Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

I believe I've been infected. Slow Firefox, strange notification s

Started by Tony Canevaro , Jun 28 2017 05:38 PM

  • This topic is locked This topic is locked

#1
Tony Canevaro
Posted 28 June 2017 - 05:38 PM

Tony Canevaro

    Member

  • Member
  • PipPip
  • 52 posts

Noticed a Firefox update redirect while surfing a couple of days ago. Looks like that is a symptom. Laptop running Windows 7 Pro makes occasional notification beeps while not being used. Suddenly two wireless mice no longer function. Firefox is *extremely* slow to load any pages at all. No removal attempts made.

 

Logs:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-06-2017
Ran by Default (administrator) on DEFAULT-PC (28-06-2017 16:29:17)
Running from C:\Users\Default.Default-PC\Desktop
Loaded Profiles: Default (Available Profiles: Default)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRSOOBE.exe
() C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TBatmgrTrayicon.exe
(TOSHIBA) C:\Program Files\TOSHIBA\Fingerprint Utility\BrowserAddin\TFPUPWDBank.exe
(TOSHIBA) C:\Program Files\TOSHIBA\Fingerprint Utility\TFPUTaskMonitor.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\PeakShift\TPSCMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\Sync Utility\TosSyncScheduler.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\hidfind.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppVShNotify.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
() C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
(Zoom Video Communications, Inc.) C:\Program Files (x86)\Common Files\Zoom\Support\CptService.exe
(Zoom Video Communications, Inc.) C:\Users\Default.Default-PC\AppData\Roaming\Zoom\bin\Zoom.exe
(Zoom Video Communications, Inc.) C:\Users\Default.Default-PC\AppData\Roaming\Zoom\bin\Zoom.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoHook.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [335736 2011-07-11] (Alps Electric Co., Ltd.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12452968 2012-03-13] (Realtek Semiconductor)
HKLM\...\Run: [SRS Premium Sound 3D] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2165120 2012-03-22] (SRS Labs, Inc.)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [595840 2012-03-02] ()
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [989056 2012-03-16] (TOSHIBA Corporation)
HKLM\...\Run: [BatteryManager] => C:\Program Files\TOSHIBA\Power Saver\TBatmgrTrayIcon.EXE [286632 2011-11-24] (TOSHIBA Corporation)
HKLM\...\Run: [TFPUPWDBankService] => C:\Program Files\TOSHIBA\Fingerprint Utility\BrowserAddin\TFPUPWDBank.exe [976256 2012-03-16] (TOSHIBA)
HKLM\...\Run: [TFPUService] => C:\Program Files\TOSHIBA\Fingerprint Utility\TFPUTaskMonitor.exe [896384 2012-03-16] (TOSHIBA)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1562032 2012-02-28] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon
HKLM\...\Run: [TPSCMain] => C:\Program Files\TOSHIBA\PeakShift\TPSCMain.exe [745912 2012-02-10] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2012-04-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [598448 2012-04-03] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2012-04-04] (TOSHIBA Corporation)
HKLM\...\Run: [HP LaserJet 200 color MFP M276 Series Fax] => C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe [3706424 2014-04-29] (Hewlett-Packard Company)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-03-22] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133400 2012-02-28] (Intel Corporation)
HKLM-x32\...\Run: [ITSecMng] => C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [80840 2011-04-01] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [TOSDCR] => C:\Program Files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe [169296 2007-08-28] ()
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [253312 2011-11-21] (TOSHIBA)
HKLM-x32\...\Run: [TSUScheduler] => C:\Program Files (x86)\TOSHIBA\Sync Utility\TosSyncScheduler.exe [923520 2011-08-18] (TOSHIBA Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [StatusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [330176 2014-08-19] (Hewlett-Packard Company)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2541078073-3142841705-1440763425-1000\...\Run: [Zoom] => [X]
HKU\S-1-5-21-2541078073-3142841705-1440763425-1000\...\Run: [Wechat] => C:\Program Files (x86)\Tencent\WeChat\WeChat.exe [265832 2017-03-04] (Tencent)
HKU\S-1-5-21-2541078073-3142841705-1440763425-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3042592 2017-06-07] (Valve Corporation)
HKU\S-1-5-21-2541078073-3142841705-1440763425-1000\...\MountPoints2: {4d4d14ca-7ab1-11e6-9811-b86b23f17816} - E:\LaunchU3.exe -a
ShellIconOverlayIdentifiers: [ATFPUOverlayIcon] -> {3239DBC1-B76D-4dc7-8B29-D99CBA3C7336} => C:\Program Files\TOSHIBA\Fingerprint Utility\TFPUOverlayIcon.dll [2012-03-16] (TOSHIBA)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{9AED01AC-F3D1-4A0C-A0E6-079868906122}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{C218B719-BBE3-4E49-A09E-7F763CD59C88}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKU\S-1-5-21-2541078073-3142841705-1440763425-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com/
HKU\S-1-5-21-2541078073-3142841705-1440763425-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com
HKU\S-1-5-21-2541078073-3142841705-1440763425-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.toshiba.ca/welcome/?w=23
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-06-20] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2017-06-20] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-06-20] (Microsoft Corporation)
BHO-x32: TOSHIBA Fingerprint Utility Automatic Password Input -> {030AC7B6-E7EC-40F1-8FB2-C0FD344DE0B9} -> C:\Program Files\TOSHIBA\Fingerprint Utility\BrowserAddin\TFPUPWDBankBHO.dll [2012-03-16] (TOSHIBA)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2013-01-12] (Sun Microsystems, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2017-06-20] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2013-01-12] (Sun Microsystems, Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-20] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-20] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-20] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-20] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: p9tuvr1y.default
FF ProfilePath: C:\Users\Default.Default-PC\AppData\Roaming\Mozilla\Firefox\Profiles\p9tuvr1y.default [2017-06-28]
FF Homepage: Mozilla\Firefox\Profiles\p9tuvr1y.default -> www.google.ca
FF Extension: (Pin It button) - C:\Users\Default.Default-PC\AppData\Roaming\Mozilla\Firefox\Profiles\p9tuvr1y.default\Extensions\[email protected] [2017-01-01]
FF HKLM-x32\...\Firefox\Extensions: [{302BCF7B-E09E-4854-9F2F-8B2DA4EF70F9}] - C:\Program Files\TOSHIBA\Fingerprint Utility\BrowserAddin\FirefoxAddin
FF Extension: (TOSHIBA Fingerprint Utility Automatic Password Input) - C:\Program Files\TOSHIBA\Fingerprint Utility\BrowserAddin\FirefoxAddin [2013-06-15] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_26_0_0_131.dll [2017-06-16] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-06-16] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2013-01-12] (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-05-26] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-07] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2541078073-3142841705-1440763425-1000: @zoom.us/ZoomVideoPlugin -> C:\Users\Default.Default-PC\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2017-06-26] (Zoom Video Communications, Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\Default.Default-PC\AppData\Local\Google\Chrome\User Data\Default [2017-06-28]
CHR Extension: (Google Slides) - C:\Users\Default.Default-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-16]
CHR Extension: (Google Docs) - C:\Users\Default.Default-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-16]
CHR Extension: (Google Drive) - C:\Users\Default.Default-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-16]
CHR Extension: (YouTube) - C:\Users\Default.Default-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-16]
CHR Extension: (Adobe Acrobat) - C:\Users\Default.Default-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-04-28]
