfolder: C:^Users^2Gs^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk => C:\Windows\pss\EvernoteClipper.lnk.Startup
MSCONFIG\startupfolder: C:^Users^2Gs^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Ink Alerts - HP Deskjet 3520 series.lnk => C:\Windows\pss\Monitor Ink Alerts - HP Deskjet 3520 series.lnk.Startup
MSCONFIG\startupfolder: C:^Users^2Gs^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Ink Alerts - HP Officejet 4630 series.lnk => C:\Windows\pss\Monitor Ink Alerts - HP Officejet 4630 series.lnk.Startup
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [TCP Query User{43590FBB-7266-4232-AE96-2E13B680D6C8}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [UDP Query User{DBD5D5CF-D6C6-4AA1-A3A3-0B945AC79639}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [{15C43EC3-AB97-4018-AC53-8B2C4552A4D3}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{585536B2-838E-4ACD-ACB3-B532ECC4E591}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{1837C33D-A86E-48A5-81F6-D3DBC3FCF525}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{DE87EEC3-6B88-4C17-9144-42C066BDB477}] => (Allow) C:\Program Files\HP\HP Deskjet 3520 series\Bin\DeviceSetup.exe
FirewallRules: [{211FFBDE-2742-49DD-B993-803C08CC4900}] => (Allow) C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{13F736EC-F1F8-43E7-85B7-A9E33D16311E}] => (Allow) C:\Program Files (x86)\[]TOOLS[]\Mozilla Firefox\firefox.exe
FirewallRules: [{DF2360FE-4DDC-4A46-951D-1374A4043C95}] => (Allow) C:\Program Files (x86)\[]TOOLS[]\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{8A656195-9CC2-4BC9-AFAF-66526F8C438D}C:\program files (x86)\[]tools[]\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\[]tools[]\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{4A817C77-3FC2-464F-B535-F623FDD11E55}C:\program files (x86)\[]tools[]\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\[]tools[]\mozilla firefox\firefox.exe
FirewallRules: [{E7EE1EA4-7F91-4BA3-8AC0-AEA37088918E}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\bin\FaxApplications.exe
FirewallRules: [{0318AE47-5B98-4BA4-AA33-7BABB7DDD778}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\bin\DigitalWizards.exe
FirewallRules: [{C62C73C5-F4C8-4C0C-9574-697733698538}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\bin\SendAFax.exe
FirewallRules: [{8ED63EF3-ED23-45FB-AF9C-F7477B7053C6}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\Bin\DeviceSetup.exe
FirewallRules: [{2BB47476-15D8-4193-A485-4116F7EE6283}] => (Allow) LPort=5357
FirewallRules: [{12FF8481-98E8-4777-842D-ADE3FA3780BD}] => (Allow) C:\Program Files\HP\HP Officejet 4630 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{4893D75A-94DF-4B32-A49B-5E553AC9F88D}] => (Allow) C:\Program Files (x86)\[]TOOLS[]\Mozilla Firefox\firefox.exe
FirewallRules: [{4410E634-2AF1-435C-90AC-ED9A3B78F535}] => (Allow) C:\Program Files (x86)\[]TOOLS[]\Mozilla Firefox\firefox.exe
FirewallRules: [{4963AD56-2E20-467D-AE0A-744BDF7C59F8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DFD3F62E-660C-48D1-8D9E-7140A65F61DE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3374C4D1-8009-4A89-9AC6-3A78083B89AC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{99598D10-5FF7-4DBE-A0D4-3BE7FCEC3341}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DABEE615-AD49-4C4E-92F6-FBA50AB2EE25}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{7EB0B795-F919-46CC-A1CE-3378462F32FA}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{007D44C5-8CE4-4F2D-B054-ED51BFB242A0}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{77462CC3-CD4E-4D90-B44E-B653D77DCD71}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{5C6D9835-0116-488C-83B3-2EFE6B030E13}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{165B8951-60CE-40B3-BB86-15EC0C9A3372}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{1722415F-4886-46E1-B6A8-85A8622A87F9}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
==================== Restore Points =========================
23-04-2017 07:25:36 Windows Update
26-04-2017 11:02:26 Windows Update
01-05-2017 08:00:17 Windows Update
05-05-2017 06:21:24 Windows Update
08-05-2017 06:54:57 Windows Update
12-05-2017 06:38:35 Windows Update
14-05-2017 06:02:26 Windows Update
14-05-2017 06:26:58 Windows Update
15-05-2017 17:04:43 Windows Update
20-05-2017 05:30:12 Windows Update
25-05-2017 06:21:31 Windows Update
