hello just started getting bsod past 2 days couple of minutes after laptop starts up will reboot with message Kernel Data inpage Error on bsod. not sure what is going on. thanks in advance.
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-06-2017 01
Ran by MOM (26-06-2017 14:21:38)
Running from C:\Users\stephanie\Desktop
Windows 8.1 (Update) (X64) (2014-01-22 23:53:07)
Boot Mode: Safe Mode (with Networking)
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3123225858-1134280287-2187229252-500 - Administrator - Disabled)
Guest (S-1-5-21-3123225858-1134280287-2187229252-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3123225858-1134280287-2187229252-1003 - Limited - Enabled)
MOM (S-1-5-21-3123225858-1134280287-2187229252-1001 - Administrator - Enabled) => C:\Users\stephanie
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan (Enabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan (Enabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe Connect 9 Add-in (HKU\S-1-5-21-3123225858-1134280287-2187229252-1001\...\Adobe Connect 9 Add-in) (Version: 11,9,972,8 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.9.160 - Adobe Systems, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS)
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.4 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.9 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.0.4 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.0.36 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.03.0004 - ASUS)
ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.8 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.10.123 - ASUS Cloud Corporation)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0025 - ASUS)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Citrix Online Launcher (HKLM-x32\...\{678753E6-E526-4AE5-A144-00240772543A}) (Version: 1.0.393 - Citrix)
Common Desktop Agent (Version: 1.62.0 - OEM) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-3123225858-1134280287-2187229252-1001\...\Dropbox) (Version: 7.4.30 - Dropbox, Inc.)
Epson Event Manager (HKLM-x32\...\{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}) (Version: 2.40.0001 - SEIKO EPSON CORPORATION)
EPSON NX430 Series Printer Uninstall (HKLM\...\EPSON NX430 Series) (Version: - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
EpsonNet Setup 3.3 (HKLM-x32\...\{C9D8A041-2963-4B31-8FFC-1500F3DB9293}) (Version: 3.3b - SEIKO EPSON CORPORATION)
FlipShare (HKLM-x32\...\{97C658D2-61FB-027F-0D76-E9CDC84AFEC7}) (Version: 5.12.3.0 - Flip Video)
Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.109 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
McAfee AntiVirus (HKLM-x32\...\MSC) (Version: 14.0 R13 - McAfee, Inc.)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4787.1002 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-3123225858-1134280287-2187229252-1001\...\SkyDriveSetup.exe) (Version: 16.4.6012.0828 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Midtronics BMIS File Utility (HKLM-x32\...\Midtronics BMIS File Utility) (Version: - )
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MyBitCast 2.0 (HKLM-x32\...\MyBitCast) (Version: 2.0 - ASUS)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4787.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4787.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4787.1002 - Microsoft Corporation) Hidden
Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 1.2.0.41 - Ralink)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6754 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.9200.27030 - Realtek Semiconductor Corp.)
Samsung Easy Document Creator (HKLM-x32\...\Samsung Easy Document Creator) (Version: 1.06.60 (3/17/2015) - Samsung Electronics Co., Ltd.)
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.05.81.00(5/25/2015) - Samsung Electronics Co., Ltd.)
Samsung Easy Wireless Setup (HKLM-x32\...\Easy Wireless Setup) (Version: 3.70.18.0 - Samsung Electronics Co., Ltd.)
Samsung M2070 Series (HKLM-x32\...\Samsung M2070 Series) (Version: 1.22 (9/7/2015) - Samsung Electronics Co., Ltd.)
Samsung Printer Diagnostics (HKLM-x32\...\Samsung Printer Diagnostics) (Version: 1.0.4.7 - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Samsung Scan Process Machine (x32 Version: 1.03.05.25 - Samsung Electronics Co., Ltd.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SIplugin (HKLM-x32\...\InstallShield_{D9D59C79-B080-4C94-B72A-1EB432ED192E}) (Version: 1.00.0000 - GM Service and Parts Operation)
SIplugin (x32 Version: 1.00.0000 - GM Service and Parts Operation) Hidden
SNS Upload for Easy Document Creator (HKLM-x32\...\{B6B5F07C-88D5-49D3-A1A7-A6D4BC37DCCC}) (Version: 1.0.0 - Samsung Electronics Co.,Ltd)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
USB Optical Mouse (HKLM-x32\...\{EEAE45EB-C1E3-4CCD-930D-D7B40F810063}) (Version: 1.00.0000 - )
VitalSource Bookshelf (HKLM-x32\...\{f4449697-7673-4d11-b23b-67f894203dc3}) (Version: 6.06.0023 - Ingram Content Group)
WD Drive Utilities (HKLM-x32\...\{E61CFDDA-40DD-4400-95CA-12819C50B5C2}) (Version: 1.1.0.51 - Western Digital Technologies, Inc.)
WD Quick View (HKLM-x32\...\{F4F2EF32-EAFE-4F87-B7DC-E19C9F8E76FC}) (Version: 2.4.16.16 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{919ADA61-13BF-43C4-A2DD-8BA49A244FC8}) (Version: 1.1.0.51 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{515B34CA-1229-4EDA-AE7C-53CBA68B8A7A}) (Version: 2.4.16.16 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{4555885d-a64c-4234-9aac-72a8a6b5590b}) (Version: 2.4.16.16 - Western Digital Technologies, Inc.)
Windows Driver Package - ASUS (ATP) Mouse (11/09/2012 1.0.0.153) (HKLM\...\5AB9160B769DD2E134ADCB8010377DECA2479378) (Version: 11/09/2012 1.0.0.153 - ASUS)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)
Wondershare MobileGo for Android ( Version 5.3.2 ) (HKLM-x32\...\{1E04C795-7359-4E05-8A0E-5644F777AA08}_is1) (Version: 5.3.2 - Wondershare)
Yahoo Search Set (HKLM-x32\...\Yahoo! SearchSet) (Version: - Yahoo Inc.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3123225858-1134280287-2187229252-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\stephanie\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3123225858-1134280287-2187229252-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\stephanie\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3123225858-1134280287-2187229252-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\stephanie\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3123225858-1134280287-2187229252-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\stephanie\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3123225858-1134280287-2187229252-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\stephanie\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3123225858-1134280287-2187229252-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\stephanie\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3123225858-1134280287-2187229252-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\stephanie\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3123225858-1134280287-2187229252-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\stephanie\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3123225858-1134280287-2187229252-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\stephanie\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3123225858-1134280287-2187229252-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\stephanie\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3123225858-1134280287-2187229252-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\stephanie\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3123225858-1134280287-2187229252-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\stephanie\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3123225858-1134280287-2187229252-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\stephanie\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3123225858-1134280287-2187229252-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\stephanie\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3123225858-1134280287-2187229252-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\stephanie\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll (Dropbox, Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {093168F4-7D30-4C8E-94A8-6256508BAB92} - System32\Tasks\ASUS InstantOn Config => C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe [2012-09-24] (ASUS)
Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {0F939186-E771-43A8-8388-1660B7045296} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-06-23] (Adobe Systems Incorporated)
Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION
Task: {131E7D67-6100-47D4-A821-2B6633B48A8E} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-12-23] (Microsoft Corporation)
Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION
Task: {1E98D1C6-C3E6-46C2-BCB2-6F2F118A5168} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {24FEC8EC-4608-4BF5-BCAF-7E921A612932} - System32\Tasks\SpeedFixToolPro_Popup => C:\Program Files (x86)\Speed Fix Tool Pro\Splash.exe
Task: {28C6DBC6-1524-4F13-B0B1-93D60E1CD98A} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3123225858-1134280287-2187229252-1001UA => C:\Users\stephanie\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-17] (Dropbox, Inc.)
Task: {35844E08-9A21-44CD-B332-49C1ACEB4152} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {3AD5D5EA-DA0E-4157-A529-E73A529581CF} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2012-11-20] (AsusTek)
Task: {40525C58-79C2-47A1-9AA2-F1D7FC4F0691} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {51692A2F-8432-4982-98F0-B20DA2D59A7F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {69BD96B9-AE6A-4A6F-AB41-BCAB6CB56B0E} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2017-02-22] (McAfee, Inc.)
Task: {6B5A0A71-90A0-4008-BFBF-5CE4241FFD25} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-01-22] (Microsoft Corporation)
Task: {6C479C33-15AE-4DB7-946E-78190C033BF7} - System32\Tasks\SpeedFixToolPro_Start => C:\Program Files (x86)\Speed Fix Tool Pro\SpeedFixToolPro.exe
Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION
Task: {7198E19F-FC0D-419A-9A71-0B12CC420D9B} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {85CC0439-5197-4919-AB8E-0006D94E9B4A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {88DE71CE-78B4-455C-A329-445B7CC0B292} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.50.1291.1\mcdatrep.exe [2017-02-12] (McAfee, Inc.)
Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION
Task: {BBF6015A-161D-49C3-9B9B-529884C934BC} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3123225858-1134280287-2187229252-1001Core => C:\Users\stephanie\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-17] (Dropbox, Inc.)
Task: {C2EA3FE3-789D-4D8E-B1D1-92B95EC87E7A} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [2017-02-26] (McAfee, Inc.)
Task: {CBA7A2E8-4ABC-4DB1-A556-45AEA6D0067A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-06-25] (Microsoft Corporation)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION
Task: {D6F4A061-CEFB-4F38-81EC-6E80ECDD3011} - System32\Tasks\Microsoft\Windows\Location\Notifications => C:\WINDOWS\System32\LocationNotificationWindows.exe
Task: {D7092F5D-474F-450D-B734-C25F6B1108B1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-02-02] (Adobe Systems Incorporated)
Task: {E8EF14B4-1CEA-4D18-9A2E-6BC2491D6B16} - System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.50.1291.1\mcdatrep.exe [2017-02-12] (McAfee, Inc.)
Task: {E9E51196-ABDD-497C-A586-20433CD5F0B7} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-12-23] (Microsoft Corporation)
Task: {ED320FA7-55CA-4C4B-ADDA-56A09DE21474} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3123225858-1134280287-2187229252-1001Core.job => C:\Users\stephanie\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3123225858-1134280287-2187229252-1001UA.job => C:\Users\stephanie\AppData\Local\Dropbox\Update\DropboxUpdate.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\stephanie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2"
==================== Loaded Modules (Whitelisted) ==============
2015-10-28 15:44 - 2015-09-01 09:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
e"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 06:25 - 2013-08-22 06:25 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3123225858-1134280287-2187229252-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\stephanie\Dropbox\Camera Uploads\2014-11-21 20.51.12.jpg
DNS Servers: 209.18.47.61 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: ASLDRService => 2
MSCONFIG\Services: ASUS InstantOn => 2
MSCONFIG\Services: ATKGFNEXSrv => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: ClientAnalyticsService => 3
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: FlipShare Service => 2
MSCONFIG\Services: FlipShareServer => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HomeNetSvc => 2
MSCONFIG\Services: IconMan_R => 2
MSCONFIG\Services: Intel® Capability Licensing Service Interface => 2
MSCONFIG\Services: Intel® ME Service => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: McBootDelayStartSvc => 2
MSCONFIG\Services: mccspsvc => 2
MSCONFIG\Services: McNaiAnn => 2
MSCONFIG\Services: McODS => 3
MSCONFIG\Services: mcpltsvc => 2
MSCONFIG\Services: McProxy => 2
MSCONFIG\Services: PEFService => 2
MSCONFIG\Services: UNS => 2
MSCONFIG\Services: WDBackup => 2
MSCONFIG\Services: WDDriveService => 2
HKLM\...\StartupApproved\StartupFolder: => "MobileGo Service.lnk"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "ACMON"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "CDAServer"
HKLM\...\StartupApproved\Run32: => "Adobe Reader Speed Launcher"
HKLM\...\StartupApproved\Run32: => "ASUSPRP"
HKLM\...\StartupApproved\Run32: => "ASUSWebStorage"
HKLM\...\StartupApproved\Run32: => "mcui_exe"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "BCSSync"
HKLM\...\StartupApproved\Run32: => "EEventManager"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "USB Optical Mouse"
HKLM\...\StartupApproved\Run32: => "FileTransferForMobileGo"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "WD Quick View"
HKLM\...\StartupApproved\Run32: => "WD Drive Unlocker"
HKLM\...\StartupApproved\Run32: => "DriveUtilitiesHelper"
HKU\S-1-5-21-3123225858-1134280287-2187229252-1001\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-3123225858-1134280287-2187229252-1001\...\StartupApproved\Run: => "Facebook Update"
HKU\S-1-5-21-3123225858-1134280287-2187229252-1001\...\StartupApproved\Run: => "Dropbox Update"
HKU\S-1-5-21-3123225858-1134280287-2187229252-1001\...\StartupApproved\Run: => "Wondershare Helper Compact"
HKU\S-1-5-21-3123225858-1134280287-2187229252-1001\...\StartupApproved\Run: => "BingSvc"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [UDP Query User{B8EE9DD4-40D8-4CF4-A0C0-E9B4F9FDE319}C:\users\stephanie\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\stephanie\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{5F47B06F-0001-411F-916C-C3D5AE46BC3B}C:\users\stephanie\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\stephanie\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{AFF2B008-189C-4C35-A160-89A79E5883C2}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{71FDB8E4-793A-43E8-AF57-A955530A5979}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{71555062-5DF5-4D9D-8820-28A777C78FC1}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{3074186C-5F42-405A-ABE2-FF5F5550A4D6}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{57BCCD1D-6C9C-4FB5-ACD5-CE55A21D2D98}] => (Allow) C:\Users\stephanie\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{73A16DBA-55EC-40FA-A1E6-3D52AE40A2F6}] => (Allow) C:\Users\stephanie\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{46547D7A-CA32-49F3-BCDE-91EDCCD65084}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1C3700D6-F7F5-4DE3-8CBC-110FC5CB5F05}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{75651472-4F44-438F-813E-EE86D9BF0D80}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{793D4BA9-2D4D-47EE-B264-EF4A9719159D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{18427702-1C1E-42EC-BA4F-91C5BBF59925}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{0E22C55F-1EF2-4F10-B60C-9AD1A8F8CF7C}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{C58A8B59-48FA-4DA0-9FE6-91C9C912AD75}] => (Allow) LPort=1900
FirewallRules: [{9F25673E-3DA9-4AF5-B8D3-22A598095E76}] => (Allow) LPort=2869
FirewallRules: [{A8F6257E-29D4-4768-ADFC-01507E837D0C}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{2D3B0C87-5F03-4E51-AE9D-593110E24DE5}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{9617C18F-A9CC-49B6-80DF-EB9344B98059}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{359F1621-FC28-47AB-BDA5-8259714E18B0}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{39B5CD8C-E225-43C0-B500-F0D447CE8A26}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [TCP Query User{63C0D692-A9E9-4155-8BDE-E51A0EAE1227}C:\program files (x86)\wondershare\mobilego for android\mobilegoservice.exe] => (Allow) C:\program files (x86)\wondershare\mobilego for android\mobilegoservice.exe
FirewallRules: [UDP Query User{F3CDE602-B119-4781-812D-089EAEBD7FDE}C:\program files (x86)\wondershare\mobilego for android\mobilegoservice.exe] => (Allow) C:\program files (x86)\wondershare\mobilego for android\mobilegoservice.exe
FirewallRules: [TCP Query User{7117E268-F293-4650-97F9-0429B32AC750}C:\program files (x86)\java\jre1.8.0_60\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_60\bin\jp2launcher.exe
FirewallRules: [UDP Query User{2BA960A6-B3F0-4359-BD06-5011DA639FDC}C:\program files (x86)\java\jre1.8.0_60\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_60\bin\jp2launcher.exe
FirewallRules: [{9C1F5785-F750-459B-83AA-B0CC163CF2A8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C0193EC8-18B8-4745-B295-539D10704B11}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{12F1AD88-3F32-4362-AC63-67E3525D67C8}] => (Allow) LPort=24726
FirewallRules: [{C256A0CB-9F08-40F2-8CBF-C67213E322AD}] => (Allow) LPort=24727
FirewallRules: [{A1974E98-429D-402F-9D32-A85CE558BE80}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{44F8366C-E721-45AB-8372-D545C4F0E6E7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{377CEBCF-0036-4C05-A336-E997AEBEBB4C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{780DE163-B0C4-4897-970F-D03C0BD008F7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8D54A5E5-2613-4A8E-A099-68F20CC8CC58}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{0B82F504-BD36-45E0-97EB-E4DA50CB70F1}C:\program files\common files\common desktop agent\cdasrv.exe] => (Allow) C:\program files\common files\common desktop agent\cdasrv.exe
FirewallRules: [UDP Query User{738CB90C-CE0A-4445-9458-69D2C01519BF}C:\program files\common files\common desktop agent\cdasrv.exe] => (Allow) C:\program files\common files\common desktop agent\cdasrv.exe
FirewallRules: [{1DDE7343-A283-41E2-BD3D-AA57D3EBA511}] => (Allow) C:\WINDOWS\twain_32\Samsung\SLM2070\ScanCDLM\ScanCDLM.exe
FirewallRules: [{DB890ACB-8609-426D-A3C9-06E634627893}] => (Allow) C:\WINDOWS\twain_32\Samsung\SLM2070\ScanCDLM\ScanCDLM.exe
FirewallRules: [{EF252291-18A6-4F95-B01E-6501EFA7B4D2}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDC.exe
FirewallRules: [{BE4DE21B-6EBE-45DB-A577-120D826D7799}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDC.exe
FirewallRules: [{6D665716-3066-4267-8C2E-C199ADBA2925}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{A2249F65-0C15-45E4-BAC6-BEED146C36A3}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{F37727FF-E0EE-4D3D-B664-EA16A491606D}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{11BF970C-BC6B-4851-80DC-E923AFA2AC45}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{1A369A8A-BF49-4E59-ACC1-DB1AAD5471AB}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{6C69EC0E-1B15-46B4-A3C5-460CD3A21C24}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe
FirewallRules: [{E5254FC6-11A1-471F-9179-6D385BFA5959}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{0D5BC208-3F15-4F4F-8280-0CF12F3EEBBC}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\ScanProcess.exe
FirewallRules: [{ED9FA94D-72B4-49D5-8FDF-8F0659663378}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\Scan2PCNotify.exe
FirewallRules: [{5133C291-3CCB-4881-9F02-DA3BAE2167A4}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Printer Diagnostics\SEInstall\SPD\ESM.exe
FirewallRules: [{9939B583-E92C-4D01-B91E-1784E4D8BEF1}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Printer Diagnostics\SEInstall\SPD\ESM.exe
FirewallRules: [{BCABFC7F-C045-49EB-81FC-D80C383FFF82}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Printer Diagnostics\SEInstall\SPD\ESM.exe
FirewallRules: [TCP Query User{9C07D2DF-CA72-49BD-8ADC-C15D5CD663E5}C:\program files (x86)\samsung\easy printer manager\ids.application.exe] => (Allow) C:\program files (x86)\samsung\easy printer manager\ids.application.exe
FirewallRules: [UDP Query User{D71FA32F-387C-4FDB-886D-70781E4E95AE}C:\program files (x86)\samsung\easy printer manager\ids.application.exe] => (Allow) C:\program files (x86)\samsung\easy printer manager\ids.application.exe
FirewallRules: [{87784761-3186-4303-8EAF-C35AA4DE8BEB}] => (Allow) LPort=24726
FirewallRules: [{B28F4549-4E85-4C1C-8CB5-05B9A8A8D950}] => (Allow) LPort=24727
FirewallRules: [{D200744B-5C4A-4200-BDAA-01AB9A4B1635}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
26-06-2017 11:52:53 Removed ASUS Live Update
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/26/2017 02:08:19 PM) (Source: AVLogEvent) (EventID: 5004) (User: NT AUTHORITY)
Description: McShield crashed.