CHR Extension: (Google Sheets) - C:\Users\Default.Default-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-16]
CHR Extension: (Google Docs Offline) - C:\Users\Default.Default-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-22]
CHR Extension: (TOSHIBA Fingerprint Utility Automatic Password Input) - C:\Users\Default.Default-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\iniieblifogecdlkejbmonblijmdaiog [2016-09-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Default.Default-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-04-28]
CHR Extension: (Gmail) - C:\Users\Default.Default-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-16]
CHR Extension: (Chrome Media Router) - C:\Users\Default.Default-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-28]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iniieblifogecdlkejbmonblijmdaiog] - C:\Program Files\TOSHIBA\Fingerprint Utility\BrowserAddin\ChromeAddin\ChromeAddin.crx [2012-03-16]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-03-17] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4122816 2017-06-10] (Microsoft Corporation)
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [176128 2014-06-25] (HP) [File not signed]
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-02-26] ()
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed]
R2 Thpsrv; C:\windows\system32\ThpSrv.exe [558592 2011-04-20] (TOSHIBA Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-02-26] (Intel® Corporation)
R2 ZoomCptService; C:\Program Files (x86)\Common Files\Zoom\Support\CptService.exe [24752 2017-06-26] (Zoom Video Communications, Inc.)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Tosrfcom; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-06-28 16:29 - 2017-06-28 16:29 - 00021861 _____ C:\Users\Default.Default-PC\Desktop\FRST.txt
2017-06-28 16:29 - 2017-06-28 16:29 - 00000000 ____D C:\FRST
2017-06-28 16:27 - 2017-06-28 16:27 - 02440704 _____ (Farbar) C:\Users\Default.Default-PC\Desktop\FRST64.exe
2017-06-28 16:23 - 2017-06-28 16:23 - 00000000 ____D C:\Users\Default.Default-PC\AppData\Roaming\Google
2017-06-27 10:09 - 2017-06-27 10:09 - 00218132 _____ C:\Users\Default.Default-PC\Desktop\Vanessa Fishing 17 18.pdf
2017-06-27 09:50 - 2017-06-27 09:50 - 00322090 _____ C:\Users\Default.Default-PC\Desktop\Tony Fishing license 17 18.pdf
2017-06-26 19:17 - 2017-06-26 19:17 - 00000000 ____D C:\Users\Default.Default-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2017-06-16 20:59 - 2017-06-16 20:59 - 00000165 ____H C:\Users\Default.Default-PC\Desktop\~$June Regional.pptx
2017-06-16 15:55 - 2017-06-16 15:55 - 00190891 _____ C:\Users\Default.Default-PC\Desktop\Robert Watkins.pdf
2017-06-14 09:42 - 2017-06-16 15:09 - 57053513 _____ C:\Users\Default.Default-PC\Desktop\June Regional.pptx
2017-06-13 19:15 - 2017-06-02 01:28 - 02317824 _____ (Microsoft Corporation) C:\windows\system32\tquery.dll
2017-06-13 19:15 - 2017-06-02 01:28 - 02222080 _____ (Microsoft Corporation) C:\windows\system32\mssrch.dll
2017-06-13 19:15 - 2017-06-02 01:28 - 00778240 _____ (Microsoft Corporation) C:\windows\system32\mssvp.dll
2017-06-13 19:15 - 2017-06-02 01:28 - 00491520 _____ (Microsoft Corporation) C:\windows\system32\mssph.dll
2017-06-13 19:15 - 2017-06-02 01:28 - 00288256 _____ (Microsoft Corporation) C:\windows\system32\mssphtb.dll
2017-06-13 19:15 - 2017-06-02 01:28 - 00115200 _____ (Microsoft Corporation) C:\windows\system32\mssitlb.dll
2017-06-13 19:15 - 2017-06-02 01:28 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\mssprxy.dll
2017-06-13 19:15 - 2017-06-02 01:28 - 00075264 _____ (Microsoft Corporation) C:\windows\system32\msscntrs.dll
2017-06-13 19:15 - 2017-06-02 01:28 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\msshooks.dll
2017-06-13 19:15 - 2017-06-02 01:11 - 00591872 _____ (Microsoft Corporation) C:\windows\system32\SearchIndexer.exe
2017-06-13 19:15 - 2017-06-02 01:11 - 00249856 _____ (Microsoft Corporation) C:\windows\system32\SearchProtocolHost.exe
2017-06-13 19:15 - 2017-06-02 01:10 - 00733696 _____ (Microsoft Corporation) C:\windows\HelpPane.exe
2017-06-13 19:15 - 2017-06-02 01:10 - 00113664 _____ (Microsoft Corporation) C:\windows\system32\SearchFilterHost.exe
2017-06-13 19:15 - 2017-06-02 01:09 - 01549824 _____ (Microsoft Corporation) C:\windows\SysWOW64\tquery.dll
2017-06-13 19:15 - 2017-06-02 01:09 - 01400320 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssrch.dll
2017-06-13 19:15 - 2017-06-02 01:09 - 00666624 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssvp.dll
2017-06-13 19:15 - 2017-06-02 01:09 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssph.dll
2017-06-13 19:15 - 2017-06-02 01:09 - 00197120 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssphtb.dll
2017-06-13 19:15 - 2017-06-02 01:09 - 00104448 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssitlb.dll
2017-06-13 19:15 - 2017-06-02 01:09 - 00059392 _____ (Microsoft Corporation) C:\windows\SysWOW64\msscntrs.dll
2017-06-13 19:15 - 2017-06-02 01:09 - 00034816 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssprxy.dll
2017-06-13 19:15 - 2017-06-02 00:58 - 00427520 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchIndexer.exe
2017-06-13 19:15 - 2017-06-02 00:58 - 00164352 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchProtocolHost.exe
2017-06-13 19:15 - 2017-06-02 00:57 - 00086528 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchFilterHost.exe
2017-06-13 19:15 - 2017-06-02 00:57 - 00009728 _____ (Microsoft Corporation) C:\windows\SysWOW64\msshooks.dll
2017-06-13 19:15 - 2017-05-20 21:28 - 00154856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2017-06-13 19:15 - 2017-05-20 21:28 - 00095464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2017-06-13 19:15 - 2017-05-20 21:24 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2017-06-13 19:15 - 2017-05-20 21:24 - 01212928 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2017-06-13 19:15 - 2017-05-20 21:24 - 00730624 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2017-06-13 19:15 - 2017-05-20 21:24 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2017-06-13 19:15 - 2017-05-20 21:24 - 00463872 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2017-06-13 19:15 - 2017-05-20 21:24 - 00345600 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2017-06-13 19:15 - 2017-05-20 21:24 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2017-06-13 19:15 - 2017-05-20 21:24 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2017-06-13 19:15 - 2017-05-20 21:24 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2017-06-13 19:15 - 2017-05-20 21:24 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
2017-06-13 19:15 - 2017-05-20 21:24 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2017-06-13 19:15 - 2017-05-20 21:24 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2017-06-13 19:15 - 2017-05-20 21:24 - 00123904 _____ (Microsoft Corporation) C:\windows\system32\bcrypt.dll
2017-06-13 19:15 - 2017-05-20 21:24 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2017-06-13 19:15 - 2017-05-20 21:24 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2017-06-13 19:15 - 2017-05-20 21:24 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2017-06-13 19:15 - 2017-05-20 21:24 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2017-06-13 19:15 - 2017-05-20 21:24 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2017-06-13 19:15 - 2017-05-20 21:24 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2017-06-13 19:15 - 2017-05-20 21:06 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2017-06-13 19:15 - 2017-05-20 21:06 - 00666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2017-06-13 19:15 - 2017-05-20 21:06 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2017-06-13 19:15 - 2017-05-20 21:06 - 00342528 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2017-06-13 19:15 - 2017-05-20 21:06 - 00261120 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2017-06-13 19:15 - 2017-05-20 21:06 - 00254464 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2017-06-13 19:15 - 2017-05-20 21:06 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2017-06-13 19:15 - 2017-05-20 21:06 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2017-06-13 19:15 - 2017-05-20 21:06 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2017-06-13 19:15 - 2017-05-20 21:06 - 00141312 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll
2017-06-13 19:15 - 2017-05-20 21:06 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2017-06-13 19:15 - 2017-05-20 21:06 - 00082944 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcrypt.dll
2017-06-13 19:15 - 2017-05-20 21:06 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2017-06-13 19:15 - 2017-05-20 21:06 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2017-06-13 19:15 - 2017-05-20 21:06 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2017-06-13 19:15 - 2017-05-20 21:06 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2017-06-13 19:15 - 2017-05-20 20:55 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2017-06-13 19:15 - 2017-05-20 20:48 - 00291328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2017-06-13 19:15 - 2017-05-20 20:48 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2017-06-13 19:15 - 2017-05-20 20:48 - 00129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2017-06-13 19:15 - 2017-05-20 20:47 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2017-06-13 19:15 - 2017-05-20 20:46 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2017-06-13 19:15 - 2017-05-20 20:42 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2017-06-13 19:15 - 2017-05-16 11:19 - 00394448 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2017-06-13 19:15 - 2017-05-16 10:35 - 00346320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2017-06-13 19:15 - 2017-05-14 13:46 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2017-06-13 19:15 - 2017-05-14 13:46 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2017-06-13 19:15 - 2017-05-14 13:28 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2017-06-13 19:15 - 2017-05-14 13:27 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2017-06-13 19:15 - 2017-05-14 13:27 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2017-06-13 19:15 - 2017-05-14 13:27 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2017-06-13 19:15 - 2017-05-14 13:26 - 00576512 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2017-06-13 19:15 - 2017-05-14 13:24 - 02899456 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2017-06-13 19:15 - 2017-05-14 13:19 - 25738752 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2017-06-13 19:15 - 2017-05-14 13:17 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2017-06-13 19:15 - 2017-05-14 13:16 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2017-06-13 19:15 - 2017-05-14 13:12 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2017-06-13 19:15 - 2017-05-14 13:10 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2017-06-13 19:15 - 2017-05-14 13:10 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2017-06-13 19:15 - 2017-05-14 13:10 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2017-06-13 19:15 - 2017-05-14 13:10 - 00116224 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2017-06-13 19:15 - 2017-05-14 13:01 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2017-06-13 19:15 - 2017-05-14 12:57 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2017-06-13 19:15 - 2017-05-14 12:55 - 05975040 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2017-06-13 19:15 - 2017-05-14 12:48 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2017-06-13 19:15 - 2017-05-14 12:47 - 00087552 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2017-06-13 19:15 - 2017-05-14 12:46 - 00107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2017-06-13 19:15 - 2017-05-14 12:42 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2017-06-13 19:15 - 2017-05-14 12:41 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2017-06-13 19:15 - 2017-05-14 12:38 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2017-06-13 19:15 - 2017-05-14 12:37 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2017-06-13 19:15 - 2017-05-14 12:36 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2017-06-13 19:15 - 2017-05-14 12:23 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2017-06-13 19:15 - 2017-05-14 12:23 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2017-06-13 19:15 - 2017-05-14 12:22 - 00499200 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2017-06-13 19:15 - 2017-05-14 12:22 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2017-06-13 19:15 - 2017-05-14 12:22 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2017-06-13 19:15 - 2017-05-14 12:21 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2017-06-13 19:15 - 2017-05-14 12:20 - 00725504 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2017-06-13 19:15 - 2017-05-14 12:19 - 00806912 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2017-06-13 19:15 - 2017-05-14 12:18 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2017-06-13 19:15 - 2017-05-14 12:17 - 02132992 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2017-06-13 19:15 - 2017-05-14 12:16 - 02290176 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2017-06-13 19:15 - 2017-05-14 12:15 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2017-06-13 19:15 - 2017-05-14 12:14 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2017-06-13 19:15 - 2017-05-14 12:12 - 00476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2017-06-13 19:15 - 2017-05-14 12:11 - 20274688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2017-06-13 19:15 - 2017-05-14 12:11 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2017-06-13 19:15 - 2017-05-14 12:10 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2017-06-13 19:15 - 2017-05-14 12:10 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2017-06-13 19:15 - 2017-05-14 12:02 - 00416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2017-06-13 19:15 - 2017-05-14 11:57 - 00073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2017-06-13 19:15 - 2017-05-14 11:57 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-06-13 19:15 - 2017-05-14 11:56 - 00091136 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2017-06-13 19:15 - 2017-05-14 11:54 - 15252992 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2017-06-13 19:15 - 2017-05-14 11:53 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2017-06-13 19:15 - 2017-05-14 11:52 - 03240960 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2017-06-13 19:15 - 2017-05-14 11:52 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2017-06-13 19:15 - 2017-05-14 11:50 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2017-06-13 19:15 - 2017-05-14 11:49 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2017-06-13 19:15 - 2017-05-14 11:44 - 04549120 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2017-06-13 19:15 - 2017-05-14 11:42 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2017-06-13 19:15 - 2017-05-14 11:40 - 00693248 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2017-06-13 19:15 - 2017-05-14 11:39 - 02057216 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2017-06-13 19:15 - 2017-05-14 11:38 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2017-06-13 19:15 - 2017-05-14 11:37 - 01544704 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2017-06-13 19:15 - 2017-05-14 11:30 - 13664768 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2017-06-13 19:15 - 2017-05-14 11:27 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2017-06-13 19:15 - 2017-05-14 11:15 - 02767872 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2017-06-13 19:15 - 2017-05-14 11:11 - 01314816 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2017-06-13 19:15 - 2017-05-14 11:11 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2017-06-13 19:15 - 2017-05-12 11:27 - 00631176 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2017-06-13 19:15 - 2017-05-12 11:26 - 05547752 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2017-06-13 19:15 - 2017-05-12 11:26 - 00706792 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2017-06-13 19:15 - 2017-05-12 11:26 - 00382696 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2017-06-13 19:15 - 2017-05-12 11:24 - 01732864 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2017-06-13 19:15 - 2017-05-12 11:22 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2017-06-13 19:15 - 2017-05-12 11:22 - 00880640 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2017-06-13 19:15 - 2017-05-12 11:22 - 00806912 _____ (Microsoft Corporation) C:\windows\system32\usp10.dll