25-05-2017 07:02:02 Windows Update
26-05-2017 07:49:46 Windows Update
31-05-2017 07:21:55 Windows Update
31-05-2017 07:58:44 Windows Update
05-06-2017 06:40:42 Windows Update
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/31/2017 02:08:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 16037
Error: (05/31/2017 02:08:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 16037
Error: (05/31/2017 02:08:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (05/31/2017 02:07:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10809231
Error: (05/31/2017 02:07:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10809231
Error: (05/31/2017 02:07:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (05/31/2017 11:07:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6162
Error: (05/31/2017 11:07:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6162
Error: (05/31/2017 11:07:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (05/31/2017 11:07:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5163
System errors:
=============
Error: (06/02/2017 06:19:51 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {29876C13-B9A8-4D5E-A545-F15B3C1FD359} did not register with DCOM within the required timeout.
Error: (06/01/2017 07:05:51 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.
Error: (05/31/2017 07:59:31 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.245.91.0
Update Source: Microsoft Update Server
Update Stage: Download
Source Path: http://www.microsoft.com
Signature Type: AntiVirus
Update Type: Full
User: NT AUTHORITY\SYSTEM
Current Engine Version:
Previous Engine Version: 1.1.13804.0
Error code: 0x8024001e
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
Error: (05/31/2017 07:59:29 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070103: Advanced Micro Devices, Inc driver update for AMD SMBus.
Error: (05/31/2017 07:59:30 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.245.91.0
Update Source: Microsoft Update Server
Update Stage: Download
Source Path: http://www.microsoft.com
Signature Type: AntiVirus
Update Type: Full
User: NT AUTHORITY\SYSTEM
Current Engine Version:
Previous Engine Version: 1.1.13804.0
Error code: 0x8024001e
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
Error: (05/31/2017 07:22:37 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070103: Advanced Micro Devices, Inc driver update for AMD SMBus.
Error: (05/31/2017 05:52:55 AM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer TALON
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{7C2738DF-E7B1-4346-BD52-BEA1DA77EA71}.
The master browser is stopping or an election is being forced.
Error: (05/31/2017 05:35:18 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 116.97.0.0
Update Source: Microsoft Malware Protection Center
Update Stage: Search
Source Path: http://go.microsoft....5D-99752CCA7094
Signature Type: Network Inspection System
Update Type: Full
User: NT AUTHORITY\NETWORK SERVICE
Current Engine Version:
Previous Engine Version: 2.1.12706.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Error: (05/31/2017 05:35:18 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.245.91.0
Update Source: Microsoft Malware Protection Center
Update Stage: Search
Source Path: http://go.microsoft....5D-99752CCA7094
Signature Type: AntiSpyware
Update Type: Full
User: NT AUTHORITY\NETWORK SERVICE
Current Engine Version:
Previous Engine Version: 1.1.13804.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Error: (05/31/2017 05:35:18 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.245.91.0
Update Source: Microsoft Malware Protection Center
Update Stage: Search
Source Path: http://go.microsoft....5D-99752CCA7094
Signature Type: AntiVirus
Update Type: Full
User: NT AUTHORITY\NETWORK SERVICE
Current Engine Version:
Previous Engine Version: 1.1.13804.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
==================== Memory info ===========================
Processor: AMD E-350 Processor
Percentage of memory in use: 33%
Total physical RAM: 3818.9 MB
Available physical RAM: 2539.71 MB
Total Virtual: 7635.99 MB
Available Virtual: 6357.21 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:450.66 GB) (Free:374.15 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: C5855C99)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450.7 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================