Error Code:c0000005
Error: (06/26/2017 01:24:18 PM) (Source: ESENT) (EventID: 474) (User: )
Description: Catalog Database (1012) Catalog Database: The database page read from the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" at offset 12210176 (0x0000000000ba5000) (database page 2980 (0xBA4)) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch. The stored checksum was [4800000510bb8948] and the computed checksum was [00000ba40e01fead]. The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
Error: (06/26/2017 01:19:02 PM) (Source: ESENT) (EventID: 474) (User: )
Description: Catalog Database (1012) Catalog Database: The database page read from the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" at offset 1191936 (0x0000000000123000) (database page 290 (0x122)) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch. The stored checksum was [0000000800000009] and the computed checksum was [000001224d8b2b43]. The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
Error: (06/26/2017 01:18:39 PM) (Source: ESENT) (EventID: 474) (User: )
Description: Catalog Database (1012) Catalog Database: The database page read from the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" at offset 12214272 (0x0000000000ba6000) (database page 2981 (0xBA5)) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch. The stored checksum was [cd8bd103c48b41c8] and the computed checksum was [00000ba5fa8ba66f]. The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
Error: (06/26/2017 01:17:49 PM) (Source: ESENT) (EventID: 476) (User: )
Description: Catalog Database (1012) Catalog Database: The database page read from the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" at offset 36110336 (0x0000000002270000) (database page 8815 (0x226F)) for 4096 (0x00001000) bytes failed verification because it contains no page data. The read operation will fail with error -1019 (0xfffffc05). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
Error: (06/26/2017 01:17:33 PM) (Source: ESENT) (EventID: 476) (User: )
Description: svchost (1164) SRUJet: The database page read from the file "C:\WINDOWS\system32\SRU\SRUDB.dat" at offset 401408 (0x0000000000062000) (database page 97 (0x61)) for 4096 (0x00001000) bytes failed verification because it contains no page data. The read operation will fail with error -1019 (0xfffffc05). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
Error: (06/26/2017 01:16:54 PM) (Source: ESENT) (EventID: 474) (User: )
Description: Catalog Database (1012) Catalog Database: The database page read from the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" at offset 9699328 (0x0000000000940000) (database page 2367 (0x93F)) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch. The stored checksum was [1d0b0a3782010401] and the computed checksum was [0000093fa7570edb]. The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
Error: (06/26/2017 01:03:10 PM) (Source: ESENT) (EventID: 474) (User: )
Description: Catalog Database (788) Catalog Database: The database page read from the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" at offset 51453952 (0x0000000003112000) (database page 12561 (0x3111)) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch. The stored checksum was [0000000000000000] and the computed checksum was [0000311151970417]. The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
Error: (06/26/2017 01:00:26 PM) (Source: ESENT) (EventID: 474) (User: )
Description: Catalog Database (788) Catalog Database: The database page read from the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" at offset 37961728 (0x0000000002434000) (database page 9267 (0x2433)) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch. The stored checksum was [5197a59bd137a9fa] and the computed checksum was [75d20a2d5fd4cb22]. The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
Error: (06/26/2017 01:00:10 PM) (Source: ESENT) (EventID: 474) (User: )
Description: Catalog Database (788) Catalog Database: The database page read from the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" at offset 51462144 (0x0000000003114000) (database page 12563 (0x3113)) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch. The stored checksum was [0000000000000000] and the computed checksum was [000031135b3ad84e]. The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
System errors:
=============
Error: (06/26/2017 02:24:24 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume C:.
The exact nature of the corruption is unknown. The file system structures need to be scanned online.
Error: (06/26/2017 02:24:23 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume C:.
The exact nature of the corruption is unknown. The file system structures need to be scanned online.
Error: (06/26/2017 02:24:22 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume C:.
The exact nature of the corruption is unknown. The file system structures need to be scanned online.
Error: (06/26/2017 02:24:20 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume C:.
The exact nature of the corruption is unknown. The file system structures need to be scanned online.
Error: (06/26/2017 02:24:19 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume C:.
The exact nature of the corruption is unknown. The file system structures need to be scanned online.
Error: (06/26/2017 02:24:19 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (06/26/2017 02:24:15 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (06/26/2017 02:24:11 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (06/26/2017 02:24:07 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (06/26/2017 02:24:03 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
CodeIntegrity:
===================================
Date: 2017-06-26 14:00:27.126
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\WINDOWS\System32\drivers\intelppm.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-06-26 14:00:26.673
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\WINDOWS\System32\drivers\intelppm.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-06-26 14:00:24.064
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\WINDOWS\System32\drivers\intelppm.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-06-26 14:00:23.720
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\WINDOWS\System32\drivers\intelppm.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-06-26 14:00:20.626
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\WINDOWS\System32\drivers\cdrom.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-06-26 13:50:01.782
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\WINDOWS\System32\drivers\intelppm.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-06-26 13:50:01.376
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\WINDOWS\System32\drivers\intelppm.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-06-26 13:49:58.360
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\WINDOWS\System32\drivers\intelppm.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-06-26 13:49:58.001
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\WINDOWS\System32\drivers\intelppm.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-06-26 13:49:55.094
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\WINDOWS\System32\drivers\cdrom.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Intel® Core™ i3-3120M CPU @ 2.50GHz
Percentage of memory in use: 26%
Total physical RAM: 3981.65 MB
Available physical RAM: 2908.14 MB
Total Virtual: 8077.65 MB
Available Virtual: 7125.06 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:444.01 GB) (Free:362.83 GB) NTFS ==>[system with boot components (obtained from drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 04A53D1B)
Partition: GPT.
==================== End of Addition.txt ============================
, when I try to open ie does not open and I get error box . I can run the laptop in safe mode with no problems.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-06-2017 01
Ran by MOM (administrator) on BABYGURL95-PC (26-06-2017 14:19:15)
Running from C:\Users\stephanie\Desktop
Loaded Profiles: MOM (Available Profiles: MOM)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\WINDOWS\System32\mfevtps.exe
(McAfee, Inc.) C:\WINDOWS\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\WINDOWS\HelpPane.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_15_6\mcapexe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13197456 2012-09-28] (Realtek Semiconductor)
HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe********************************************* [107192 2012-08-24] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [464608 2014-09-08] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2012-11-23] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\AsusWSPanel.exe [3423104 2012-08-30] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [557344 2017-04-17] (McAfee, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-10-13] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [USB Optical Mouse] => C:\Program Files (x86)\USB Optical Mouse\USB Optical Mouse\MouseHid.exe [245248 2010-03-30] ()
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FileTransferForMobileGo] => C:\Program Files (x86)\Wondershare\MobileGo for Android\FileTransfer.exe [336272 2014-11-05] (Wondershare)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare)
HKLM-x32\...\Run: [Wondershare Helper Compact] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1852264 2014-05-23] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694048 2014-05-23] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5571944 2016-04-19] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3123225858-1134280287-2187229252-1001\...\Run: [Wondershare Helper Compact] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare)
HKU\S-1-5-21-3123225858-1134280287-2187229252-1001\...\Run: [Dropbox Update] => C:\Users\stephanie\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-17] (Dropbox, Inc.)
HKU\S-1-5-21-3123225858-1134280287-2187229252-1001\...\Run: [BingSvc] => C:\Users\stephanie\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2016-01-01] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-3123225858-1134280287-2187229252-1001\Control Panel\Desktop\\SCRNSAVE.EXE ->
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\stephanie\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\stephanie\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\stephanie\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\stephanie\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\stephanie\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\stephanie\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\stephanie\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MobileGo Service.lnk [2015-03-11]
ShortcutTarget: MobileGo Service.lnk -> C:\Program Files (x86)\Wondershare\MobileGo for Android\MobileGoService.exe (Wondershare)
Startup: C:\Users\stephanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-08-06]
ShortcutTarget: Dropbox.lnk -> C:\Users\stephanie\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{5D0A64F1-D676-4EB3-8EB4-C5ED0C72C21A}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{A6692734-6FB1-4FB4-898B-C8F0E02DDF40}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-3123225858-1134280287-2187229252-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.autopartners.net/gmentsso/UI/Login?goto=https%3A%2F%2Fwww.autopartners.net%3A443%2Fapps%2Fgcportal%2Flogin.html
HKU\S-1-5-21-3123225858-1134280287-2187229252-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
SearchScopes: HKU\S-1-5-21-3123225858-1134280287-2187229252-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3123225858-1134280287-2187229252-1001 -> {03B98F8D-DCC8-4A6E-BBC3-E3E5EDD40EA2} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-3123225858-1134280287-2187229252-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3123225858-1134280287-2187229252-1001 -> {5074ABC7-4251-4010-96D2-D4DBFD7F4767} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-12-15] (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-01-22] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-06-25] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-06-25] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-3123225858-1134280287-2187229252-1001 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2017-04-17] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2017-04-17] (McAfee, Inc.)
FireFox:
========
FF ProfilePath: C:\Users\stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\tbbp0rkn.default [2017-06-23]
FF user.js: detected! => C:\Users\stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\tbbp0rkn.default\user.js [2013-10-14]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\tbbp0rkn.default -> Bing
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\tbbp0rkn.default -> Google
FF SearchEngineOrder.3: Mozilla\Firefox\Profiles\tbbp0rkn.default -> Bing
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\tbbp0rkn.default -> Bing
FF Homepage: Mozilla\Firefox\Profiles\tbbp0rkn.default -> hxxp://www.twcc.com/
hxxps://avchevrolet.easecentral.com/?H990dozRESiTzdtol8IMFA==ec
hxxps://www.healthnet.com/portal/member/home.ndo
FF Keyword.URL: Mozilla\Firefox\Profiles\tbbp0rkn.default -> hxxp://www.bing.com/search?FORM=SL5CDF&PC=SL5C&q=
FF Extension: (Bing Search) - C:\Users\stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\tbbp0rkn.default\Extensions\[email protected] [2016-01-01]
FF Extension: (Firefox Hotfix) - C:\Users\stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\tbbp0rkn.default\Extensions\[email protected] [2017-03-12]
FF Extension: (TLS 1.3 A/B Test Experiment) - C:\Users\stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\tbbp0rkn.default\features\{01968c94-d21a-437d-a6b8-a3f513cb590c}\[email protected] [2017-06-11]
FF SearchPlugin: C:\Users\stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\tbbp0rkn.default\searchplugins\bing-.xml [2016-01-02]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_131.dll [2017-06-23] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2017-04-17] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-06-23] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1219160.dll [2015-07-22] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-06-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-06-25] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2017-04-17] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-09-20] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-06-25] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-06-25] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-02-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3123225858-1134280287-2187229252-1001: @citrixonline.com/appdetectorplugin -> C:\Users\stephanie\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-01-22] (Citrix Online)
Chrome:
=======
CHR DefaultProfile: Profile 2
CHR HomePage: Profile 2 -> msn.com
CHR DefaultSearchURL: Profile 2 -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Profile 2 -> bing.com
CHR DefaultSuggestURL: Profile 2 -> hxxp://www.bing.com/osjson.aspx?FORM=__PARAM__DF&PC=__PARAM__&query={searchTerms}
CHR Profile: C:\Users\stephanie\AppData\Local\Google\Chrome\User Data\Profile 2 [2017-06-25]
CHR Extension: (Google Slides) - C:\Users\stephanie\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-04]
CHR Extension: (Google Docs) - C:\Users\stephanie\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-04]
CHR Extension: (Google Drive) - C:\Users\stephanie\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-06]
CHR Extension: (YouTube) - C:\Users\stephanie\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-04]
CHR Extension: (Google Search) - C:\Users\stephanie\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-06]
CHR Extension: (Bing) - C:\Users\stephanie\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2016-09-29]
CHR Extension: (Google Sheets) - C:\Users\stephanie\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-04]
CHR Extension: (Google Docs Offline) - C:\Users\stephanie\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\stephanie\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-05-17]
CHR Extension: (Gmail) - C:\Users\stephanie\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-04]
CHR Extension: (Chrome Media Router) - C:\Users\stephanie\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-24]
CHR HKU\S-1-5-21-3123225858-1134280287-2187229252-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
S4 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2787512 2015-12-23] (Microsoft Corporation)
S4 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1752992 2017-03-29] (Intel Security)
S4 FlipShare Service; C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe [460144 2011-05-06] ()
S4 FlipShareServer; C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [1085440 2011-05-06] () [File not signed]
S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
S4 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [0 2012-06-27] () <==== ATTENTION (zero byte File/Folder)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_6\McApExe.exe [994312 2017-04-04] (McAfee, Inc.)