2017-06-13 19:15 - 2017-05-12 11:22 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2017-06-13 19:15 - 2017-05-12 11:22 - 00419840 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2017-06-13 19:15 - 2017-05-12 11:22 - 00405504 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2017-06-13 19:15 - 2017-05-12 11:22 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2017-06-13 19:15 - 2017-05-12 11:22 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2017-06-13 19:15 - 2017-05-12 11:22 - 00215552 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2017-06-13 19:15 - 2017-05-12 11:22 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2017-06-13 19:15 - 2017-05-12 11:22 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2017-06-13 19:15 - 2017-05-12 11:22 - 00059904 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2017-06-13 19:15 - 2017-05-12 11:22 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2017-06-13 19:15 - 2017-05-12 11:22 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2017-06-13 19:15 - 2017-05-12 11:22 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2017-06-13 19:15 - 2017-05-12 11:22 - 00041472 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2017-06-13 19:15 - 2017-05-12 11:22 - 00034816 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2017-06-13 19:15 - 2017-05-12 11:22 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2017-06-13 19:15 - 2017-05-12 11:22 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2017-06-13 19:15 - 2017-05-12 11:22 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2017-06-13 19:15 - 2017-05-12 11:22 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2017-06-13 19:15 - 2017-05-12 11:22 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-06-13 19:15 - 2017-05-12 11:22 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-06-13 19:15 - 2017-05-12 11:22 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-06-13 19:15 - 2017-05-12 11:22 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-06-13 19:15 - 2017-05-12 11:22 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-06-13 19:15 - 2017-05-12 11:22 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-06-13 19:15 - 2017-05-12 11:22 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-06-13 19:15 - 2017-05-12 11:22 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-06-13 19:15 - 2017-05-12 11:22 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-06-13 19:15 - 2017-05-12 11:22 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-06-13 19:15 - 2017-05-12 11:22 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-06-13 19:15 - 2017-05-12 11:22 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-06-13 19:15 - 2017-05-12 11:22 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-06-13 19:15 - 2017-05-12 11:22 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-06-13 19:15 - 2017-05-12 11:22 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-06-13 19:15 - 2017-05-12 11:22 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-06-13 19:15 - 2017-05-12 11:22 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-06-13 19:15 - 2017-05-12 11:22 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-06-13 19:15 - 2017-05-12 11:22 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-06-13 19:15 - 2017-05-12 11:22 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-06-13 19:15 - 2017-05-12 11:22 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-06-13 19:15 - 2017-05-12 11:22 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-06-13 19:15 - 2017-05-12 11:22 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-06-13 19:15 - 2017-05-12 11:22 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-06-13 19:15 - 2017-05-12 11:22 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-06-13 19:15 - 2017-05-12 11:22 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-06-13 19:15 - 2017-05-12 11:22 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-06-13 19:15 - 2017-05-12 11:22 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-06-13 19:15 - 2017-05-12 11:07 - 04001000 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2017-06-13 19:15 - 2017-05-12 11:07 - 03945704 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2017-06-13 19:15 - 2017-05-12 11:07 - 00308456 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2017-06-13 19:15 - 2017-05-12 11:04 - 01314112 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2017-06-13 19:15 - 2017-05-12 11:03 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2017-06-13 19:15 - 2017-05-12 11:03 - 00644096 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2017-06-13 19:15 - 2017-05-12 11:03 - 00629760 _____ (Microsoft Corporation) C:\windows\SysWOW64\usp10.dll
2017-06-13 19:15 - 2017-05-12 11:03 - 00313344 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2017-06-13 19:15 - 2017-05-12 11:03 - 00275456 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2017-06-13 19:15 - 2017-05-12 11:03 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2017-06-13 19:15 - 2017-05-12 11:03 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2017-06-13 19:15 - 2017-05-12 11:03 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2017-06-13 19:15 - 2017-05-12 11:03 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2017-06-13 19:15 - 2017-05-12 11:03 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2017-06-13 19:15 - 2017-05-12 11:03 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2017-06-13 19:15 - 2017-05-12 11:03 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-06-13 19:15 - 2017-05-12 11:03 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2017-06-13 19:15 - 2017-05-12 11:03 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-06-13 19:15 - 2017-05-12 11:03 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-06-13 19:15 - 2017-05-12 11:03 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-06-13 19:15 - 2017-05-12 11:03 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-06-13 19:15 - 2017-05-12 11:03 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-06-13 19:15 - 2017-05-12 11:03 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-06-13 19:15 - 2017-05-12 11:03 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-06-13 19:15 - 2017-05-12 11:03 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-06-13 19:15 - 2017-05-12 11:03 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-06-13 19:15 - 2017-05-12 11:03 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-06-13 19:15 - 2017-05-12 11:03 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-06-13 19:15 - 2017-05-12 11:03 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-06-13 19:15 - 2017-05-12 11:03 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-06-13 19:15 - 2017-05-12 11:03 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-06-13 19:15 - 2017-05-12 11:03 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-06-13 19:15 - 2017-05-12 11:03 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-06-13 19:15 - 2017-05-12 11:03 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-06-13 19:15 - 2017-05-12 11:03 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-06-13 19:15 - 2017-05-12 11:03 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-06-13 19:15 - 2017-05-12 11:03 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-06-13 19:15 - 2017-05-12 11:03 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-06-13 19:15 - 2017-05-12 11:03 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-06-13 19:15 - 2017-05-12 11:03 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-06-13 19:15 - 2017-05-12 10:55 - 00148480 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2017-06-13 19:15 - 2017-05-12 10:54 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2017-06-13 19:15 - 2017-05-12 10:54 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2017-06-13 19:15 - 2017-05-12 10:52 - 03222528 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2017-06-13 19:15 - 2017-05-12 10:51 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2017-06-13 19:15 - 2017-05-12 10:50 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2017-06-13 19:15 - 2017-05-12 10:46 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2017-06-13 19:15 - 2017-05-12 10:43 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2017-06-13 19:15 - 2017-05-12 10:41 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2017-06-13 19:15 - 2017-05-12 10:41 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2017-06-13 19:15 - 2017-05-12 10:41 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2017-06-13 19:15 - 2017-05-12 10:41 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2017-06-13 19:15 - 2017-05-12 10:40 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-06-13 19:15 - 2017-05-12 10:40 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-06-13 19:15 - 2017-05-12 10:40 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-06-13 19:15 - 2017-05-12 10:40 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-06-13 19:15 - 2017-05-12 09:25 - 01251328 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2017-06-13 19:15 - 2017-05-12 08:58 - 01648128 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2017-06-13 19:15 - 2017-05-12 08:58 - 01180160 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2017-06-13 19:15 - 2017-05-10 08:33 - 00091368 _____ (Microsoft Corporation) C:\windows\system32\MigAutoPlay.exe
2017-06-13 19:15 - 2017-05-10 08:29 - 14183936 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2017-06-13 19:15 - 2017-05-10 08:29 - 03165184 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2017-06-13 19:15 - 2017-05-10 08:29 - 01867776 _____ (Microsoft Corporation) C:\windows\system32\ExplorerFrame.dll
2017-06-13 19:15 - 2017-05-10 08:29 - 00192512 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2017-06-13 19:15 - 2017-05-10 08:29 - 00098816 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2017-06-13 19:15 - 2017-05-10 08:28 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2017-06-13 19:15 - 2017-05-10 08:16 - 00091368 _____ (Microsoft Corporation) C:\windows\SysWOW64\MigAutoPlay.exe
2017-06-13 19:15 - 2017-05-10 08:14 - 02651136 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2017-06-13 19:15 - 2017-05-10 08:13 - 00709120 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2017-06-13 19:15 - 2017-05-10 08:13 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2017-06-13 19:15 - 2017-05-10 08:13 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2017-06-13 19:15 - 2017-05-10 08:13 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2017-06-13 19:15 - 2017-05-10 08:13 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2017-06-13 19:15 - 2017-05-10 08:13 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2017-06-13 19:15 - 2017-05-10 08:12 - 12880896 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2017-06-13 19:15 - 2017-05-10 08:12 - 01499648 _____ (Microsoft Corporation) C:\windows\SysWOW64\ExplorerFrame.dll
2017-06-13 19:15 - 2017-05-10 08:12 - 00174080 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2017-06-13 19:15 - 2017-05-10 08:00 - 00573440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2017-06-13 19:15 - 2017-05-10 08:00 - 00093696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2017-06-13 19:15 - 2017-05-10 08:00 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2017-06-13 19:15 - 2017-05-10 08:00 - 00030208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2017-06-13 19:15 - 2017-05-10 07:52 - 00117248 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys
2017-06-13 19:15 - 2017-05-09 08:30 - 00757248 _____ (Microsoft Corporation) C:\windows\system32\win32spl.dll
2017-06-13 19:15 - 2017-05-09 08:29 - 00970240 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
2017-06-13 19:15 - 2017-05-09 08:15 - 00071680 _____ C:\windows\system32\PrintBrmUi.exe
2017-06-13 19:15 - 2017-05-09 08:11 - 00497664 _____ (Microsoft Corporation) C:\windows\SysWOW64\win32spl.dll
2017-06-13 19:15 - 2017-05-07 08:33 - 00094440 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys
2017-06-13 19:15 - 2017-05-07 08:29 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\msmmsp.dll
2017-06-13 19:15 - 2017-04-27 15:50 - 03550208 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_47.dll
2017-06-13 19:15 - 2017-04-12 06:05 - 04296704 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_47.dll
2017-06-13 19:15 - 2017-03-30 08:03 - 00046080 _____ (Microsoft Corporation) C:\windows\system32\rundll32.exe
2017-06-13 19:15 - 2017-03-30 07:58 - 00045056 _____ (Microsoft Corporation) C:\windows\SysWOW64\rundll32.exe
2017-06-12 17:54 - 2017-06-12 17:54 - 00000165 ____H C:\Users\Default.Default-PC\Desktop\~$CA-EN_Biz Opp Webinar_3-17.pptx
2017-06-11 08:59 - 2017-06-11 08:59 - 00000165 ____H C:\Users\Default.Default-PC\Desktop\~$CA LEADS PPT [Autosaved].pptx
2017-06-01 11:51 - 2017-06-02 23:32 - 57061543 _____ C:\Users\Default.Default-PC\Desktop\CA-EN_Regional_06-03-17.pptx
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-06-28 16:02 - 2016-09-18 19:19 - 00000000 ____D C:\Users\Default.Default-PC\Desktop\Nerium
2017-06-28 04:23 - 2009-07-13 21:45 - 00028080 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-06-28 04:23 - 2009-07-13 21:45 - 00028080 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-06-27 19:59 - 2013-06-15 19:51 - 00000830 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2017-06-27 15:00 - 2016-09-16 15:38 - 00002206 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-27 15:00 - 2016-09-16 15:38 - 00002194 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-06-26 19:17 - 2016-09-16 15:53 - 00001894 _____ C:\Users\Default.Default-PC\Desktop\Zoom.lnk
2017-06-26 19:17 - 2016-09-16 15:53 - 00000000 ____D C:\Users\Default.Default-PC\AppData\Roaming\Zoom
2017-06-23 03:14 - 2013-06-15 20:46 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-06-21 15:31 - 2016-09-16 08:16 - 00000000 ____D C:\Users\Default.Default-PC\AppData\Roaming\SoftGrid Client
2017-06-21 12:05 - 2016-09-16 17:23 - 00000000 ____D C:\Users\Default.Default-PC\Documents\Zoom
2017-06-21 11:56 - 2017-03-01 11:12 - 00000000 ____D C:\Users\Default.Default-PC\Desktop\Blacksmith
2017-06-20 08:15 - 2013-06-15 20:46 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-06-20 08:08 - 2016-11-21 09:41 - 00000000 ____D C:\Users\Default.Default-PC\AppData\LocalLow\Mozilla
2017-06-20 08:06 - 2009-07-13 22:13 - 00782656 _____ C:\windows\system32\PerfStringBackup.INI
2017-06-20 08:06 - 2009-07-13 20:20 - 00000000 ____D C:\windows\inf
2017-06-20 08:00 - 2017-03-30 21:45 - 00000000 ____D C:\Program Files (x86)\Steam
2017-06-20 08:00 - 2017-02-17 09:12 - 00000000 ____D C:\Users\Default.Default-PC\Documents\WeChat Files
2017-06-20 08:00 - 2013-06-15 19:51 - 00000828 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2017-06-20 07:59 - 2009-07-13 22:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2017-06-18 16:59 - 2009-07-13 22:08 - 00032566 _____ C:\windows\Tasks\SCHEDLGU.TXT
2017-06-16 15:55 - 2016-09-23 09:23 - 00000000 ____D C:\Users\Default.Default-PC\AppData\Local\CutePDF Writer
2017-06-16 15:44 - 2013-01-12 02:55 - 00803328 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2017-06-16 15:44 - 2013-01-12 02:55 - 00144896 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-06-16 15:44 - 2013-01-12 02:55 - 00004312 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2017-06-16 15:44 - 2013-01-12 02:55 - 00000000 ____D C:\windows\SysWOW64\Macromed
2017-06-16 15:44 - 2013-01-12 02:55 - 00000000 ____D C:\windows\system32\Macromed
2017-06-16 14:41 - 2016-11-18 00:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-06-16 14:41 - 2016-09-16 15:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-06-14 23:07 - 2009-07-13 20:20 - 00000000 ____D C:\windows\rescache
2017-06-14 07:33 - 2016-09-14 12:07 - 00000000 ___RD C:\Users\Default.Default-PC\Virtual Machines
2017-06-14 07:33 - 2009-07-13 21:45 - 00424424 _____ C:\windows\system32\FNTCACHE.DAT
2017-06-14 07:30 - 2009-07-13 20:20 - 00000000 ____D C:\windows\SysWOW64\migwiz
2017-06-14 07:30 - 2009-07-13 20:20 - 00000000 ____D C:\windows\system32\migwiz
2017-06-06 20:39 - 2017-03-17 17:46 - 27837736 _____ C:\Users\Default.Default-PC\Desktop\EURO German PPT.pptx
2017-05-31 08:35 - 2017-05-01 16:51 - 78891617 _____ C:\Users\Default.Default-PC\Desktop\US-EN_Biz_Opp_Webinar_5-17 (2).pptx
2017-05-31 08:27 - 2017-03-23 07:29 - 36009892 _____ C:\Users\Default.Default-PC\Desktop\CA LEADS PPT [Autosaved].pptx
2017-05-31 08:27 - 2017-02-23 14:06 - 56886562 _____ C:\Users\Default.Default-PC\Desktop\US LEAD PPT.pptx
 