S2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
S2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.3.322.0\\McCSPServiceHost.exe [2054080 2017-02-28] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
S4 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [1344472 2017-02-24] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [241040 2017-01-18] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [385112 2017-01-18] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [343792 2017-01-18] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1551512 2017-02-26] (McAfee, Inc.)
S2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1105840 2017-04-21] (Intel Security, Inc.)
S2 Samsung Printer Dianostics Service; C:\WINDOWS\SysWOW64\\spdsvc.exe [498488 2016-04-01] ()
S4 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1049464 2016-04-19] (Western Digital Technologies, Inc.)
S4 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [314744 2016-04-19] (Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
S3 MozillaMaintenance; "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AmdK8; C:\WINDOWS\System32\drivers\amdk8.sys [95744 2013-08-22] (Microsoft Corporation) [File not signed]
S3 AmdPPM; C:\WINDOWS\System32\drivers\amdppm.sys [98816 2013-08-22] (Microsoft Corporation) [File not signed]
S3 ASUSProcObsrv; C:\eSupport\eDriver\I386\AsPrOb64.sys [12416 2010-05-25] ()
R3 ATP; C:\WINDOWS\System32\drivers\AsusTP.sys [62848 2012-11-20] (ASUS Corporation)
S1 cdrom; C:\WINDOWS\System32\drivers\cdrom.sys [164352 2013-08-22] (Microsoft Corporation) [File not signed]
S3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [88464 2017-01-20] (McAfee, Inc.)
S3 FxPPM; C:\WINDOWS\System32\drivers\fxppm.sys [27136 2013-08-22] (Microsoft Corporation) [File not signed]
S3 intelppm; C:\WINDOWS\System32\drivers\intelppm.sys [98816 2013-08-22] (Microsoft Corporation) [File not signed]
S3 kbfiltr; C:\WINDOWS\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2017-06-25] (Malwarebytes)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [487184 2017-01-20] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [366328 2017-01-20] (McAfee, Inc.)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [85048 2017-04-03] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [518704 2017-01-20] (McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [923640 2017-01-20] (McAfee, Inc.)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [498648 2017-01-19] (McAfee, Inc.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [109320 2017-01-19] (McAfee, Inc.)
S3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [110256 2017-01-20] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [254800 2017-01-20] (McAfee, Inc.)
S3 NMgamingmsFltr; C:\WINDOWS\system32\drivers\NMgamingms.sys [11648 2014-02-27] (LXD Development, Inc.)
S3 Processor; C:\WINDOWS\System32\drivers\processr.sys [92160 2013-08-22] (Microsoft Corporation) [File not signed]
S1 vrvd5; C:\WINDOWS\system32\DRIVERS\vrvd5.sys [13344 2016-02-21] (Rsupport Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
R0 ACPI; System32\drivers\ACPI.sys [X]
S3 rssasnt; \??\C:\Users\Public\Documents\RSupport\rcc50\rssas64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-06-26 14:19 - 2017-06-26 14:20 - 00024694 _____ C:\Users\stephanie\Desktop\FRST.txt
2017-06-26 14:18 - 2017-06-26 14:19 - 00000000 ____D C:\FRST
2017-06-26 14:03 - 2017-06-26 14:08 - 00158124 _____ C:\WINDOWS\ntbtlog.txt
2017-06-26 13:45 - 2017-06-26 13:45 - 02441216 _____ (Farbar) C:\Users\stephanie\Desktop\FRST64.exe
2017-06-26 12:16 - 2017-06-02 19:31 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-06-25 22:45 - 2017-06-25 22:46 - 00285872 _____ C:\WINDOWS\Minidump\062517-32328-01.dmp
2017-06-25 22:33 - 2017-06-25 22:34 - 00285816 _____ C:\WINDOWS\Minidump\062517-21937-01.dmp
2017-06-25 22:02 - 2017-06-25 22:02 - 00285816 _____ C:\WINDOWS\Minidump\062517-27015-01.dmp
2017-06-25 20:35 - 2017-06-25 20:35 - 00285816 _____ C:\WINDOWS\Minidump\062517-17593-01.dmp
2017-06-25 19:49 - 2017-06-25 19:49 - 00285816 _____ C:\WINDOWS\Minidump\062517-17843-01.dmp
2017-06-25 19:16 - 2017-06-25 19:16 - 00285816 _____ C:\WINDOWS\Minidump\062517-21562-01.dmp
2017-06-25 18:43 - 2017-06-25 18:43 - 00285816 _____ C:\WINDOWS\Minidump\062517-23796-01.dmp
2017-06-25 15:44 - 2017-06-26 11:08 - 00003860 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2017-06-25 15:44 - 2017-06-25 15:44 - 00004034 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
2017-06-25 12:49 - 2017-03-30 06:15 - 00875712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2017-06-25 12:49 - 2017-03-30 06:15 - 00869568 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2017-06-25 12:49 - 2017-03-30 06:15 - 00678592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp120_clr0400.dll
2017-06-25 12:49 - 2017-03-30 06:15 - 00536768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp120_clr0400.dll
2017-06-25 12:22 - 2017-06-25 12:22 - 00285816 _____ C:\WINDOWS\Minidump\062517-45359-01.dmp
2017-06-24 02:22 - 2017-06-02 05:06 - 01001984 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-06-24 02:22 - 2017-05-14 13:44 - 04170240 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-06-24 02:22 - 2017-05-14 13:26 - 00576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-06-24 02:22 - 2017-05-14 13:19 - 25738752 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-06-24 02:22 - 2017-05-14 13:19 - 01364040 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2017-06-24 02:22 - 2017-05-14 13:10 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-06-24 02:22 - 2017-05-14 12:55 - 05975040 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-06-24 02:22 - 2017-05-14 12:32 - 07077376 _____ (Microsoft Corporation) C:\WINDOWS\system32\glcndFilter.dll
2017-06-24 02:22 - 2017-05-14 12:31 - 01033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2017-06-24 02:22 - 2017-05-14 12:22 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-06-24 02:22 - 2017-05-14 12:19 - 00806912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-06-24 02:22 - 2017-05-14 12:11 - 20274688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-06-24 02:22 - 2017-05-14 12:10 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-06-24 02:22 - 2017-05-14 12:04 - 00315224 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-06-24 02:22 - 2017-05-14 12:03 - 00373080 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-06-24 02:22 - 2017-05-14 11:54 - 15252992 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-06-24 02:22 - 2017-05-14 11:52 - 03240960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-06-24 02:22 - 2017-05-14 11:48 - 05274112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\glcndFilter.dll
2017-06-24 02:22 - 2017-05-14 11:46 - 00880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2017-06-24 02:22 - 2017-05-14 11:44 - 04549120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-06-24 02:22 - 2017-05-14 11:40 - 00693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-06-24 02:22 - 2017-05-14 11:38 - 07796736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-06-24 02:22 - 2017-05-14 11:37 - 01544704 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-06-24 02:22 - 2017-05-14 11:30 - 13664768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-06-24 02:22 - 2017-05-14 11:27 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-06-24 02:22 - 2017-05-14 11:16 - 05268992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-06-24 02:22 - 2017-05-14 11:15 - 02767872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-06-24 02:22 - 2017-05-14 11:13 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2017-06-24 02:22 - 2017-05-14 11:11 - 01314816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-06-24 02:22 - 2017-05-14 11:11 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-06-24 02:22 - 2017-05-14 11:06 - 07441240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-06-24 02:22 - 2017-05-12 09:16 - 01084928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-06-24 02:22 - 2017-05-12 09:13 - 01559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-06-24 02:22 - 2017-05-12 08:51 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2017-06-24 02:22 - 2017-05-12 08:50 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2017-06-24 02:22 - 2017-05-12 08:48 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-06-24 02:22 - 2017-05-12 08:47 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-06-24 02:22 - 2017-05-11 19:58 - 01985536 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-06-24 02:22 - 2017-05-11 19:48 - 01377792 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-06-24 02:22 - 2017-05-11 19:18 - 03714560 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-06-24 02:22 - 2017-05-11 19:11 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2017-06-24 02:22 - 2017-05-11 19:10 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2017-06-24 02:22 - 2017-05-11 19:07 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2017-06-24 02:22 - 2017-05-11 19:06 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-06-24 02:22 - 2017-05-11 19:04 - 00897024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-06-24 02:22 - 2017-05-11 19:00 - 02240512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2017-06-24 02:22 - 2017-05-11 16:36 - 22361848 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-06-24 02:22 - 2017-05-11 16:32 - 19788672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-06-24 02:22 - 2017-05-06 09:04 - 00865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-06-24 02:22 - 2017-04-16 03:23 - 02176584 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-06-24 02:22 - 2017-04-16 03:23 - 01662096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-06-24 02:22 - 2017-04-16 02:07 - 01213792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-06-24 02:22 - 2017-04-16 01:54 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-06-24 02:22 - 2017-04-16 01:51 - 02899456 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-06-24 02:22 - 2017-04-16 01:10 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2017-06-24 02:22 - 2017-04-16 01:00 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-06-24 02:22 - 2017-04-16 01:00 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-06-24 02:22 - 2017-04-16 00:53 - 02290176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-06-24 02:22 - 2017-04-16 00:43 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-06-24 02:22 - 2017-04-16 00:40 - 00725504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-06-24 02:22 - 2017-04-16 00:40 - 00378880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-06-24 02:22 - 2017-04-16 00:37 - 02132992 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-06-24 02:22 - 2017-04-16 00:29 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2017-06-24 02:22 - 2017-04-16 00:24 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-06-24 02:22 - 2017-04-16 00:22 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-06-24 02:22 - 2017-04-16 00:12 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-06-24 02:22 - 2017-04-16 00:10 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-06-24 02:22 - 2017-04-16 00:08 - 02057216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-06-24 02:22 - 2017-04-09 15:00 - 01548640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-06-24 02:22 - 2017-04-09 15:00 - 00388448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-06-24 02:22 - 2017-04-06 10:37 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-06-24 02:22 - 2017-04-06 09:50 - 01436672 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-06-24 02:22 - 2017-04-06 09:46 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-06-24 02:22 - 2017-04-02 09:41 - 00684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-06-24 02:22 - 2017-03-07 19:44 - 00448285 _____ C:\WINDOWS\system32\ApnDatabase.xml
2017-06-24 02:22 - 2017-03-03 08:11 - 01697792 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-06-24 02:22 - 2017-03-03 08:06 - 01501184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-06-24 02:22 - 2017-02-11 09:49 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll
2017-06-24 02:22 - 2017-02-11 09:42 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll
2017-06-24 02:22 - 2017-02-04 12:32 - 00251392 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2017-06-24 02:22 - 2017-02-04 10:40 - 01754112 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-06-24 02:22 - 2017-02-04 10:10 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-06-24 02:22 - 2017-02-01 12:42 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2017-06-24 02:21 - 2017-06-02 05:15 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2017-06-24 02:21 - 2017-06-02 05:12 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2017-06-24 02:21 - 2017-06-02 05:12 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
2017-06-24 02:21 - 2017-06-02 05:01 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2017-06-24 02:21 - 2017-06-02 04:30 - 03635200 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-06-24 02:21 - 2017-06-02 04:03 - 00903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-06-24 02:21 - 2017-06-02 03:58 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-06-24 02:21 - 2017-06-02 03:25 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2017-06-24 02:21 - 2017-06-02 03:24 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2017-06-24 02:21 - 2017-06-02 03:17 - 00699392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2017-06-24 02:21 - 2017-06-02 03:02 - 02751488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-06-24 02:21 - 2017-06-02 02:43 - 01920000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-06-24 02:21 - 2017-06-02 02:43 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-06-24 02:21 - 2017-05-15 12:58 - 00121184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2017-06-24 02:21 - 2017-05-14 13:42 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-06-24 02:21 - 2017-05-14 11:06 - 01737600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-06-24 02:21 - 2017-05-14 11:06 - 01502000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-06-24 02:21 - 2017-05-12 10:05 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-06-24 02:21 - 2017-05-11 21:10 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-06-24 02:21 - 2017-05-10 11:19 - 00101720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2017-06-24 02:21 - 2017-05-06 09:05 - 01094656 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-06-24 02:21 - 2017-04-16 03:23 - 01063464 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2017-06-24 02:21 - 2017-04-16 03:18 - 01135288 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-06-24 02:21 - 2017-04-16 03:18 - 00803192 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-06-24 02:21 - 2017-04-16 02:07 - 01566032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-06-24 02:21 - 2017-04-16 02:07 - 00548032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2017-06-24 02:21 - 2017-04-16 02:05 - 00612096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-06-24 02:21 - 2017-04-16 01:37 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2017-06-24 02:21 - 2017-04-16 01:16 - 00862720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-06-24 02:21 - 2017-04-16 01:03 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-06-24 02:21 - 2017-04-16 01:02 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-06-24 02:21 - 2017-04-16 00:23 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-06-24 02:21 - 2017-04-16 00:22 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-06-24 02:21 - 2017-04-16 00:02 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2017-06-24 02:21 - 2017-04-06 10:16 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpd_ci.dll
2017-06-24 02:21 - 2017-04-06 09:46 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2017-06-24 02:21 - 2017-04-06 09:35 - 01362432 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2017-06-24 02:21 - 2017-04-06 09:15 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2017-06-24 02:21 - 2017-04-06 08:44 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2017-06-24 02:21 - 2017-04-02 09:41 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-06-24 02:21 - 2017-04-02 07:49 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2017-06-24 02:21 - 2017-04-02 06:40 - 02013016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-06-24 02:21 - 2017-03-31 16:16 - 01968408 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2017-06-24 02:21 - 2017-03-31 14:59 - 01612504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2017-06-24 02:21 - 2017-03-13 09:38 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmitomi.dll
2017-06-24 02:21 - 2017-03-13 09:29 - 02609664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2017-06-24 02:21 - 2017-03-13 09:25 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmWmiPl.dll
2017-06-24 02:21 - 2017-03-13 09:13 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmitomi.dll
2017-06-24 02:21 - 2017-03-13 09:07 - 02170880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2017-06-24 02:21 - 2017-03-13 09:06 - 00236032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmWmiPl.dll