Some files in TEMP:
====================
2016-09-23 09:18 - 2016-09-23 09:18 - 8108488 _____ () C:\Users\Default.Default-PC\AppData\Local\Temp\converter.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-06-12 02:24
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-06-2017
Ran by Default (28-06-2017 16:30:12)
Running from C:\Users\Default.Default-PC\Desktop
Windows 7 Professional Service Pack 1 (X64) (2016-09-14 19:05:58)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2541078073-3142841705-1440763425-500 - Administrator - Disabled)
Default (S-1-5-21-2541078073-3142841705-1440763425-1000 - Administrator - Enabled) => C:\Users\Default.Default-PC
Guest (S-1-5-21-2541078073-3142841705-1440763425-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (HKLM\...\{BC741628-0AFC-405C-8946-DD46D1005A0A}) (Version: 8.2.4 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Flash Player 26 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 26.0.0.131 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.106.303.214 - ALPS ELECTRIC CO., LTD.)
Apple Application Support (32-bit) (HKLM-x32\...\{05E07D23-91E9-4E70-A4CC-EF505088F967}) (Version: 5.4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{741291DA-2B34-4D44-8FB6-58EDE21261D8}) (Version: 5.4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{DB18F1C0-846F-46F5-A074-5B97C8AF5C8E}) (Version: 10.3.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
AuthenTec WinBio FingerPrint Software (HKLM\...\{3CEE4431-D0DA-49AA-A78D-5D3B559446DF}) (Version: 3.2.3.1157 - AuthenTec, Inc.)
Bejeweled 3 (HKLM-x32\...\WTA-1069faa8-799b-4d6c-8ac1-54b8376d90db) (Version: 2.2.0.97 - WildTangent) Hidden
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v9.00.03(T) - TOSHIBA CORPORATION)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CutePDF Writer 3.1 (HKLM\...\CutePDF Writer Installation) (Version:  3.1 - Acro Software Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
HP LaserJet 200 color MFP M276 (HKLM-x32\...\{CC38C23C-7824-4DBB-AC73-997CD0BBFEC7}) (Version: 15.0.15188.2008 - Hewlett-Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDXP (HKLM-x32\...\{1D839376-74B6-452F-BBFF-845F102E8A3A}) (Version: 3.0.26.8 - HP) Hidden
HPLaserJet200color-MFPM276_HelpLearnCenter_SI (HKLM-x32\...\{0F044C7A-6EE1-4F03-90AC-329AAF2FCF12}) (Version: 1.01.0000 - Hewlett-Packard)
HPLJDXPHelper (HKLM-x32\...\{010788AB-706E-4604-A46B-6785EAB64B5E}) (Version: 140.069.007 - HP) Hidden
HPLJUTCore (HKLM-x32\...\{B445502B-2F83-4873-90F1-06059F71A46A}) (Version: 014.000.0001 - HP) Hidden
HPLJUTM276 (HKLM-x32\...\{C97E3F48-DE95-4E00-80AF-32D75C69302D}) (Version: 3.00.0003 - HP) Hidden
hppFaxDrvM276 (HKLM-x32\...\{3B37F001-CAC7-4973-8693-D253BB0BB60F}) (Version: 004.000.00001 - Hewlett-Packard) Hidden
hppLaserJetService (HKLM-x32\...\{0C4C3664-157A-4D69-B474-31EBF2EE1AE3}) (Version: 009.033.00926 - Hewlett-Packard) Hidden
hppM276LaserJetService (HKLM-x32\...\{D6610387-8E8B-48ED-AB1C-0D38DFE31C55}) (Version: 001.019.00639 - Hewlett-Packard) Hidden
hppSendFaxM276 (HKLM-x32\...\{7DF7A3DB-90B1-48FE-B314-147E1504214D}) (Version: 004.000.00001 - Hewlett-Packard) Hidden
hpStatusAlerts (HKLM-x32\...\{E35D0ED5-716B-4E1F-8477-54DD746DF527}) (Version: 140.040.00231 - Hewlett Packard) Hidden
hpStatusAlertsM276 (HKLM-x32\...\{FFD4184D-7EC6-476E-9A72-E83412AB9D3B}) (Version: 050.034.00131 - Hewlett-Packard) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.3.1427 - Intel Corporation)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 16.8 - Intel)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2712 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{E2D0B67F-8032-4E11-87C6-C8C721D331B3}) (Version: 15.01.0500.0875 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
iTunes (HKLM\...\{164600BE-9CEC-44E6-9B38-2B12D5FE2342}) (Version: 12.6.0.100 - Apple Inc.)
Java™ 6 Update 30 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216030FF}) (Version: 6.0.300 - Oracle)
LJDXPHelperUI (HKLM-x32\...\{DEB23FB1-04FF-44AC-98B5-EEB243D65A28}) (Version: 140.069.007 - HP) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.8201.2102 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2541078073-3142841705-1440763425-1000\...\OneDriveSetup.exe) (Version: 17.3.6390.0509 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 54.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0 (x86 en-US)) (Version: 54.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 54.0.0.6368 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8201.2102 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8201.2102 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8201.2102 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8201.2075 - Microsoft Corporation) Hidden
Pillars of Eternity (HKLM\...\Steam App 291650) (Version:  - Obsidian Entertainment)
PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.3.0 - Prolific Technology INC)
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-300b63a6-c2eb-4d3d-9620-3f96c7cfc903) (Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6591 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.28.0 - Renesas Electronics Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.28.0 - Renesas Electronics Corporation)
RICOH Media Driver v2.15.17.02 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.15.17.02 - RICOH)
Skype™ 7.31 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.31.104 - Skype Technologies S.A.)
Splashtop Remote Client (HKLM-x32\...\{3CBAA9A5-2584-42C6-8A1D-E28CBD7A506D}) (Version: 1.1.6.0 - Splashtop Inc.) Hidden
Splashtop Remote Client (HKLM-x32\...\InstallShield_{3CBAA9A5-2584-42C6-8A1D-E28CBD7A506D}) (Version: 1.1.6.0 - Splashtop Inc.)
Splashtop Software Updater (HKLM-x32\...\Splashtop Software Updater) (Version: 1.5.6.14 - Splashtop Inc.)
Splashtop Streamer (HKLM-x32\...\{2EFEAD58-3311-4B2B-9D8A-8D663581D109}) (Version: 1.7.5.5 - Splashtop Inc.) Hidden
Splashtop Streamer (HKLM-x32\...\InstallShield_{2EFEAD58-3311-4B2B-9D8A-8D663581D109}) (Version: 1.7.5.5 - Splashtop Inc.)
SRS Premium Sound Control Panel (HKLM\...\{3007FF9F-5B2C-41FF-8BFC-08BF25DB2681}) (Version: 1.12.1800 - SRS Labs, Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.1 - TOSHIBA CORPORATION)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}) (Version: 2.1.19.64 - TOSHIBA Corporation)
TOSHIBA ConfigFree (HKLM-x32\...\{EAF55C99-A493-4373-A8C5-09ACC5DCD7EF}) (Version: 8.0.43 - TOSHIBA CORPORATION)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.11 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{F5AFF327-9B52-4E96-B5A0-BD2488A8EEC9}) (Version: 1.3.21.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.18.64 - TOSHIBA Corporation)
TOSHIBA Fingerprint Utility (HKLM\...\{62BBF381-D208-4EF0-B502-6CB6E5B9A161}) (Version: 2.0.0.6409 - TOSHIBA Corporation)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.2.15 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.14 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.5 - TOSHIBA CORPORATION)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.17.64 - TOSHIBA Corporation)
TOSHIBA Peak Shift Control (HKLM\...\{73F1BDB6-11E1-11D5-9DC6-00C04F2FC33B}) (Version: 3.01.00.64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.7.52020010 - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.22.64 - TOSHIBA Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.4.01 - TOSHIBA Corporation)
TOSHIBA Security Assist (HKLM-x32\...\{1E63ACB5-D45E-4856-8FC9-78F4B0D7BB80}) (Version: 2.0.9 - TOSHIBA)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.13 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.0024.000101 - TOSHIBA Corporation)
TOSHIBA Sync Utility (HKLM-x32\...\{CCF62642-ECB1-4D2B-80C0-3FD3286AEAED}) (Version: 2.0.3090 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.0027.640202 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.33 - TOSHIBA Corporation)
TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{5B01BCB7-A5D3-476F-AF11-E515BA206591}) (Version: 1.0.5 - TOSHIBA CORPORATION)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
WeChat (HKLM-x32\...\WeChat) (Version: 2.3.0.93 - 腾讯科技(深圳)有限公司)
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.2.5 - WildTangent)
WildTangent Games App (Toshiba Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba) (Version: 4.0.5.31 - WildTangent) Hidden
Zoom (HKU\S-1-5-21-2541078073-3142841705-1440763425-1000\...\ZoomUMX) (Version: 4.0 - Zoom Video Communications, Inc.)
Zuma's Revenge (HKLM-x32\...\WTA-fe4eb2ac-199d-41a3-8921-3c97e3804653) (Version: 2.2.0.98 - WildTangent) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2541078073-3142841705-1440763425-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Default.Default-PC\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileCoAuthLib64.dll ()
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {08AC4E3C-3E1D-44B4-BADD-C4B7FE06E699} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {1B1A329D-130F-4EC4-9DD6-857ECAF07CFA} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-06-10] (Microsoft Corporation)
Task: {228C1FA6-7778-44A0-9785-E33DBE1C3830} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-06-16] (Adobe Systems Incorporated)
Task: {46E03B95-38AB-4F93-BD83-9F64C6517FE4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-16] (Google Inc.)
Task: {4BF3FE0F-68C5-4A12-B406-646A7F486FEC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {7AF48117-BF1D-437C-90DB-AD1D9FB1F56C} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {8709CE66-30DB-401B-8D64-0A97339B2902} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2011-10-24] (TOSHIBA CORPORATION)
Task: {9318AEE1-6CBE-42A5-A766-C97DBFF492CF} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-06-20] ()
Task: {AB632195-A8C5-49B5-AE59-C40260CEE2DC} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [2014-10-19] (Hewlett Packard)
Task: {BD5CE18E-378D-4B93-8FBA-A4A021322840} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-06-10] (Microsoft Corporation)
Task: {D079E878-01B7-4166-822E-7F88F97361C4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-16] (Google Inc.)
Task: {D735F394-F407-4688-A13D-947CBB54AF9D} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-06-20] ()
Task: {E0A98D6D-9B29-4AC3-A977-2C5A52CC28E6} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-06-20] (Microsoft Corporation)
Task: {F401BE35-319B-4B08-B02C-C191B7039285} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-09-23 09:18 - 2016-01-22 16:57 - 00089008 _____ () C:\windows\System32\cpwmon64.dll
2017-03-16 16:08 - 2017-03-16 16:08 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-09-01 17:12 - 2016-09-01 17:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-09-16 19:22 - 2016-09-16 19:22 - 00959168 _____ () C:\Users\Default.Default-PC\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2016-09-16 19:14 - 2017-06-20 08:14 - 08931008 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2013-06-15 19:51 - 2012-02-28 17:20 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
2012-03-26 17:33 - 2012-03-26 17:33 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-03-02 16:08 - 2012-03-02 16:08 - 00595840 _____ () C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
2011-08-22 15:19 - 2011-08-22 15:19 - 11204992 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2010-03-03 14:15 - 2010-03-03 14:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
2010-03-03 14:15 - 2010-03-03 14:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
2012-03-16 10:25 - 2012-03-16 10:25 - 00476544 _____ () C:\Program Files\TOSHIBA\Fingerprint Utility\TFPUCommon.dll
2010-12-15 15:19 - 2010-12-15 15:19 - 00124320 _____ () C:\Program Files\TOSHIBA\TECO\MUIHelp.dll
2011-01-19 16:00 - 2011-01-19 16:00 - 00118784 _____ () C:\Program Files\TOSHIBA\PeakShift\MUIHelp.dll
2017-03-22 18:14 - 2017-03-22 18:14 - 01354040 _____ () C:\Program Files\iTunes\libxml2.dll
2017-03-22 18:14 - 2017-03-22 18:14 - 00092472 _____ () C:\Program Files\iTunes\zlib1.dll
2012-04-11 17:05 - 2012-04-11 17:05 - 00079784 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2010-02-28 01:33 - 2010-02-28 01:33 - 00077664 _____ () C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
2017-06-27 15:00 - 2017-06-22 20:21 - 03807064 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libglesv2.dll
2017-06-27 15:00 - 2017-06-22 20:21 - 00100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libegl.dll
2012-03-16 10:28 - 2012-03-16 10:28 - 00372608 _____ () C:\Program Files\TOSHIBA\Fingerprint Utility\BrowserAddin\TFPUCommon.dll
2012-03-16 10:28 - 2012-03-16 10:28 - 00415104 _____ () C:\Program Files\TOSHIBA\Fingerprint Utility\BrowserAddin\TFPUBrowserAddinRc.dll
2017-03-30 21:46 - 2017-05-16 18:54 - 00678176 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2017-03-30 21:46 - 2016-08-31 18:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2017-03-30 21:46 - 2016-08-31 18:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2017-03-30 21:46 - 2016-08-31 18:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2017-03-30 21:46 - 2017-06-07 22:42 - 02485536 _____ () C:\Program Files (x86)\Steam\video.dll
2017-03-30 21:46 - 2016-01-27 00:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2017-03-30 21:46 - 2016-01-27 00:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2017-03-30 21:46 - 2016-01-27 00:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2017-03-30 21:46 - 2016-01-27 00:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2017-03-30 21:46 - 2016-01-27 00:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2017-03-30 21:46 - 2017-06-07 22:42 - 00877856 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2017-03-30 21:46 - 2016-07-04 15:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2017-03-30 21:47 - 2017-05-08 12:45 - 69516064 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2017-06-09 08:14 - 2017-05-16 18:54 - 00678176 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll
2017-03-30 21:46 - 2017-06-07 22:42 - 00385312 _____ () C:\Program Files (x86)\Steam\steam.dll
2013-06-15 19:50 - 2012-02-21 12:09 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2017-06-26 19:17 - 2017-06-26 19:17 - 00089264 _____ () C:\Users\Default.Default-PC\AppData\Roaming\Zoom\bin\zCrashReport.dll
2017-06-26 19:17 - 2017-06-26 19:17 - 00786096 _____ () C:\Users\Default.Default-PC\AppData\Roaming\Zoom\bin\DuiLib.dll
2017-06-26 19:17 - 2017-06-26 19:17 - 00021680 _____ () C:\Users\Default.Default-PC\AppData\Roaming\Zoom\bin\MSAALIB.dll
2017-06-26 19:17 - 2017-06-26 19:17 - 03506864 _____ () C:\Users\Default.Default-PC\AppData\Roaming\Zoom\bin\zWinRes.dll
2017-06-26 19:17 - 2017-06-26 19:17 - 00059056 _____ () C:\Users\Default.Default-PC\AppData\Roaming\Zoom\bin\zzhost.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 _____ C:\windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2541078073-3142841705-1440763425-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Default.Default-PC\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [{0F73CA09-7845-4050-83DC-2EB61FF374CF}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{E015ADCF-6AF7-4154-B005-888C5FA56AAE}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{2DF8DA4F-B39B-4D17-AB89-ED7736281555}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{05636617-59AE-453D-8B07-CAC42FE30976}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BB47289E-9175-444A-822F-A076090AAF54}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8BDD6E23-28D2-4DE9-9727-C00CC74826B2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{527681D5-3E5A-4A2E-8615-FB8F1DD61CD4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2E0500E2-2A1F-4ACF-B915-BE337DA1397E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3EB40B75-895F-4602-808D-2992DEF22E26}] => (Allow) C:\Users\Default.Default-PC\AppData\Roaming\Zoom\bin\Zoom.exe
FirewallRules: [{7AFF4820-20D9-442B-8AC1-0BF4B48E95D8}] => (Allow) C:\Users\Default.Default-PC\AppData\Roaming\Zoom\bin\airhost.exe
FirewallRules: [{518E6615-4C6C-489B-ACAF-CEC89119C62F}] => (Allow) C:\Program Files (x86)\HP\HP LaserJet 200 color MFP M276\bin\FaxApplications.exe
FirewallRules: [{BABC1568-DA8B-4D90-95C8-37228A54E153}] => (Allow) C:\Program Files (x86)\HP\HP LaserJet 200 color MFP M276\bin\DigitalWizards.exe
FirewallRules: [{97726029-A03A-43FE-B4B5-DD891484A38D}] => (Allow) C:\Program Files (x86)\HP\HP LaserJet 200 color MFP M276\Bin\HPNetworkCommunicator.exe
FirewallRules: [{D67C0ADA-8CE5-4346-8145-B82921BC5E42}] => (Allow) C:\Program Files (x86)\HP\HP LaserJet 200 color MFP M276\bin\EWSProxy.exe
FirewallRules: [{A9AF9560-5637-4CFB-BAE7-CAEE6B5D6159}] => (Allow) C:\Program Files (x86)\Tencent\WeChat\WeChat.exe
FirewallRules: [{3608B85E-1C9C-4894-B4B2-AD3A8A8A36C8}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{7C02B4FD-0F93-4E24-B1E8-EBDBA27032BE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{8D18A09B-CAB3-47BA-B3BA-368A7568D18A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{45484FC3-8FF2-43F0-8AC3-F268A2C39C9C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{D17676BB-FC1A-4A76-AFBF-F9789A616258}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{3F213EC5-98D0-4137-9B54-E1BCB1BC2B68}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pillars of Eternity\PillarsOfEternity.exe
FirewallRules: [{806202B2-F621-4BD8-895F-1A9873E9E77F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pillars of Eternity\PillarsOfEternity.exe
FirewallRules: [{8D8A1864-7359-4D9E-B6BF-B689B09396B7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{6AEBC67F-412B-406E-BBFB-3F899B8D5F57}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices =============
 