2017-06-24 02:21 - 2017-03-12 08:04 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-06-24 02:21 - 2017-03-10 20:59 - 01763888 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-06-24 02:21 - 2017-03-10 20:56 - 01489608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-06-24 02:21 - 2017-03-10 16:38 - 00275800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-06-24 02:21 - 2017-03-09 13:52 - 00293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
2017-06-24 02:21 - 2017-03-09 12:17 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
2017-06-24 02:21 - 2017-03-04 12:24 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-06-24 02:21 - 2017-03-04 12:06 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2017-06-24 02:21 - 2017-03-04 11:15 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2017-06-24 02:21 - 2017-03-04 09:37 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-06-24 02:21 - 2017-03-03 08:10 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll
2017-06-24 02:21 - 2017-03-03 08:04 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll
2017-06-24 02:21 - 2017-02-11 11:18 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2017-06-24 02:21 - 2017-02-10 12:06 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-06-24 02:21 - 2017-02-10 07:37 - 00046600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2017-06-24 02:21 - 2017-02-09 07:59 - 00658432 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2017-06-24 02:21 - 2017-02-09 07:58 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2017-06-24 02:21 - 2017-02-09 07:58 - 00252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2017-06-24 02:21 - 2017-02-04 13:30 - 01663184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-06-24 02:21 - 2017-02-04 13:30 - 01523216 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-06-24 02:21 - 2017-02-04 13:30 - 01490128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-06-24 02:21 - 2017-02-04 13:30 - 01358960 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-06-24 02:21 - 2017-02-04 12:30 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2017-06-24 02:21 - 2017-02-04 10:53 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2017-06-24 02:21 - 2017-02-04 10:51 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-06-24 02:21 - 2017-02-04 10:50 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\icm32.dll
2017-06-24 02:21 - 2017-02-04 10:32 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\mscms.dll
2017-06-24 02:21 - 2017-02-04 10:19 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2017-06-24 02:21 - 2017-02-04 10:17 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\icm32.dll
2017-06-24 02:21 - 2017-02-04 10:05 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscms.dll
2017-06-24 02:21 - 2017-02-01 12:44 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-06-24 02:21 - 2017-01-21 14:37 - 00567152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-06-24 02:21 - 2017-01-21 12:27 - 00756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2017-06-24 02:21 - 2017-01-21 12:27 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\msobjs.dll
2017-06-24 02:21 - 2017-01-21 11:40 - 00756736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2017-06-24 02:21 - 2017-01-21 11:40 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msobjs.dll
2017-06-24 02:21 - 2017-01-18 19:18 - 01113944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-06-24 02:21 - 2017-01-18 07:35 - 00994760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-06-24 02:21 - 2017-01-18 07:34 - 00922432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-06-24 02:21 - 2017-01-14 13:32 - 00955016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-06-24 02:21 - 2017-01-14 12:18 - 00787688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-06-24 02:21 - 2017-01-14 10:49 - 00146944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2017-06-24 02:21 - 2017-01-12 09:51 - 00274776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2017-06-24 02:21 - 2017-01-12 09:51 - 00117592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2017-06-24 02:21 - 2017-01-11 23:12 - 00990040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2017-06-24 02:21 - 2017-01-11 12:37 - 02345984 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2017-06-24 02:21 - 2017-01-11 12:12 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\SessEnv.dll
2017-06-24 02:21 - 2017-01-11 10:28 - 00422744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2017-06-24 02:21 - 2017-01-11 08:09 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SessEnv.dll
2017-06-24 02:21 - 2017-01-10 15:37 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2017-06-24 02:21 - 2017-01-10 14:06 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-06-24 02:21 - 2017-01-10 13:46 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2017-06-24 02:21 - 2017-01-10 12:20 - 00696832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-06-24 02:21 - 2017-01-10 12:09 - 01108480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2017-06-24 02:21 - 2017-01-10 12:08 - 01549312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2017-06-24 02:21 - 2017-01-06 10:25 - 02513408 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2017-06-24 02:21 - 2017-01-06 10:04 - 01495552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2017-06-24 02:21 - 2016-12-24 18:21 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scfilter.sys
2017-06-24 02:21 - 2016-12-24 18:14 - 00242176 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2017-06-24 02:21 - 2016-12-24 17:48 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-06-24 02:21 - 2016-12-24 17:19 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2017-06-24 02:21 - 2016-12-24 16:39 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-06-24 02:21 - 2016-12-09 01:08 - 00379736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-06-24 01:45 - 2017-02-23 07:50 - 00093360 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-06-24 01:45 - 2017-02-22 07:35 - 01609216 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-06-24 01:45 - 2017-02-22 07:35 - 01286144 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-06-24 01:45 - 2017-02-22 07:35 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-06-24 01:45 - 2017-02-22 07:35 - 00556544 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-06-24 01:45 - 2017-02-22 07:35 - 00335360 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-06-24 01:45 - 2017-02-22 07:35 - 00233984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-06-24 01:45 - 2017-02-22 07:35 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-06-24 01:44 - 2017-02-22 07:35 - 00293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\centel.dll
2017-06-23 16:24 - 2017-06-23 16:24 - 00285816 _____ C:\WINDOWS\Minidump\062317-30968-01.dmp
2017-06-23 14:40 - 2017-06-23 14:40 - 00285816 _____ C:\WINDOWS\Minidump\062317-23265-01.dmp
2017-06-23 13:14 - 2017-06-23 13:14 - 07649280 _____ C:\Program Files (x86)\GUTDA5F.tmp
2017-06-23 13:14 - 2017-06-23 13:14 - 00000000 ____D C:\Program Files (x86)\GUMDA5E.tmp
2017-06-23 13:10 - 2017-06-23 13:10 - 00285816 _____ C:\WINDOWS\Minidump\062317-42812-01.dmp
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-06-26 14:02 - 2014-01-22 14:46 - 00000000 ____D C:\Users\stephanie
2017-06-26 14:02 - 2013-08-22 07:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-06-26 13:50 - 2014-11-02 17:01 - 434589242 _____ C:\WINDOWS\MEMORY.DMP
2017-06-26 13:34 - 2013-09-15 18:42 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3123225858-1134280287-2187229252-1001
2017-06-26 12:48 - 2015-06-17 13:37 - 00000962 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3123225858-1134280287-2187229252-1001UA.job
2017-06-26 12:16 - 2014-12-09 20:26 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-06-26 12:16 - 2014-07-11 17:49 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2017-06-26 12:16 - 2013-09-15 18:32 - 00000000 ____D C:\Users\stephanie\AppData\Local\Packages
2017-06-26 12:16 - 2013-08-22 08:36 - 00000000 ___HD C:\Program Files\WindowsApps
2017-06-26 12:16 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-06-26 12:16 - 2012-07-26 00:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-06-26 11:59 - 2014-03-04 16:21 - 00003806 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{16E80682-D531-4060-AECC-EBA9E2AFF125}
2017-06-26 11:54 - 2012-11-23 09:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2017-06-26 11:54 - 2012-11-23 09:33 - 00000000 ____D C:\Program Files (x86)\ASUS
2017-06-26 11:22 - 2013-08-22 06:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2017-06-26 11:21 - 2016-02-21 15:40 - 00008192 _____ C:\WINDOWS\SysWOW64\WDPABKP.dat
2017-06-26 11:20 - 2013-09-15 18:35 - 00000408 _____ C:\Users\stephanie\AppData\Roaming\sp_data.sys
2017-06-25 23:01 - 2013-08-22 06:36 - 00000000 ____D C:\WINDOWS\Inf
2017-06-25 22:45 - 2014-11-02 17:01 - 00000000 ____D C:\WINDOWS\Minidump
2017-06-25 22:11 - 2015-08-20 20:04 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-06-25 21:59 - 2016-10-20 18:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-06-25 21:59 - 2013-09-15 19:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-06-25 20:48 - 2015-06-17 13:37 - 00000910 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3123225858-1134280287-2187229252-1001Core.job
2017-06-25 20:00 - 2013-11-14 00:28 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-06-25 18:09 - 2013-09-15 19:34 - 00002217 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-25 18:09 - 2013-09-15 19:34 - 00002205 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-06-25 15:46 - 2015-07-26 17:38 - 00003068 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon
2017-06-25 15:46 - 2015-07-26 17:37 - 00000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2017-06-25 13:25 - 2013-08-22 07:44 - 00550456 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-06-25 13:16 - 2013-08-22 08:36 - 00000000 ___RD C:\WINDOWS\ToastData
2017-06-25 13:16 - 2013-08-22 08:36 - 00000000 ____D C:\Program Files\Windows Defender
2017-06-25 13:16 - 2013-08-22 08:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-06-25 13:15 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-06-25 13:13 - 2016-01-01 23:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-06-25 13:11 - 2016-01-01 23:26 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-06-25 13:11 - 2016-01-01 23:26 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-06-25 13:08 - 2012-07-25 22:26 - 00000199 _____ C:\WINDOWS\win.ini
2017-06-25 13:07 - 2013-09-17 13:23 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-06-25 12:58 - 2013-09-17 13:23 - 133627792 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-06-25 12:21 - 2014-12-13 15:17 - 00000000 ____D C:\Program Files (x86)\Java
2017-06-25 12:21 - 2014-11-16 10:33 - 00000000 ____D C:\ProgramData\Oracle
2017-06-25 12:20 - 2014-12-13 15:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-06-25 12:19 - 2014-12-13 15:18 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-06-25 12:02 - 2013-09-15 19:34 - 00003330 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-06-25 12:02 - 2013-09-15 19:34 - 00003202 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-06-23 14:56 - 2015-04-12 18:14 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-06-23 14:53 - 2014-12-23 12:57 - 00004476 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-06-23 13:52 - 2013-09-15 22:44 - 00004152 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-06-23 13:52 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-06-23 13:52 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-06-23 13:40 - 2016-12-11 19:41 - 00000000 ____D C:\Users\stephanie\AppData\LocalLow\Mozilla
2017-06-23 13:10 - 2013-10-22 23:18 - 00000000 ____D C:\Program Files\Common Files\McAfee
2017-06-19 10:25 - 2012-11-23 09:34 - 00000000 ____D C:\ProgramData\McAfee
2017-06-02 19:31 - 2016-11-08 19:16 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-05-29 00:01 - 2013-09-15 18:32 - 00000000 ____D C:\Users\stephanie\AppData\Local\VirtualStore
==================== Files in the root of some directories =======
2017-06-23 13:14 - 2017-06-23 13:14 - 7649280 _____ () C:\Program Files (x86)\GUTDA5F.tmp
2013-09-16 17:24 - 2013-09-16 17:24 - 0000021 _____ () C:\Users\stephanie\AppData\Roaming\my_intel.sys
2013-09-15 18:35 - 2017-06-26 11:20 - 0000408 _____ () C:\Users\stephanie\AppData\Roaming\sp_data.sys
2013-12-18 17:42 - 2014-03-04 11:42 - 0000130 _____ () C:\Users\stephanie\AppData\Roaming\WB.CFG
2012-11-23 09:32 - 2012-09-07 04:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2012-11-23 09:32 - 2009-07-22 03:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2012-11-23 09:32 - 2012-09-07 04:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
Files to move or delete:
====================
C:\Users\stephanie\NPSI2KVW.dll
Some files in TEMP:
====================
2016-01-01 23:36 - 2016-01-01 23:36 - 0144008 _____ (© 2015 Microsoft Corporation) C:\Users\stephanie\AppData\Local\Temp\BingSvc.exe
2016-01-01 23:36 - 2016-01-01 23:36 - 1118360 _____ (© 2015 Microsoft Corporation) C:\Users\stephanie\AppData\Local\Temp\BSvcProcessor.exe
2016-01-01 23:36 - 2016-01-01 23:36 - 0170128 _____ (© 2015 Microsoft Corporation) C:\Users\stephanie\AppData\Local\Temp\BSvcUpdater.exe
2016-01-01 23:26 - 2016-01-01 23:26 - 2612880 _____ (Microsoft Corporation) C:\Users\stephanie\AppData\Local\Temp\DefaultPack.EXE
2015-12-11 19:09 - 2015-12-11 19:09 - 0071168 _____ () C:\Users\stephanie\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphjuv43.dll
2016-07-28 20:51 - 2016-07-28 20:51 - 0741440 _____ (Oracle Corporation) C:\Users\stephanie\AppData\Local\Temp\jre-8u101-windows-au.exe
2017-02-22 20:23 - 2017-02-22 20:23 - 0739904 _____ (Oracle Corporation) C:\Users\stephanie\AppData\Local\Temp\jre-8u121-windows-au.exe
2017-06-25 12:17 - 2017-06-25 12:17 - 0739904 _____ (Oracle Corporation) C:\Users\stephanie\AppData\Local\Temp\jre-8u131-windows-au.exe
2015-07-26 17:33 - 2015-07-26 17:33 - 0563808 _____ (Oracle Corporation) C:\Users\stephanie\AppData\Local\Temp\jre-8u51-windows-au.exe
2016-02-04 21:34 - 2016-02-04 21:34 - 0644704 _____ (Oracle Corporation) C:\Users\stephanie\AppData\Local\Temp\jre-8u71-windows-au.exe
2016-02-21 10:18 - 2016-02-21 10:18 - 0736352 _____ (Oracle Corporation) C:\Users\stephanie\AppData\Local\Temp\jre-8u73-windows-au.exe
2016-03-28 10:56 - 2016-03-28 10:56 - 0736320 _____ (Oracle Corporation) C:\Users\stephanie\AppData\Local\Temp\jre-8u77-windows-au.exe
2016-06-05 12:13 - 2016-06-05 12:13 - 0739904 _____ (Oracle Corporation) C:\Users\stephanie\AppData\Local\Temp\jre-8u91-windows-au.exe
2014-07-25 04:14 - 2014-07-25 04:14 - 0231736 _____ (Adobe Systems Inc.) C:\Users\stephanie\AppData\Local\Temp\Shockwave_Installer_FF.exe
2016-02-04 21:37 - 2016-02-04 21:37 - 0847576 _____ (Yahoo! Inc.) C:\Users\stephanie\AppData\Local\Temp\ytb.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-02-18 22:17
==================== End of FRST.txt ============================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-06-2017 01
Ran by MOM (administrator) on BABYGURL95-PC (26-06-2017 14:19:15)
Running from C:\Users\stephanie\Desktop
Loaded Profiles: MOM (Available Profiles: MOM)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\WINDOWS\System32\mfevtps.exe
(McAfee, Inc.) C:\WINDOWS\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\WINDOWS\HelpPane.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_15_6\mcapexe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13197456 2012-09-28] (Realtek Semiconductor)
HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe********************************************* [107192 2012-08-24] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [464608 2014-09-08] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2012-11-23] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\AsusWSPanel.exe [3423104 2012-08-30] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [557344 2017-04-17] (McAfee, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-10-13] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [USB Optical Mouse] => C:\Program Files (x86)\USB Optical Mouse\USB Optical Mouse\MouseHid.exe [245248 2010-03-30] ()
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FileTransferForMobileGo] => C:\Program Files (x86)\Wondershare\MobileGo for Android\FileTransfer.exe [336272 2014-11-05] (Wondershare)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare)
HKLM-x32\...\Run: [Wondershare Helper Compact] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1852264 2014-05-23] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694048 2014-05-23] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5571944 2016-04-19] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3123225858-1134280287-2187229252-1001\...\Run: [Wondershare Helper Compact] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare)
HKU\S-1-5-21-3123225858-1134280287-2187229252-1001\...\Run: [Dropbox Update] => C:\Users\stephanie\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-17] (Dropbox, Inc.)
HKU\S-1-5-21-3123225858-1134280287-2187229252-1001\...\Run: [BingSvc] => C:\Users\stephanie\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2016-01-01] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-3123225858-1134280287-2187229252-1001\Control Panel\Desktop\\SCRNSAVE.EXE ->
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.10.123\ASUSWSShellExt64.dll [2012-03-13] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\stephanie\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\stephanie\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\stephanie\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\stephanie\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\stephanie\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\stephanie\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\stephanie\AppData\Roaming\Dropbox\bin\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MobileGo Service.lnk [2015-03-11]
ShortcutTarget: MobileGo Service.lnk -> C:\Program Files (x86)\Wondershare\MobileGo for Android\MobileGoService.exe (Wondershare)
Startup: C:\Users\stephanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-08-06]
ShortcutTarget: Dropbox.lnk -> C:\Users\stephanie\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{5D0A64F1-D676-4EB3-8EB4-C5ED0C72C21A}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{A6692734-6FB1-4FB4-898B-C8F0E02DDF40}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-3123225858-1134280287-2187229252-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.autopartners.net/gmentsso/UI/Login?goto=https%3A%2F%2Fwww.autopartners.net%3A443%2Fapps%2Fgcportal%2Flogin.html
HKU\S-1-5-21-3123225858-1134280287-2187229252-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
SearchScopes: HKU\S-1-5-21-3123225858-1134280287-2187229252-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3123225858-1134280287-2187229252-1001 -> {03B98F8D-DCC8-4A6E-BBC3-E3E5EDD40EA2} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-3123225858-1134280287-2187229252-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3123225858-1134280287-2187229252-1001 -> {5074ABC7-4251-4010-96D2-D4DBFD7F4767} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-12-15] (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-01-22] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-06-25] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-06-25] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-3123225858-1134280287-2187229252-1001 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2017-04-17] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2017-04-17] (McAfee, Inc.)
FireFox:
========
FF ProfilePath: C:\Users\stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\tbbp0rkn.default [2017-06-23]
FF user.js: detected! => C:\Users\stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\tbbp0rkn.default\user.js [2013-10-14]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\tbbp0rkn.default -> Bing
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\tbbp0rkn.default -> Google
FF SearchEngineOrder.3: Mozilla\Firefox\Profiles\tbbp0rkn.default -> Bing
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\tbbp0rkn.default -> Bing
FF Homepage: Mozilla\Firefox\Profiles\tbbp0rkn.default -> hxxp://www.twcc.com/
hxxps://avchevrolet.easecentral.com/?H990dozRESiTzdtol8IMFA==ec
hxxps://www.healthnet.com/portal/member/home.ndo
FF Keyword.URL: Mozilla\Firefox\Profiles\tbbp0rkn.default -> hxxp://www.bing.com/search?FORM=SL5CDF&PC=SL5C&q=
FF Extension: (Bing Search) - C:\Users\stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\tbbp0rkn.default\Extensions\[email protected] [2016-01-01]
FF Extension: (Firefox Hotfix) - C:\Users\stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\tbbp0rkn.default\Extensions\[email protected] [2017-03-12]
FF Extension: (TLS 1.3 A/B Test Experiment) - C:\Users\stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\tbbp0rkn.default\features\{01968c94-d21a-437d-a6b8-a3f513cb590c}\[email protected] [2017-06-11]
FF SearchPlugin: C:\Users\stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\tbbp0rkn.default\searchplugins\bing-.xml [2016-01-02]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_131.dll [2017-06-23] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2017-04-17] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-06-23] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1219160.dll [2015-07-22] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-06-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-06-25] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2017-04-17] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-09-20] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-06-25] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-06-25] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-02-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3123225858-1134280287-2187229252-1001: @citrixonline.com/appdetectorplugin -> C:\Users\stephanie\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-01-22] (Citrix Online)
Chrome:
=======
CHR DefaultProfile: Profile 2
CHR HomePage: Profile 2 -> msn.com
CHR DefaultSearchURL: Profile 2 -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Profile 2 -> bing.com
CHR DefaultSuggestURL: Profile 2 -> hxxp://www.bing.com/osjson.aspx?FORM=__PARAM__DF&PC=__PARAM__&query={searchTerms}
CHR Profile: C:\Users\stephanie\AppData\Local\Google\Chrome\User Data\Profile 2 [2017-06-25]
CHR Extension: (Google Slides) - C:\Users\stephanie\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-04]
CHR Extension: (Google Docs) - C:\Users\stephanie\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-04]
CHR Extension: (Google Drive) - C:\Users\stephanie\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-06]
CHR Extension: (YouTube) - C:\Users\stephanie\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-04]
CHR Extension: (Google Search) - C:\Users\stephanie\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-06]
CHR Extension: (Bing) - C:\Users\stephanie\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2016-09-29]
CHR Extension: (Google Sheets) - C:\Users\stephanie\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-04]
CHR Extension: (Google Docs Offline) - C:\Users\stephanie\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\stephanie\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-05-17]
CHR Extension: (Gmail) - C:\Users\stephanie\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-04]
CHR Extension: (Chrome Media Router) - C:\Users\stephanie\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-24]
CHR HKU\S-1-5-21-3123225858-1134280287-2187229252-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
S4 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2787512 2015-12-23] (Microsoft Corporation)
S4 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1752992 2017-03-29] (Intel Security)
S4 FlipShare Service; C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe [460144 2011-05-06] ()
S4 FlipShareServer; C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [1085440 2011-05-06] () [File not signed]
S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
S4 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [0 2012-06-27] () <==== ATTENTION (zero byte File/Folder)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_6\McApExe.exe [994312 2017-04-04] (McAfee, Inc.)
S2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
S2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.3.322.0\\McCSPServiceHost.exe [2054080 2017-02-28] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
S4 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [1344472 2017-02-24] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [241040 2017-01-18] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [385112 2017-01-18] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [343792 2017-01-18] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1551512 2017-02-26] (McAfee, Inc.)
S2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1105840 2017-04-21] (Intel Security, Inc.)
S2 Samsung Printer Dianostics Service; C:\WINDOWS\SysWOW64\\spdsvc.exe [498488 2016-04-01] ()
S4 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1049464 2016-04-19] (Western Digital Technologies, Inc.)
S4 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [314744 2016-04-19] (Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
S3 MozillaMaintenance; "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AmdK8; C:\WINDOWS\System32\drivers\amdk8.sys [95744 2013-08-22] (Microsoft Corporation) [File not signed]
S3 AmdPPM; C:\WINDOWS\System32\drivers\amdppm.sys [98816 2013-08-22] (Microsoft Corporation) [File not signed]
S3 ASUSProcObsrv; C:\eSupport\eDriver\I386\AsPrOb64.sys [12416 2010-05-25] ()
R3 ATP; C:\WINDOWS\System32\drivers\AsusTP.sys [62848 2012-11-20] (ASUS Corporation)
S1 cdrom; C:\WINDOWS\System32\drivers\cdrom.sys [164352 2013-08-22] (Microsoft Corporation) [File not signed]
S3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [88464 2017-01-20] (McAfee, Inc.)
S3 FxPPM; C:\WINDOWS\System32\drivers\fxppm.sys [27136 2013-08-22] (Microsoft Corporation) [File not signed]
S3 intelppm; C:\WINDOWS\System32\drivers\intelppm.sys [98816 2013-08-22] (Microsoft Corporation) [File not signed]
S3 kbfiltr; C:\WINDOWS\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2017-06-25] (Malwarebytes)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [487184 2017-01-20] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [366328 2017-01-20] (McAfee, Inc.)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [85048 2017-04-03] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [518704 2017-01-20] (McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [923640 2017-01-20] (McAfee, Inc.)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [498648 2017-01-19] (McAfee, Inc.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [109320 2017-01-19] (McAfee, Inc.)
S3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [110256 2017-01-20] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [254800 2017-01-20] (McAfee, Inc.)
S3 NMgamingmsFltr; C:\WINDOWS\system32\drivers\NMgamingms.sys [11648 2014-02-27] (LXD Development, Inc.)
S3 Processor; C:\WINDOWS\System32\drivers\processr.sys [92160 2013-08-22] (Microsoft Corporation) [File not signed]
S1 vrvd5; C:\WINDOWS\system32\DRIVERS\vrvd5.sys [13344 2016-02-21] (Rsupport Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
R0 ACPI; System32\drivers\ACPI.sys [X]
S3 rssasnt; \??\C:\Users\Public\Documents\RSupport\rcc50\rssas64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-06-26 14:19 - 2017-06-26 14:20 - 00024694 _____ C:\Users\stephanie\Desktop\FRST.txt
2017-06-26 14:18 - 2017-06-26 14:19 - 00000000 ____D C:\FRST
2017-06-26 14:03 - 2017-06-26 14:08 - 00158124 _____ C:\WINDOWS\ntbtlog.txt
2017-06-26 13:45 - 2017-06-26 13:45 - 02441216 _____ (Farbar) C:\Users\stephanie\Desktop\FRST64.exe
2017-06-26 12:16 - 2017-06-02 19:31 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-06-25 22:45 - 2017-06-25 22:46 - 00285872 _____ C:\WINDOWS\Minidump\062517-32328-01.dmp
2017-06-25 22:33 - 2017-06-25 22:34 - 00285816 _____ C:\WINDOWS\Minidump\062517-21937-01.dmp
2017-06-25 22:02 - 2017-06-25 22:02 - 00285816 _____ C:\WINDOWS\Minidump\062517-27015-01.dmp
2017-06-25 20:35 - 2017-06-25 20:35 - 00285816 _____ C:\WINDOWS\Minidump\062517-17593-01.dmp
2017-06-25 19:49 - 2017-06-25 19:49 - 00285816 _____ C:\WINDOWS\Minidump\062517-17843-01.dmp
2017-06-25 19:16 - 2017-06-25 19:16 - 00285816 _____ C:\WINDOWS\Minidump\062517-21562-01.dmp
2017-06-25 18:43 - 2017-06-25 18:43 - 00285816 _____ C:\WINDOWS\Minidump\062517-23796-01.dmp
2017-06-25 15:44 - 2017-06-26 11:08 - 00003860 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2017-06-25 15:44 - 2017-06-25 15:44 - 00004034 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
2017-06-25 12:49 - 2017-03-30 06:15 - 00875712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2017-06-25 12:49 - 2017-03-30 06:15 - 00869568 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2017-06-25 12:49 - 2017-03-30 06:15 - 00678592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp120_clr0400.dll
2017-06-25 12:49 - 2017-03-30 06:15 - 00536768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp120_clr0400.dll
2017-06-25 12:22 - 2017-06-25 12:22 - 00285816 _____ C:\WINDOWS\Minidump\062517-45359-01.dmp
2017-06-24 02:22 - 2017-06-02 05:06 - 01001984 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-06-24 02:22 - 2017-05-14 13:44 - 04170240 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-06-24 02:22 - 2017-05-14 13:26 - 00576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-06-24 02:22 - 2017-05-14 13:19 - 25738752 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-06-24 02:22 - 2017-05-14 13:19 - 01364040 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2017-06-24 02:22 - 2017-05-14 13:10 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-06-24 02:22 - 2017-05-14 12:55 - 05975040 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-06-24 02:22 - 2017-05-14 12:32 - 07077376 _____ (Microsoft Corporation) C:\WINDOWS\system32\glcndFilter.dll
2017-06-24 02:22 - 2017-05-14 12:31 - 01033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2017-06-24 02:22 - 2017-05-14 12:22 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-06-24 02:22 - 2017-05-14 12:19 - 00806912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-06-24 02:22 - 2017-05-14 12:11 - 20274688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-06-24 02:22 - 2017-05-14 12:10 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-06-24 02:22 - 2017-05-14 12:04 - 00315224 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-06-24 02:22 - 2017-05-14 12:03 - 00373080 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-06-24 02:22 - 2017-05-14 11:54 - 15252992 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-06-24 02:22 - 2017-05-14 11:52 - 03240960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-06-24 02:22 - 2017-05-14 11:48 - 05274112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\glcndFilter.dll
2017-06-24 02:22 - 2017-05-14 11:46 - 00880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2017-06-24 02:22 - 2017-05-14 11:44 - 04549120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-06-24 02:22 - 2017-05-14 11:40 - 00693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-06-24 02:22 - 2017-05-14 11:38 - 07796736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-06-24 02:22 - 2017-05-14 11:37 - 01544704 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-06-24 02:22 - 2017-05-14 11:30 - 13664768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-06-24 02:22 - 2017-05-14 11:27 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-06-24 02:22 - 2017-05-14 11:16 - 05268992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-06-24 02:22 - 2017-05-14 11:15 - 02767872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-06-24 02:22 - 2017-05-14 11:13 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2017-06-24 02:22 - 2017-05-14 11:11 - 01314816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-06-24 02:22 - 2017-05-14 11:11 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-06-24 02:22 - 2017-05-14 11:06 - 07441240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-06-24 02:22 - 2017-05-12 09:16 - 01084928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-06-24 02:22 - 2017-05-12 09:13 - 01559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-06-24 02:22 - 2017-05-12 08:51 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2017-06-24 02:22 - 2017-05-12 08:50 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2017-06-24 02:22 - 2017-05-12 08:48 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-06-24 02:22 - 2017-05-12 08:47 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-06-24 02:22 - 2017-05-11 19:58 - 01985536 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-06-24 02:22 - 2017-05-11 19:48 - 01377792 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-06-24 02:22 - 2017-05-11 19:18 - 03714560 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-06-24 02:22 - 2017-05-11 19:11 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2017-06-24 02:22 - 2017-05-11 19:10 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2017-06-24 02:22 - 2017-05-11 19:07 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2017-06-24 02:22 - 2017-05-11 19:06 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-06-24 02:22 - 2017-05-11 19:04 - 00897024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-06-24 02:22 - 2017-05-11 19:00 - 02240512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2017-06-24 02:22 - 2017-05-11 16:36 - 22361848 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-06-24 02:22 - 2017-05-11 16:32 - 19788672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-06-24 02:22 - 2017-05-06 09:04 - 00865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-06-24 02:22 - 2017-04-16 03:23 - 02176584 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-06-24 02:22 - 2017-04-16 03:23 - 01662096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-06-24 02:22 - 2017-04-16 02:07 - 01213792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-06-24 02:22 - 2017-04-16 01:54 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-06-24 02:22 - 2017-04-16 01:51 - 02899456 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-06-24 02:22 - 2017-04-16 01:10 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2017-06-24 02:22 - 2017-04-16 01:00 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-06-24 02:22 - 2017-04-16 01:00 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-06-24 02:22 - 2017-04-16 00:53 - 02290176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-06-24 02:22 - 2017-04-16 00:43 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-06-24 02:22 - 2017-04-16 00:40 - 00725504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-06-24 02:22 - 2017-04-16 00:40 - 00378880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-06-24 02:22 - 2017-04-16 00:37 - 02132992 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-06-24 02:22 - 2017-04-16 00:29 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2017-06-24 02:22 - 2017-04-16 00:24 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-06-24 02:22 - 2017-04-16 00:22 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-06-24 02:22 - 2017-04-16 00:12 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-06-24 02:22 - 2017-04-16 00:10 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-06-24 02:22 - 2017-04-16 00:08 - 02057216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-06-24 02:22 - 2017-04-09 15:00 - 01548640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-06-24 02:22 - 2017-04-09 15:00 - 00388448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-06-24 02:22 - 2017-04-06 10:37 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-06-24 02:22 - 2017-04-06 09:50 - 01436672 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-06-24 02:22 - 2017-04-06 09:46 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-06-24 02:22 - 2017-04-02 09:41 - 00684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-06-24 02:22 - 2017-03-07 19:44 - 00448285 _____ C:\WINDOWS\system32\ApnDatabase.xml
2017-06-24 02:22 - 2017-03-03 08:11 - 01697792 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-06-24 02:22 - 2017-03-03 08:06 - 01501184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-06-24 02:22 - 2017-02-11 09:49 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll
2017-06-24 02:22 - 2017-02-11 09:42 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll
2017-06-24 02:22 - 2017-02-04 12:32 - 00251392 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2017-06-24 02:22 - 2017-02-04 10:40 - 01754112 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-06-24 02:22 - 2017-02-04 10:10 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-06-24 02:22 - 2017-02-01 12:42 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2017-06-24 02:21 - 2017-06-02 05:15 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2017-06-24 02:21 - 2017-06-02 05:12 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2017-06-24 02:21 - 2017-06-02 05:12 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
2017-06-24 02:21 - 2017-06-02 05:01 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2017-06-24 02:21 - 2017-06-02 04:30 - 03635200 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-06-24 02:21 - 2017-06-02 04:03 - 00903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-06-24 02:21 - 2017-06-02 03:58 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-06-24 02:21 - 2017-06-02 03:25 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2017-06-24 02:21 - 2017-06-02 03:24 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2017-06-24 02:21 - 2017-06-02 03:17 - 00699392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2017-06-24 02:21 - 2017-06-02 03:02 - 02751488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-06-24 02:21 - 2017-06-02 02:43 - 01920000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-06-24 02:21 - 2017-06-02 02:43 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-06-24 02:21 - 2017-05-15 12:58 - 00121184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2017-06-24 02:21 - 2017-05-14 13:42 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-06-24 02:21 - 2017-05-14 11:06 - 01737600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-06-24 02:21 - 2017-05-14 11:06 - 01502000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-06-24 02:21 - 2017-05-12 10:05 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-06-24 02:21 - 2017-05-11 21:10 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-06-24 02:21 - 2017-05-10 11:19 - 00101720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2017-06-24 02:21 - 2017-05-06 09:05 - 01094656 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-06-24 02:21 - 2017-04-16 03:23 - 01063464 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2017-06-24 02:21 - 2017-04-16 03:18 - 01135288 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-06-24 02:21 - 2017-04-16 03:18 - 00803192 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-06-24 02:21 - 2017-04-16 02:07 - 01566032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-06-24 02:21 - 2017-04-16 02:07 - 00548032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2017-06-24 02:21 - 2017-04-16 02:05 - 00612096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-06-24 02:21 - 2017-04-16 01:37 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2017-06-24 02:21 - 2017-04-16 01:16 - 00862720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-06-24 02:21 - 2017-04-16 01:03 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-06-24 02:21 - 2017-04-16 01:02 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-06-24 02:21 - 2017-04-16 00:23 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-06-24 02:21 - 2017-04-16 00:22 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-06-24 02:21 - 2017-04-16 00:02 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2017-06-24 02:21 - 2017-04-06 10:16 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpd_ci.dll
2017-06-24 02:21 - 2017-04-06 09:46 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2017-06-24 02:21 - 2017-04-06 09:35 - 01362432 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2017-06-24 02:21 - 2017-04-06 09:15 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2017-06-24 02:21 - 2017-04-06 08:44 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2017-06-24 02:21 - 2017-04-02 09:41 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-06-24 02:21 - 2017-04-02 07:49 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2017-06-24 02:21 - 2017-04-02 06:40 - 02013016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-06-24 02:21 - 2017-03-31 16:16 - 01968408 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2017-06-24 02:21 - 2017-03-31 14:59 - 01612504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2017-06-24 02:21 - 2017-03-13 09:38 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmitomi.dll
2017-06-24 02:21 - 2017-03-13 09:29 - 02609664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2017-06-24 02:21 - 2017-03-13 09:25 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmWmiPl.dll
2017-06-24 02:21 - 2017-03-13 09:13 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmitomi.dll
2017-06-24 02:21 - 2017-03-13 09:07 - 02170880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2017-06-24 02:21 - 2017-03-13 09:06 - 00236032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmWmiPl.dll
2017-06-24 02:21 - 2017-03-12 08:04 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-06-24 02:21 - 2017-03-10 20:59 - 01763888 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-06-24 02:21 - 2017-03-10 20:56 - 01489608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-06-24 02:21 - 2017-03-10 16:38 - 00275800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-06-24 02:21 - 2017-03-09 13:52 - 00293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
2017-06-24 02:21 - 2017-03-09 12:17 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
2017-06-24 02:21 - 2017-03-04 12:24 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-06-24 02:21 - 2017-03-04 12:06 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2017-06-24 02:21 - 2017-03-04 11:15 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2017-06-24 02:21 - 2017-03-04 09:37 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-06-24 02:21 - 2017-03-03 08:10 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll
2017-06-24 02:21 - 2017-03-03 08:04 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll
2017-06-24 02:21 - 2017-02-11 11:18 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2017-06-24 02:21 - 2017-02-10 12:06 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-06-24 02:21 - 2017-02-10 07:37 - 00046600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2017-06-24 02:21 - 2017-02-09 07:59 - 00658432 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2017-06-24 02:21 - 2017-02-09 07:58 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2017-06-24 02:21 - 2017-02-09 07:58 - 00252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2017-06-24 02:21 - 2017-02-04 13:30 - 01663184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-06-24 02:21 - 2017-02-04 13:30 - 01523216 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-06-24 02:21 - 2017-02-04 13:30 - 01490128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-06-24 02:21 - 2017-02-04 13:30 - 01358960 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-06-24 02:21 - 2017-02-04 12:30 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2017-06-24 02:21 - 2017-02-04 10:53 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2017-06-24 02:21 - 2017-02-04 10:51 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-06-24 02:21 - 2017-02-04 10:50 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\icm32.dll
2017-06-24 02:21 - 2017-02-04 10:32 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\mscms.dll
2017-06-24 02:21 - 2017-02-04 10:19 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2017-06-24 02:21 - 2017-02-04 10:17 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\icm32.dll
2017-06-24 02:21 - 2017-02-04 10:05 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscms.dll
2017-06-24 02:21 - 2017-02-01 12:44 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-06-24 02:21 - 2017-01-21 14:37 - 00567152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-06-24 02:21 - 2017-01-21 12:27 - 00756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2017-06-24 02:21 - 2017-01-21 12:27 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\msobjs.dll
2017-06-24 02:21 - 2017-01-21 11:40 - 00756736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2017-06-24 02:21 - 2017-01-21 11:40 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msobjs.dll
2017-06-24 02:21 - 2017-01-18 19:18 - 01113944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-06-24 02:21 - 2017-01-18 07:35 - 00994760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-06-24 02:21 - 2017-01-18 07:34 - 00922432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-06-24 02:21 - 2017-01-14 13:32 - 00955016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-06-24 02:21 - 2017-01-14 12:18 - 00787688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-06-24 02:21 - 2017-01-14 10:49 - 00146944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2017-06-24 02:21 - 2017-01-12 09:51 - 00274776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2017-06-24 02:21 - 2017-01-12 09:51 - 00117592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2017-06-24 02:21 - 2017-01-11 23:12 - 00990040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2017-06-24 02:21 - 2017-01-11 12:37 - 02345984 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2017-06-24 02:21 - 2017-01-11 12:12 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\SessEnv.dll
2017-06-24 02:21 - 2017-01-11 10:28 - 00422744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2017-06-24 02:21 - 2017-01-11 08:09 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SessEnv.dll
2017-06-24 02:21 - 2017-01-10 15:37 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2017-06-24 02:21 - 2017-01-10 14:06 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-06-24 02:21 - 2017-01-10 13:46 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2017-06-24 02:21 - 2017-01-10 12:20 - 00696832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-06-24 02:21 - 2017-01-10 12:09 - 01108480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2017-06-24 02:21 - 2017-01-10 12:08 - 01549312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2017-06-24 02:21 - 2017-01-06 10:25 - 02513408 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2017-06-24 02:21 - 2017-01-06 10:04 - 01495552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2017-06-24 02:21 - 2016-12-24 18:21 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scfilter.sys
2017-06-24 02:21 - 2016-12-24 18:14 - 00242176 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2017-06-24 02:21 - 2016-12-24 17:48 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-06-24 02:21 - 2016-12-24 17:19 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2017-06-24 02:21 - 2016-12-24 16:39 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-06-24 02:21 - 2016-12-09 01:08 - 00379736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-06-24 01:45 - 2017-02-23 07:50 - 00093360 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-06-24 01:45 - 2017-02-22 07:35 - 01609216 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-06-24 01:45 - 2017-02-22 07:35 - 01286144 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-06-24 01:45 - 2017-02-22 07:35 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-06-24 01:45 - 2017-02-22 07:35 - 00556544 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-06-24 01:45 - 2017-02-22 07:35 - 00335360 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-06-24 01:45 - 2017-02-22 07:35 - 00233984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-06-24 01:45 - 2017-02-22 07:35 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-06-24 01:44 - 2017-02-22 07:35 - 00293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\centel.dll
2017-06-23 16:24 - 2017-06-23 16:24 - 00285816 _____ C:\WINDOWS\Minidump\062317-30968-01.dmp
2017-06-23 14:40 - 2017-06-23 14:40 - 00285816 _____ C:\WINDOWS\Minidump\062317-23265-01.dmp
2017-06-23 13:14 - 2017-06-23 13:14 - 07649280 _____ C:\Program Files (x86)\GUTDA5F.tmp
2017-06-23 13:14 - 2017-06-23 13:14 - 00000000 ____D C:\Program Files (x86)\GUMDA5E.tmp
2017-06-23 13:10 - 2017-06-23 13:10 - 00285816 _____ C:\WINDOWS\Minidump\062317-42812-01.dmp
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-06-26 14:02 - 2014-01-22 14:46 - 00000000 ____D C:\Users\stephanie
2017-06-26 14:02 - 2013-08-22 07:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-06-26 13:50 - 2014-11-02 17:01 - 434589242 _____ C:\WINDOWS\MEMORY.DMP
2017-06-26 13:34 - 2013-09-15 18:42 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3123225858-1134280287-2187229252-1001
2017-06-26 12:48 - 2015-06-17 13:37 - 00000962 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3123225858-1134280287-2187229252-1001UA.job
2017-06-26 12:16 - 2014-12-09 20:26 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-06-26 12:16 - 2014-07-11 17:49 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2017-06-26 12:16 - 2013-09-15 18:32 - 00000000 ____D C:\Users\stephanie\AppData\Local\Packages
2017-06-26 12:16 - 2013-08-22 08:36 - 00000000 ___HD C:\Program Files\WindowsApps
2017-06-26 12:16 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-06-26 12:16 - 2012-07-26 00:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-06-26 11:59 - 2014-03-04 16:21 - 00003806 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{16E80682-D531-4060-AECC-EBA9E2AFF125}
2017-06-26 11:54 - 2012-11-23 09:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2017-06-26 11:54 - 2012-11-23 09:33 - 00000000 ____D C:\Program Files (x86)\ASUS
2017-06-26 11:22 - 2013-08-22 06:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2017-06-26 11:21 - 2016-02-21 15:40 - 00008192 _____ C:\WINDOWS\SysWOW64\WDPABKP.dat
2017-06-26 11:20 - 2013-09-15 18:35 - 00000408 _____ C:\Users\stephanie\AppData\Roaming\sp_data.sys
2017-06-25 23:01 - 2013-08-22 06:36 - 00000000 ____D C:\WINDOWS\Inf
2017-06-25 22:45 - 2014-11-02 17:01 - 00000000 ____D C:\WINDOWS\Minidump
2017-06-25 22:11 - 2015-08-20 20:04 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-06-25 21:59 - 2016-10-20 18:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-06-25 21:59 - 2013-09-15 19:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-06-25 20:48 - 2015-06-17 13:37 - 00000910 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3123225858-1134280287-2187229252-1001Core.job
2017-06-25 20:00 - 2013-11-14 00:28 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-06-25 18:09 - 2013-09-15 19:34 - 00002217 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-25 18:09 - 2013-09-15 19:34 - 00002205 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-06-25 15:46 - 2015-07-26 17:38 - 00003068 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon
2017-06-25 15:46 - 2015-07-26 17:37 - 00000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2017-06-25 13:25 - 2013-08-22 07:44 - 00550456 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-06-25 13:16 - 2013-08-22 08:36 - 00000000 ___RD C:\WINDOWS\ToastData
2017-06-25 13:16 - 2013-08-22 08:36 - 00000000 ____D C:\Program Files\Windows Defender
2017-06-25 13:16 - 2013-08-22 08:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-06-25 13:15 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-06-25 13:13 - 2016-01-01 23:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-06-25 13:11 - 2016-01-01 23:26 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-06-25 13:11 - 2016-01-01 23:26 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-06-25 13:08 - 2012-07-25 22:26 - 00000199 _____ C:\WINDOWS\win.ini
2017-06-25 13:07 - 2013-09-17 13:23 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-06-25 12:58 - 2013-09-17 13:23 - 133627792 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-06-25 12:21 - 2014-12-13 15:17 - 00000000 ____D C:\Program Files (x86)\Java
2017-06-25 12:21 - 2014-11-16 10:33 - 00000000 ____D C:\ProgramData\Oracle
2017-06-25 12:20 - 2014-12-13 15:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-06-25 12:19 - 2014-12-13 15:18 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-06-25 12:02 - 2013-09-15 19:34 - 00003330 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-06-25 12:02 - 2013-09-15 19:34 - 00003202 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-06-23 14:56 - 2015-04-12 18:14 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-06-23 14:53 - 2014-12-23 12:57 - 00004476 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-06-23 13:52 - 2013-09-15 22:44 - 00004152 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-06-23 13:52 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-06-23 13:52 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-06-23 13:40 - 2016-12-11 19:41 - 00000000 ____D C:\Users\stephanie\AppData\LocalLow\Mozilla
2017-06-23 13:10 - 2013-10-22 23:18 - 00000000 ____D C:\Program Files\Common Files\McAfee
2017-06-19 10:25 - 2012-11-23 09:34 - 00000000 ____D C:\ProgramData\McAfee
2017-06-02 19:31 - 2016-11-08 19:16 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-05-29 00:01 - 2013-09-15 18:32 - 00000000 ____D C:\Users\stephanie\AppData\Local\VirtualStore
==================== Files in the root of some directories =======
2017-06-23 13:14 - 2017-06-23 13:14 - 7649280 _____ () C:\Program Files (x86)\GUTDA5F.tmp
2013-09-16 17:24 - 2013-09-16 17:24 - 0000021 _____ () C:\Users\stephanie\AppData\Roaming\my_intel.sys
2013-09-15 18:35 - 2017-06-26 11:20 - 0000408 _____ () C:\Users\stephanie\AppData\Roaming\sp_data.sys
2013-12-18 17:42 - 2014-03-04 11:42 - 0000130 _____ () C:\Users\stephanie\AppData\Roaming\WB.CFG
2012-11-23 09:32 - 2012-09-07 04:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2012-11-23 09:32 - 2009-07-22 03:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2012-11-23 09:32 - 2012-09-07 04:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
Files to move or delete:
====================
C:\Users\stephanie\NPSI2KVW.dll
Some files in TEMP:
====================
2016-01-01 23:36 - 2016-01-01 23:36 - 0144008 _____ (© 2015 Microsoft Corporation) C:\Users\stephanie\AppData\Local\Temp\BingSvc.exe
2016-01-01 23:36 - 2016-01-01 23:36 - 1118360 _____ (© 2015 Microsoft Corporation) C:\Users\stephanie\AppData\Local\Temp\BSvcProcessor.exe
2016-01-01 23:36 - 2016-01-01 23:36 - 0170128 _____ (© 2015 Microsoft Corporation) C:\Users\stephanie\AppData\Local\Temp\BSvcUpdater.exe
2016-01-01 23:26 - 2016-01-01 23:26 - 2612880 _____ (Microsoft Corporation) C:\Users\stephanie\AppData\Local\Temp\DefaultPack.EXE
2015-12-11 19:09 - 2015-12-11 19:09 - 0071168 _____ () C:\Users\stephanie\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphjuv43.dll
2016-07-28 20:51 - 2016-07-28 20:51 - 0741440 _____ (Oracle Corporation) C:\Users\stephanie\AppData\Local\Temp\jre-8u101-windows-au.exe
2017-02-22 20:23 - 2017-02-22 20:23 - 0739904 _____ (Oracle Corporation) C:\Users\stephanie\AppData\Local\Temp\jre-8u121-windows-au.exe
2017-06-25 12:17 - 2017-06-25 12:17 - 0739904 _____ (Oracle Corporation) C:\Users\stephanie\AppData\Local\Temp\jre-8u131-windows-au.exe
2015-07-26 17:33 - 2015-07-26 17:33 - 0563808 _____ (Oracle Corporation) C:\Users\stephanie\AppData\Local\Temp\jre-8u51-windows-au.exe
2016-02-04 21:34 - 2016-02-04 21:34 - 0644704 _____ (Oracle Corporation) C:\Users\stephanie\AppData\Local\Temp\jre-8u71-windows-au.exe
2016-02-21 10:18 - 2016-02-21 10:18 - 0736352 _____ (Oracle Corporation) C:\Users\stephanie\AppData\Local\Temp\jre-8u73-windows-au.exe
2016-03-28 10:56 - 2016-03-28 10:56 - 0736320 _____ (Oracle Corporation) C:\Users\stephanie\AppData\Local\Temp\jre-8u77-windows-au.exe
2016-06-05 12:13 - 2016-06-05 12:13 - 0739904 _____ (Oracle Corporation) C:\Users\stephanie\AppData\Local\Temp\jre-8u91-windows-au.exe
2014-07-25 04:14 - 2014-07-25 04:14 - 0231736 _____ (Adobe Systems Inc.) C:\Users\stephanie\AppData\Local\Temp\Shockwave_Installer_FF.exe
2016-02-04 21:37 - 2016-02-04 21:37 - 0847576 _____ (Yahoo! Inc.) C:\Users\stephanie\AppData\Local\Temp\ytb.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-02-18 22:17
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-06-2017 01
Ran by MOM (26-06-2017 14:21:38)
Running from C:\Users\stephanie\Desktop
Windows 8.1 (Update) (X64) (2014-01-22 23:53:07)
Boot Mode: Safe Mode (with Networking)
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3123225858-1134280287-2187229252-500 - Administrator - Disabled)
Guest (S-1-5-21-3123225858-1134280287-2187229252-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3123225858-1134280287-2187229252-1003 - Limited - Enabled)
MOM (S-1-5-21-3123225858-1134280287-2187229252-1001 - Administrator - Enabled) => C:\Users\stephanie
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan (Enabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan (Enabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe Connect 9 Add-in (HKU\S-1-5-21-3123225858-1134280287-2187229252-1001\...\Adobe Connect 9 Add-in) (Version: 11,9,972,8 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.9.160 - Adobe Systems, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS)
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.4 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.9 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.0.4 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.0.36 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.03.0004 - ASUS)
ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.8 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.10.123 - ASUS Cloud Corporation)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0025 - ASUS)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Citrix Online Launcher (HKLM-x32\...\{678753E6-E526-4AE5-A144-00240772543A}) (Version: 1.0.393 - Citrix)
Common Desktop Agent (Version: 1.62.0 - OEM) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-3123225858-1134280287-2187229252-1001\...\Dropbox) (Version: 7.4.30 - Dropbox, Inc.)
Epson Event Manager (HKLM-x32\...\{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}) (Version: 2.40.0001 - SEIKO EPSON CORPORATION)
EPSON NX430 Series Printer Uninstall (HKLM\...\EPSON NX430 Series) (Version: - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
EpsonNet Setup 3.3 (HKLM-x32\...\{C9D8A041-2963-4B31-8FFC-1500F3DB9293}) (Version: 3.3b - SEIKO EPSON CORPORATION)
FlipShare (HKLM-x32\...\{97C658D2-61FB-027F-0D76-E9CDC84AFEC7}) (Version: 5.12.3.0 - Flip Video)
Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.109 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
McAfee AntiVirus (HKLM-x32\...\MSC) (Version: 14.0 R13 - McAfee, Inc.)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4787.1002 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-3123225858-1134280287-2187229252-1001\...\SkyDriveSetup.exe) (Version: 16.4.6012.0828 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Midtronics BMIS File Utility (HKLM-x32\...\Midtronics BMIS File Utility) (Version: - )
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MyBitCast 2.0 (HKLM-x32\...\MyBitCast) (Version: 2.0 - ASUS)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4787.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4787.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4787.1002 - Microsoft Corporation) Hidden
Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 1.2.0.41 - Ralink)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6754 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.9200.27030 - Realtek Semiconductor Corp.)
Samsung Easy Document Creator (HKLM-x32\...\Samsung Easy Document Creator) (Version: 1.06.60 (3/17/2015) - Samsung Electronics Co., Ltd.)
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.05.81.00(5/25/2015) - Samsung Electronics Co., Ltd.)
Samsung Easy Wireless Setup (HKLM-x32\...\Easy Wireless Setup) (Version: 3.70.18.0 - Samsung Electronics Co., Ltd.)
Samsung M2070 Series (HKLM-x32\...\Samsung M2070 Series) (Version: 1.22 (9/7/2015) - Samsung Electronics Co., Ltd.)
Samsung Printer Diagnostics (HKLM-x32\...\Samsung Printer Diagnostics) (Version: 1.0.4.7 - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Samsung Scan Process Machine (x32 Version: 1.03.05.25 - Samsung Electronics Co., Ltd.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SIplugin (HKLM-x32\...\InstallShield_{D9D59C79-B080-4C94-B72A-1EB432ED192E}) (Version: 1.00.0000 - GM Service and Parts Operation)
SIplugin (x32 Version: 1.00.0000 - GM Service and Parts Operation) Hidden
SNS Upload for Easy Document Creator (HKLM-x32\...\{B6B5F07C-88D5-49D3-A1A7-A6D4BC37DCCC}) (Version: 1.0.0 - Samsung Electronics Co.,Ltd)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
USB Optical Mouse (HKLM-x32\...\{EEAE45EB-C1E3-4CCD-930D-D7B40F810063}) (Version: 1.00.0000 - )
VitalSource Bookshelf (HKLM-x32\...\{f4449697-7673-4d11-b23b-67f894203dc3}) (Version: 6.06.0023 - Ingram Content Group)
WD Drive Utilities (HKLM-x32\...\{E61CFDDA-40DD-4400-95CA-12819C50B5C2}) (Version: 1.1.0.51 - Western Digital Technologies, Inc.)
WD Quick View (HKLM-x32\...\{F4F2EF32-EAFE-4F87-B7DC-E19C9F8E76FC}) (Version: 2.4.16.16 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{919ADA61-13BF-43C4-A2DD-8BA49A244FC8}) (Version: 1.1.0.51 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{515B34CA-1229-4EDA-AE7C-53CBA68B8A7A}) (Version: 2.4.16.16 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{4555885d-a64c-4234-9aac-72a8a6b5590b}) (Version: 2.4.16.16 - Western Digital Technologies, Inc.)
Windows Driver Package - ASUS (ATP) Mouse (11/09/2012 1.0.0.153) (HKLM\...\5AB9160B769DD2E134ADCB8010377DECA2479378) (Version: 11/09/2012 1.0.0.153 - ASUS)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)
Wondershare MobileGo for Android ( Version 5.3.2 ) (HKLM-x32\...\{1E04C795-7359-4E05-8A0E-5644F777AA08}_is1) (Version: 5.3.2 - Wondershare)
Yahoo Search Set (HKLM-x32\...\Yahoo! SearchSet) (Version: - Yahoo Inc.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3123225858-1134280287-2187229252-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\stephanie\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3123225858-1134280287-2187229252-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\stephanie\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3123225858-1134280287-2187229252-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\stephanie\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3123225858-1134280287-2187229252-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\stephanie\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3123225858-1134280287-2187229252-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\stephanie\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3123225858-1134280287-2187229252-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\stephanie\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3123225858-1134280287-2187229252-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\stephanie\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3123225858-1134280287-2187229252-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\stephanie\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3123225858-1134280287-2187229252-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\stephanie\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3123225858-1134280287-2187229252-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\stephanie\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3123225858-1134280287-2187229252-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\stephanie\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3123225858-1134280287-2187229252-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\stephanie\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3123225858-1134280287-2187229252-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\stephanie\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3123225858-1134280287-2187229252-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\stephanie\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3123225858-1134280287-2187229252-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\stephanie\AppData\Roaming\Dropbox\bin\DropboxExt64.38.dll (Dropbox, Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {093168F4-7D30-4C8E-94A8-6256508BAB92} - System32\Tasks\ASUS InstantOn Config => C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe [2012-09-24] (ASUS)
Task: {0D8A891D-890C-4808-84D8-2F436AB14653} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {0F939186-E771-43A8-8388-1660B7045296} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-06-23] (Adobe Systems Incorporated)
Task: {1274336E-AB06-46B6-A48C-0671C5557CC6} - \Microsoft\Windows\TaskScheduler\Maintenance Configurator -> No File <==== ATTENTION
Task: {131E7D67-6100-47D4-A821-2B6633B48A8E} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-12-23] (Microsoft Corporation)
Task: {1687544D-7247-4F5A-965A-A6E920E55278} - \Microsoft\Windows\TaskScheduler\Manual Maintenance -> No File <==== ATTENTION
Task: {1E98D1C6-C3E6-46C2-BCB2-6F2F118A5168} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {24FEC8EC-4608-4BF5-BCAF-7E921A612932} - System32\Tasks\SpeedFixToolPro_Popup => C:\Program Files (x86)\Speed Fix Tool Pro\Splash.exe
Task: {28C6DBC6-1524-4F13-B0B1-93D60E1CD98A} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3123225858-1134280287-2187229252-1001UA => C:\Users\stephanie\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-17] (Dropbox, Inc.)
Task: {35844E08-9A21-44CD-B332-49C1ACEB4152} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {3AD5D5EA-DA0E-4157-A529-E73A529581CF} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2012-11-20] (AsusTek)
Task: {40525C58-79C2-47A1-9AA2-F1D7FC4F0691} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {51692A2F-8432-4982-98F0-B20DA2D59A7F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {69BD96B9-AE6A-4A6F-AB41-BCAB6CB56B0E} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2017-02-22] (McAfee, Inc.)
Task: {6B5A0A71-90A0-4008-BFBF-5CE4241FFD25} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-01-22] (Microsoft Corporation)
Task: {6C479C33-15AE-4DB7-946E-78190C033BF7} - System32\Tasks\SpeedFixToolPro_Start => C:\Program Files (x86)\Speed Fix Tool Pro\SpeedFixToolPro.exe
Task: {6F02587F-8A2B-4552-97F6-DEEF229E335B} - \Microsoft\Windows\TaskScheduler\Idle Maintenance -> No File <==== ATTENTION
Task: {7198E19F-FC0D-419A-9A71-0B12CC420D9B} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {85CC0439-5197-4919-AB8E-0006D94E9B4A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {88DE71CE-78B4-455C-A329-445B7CC0B292} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.50.1291.1\mcdatrep.exe [2017-02-12] (McAfee, Inc.)
Task: {B7992938-01F1-4F40-A0EC-0D23D2F0F152} - \Microsoft\Windows\TaskScheduler\Regular Maintenance -> No File <==== ATTENTION
Task: {BBF6015A-161D-49C3-9B9B-529884C934BC} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3123225858-1134280287-2187229252-1001Core => C:\Users\stephanie\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-17] (Dropbox, Inc.)
Task: {C2EA3FE3-789D-4D8E-B1D1-92B95EC87E7A} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [2017-02-26] (McAfee, Inc.)
Task: {CBA7A2E8-4ABC-4DB1-A556-45AEA6D0067A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-06-25] (Microsoft Corporation)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - \Microsoft\Windows\SettingSync\BackupTask -> No File <==== ATTENTION
Task: {D6F4A061-CEFB-4F38-81EC-6E80ECDD3011} - System32\Tasks\Microsoft\Windows\Location\Notifications => C:\WINDOWS\System32\LocationNotificationWindows.exe
Task: {D7092F5D-474F-450D-B734-C25F6B1108B1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-02-02] (Adobe Systems Incorporated)
Task: {E8EF14B4-1CEA-4D18-9A2E-6BC2491D6B16} - System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.50.1291.1\mcdatrep.exe [2017-02-12] (McAfee, Inc.)
Task: {E9E51196-ABDD-497C-A586-20433CD5F0B7} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-12-23] (Microsoft Corporation)
Task: {ED320FA7-55CA-4C4B-ADDA-56A09DE21474} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3123225858-1134280287-2187229252-1001Core.job => C:\Users\stephanie\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3123225858-1134280287-2187229252-1001UA.job => C:\Users\stephanie\AppData\Local\Dropbox\Update\DropboxUpdate.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\stephanie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2"
==================== Loaded Modules (Whitelisted) ==============
2015-10-28 15:44 - 2015-09-01 09:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
e"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 06:25 - 2013-08-22 06:25 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3123225858-1134280287-2187229252-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\stephanie\Dropbox\Camera Uploads\2014-11-21 20.51.12.jpg
DNS Servers: 209.18.47.61 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: ASLDRService => 2
MSCONFIG\Services: ASUS InstantOn => 2
MSCONFIG\Services: ATKGFNEXSrv => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: ClientAnalyticsService => 3
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: FlipShare Service => 2
MSCONFIG\Services: FlipShareServer => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HomeNetSvc => 2
MSCONFIG\Services: IconMan_R => 2
MSCONFIG\Services: Intel® Capability Licensing Service Interface => 2
MSCONFIG\Services: Intel® ME Service => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: McBootDelayStartSvc => 2
MSCONFIG\Services: mccspsvc => 2
MSCONFIG\Services: McNaiAnn => 2
MSCONFIG\Services: McODS => 3
MSCONFIG\Services: mcpltsvc => 2
MSCONFIG\Services: McProxy => 2
MSCONFIG\Services: PEFService => 2
MSCONFIG\Services: UNS => 2
MSCONFIG\Services: WDBackup => 2
MSCONFIG\Services: WDDriveService => 2
HKLM\...\StartupApproved\StartupFolder: => "MobileGo Service.lnk"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "ACMON"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "CDAServer"
HKLM\...\StartupApproved\Run32: => "Adobe Reader Speed Launcher"
HKLM\...\StartupApproved\Run32: => "ASUSPRP"
HKLM\...\StartupApproved\Run32: => "ASUSWebStorage"
HKLM\...\StartupApproved\Run32: => "mcui_exe"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "BCSSync"
HKLM\...\StartupApproved\Run32: => "EEventManager"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "USB Optical Mouse"
HKLM\...\StartupApproved\Run32: => "FileTransferForMobileGo"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "WD Quick View"
HKLM\...\StartupApproved\Run32: => "WD Drive Unlocker"
HKLM\...\StartupApproved\Run32: => "DriveUtilitiesHelper"
HKU\S-1-5-21-3123225858-1134280287-2187229252-1001\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-3123225858-1134280287-2187229252-1001\...\StartupApproved\Run: => "Facebook Update"
HKU\S-1-5-21-3123225858-1134280287-2187229252-1001\...\StartupApproved\Run: => "Dropbox Update"
HKU\S-1-5-21-3123225858-1134280287-2187229252-1001\...\StartupApproved\Run: => "Wondershare Helper Compact"
HKU\S-1-5-21-3123225858-1134280287-2187229252-1001\...\StartupApproved\Run: => "BingSvc"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [UDP Query User{B8EE9DD4-40D8-4CF4-A0C0-E9B4F9FDE319}C:\users\stephanie\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\stephanie\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{5F47B06F-0001-411F-916C-C3D5AE46BC3B}C:\users\stephanie\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\stephanie\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{AFF2B008-189C-4C35-A160-89A79E5883C2}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{71FDB8E4-793A-43E8-AF57-A955530A5979}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{71555062-5DF5-4D9D-8820-28A777C78FC1}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{3074186C-5F42-405A-ABE2-FF5F5550A4D6}] => (Allow) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{57BCCD1D-6C9C-4FB5-ACD5-CE55A21D2D98}] => (Allow) C:\Users\stephanie\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{73A16DBA-55EC-40FA-A1E6-3D52AE40A2F6}] => (Allow) C:\Users\stephanie\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{46547D7A-CA32-49F3-BCDE-91EDCCD65084}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1C3700D6-F7F5-4DE3-8CBC-110FC5CB5F05}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{75651472-4F44-438F-813E-EE86D9BF0D80}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{793D4BA9-2D4D-47EE-B264-EF4A9719159D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{18427702-1C1E-42EC-BA4F-91C5BBF59925}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{0E22C55F-1EF2-4F10-B60C-9AD1A8F8CF7C}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{C58A8B59-48FA-4DA0-9FE6-91C9C912AD75}] => (Allow) LPort=1900
FirewallRules: [{9F25673E-3DA9-4AF5-B8D3-22A598095E76}] => (Allow) LPort=2869
FirewallRules: [{A8F6257E-29D4-4768-ADFC-01507E837D0C}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{2D3B0C87-5F03-4E51-AE9D-593110E24DE5}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{9617C18F-A9CC-49B6-80DF-EB9344B98059}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{359F1621-FC28-47AB-BDA5-8259714E18B0}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{39B5CD8C-E225-43C0-B500-F0D447CE8A26}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [TCP Query User{63C0D692-A9E9-4155-8BDE-E51A0EAE1227}C:\program files (x86)\wondershare\mobilego for android\mobilegoservice.exe] => (Allow) C:\program files (x86)\wondershare\mobilego for android\mobilegoservice.exe
FirewallRules: [UDP Query User{F3CDE602-B119-4781-812D-089EAEBD7FDE}C:\program files (x86)\wondershare\mobilego for android\mobilegoservice.exe] => (Allow) C:\program files (x86)\wondershare\mobilego for android\mobilegoservice.exe
FirewallRules: [TCP Query User{7117E268-F293-4650-97F9-0429B32AC750}C:\program files (x86)\java\jre1.8.0_60\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_60\bin\jp2launcher.exe
FirewallRules: [UDP Query User{2BA960A6-B3F0-4359-BD06-5011DA639FDC}C:\program files (x86)\java\jre1.8.0_60\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_60\bin\jp2launcher.exe
FirewallRules: [{9C1F5785-F750-459B-83AA-B0CC163CF2A8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C0193EC8-18B8-4745-B295-539D10704B11}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{12F1AD88-3F32-4362-AC63-67E3525D67C8}] => (Allow) LPort=24726
FirewallRules: [{C256A0CB-9F08-40F2-8CBF-C67213E322AD}] => (Allow) LPort=24727
FirewallRules: [{A1974E98-429D-402F-9D32-A85CE558BE80}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{44F8366C-E721-45AB-8372-D545C4F0E6E7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{377CEBCF-0036-4C05-A336-E997AEBEBB4C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{780DE163-B0C4-4897-970F-D03C0BD008F7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8D54A5E5-2613-4A8E-A099-68F20CC8CC58}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{0B82F504-BD36-45E0-97EB-E4DA50CB70F1}C:\program files\common files\common desktop agent\cdasrv.exe] => (Allow) C:\program files\common files\common desktop agent\cdasrv.exe
FirewallRules: [UDP Query User{738CB90C-CE0A-4445-9458-69D2C01519BF}C:\program files\common files\common desktop agent\cdasrv.exe] => (Allow) C:\program files\common files\common desktop agent\cdasrv.exe
FirewallRules: [{1DDE7343-A283-41E2-BD3D-AA57D3EBA511}] => (Allow) C:\WINDOWS\twain_32\Samsung\SLM2070\ScanCDLM\ScanCDLM.exe
FirewallRules: [{DB890ACB-8609-426D-A3C9-06E634627893}] => (Allow) C:\WINDOWS\twain_32\Samsung\SLM2070\ScanCDLM\ScanCDLM.exe
FirewallRules: [{EF252291-18A6-4F95-B01E-6501EFA7B4D2}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDC.exe
FirewallRules: [{BE4DE21B-6EBE-45DB-A577-120D826D7799}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDC.exe
FirewallRules: [{6D665716-3066-4267-8C2E-C199ADBA2925}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{A2249F65-0C15-45E4-BAC6-BEED146C36A3}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{F37727FF-E0EE-4D3D-B664-EA16A491606D}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{11BF970C-BC6B-4851-80DC-E923AFA2AC45}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{1A369A8A-BF49-4E59-ACC1-DB1AAD5471AB}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{6C69EC0E-1B15-46B4-A3C5-460CD3A21C24}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe
FirewallRules: [{E5254FC6-11A1-471F-9179-6D385BFA5959}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{0D5BC208-3F15-4F4F-8280-0CF12F3EEBBC}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\ScanProcess.exe
FirewallRules: [{ED9FA94D-72B4-49D5-8FDF-8F0659663378}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\Scan2PCNotify.exe
FirewallRules: [{5133C291-3CCB-4881-9F02-DA3BAE2167A4}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Printer Diagnostics\SEInstall\SPD\ESM.exe
FirewallRules: [{9939B583-E92C-4D01-B91E-1784E4D8BEF1}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Printer Diagnostics\SEInstall\SPD\ESM.exe
FirewallRules: [{BCABFC7F-C045-49EB-81FC-D80C383FFF82}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Printer Diagnostics\SEInstall\SPD\ESM.exe
FirewallRules: [TCP Query User{9C07D2DF-CA72-49BD-8ADC-C15D5CD663E5}C:\program files (x86)\samsung\easy printer manager\ids.application.exe] => (Allow) C:\program files (x86)\samsung\easy printer manager\ids.application.exe
FirewallRules: [UDP Query User{D71FA32F-387C-4FDB-886D-70781E4E95AE}C:\program files (x86)\samsung\easy printer manager\ids.application.exe] => (Allow) C:\program files (x86)\samsung\easy printer manager\ids.application.exe
FirewallRules: [{87784761-3186-4303-8EAF-C35AA4DE8BEB}] => (Allow) LPort=24726
FirewallRules: [{B28F4549-4E85-4C1C-8CB5-05B9A8A8D950}] => (Allow) LPort=24727
FirewallRules: [{D200744B-5C4A-4200-BDAA-01AB9A4B1635}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
26-06-2017 11:52:53 Removed ASUS Live Update
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/26/2017 02:08:19 PM) (Source: AVLogEvent) (EventID: 5004) (User: NT AUTHORITY)
Description: McShield crashed.
Error Code:c0000005
Error: (06/26/2017 01:24:18 PM) (Source: ESENT) (EventID: 474) (User: )
Description: Catalog Database (1012) Catalog Database: The database page read from the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" at offset 12210176 (0x0000000000ba5000) (database page 2980 (0xBA4)) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch. The stored checksum was [4800000510bb8948] and the computed checksum was [00000ba40e01fead]. The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
Error: (06/26/2017 01:19:02 PM) (Source: ESENT) (EventID: 474) (User: )
Description: Catalog Database (1012) Catalog Database: The database page read from the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" at offset 1191936 (0x0000000000123000) (database page 290 (0x122)) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch. The stored checksum was [0000000800000009] and the computed checksum was [000001224d8b2b43]. The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
Error: (06/26/2017 01:18:39 PM) (Source: ESENT) (EventID: 474) (User: )
Description: Catalog Database (1012) Catalog Database: The database page read from the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" at offset 12214272 (0x0000000000ba6000) (database page 2981 (0xBA5)) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch. The stored checksum was [cd8bd103c48b41c8] and the computed checksum was [00000ba5fa8ba66f]. The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
Error: (06/26/2017 01:17:49 PM) (Source: ESENT) (EventID: 476) (User: )
Description: Catalog Database (1012) Catalog Database: The database page read from the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" at offset 36110336 (0x0000000002270000) (database page 8815 (0x226F)) for 4096 (0x00001000) bytes failed verification because it contains no page data. The read operation will fail with error -1019 (0xfffffc05). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
Error: (06/26/2017 01:17:33 PM) (Source: ESENT) (EventID: 476) (User: )
Description: svchost (1164) SRUJet: The database page read from the file "C:\WINDOWS\system32\SRU\SRUDB.dat" at offset 401408 (0x0000000000062000) (database page 97 (0x61)) for 4096 (0x00001000) bytes failed verification because it contains no page data. The read operation will fail with error -1019 (0xfffffc05). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
Error: (06/26/2017 01:16:54 PM) (Source: ESENT) (EventID: 474) (User: )
Description: Catalog Database (1012) Catalog Database: The database page read from the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" at offset 9699328 (0x0000000000940000) (database page 2367 (0x93F)) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch. The stored checksum was [1d0b0a3782010401] and the computed checksum was [0000093fa7570edb]. The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
Error: (06/26/2017 01:03:10 PM) (Source: ESENT) (EventID: 474) (User: )
Description: Catalog Database (788) Catalog Database: The database page read from the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" at offset 51453952 (0x0000000003112000) (database page 12561 (0x3111)) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch. The stored checksum was [0000000000000000] and the computed checksum was [0000311151970417]. The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
Error: (06/26/2017 01:00:26 PM) (Source: ESENT) (EventID: 474) (User: )
Description: Catalog Database (788) Catalog Database: The database page read from the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" at offset 37961728 (0x0000000002434000) (database page 9267 (0x2433)) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch. The stored checksum was [5197a59bd137a9fa] and the computed checksum was [75d20a2d5fd4cb22]. The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
Error: (06/26/2017 01:00:10 PM) (Source: ESENT) (EventID: 474) (User: )
Description: Catalog Database (788) Catalog Database: The database page read from the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" at offset 51462144 (0x0000000003114000) (database page 12563 (0x3113)) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch. The stored checksum was [0000000000000000] and the computed checksum was [000031135b3ad84e]. The read operation will fail with error -1018 (0xfffffc06). If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
System errors:
=============
Error: (06/26/2017 02:24:24 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume C:.
The exact nature of the corruption is unknown. The file system structures need to be scanned online.
Error: (06/26/2017 02:24:23 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume C:.
The exact nature of the corruption is unknown. The file system structures need to be scanned online.
Error: (06/26/2017 02:24:22 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume C:.
The exact nature of the corruption is unknown. The file system structures need to be scanned online.
Error: (06/26/2017 02:24:20 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume C:.
The exact nature of the corruption is unknown. The file system structures need to be scanned online.
Error: (06/26/2017 02:24:19 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume C:.
The exact nature of the corruption is unknown. The file system structures need to be scanned online.
Error: (06/26/2017 02:24:19 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (06/26/2017 02:24:15 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (06/26/2017 02:24:11 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (06/26/2017 02:24:07 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (06/26/2017 02:24:03 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
CodeIntegrity:
===================================
Date: 2017-06-26 14:00:27.126
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\WINDOWS\System32\drivers\intelppm.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-06-26 14:00:26.673
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\WINDOWS\System32\drivers\intelppm.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-06-26 14:00:24.064
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\WINDOWS\System32\drivers\intelppm.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-06-26 14:00:23.720
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\WINDOWS\System32\drivers\intelppm.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-06-26 14:00:20.626
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\WINDOWS\System32\drivers\cdrom.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-06-26 13:50:01.782
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\WINDOWS\System32\drivers\intelppm.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-06-26 13:50:01.376
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\WINDOWS\System32\drivers\intelppm.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-06-26 13:49:58.360
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\WINDOWS\System32\drivers\intelppm.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-06-26 13:49:58.001
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\WINDOWS\System32\drivers\intelppm.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2017-06-26 13:49:55.094
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\WINDOWS\System32\drivers\cdrom.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Intel® Core™ i3-3120M CPU @ 2.50GHz
Percentage of memory in use: 26%
Total physical RAM: 3981.65 MB
Available physical RAM: 2908.14 MB
Total Virtual: 8077.65 MB
Available Virtual: 7125.06 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:444.01 GB) (Free:362.83 GB) NTFS ==>[system with boot components (obtained from drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 04A53D1B)
Partition: GPT.
==================== End of Addition.txt ============================
Sign In
Create Account