Name: USB Input Device
Description: USB Input Device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service: HidUsb
Problem: : Windows cannot load the device driver for this hardware because a previous instance of the device driver is still in memory. (Code 38)
Resolution: The driver could not be loaded because a previous instance is still loaded.
Restart the computer.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/28/2017 04:27:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 54.0.0.6368 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1758
 
Start Time: 01d2e9d72466ec78
 
Termination Time: 56
 
Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 
Report Id: 6132c8c3-5c59-11e7-80b8-b86b23f17816
 
Error: (06/28/2017 04:00:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1030
 
Error: (06/28/2017 04:00:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1030
 
Error: (06/28/2017 04:00:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (06/28/2017 03:57:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1014
 
Error: (06/28/2017 03:57:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1014
 
Error: (06/28/2017 03:57:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (06/28/2017 03:55:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1029
 
Error: (06/28/2017 03:55:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1029
 
Error: (06/28/2017 03:55:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
System errors:
=============
Error: (06/19/2017 10:38:50 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.
 
Error: (06/19/2017 12:07:54 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.
 
Error: (06/17/2017 08:31:25 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 2:33:49 AM on ‎17/‎06/‎2017 was unexpected.
 
Error: (06/15/2017 08:14:24 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3340M CPU @ 2.70GHz
Percentage of memory in use: 37%
Total physical RAM: 8070.17 MB
Available physical RAM: 5075.27 MB
Total Virtual: 16138.52 MB
Available Virtual: 12842.1 MB
 
==================== Drives ================================
 
Drive c: (TI308470D0F) (Fixed) (Total:281.75 GB) (Free:182.32 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 7EB55C68)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=281.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14.9 GB) - (Type=17)
 
==================== End of Addition.txt ============================

 


  • 0

Advertisements

#2
zep516
Posted 28 June 2017 - 08:32 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

Warning
No Anti Virus program running !

Next

Download AdwCleaner from here. Save the file to the desktop.
NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.
Close all open windows and browsers.
  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:
iO5EZayK.png
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be moved to Quarantine.
  • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this
adwcleaner_delete_restart.jpg
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C0].txt

  • 0

#3
Tony Canevaro
Posted 29 June 2017 - 11:14 AM

Tony Canevaro

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts

Thanks!

# AdwCleaner v6.047 - Logfile created 29/06/2017 at 10:10:08
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-06-29.3 [Server]
# Operating System : Windows 7 Professional Service Pack 1 (X64)
# Username : Default - DEFAULT-PC
# Running from : C:\Users\Default.Default-PC\Desktop\adwcleaner_6.047.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
 
 
***** [ Folders ] *****
 
[-] Folder deleted: C:\Users\Default.Default-PC\AppData\Roaming\Tencent
[-] Folder deleted: C:\Program Files (x86)\Tencent
 
 
***** [ Files ] *****
 
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
[-] Value deleted: HKU\S-1-5-21-2541078073-3142841705-1440763425-1000\Software\Microsoft\Windows\CurrentVersion\Run [Wechat]
[#] Value deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Wechat]
[#] Value deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Wechat]
 
 
***** [ Web browsers ] *****
 
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark.hp.enabled" -  true
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark.hp.enabled.guid" -  "[email protected]"
[-] Firefox preferences cleaned: "extensions.toolbar.mindspark.lastInstalled" -  "[email protected]"
[-] [C:\Users\Default.Default-PC\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [1654 Bytes] - [29/06/2017 10:10:08]
C:\AdwCleaner\AdwCleaner[S0].txt - [2320 Bytes] - [29/06/2017 10:08:47]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1800 Bytes] ##########

  • 0

#4
zep516
Posted 29 June 2017 - 02:24 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Next
A few items to fix

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.
start
CloseProcesses:
CreateRestorePoint:
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2541078073-3142841705-1440763425-1000\...\Run: [Zoom] => [X]
S3 Tosrfcom; no ImagePath
2016-09-23 09:18 - 2016-09-23 09:18 - 8108488 _____ () C:\Users\Default.Default-PC\AppData\Local\Temp\converter.exe
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
Emptytemp:
  • Click Format and ensure Wordwrap is unchecked.
  • Save as Fixlist.txt to your Desktop (Must be in this location)
  • Run FRST/FRST64 and press the Fix button just once and wait.
  • If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
  • The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.
  • 0

#5
Tony Canevaro
Posted 29 June 2017 - 03:48 PM

Tony Canevaro

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
Fix result of Farbar Recovery Scan Tool (x64) Version: 29-06-2017
Ran by Default (29-06-2017 14:43:38) Run:1
Running from C:\Users\Default.Default-PC\Desktop
Loaded Profiles: Default (Available Profiles: Default)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
CloseProcesses:
CreateRestorePoint:
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2541078073-3142841705-1440763425-1000\...\Run: [Zoom] => [X]
S3 Tosrfcom; no ImagePath
2016-09-23 09:18 - 2016-09-23 09:18 - 8108488 _____ () C:\Users\Default.Default-PC\AppData\Local\Temp\converter.exe
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
Emptytemp:
*****************
 
Processes closed successfully.
Error: (0) Failed to create a restore point.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-21-2541078073-3142841705-1440763425-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Zoom => value removed successfully
HKLM\System\CurrentControlSet\Services\Tosrfcom => key removed successfully
Tosrfcom => service removed successfully
C:\Users\Default.Default-PC\AppData\Local\Temp\converter.exe => moved successfully
 
========= bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
{43207C01-3B22-4BBC-AD5D-14C7925FF700} canceled.
{062C96C0-2AED-4D29-81FE-B11B82570F74} canceled.
{3C94F474-7F85-4334-B33C-4FCB5EC730B7} canceled.
{8D981779-719F-4C51-887B-20A0ADF6973A} canceled.
{1244EB0B-50CA-48C3-81A4-EAF93036AB52} canceled.
{1930202B-4C99-4670-A03D-147907F5EEAC} canceled.
{E20BC20E-1CFF-4748-8723-C0237C1FD12F} canceled.
{36992C11-BC0E-4A19-8D61-04C894D4AA2B} canceled.
{CBAC04A3-C039-4D86-9F2B-69559733F8A4} canceled.
{A5438F36-CDE2-4D1E-9133-A0FA69E05CF7} canceled.
{3FE61446-554B-4FB0-A016-79EECEAD50D7} canceled.
{B0CF5527-6282-47C7-9CB1-7AE31822D6A1} canceled.
{89773ADF-F091-4BBC-A19A-E40D6A3E261B} canceled.
{5D6B6C2D-5E0D-43AA-B097-3DD21968A697} canceled.
{ECD19727-D9CE-4E99-8759-4E5506ED4B77} canceled.
15 out of 15 jobs canceled.
 
========= End of CMD: =========
 
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 6085180 B
Java, Flash, Steam htmlcache => 87522024 B
Windows/system/drivers => 535755086 B
Edge => 0 B
Chrome => 440977948 B
Firefox => 384309500 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 66356 B
systemprofile32 => 82740 B
LocalService => 0 B
NetworkService => 0 B
Default.Default-PC => 1359774153 B
 
RecycleBin => 0 B
EmptyTemp: => 2.6 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 14:43:53 ====

  • 0

#6
zep516
Posted 30 June 2017 - 08:51 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that that all Threats are selected, and click Remove Selected.
  • Reboot your computer if prompted.


    Posting the Malwarebytes log.

    [list]
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • post that saved log to your next reply.


  • 0

#7
Tony Canevaro
Posted 30 June 2017 - 09:06 PM

Tony Canevaro

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts

No threats detected:

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 6/30/17
Scan Time: 7:59 PM
Log File: 
Administrator: Yes
 
-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.160
Update Package Version: 1.0.2268
License: Trial
 
-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Default-PC\Default
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 331269
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 2 min, 38 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)

  • 0

#8
zep516
Posted 30 June 2017 - 09:10 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
How are things with the computer and Firefox? These logs are coming back clean.
  • 0

#9
Tony Canevaro
Posted 30 June 2017 - 11:04 PM

Tony Canevaro

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts

Firefox is very slow. Chrome is performing well. 


  • 0

#10
zep516
Posted 30 June 2017 - 11:22 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts

Hello,

 

Try resetting FireFox,

 

https://www.howtogee...fault-settings/


  • 0

#11
zep516
Posted 15 July 2017 - 10:06 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP