This topic is locked
My neighbor fell victim to a fake Security Alert and called the phone number provided on the alert. Long story short they allowed remote access to their computer. They contacted me the following morning when they found the computer locked up. A scan using Malwarebytes revealed hundreds of hits indicating pups and malware. At this point I shut the computer down and advised them to contact there bank and credit card company’s to alert them they had been hacked. After helping with that I brought the computer to my place to restart the process of cleaning it up.
My concern is this, after scanning with Malwarebytes, Eset and the installed MSE I found only one instance of malware (adware.winyahoo) and several hundred PUPS, all of which were removed. I found no Trojens or Keylogers which given that remote access was granted I find hard to believe. If it’s possible I would appreciate having someone with better skills than me (which would be any Geekstogo member) check to verify the computer is no longer at risk.
- Incident happened Monday night
- Computer is an HP Pavillian g6
- Win 7 Home Premium
- Microsoft Security Essentials
Thank you in advance for any assistance.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-09-2017 01
Ran by Johnson (administrator) on JOHNSON-PC (25-09-2017 21:08:40)
Running from C:\Users\Johnson\Desktop
Loaded Profiles: Johnson (Available Profiles: Johnson)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Verizon) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(SupportSoft, Inc.) C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(SupportSoft, Inc.) C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Dropbox, Inc.) C:\Users\Johnson\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dropbox, Inc.) C:\Users\Johnson\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dropbox, Inc.) C:\Users\Johnson\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Symform, Inc.) C:\Program Files\Symform\Node Service\symformcontrib.exe
(Symform, Inc.) C:\Program Files\Symform\Node Service\symformsync.exe
(Symform, Inc.) C:\Program Files\Symform\Node Service\symformupdater.exe
(Verizon) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\VzDetectAgent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-10-19] (IDT, Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-12] (Oracle Corporation)
HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1
HKU\S-1-5-21-1987314858-254871922-1720385071-1001\...\Run: [Google Update] => C:\Users\Johnson\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-04-28] (Google Inc.)
HKU\S-1-5-21-1987314858-254871922-1720385071-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8944344 2016-09-28] (Piriform Ltd)
HKU\S-1-5-21-1987314858-254871922-1720385071-1001\...\Policies\Explorer: [NoViewContextMenu] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SDCDisabled [2016-10-31] ()
Startup: C:\Users\Johnson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2017-09-22]
ShortcutTarget: Dropbox.lnk -> C:\Users\Johnson\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1AB9E262-9E9B-4C31-A68D-661145FEF2F8}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{EC1A0B27-F6E5-48E1-8F10-22132852B5D4}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NAV&pvid=22.5.0.124
SearchScopes: HKLM -> {2726EAAE-E2F9-413D-9BB8-BD280A0E30FC} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-1987314858-254871922-1720385071-1001 -> {0DCEF15A-26DA-463A-B664-B268B0EBE1DD} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-1987314858-254871922-1720385071-1001 -> {2726EAAE-E2F9-413D-9BB8-BD280A0E30FC} URL =
SearchScopes: HKU\S-1-5-21-1987314858-254871922-1720385071-1001 -> {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxps://www.amazon.com/gp/bit/amazonserp/ref=bit_bds-p10_serp_ie_us_display?ie=UTF8&tagbase=bds-p10&tbrId=v1_abb-channel-10_1ea93e2a_1201_1401_20160514_US_ie_ds_&tag=bds-p10-serp-us-ie-20&query={searchTerms}
SearchScopes: HKU\S-1-5-21-1987314858-254871922-1720385071-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-25] (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\ssv.dll [2017-07-22] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-25] (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\jp2ssv.dll [2017-07-22] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM - AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-25] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-25] (Google Inc.)
Toolbar: HKU\S-1-5-21-1987314858-254871922-1720385071-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
FireFox:
========
FF ProfilePath: C:\Users\Johnson\AppData\Roaming\Mozilla\Firefox\Profiles\va8z197x.default [2017-09-25]
FF Homepage: Mozilla\Firefox\Profiles\va8z197x.default -> hxxp://www.google.com/
FF NetworkProxy: Mozilla\Firefox\Profiles\va8z197x.default -> type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_185.dll [2016-10-11] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_185.dll [2016-10-11] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.141.2 -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\dtplugin\npDeployJava1.dll [2017-07-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.141.2 -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\plugin2\npjp2.dll [2017-07-22] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2011-04-05] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2017-03-13] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-08-10] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1987314858-254871922-1720385071-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Johnson\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-1987314858-254871922-1720385071-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Johnson\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> amazon.com
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR NewTab: Default -> "active": false,
"entry": "chrome-extension://kpocjpoifmommoiiiamepombpeoaehfh/stubby.html"
,
"active": false,
"entry": "chrome-extension://oopfofniljocdmhkdndkbojcollpflbb/stubby.html"
,
"active": false,
"entry": "chrome-extension://khoaiikhabpggbpmlgpeojahnflipeee/index.htm"
,
"active": false,
"entry": "chrome-extension://ceopoaldcnmhechacafgagdkklcogkgd/stubby.html"
,
"active": false,
"entry": "chrome-extension://mallpejgeafdahhflmliiahjdpgbegpk/stubby.html"
,
"active": false,
"entry": "chrome-extension://ejbdobdndcjhdmljipngpeoekdinlohe/homePageRedirect.html"
CHR DefaultSearchURL: Default -> hxxp://search.tb.ask.com/search/GGmain.jhtml?searchfor={searchTerms}&redirect=CPC
CHR DefaultSearchKeyword: Default -> askwebsearch
CHR DefaultSuggestURL: Default -> hxxp://ss.search.ask.com/ss?li=ff&sstype=prefix&limit=10&hl=en&q={searchTerms}
CHR Profile: C:\Users\Johnson\AppData\Local\Google\Chrome\User Data\Default [2017-09-25]
CHR Extension: (Norton Home Page for Chrome) - C:\Users\Johnson\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejbdobdndcjhdmljipngpeoekdinlohe [2016-10-31]
CHR Extension: (Missing Money Finder) - C:\Users\Johnson\AppData\Local\Google\Chrome\User Data\Default\Extensions\khoaiikhabpggbpmlgpeojahnflipeee [2017-01-08]
CHR Extension: (Norton Safe) - C:\Users\Johnson\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2016-10-31]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Johnson\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (Chrome Media Router) - C:\Users\Johnson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-08]
CHR Profile: C:\Users\Johnson\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-08-18]
CHR HKU\S-1-5-21-1987314858-254871922-1720385071-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ooebgdicanjhnamfmdlmlbcnkgehkkmf] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1987314858-254871922-1720385071-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pbjikboenpfhbbejgkoklgkhjpfogcam] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome - C:\Users\Johnson\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [350576 2017-03-13] (WildTangent)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [220504 2013-08-22] (Garmin Ltd or its subsidiaries)
R2 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [363128 2015-01-27] (Verizon) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
S4 PuranDefrag; C:\Windows\system32\PuranDefragS.exe [292736 2013-08-15] (Puran Software) [File not signed]
R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16216 2015-02-13] (Seagate Technology LLC)
R2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [143656 2015-07-15] (Seagate Technology LLC)
R2 sprtsvc_verizondm; C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe [206120 2012-09-06] (SupportSoft, Inc.)
R2 symformcontrib; C:\Program Files\Symform\Node Service\symformcontrib.exe [18872 2014-11-19] (Symform, Inc.)
R2 symformsync; C:\Program Files\Symform\Node Service\symformsync.exe [21944 2014-11-19] (Symform, Inc.)
R2 symformupdater; C:\Program Files\Symform\Node Service\symformupdater.exe [29112 2014-11-19] (Symform, Inc.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)
R2 tgsrvc_verizondm; C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe [185640 2012-09-06] (SupportSoft, Inc.)
S3 Tific System Service; C:\Program Files (x86)\Common Files\Tific\Tific Client G1\Tific System Service.exe [1840936 2015-06-12] (Tific AB)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2016-11-02] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-08-24] ()
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [192960 2017-09-25] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [101824 2017-09-25] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [45472 2017-09-25] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [253888 2017-09-25] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [84256 2017-09-25] (Malwarebytes)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R1 MpKsl85c66fe1; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7B191DA9-4318-4BEF-A249-A1532E5FE067}\MpKsl85c66fe1.sys [44928 2017-09-25] (Microsoft Corporation)
R3 netr28x; C:\Windows\System32\DRIVERS\netr28x.sys [2473616 2014-12-10] (MediaTek Inc.)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
U5 SDBus; C:\Windows\System32\Drivers\SDBus.sys [109056 2010-11-20] (Microsoft Corporation)
R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfswin7.sys [767648 2014-10-08] (Microsoft Corporation)
R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaywin7.sys [273576 2014-10-08] (Microsoft Corporation)
R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [29864 2014-10-08] (Microsoft Corporation)
R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolwin7.sys [23208 2014-10-08] (Microsoft Corporation)
S3 ssmirrdr; C:\Windows\System32\DRIVERS\ssmirrdr.sys [10112 2015-06-30] (support.com, Inc)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-09-25 21:08 - 2017-09-25 21:09 - 000019522 _____ C:\Users\Johnson\Desktop\FRST.txt
2017-09-25 21:05 - 2017-09-25 21:08 - 000000000 ____D C:\FRST
2017-09-25 21:05 - 2017-09-25 21:05 - 000000000 ____D C:\Users\Johnson\Desktop\FRST-OlderVersion
2017-09-25 21:01 - 2017-09-25 21:01 - 000000526 _____ C:\Users\Johnson\Documents\eset25SEP17.txt
2017-09-25 17:25 - 2017-09-25 17:26 - 006754944 _____ (ESET spol. s r.o.) C:\Users\Johnson\Downloads\esetonlinescanner_enu(1).exe
2017-09-25 16:31 - 2017-08-19 11:28 - 004121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2017-09-25 16:31 - 2017-08-19 11:28 - 000206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2017-09-25 16:31 - 2017-08-19 11:28 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2017-09-25 16:31 - 2017-08-19 11:10 - 003209216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2017-09-25 16:31 - 2017-08-19 11:10 - 000103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2017-09-25 16:31 - 2017-08-19 11:10 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2017-09-25 16:31 - 2017-08-19 11:08 - 000055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2017-09-25 16:31 - 2017-08-19 11:08 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2017-09-25 16:31 - 2017-08-19 10:57 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2017-09-25 16:31 - 2017-08-19 10:57 - 000023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2017-09-25 16:31 - 2017-08-14 13:38 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-09-25 16:31 - 2017-08-14 13:38 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-09-25 16:31 - 2017-08-14 13:35 - 001460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-09-25 16:31 - 2017-08-14 13:35 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-09-25 16:31 - 2017-08-14 13:35 - 001032192 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2017-09-25 16:31 - 2017-08-14 13:35 - 000827904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2017-09-25 16:31 - 2017-08-14 13:35 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-09-25 16:31 - 2017-08-14 13:35 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-09-25 16:31 - 2017-08-14 13:35 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-09-25 16:31 - 2017-08-14 13:35 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-09-25 16:31 - 2017-08-14 13:35 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-09-25 16:31 - 2017-08-14 13:35 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-09-25 16:31 - 2017-08-14 13:35 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-09-25 16:31 - 2017-08-14 13:35 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-09-25 16:31 - 2017-08-14 13:35 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-09-25 16:31 - 2017-08-14 13:35 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-09-25 16:31 - 2017-08-14 13:35 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-09-25 16:31 - 2017-08-14 13:35 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-09-25 16:31 - 2017-08-14 13:35 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-09-25 16:31 - 2017-08-14 13:35 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-09-25 16:31 - 2017-08-14 13:35 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-09-25 16:31 - 2017-08-14 13:35 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-09-25 16:31 - 2017-08-14 13:35 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-09-25 16:31 - 2017-08-14 13:35 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-09-25 16:31 - 2017-08-14 13:35 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-09-25 16:31 - 2017-08-14 13:35 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-09-25 16:31 - 2017-08-14 13:35 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-09-25 16:31 - 2017-08-14 13:35 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-09-25 16:31 - 2017-08-14 13:35 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-09-25 16:31 - 2017-08-14 13:35 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-09-25 16:31 - 2017-08-14 13:35 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-09-25 16:31 - 2017-08-14 13:35 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-09-25 16:31 - 2017-08-14 13:35 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-09-25 16:31 - 2017-08-14 13:35 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2017-09-25 16:31 - 2017-08-14 13:35 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-09-25 16:31 - 2017-08-14 13:35 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-09-25 16:31 - 2017-08-14 13:35 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-09-25 16:31 - 2017-08-14 13:34 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-09-25 16:31 - 2017-08-14 13:34 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-09-25 16:31 - 2017-08-14 13:34 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-09-25 16:31 - 2017-08-13 17:45 - 000040448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2017-09-25 16:31 - 2017-08-13 17:37 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-09-25 16:31 - 2017-08-13 17:31 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-09-25 16:31 - 2017-08-13 17:30 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-09-25 16:31 - 2017-08-13 17:30 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-09-25 16:31 - 2017-08-13 17:30 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-09-25 16:31 - 2017-08-13 17:30 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-09-25 16:31 - 2017-08-13 17:26 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-09-25 15:55 - 2017-09-25 17:54 - 000084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-09-25 15:55 - 2017-09-25 16:39 - 000253888 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-09-25 15:55 - 2017-09-25 16:39 - 000101824 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-09-25 15:55 - 2017-09-25 16:39 - 000045472 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-09-25 15:55 - 2017-09-25 15:55 - 000192960 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-09-25 15:55 - 2017-09-25 15:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-09-25 15:55 - 2017-09-25 15:55 - 000000000 ____D C:\Program Files\Malwarebytes
2017-09-25 15:55 - 2017-08-24 11:27 - 000077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-09-25 15:54 - 2017-09-25 15:54 - 000000000 ____D C:\ProgramData\MB2Migration
2017-09-25 15:47 - 2017-09-25 15:47 - 000001069 _____ C:\Malwarescsan25SEP17.txt
2017-09-25 14:41 - 2017-09-25 14:44 - 068408664 _____ (Malwarebytes ) C:\Users\Johnson\Downloads\mb3-setup-consumer-3.2.2.2029.exe
2017-09-25 14:35 - 2017-09-25 21:05 - 002399744 _____ (Farbar) C:\Users\Johnson\Desktop\FRST64.exe
2017-09-25 00:40 - 2017-09-25 04:31 - 000000000 ____D C:\Program Files (x86)\Citrix
2017-09-25 00:39 - 2017-09-25 00:39 - 000000000 ____D C:\Users\Johnson\AppData\Local\GoToAssist Remote Support Customer
2017-09-25 00:39 - 2017-09-25 00:39 - 000000000 ____D C:\Users\Johnson\AppData\Local\GoTo Opener
2017-09-25 00:37 - 2017-09-25 21:06 - 000000000 ____D C:\Users\Johnson\AppData\LocalLow\Mozilla
2017-09-22 11:36 - 2017-09-22 11:36 - 000080596 _____ C:\Users\Johnson\Downloads\IMG_20170922_0001.pdf
2017-09-22 11:17 - 2017-09-22 11:17 - 000000000 ____D C:\Users\Johnson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-09-19 14:27 - 2017-09-19 14:27 - 000747225 _____ C:\Users\Johnson\Downloads\2017_08_24_12_18_12 (7).pdf
2017-09-19 14:24 - 2017-09-19 14:24 - 000034059 _____ C:\Users\Johnson\Downloads\Wire confirmation (1).pdf
2017-09-19 14:22 - 2017-09-19 14:22 - 000104558 _____ C:\Users\Johnson\Downloads\Directive (1).pdf
2017-09-19 10:22 - 2017-09-19 10:23 - 000191699 _____ C:\Users\Johnson\Downloads\17900_7_7-31-2017 12-00-00 AM_2017 (5).pdf
2017-09-19 10:22 - 2017-09-19 10:22 - 000206664 _____ C:\Users\Johnson\Downloads\17900_6_6-30-2017 12-00-00 AM_2017 (7).pdf
2017-09-19 09:41 - 2017-09-19 09:41 - 000104558 _____ C:\Users\Johnson\Downloads\Directive.pdf
2017-09-19 09:40 - 2017-09-19 09:40 - 000034059 _____ C:\Users\Johnson\Downloads\Wire confirmation.pdf
2017-09-18 12:28 - 2017-09-18 12:28 - 000191699 _____ C:\Users\Johnson\Downloads\17900_7_7-31-2017 12-00-00 AM_2017 (4).pdf
2017-09-18 12:28 - 2017-09-18 12:28 - 000191456 _____ C:\Users\Johnson\Downloads\17900_8_8-31-2017 12-00-00 AM_2017 (2).pdf
2017-09-18 12:27 - 2017-09-18 12:27 - 000206664 _____ C:\Users\Johnson\Downloads\17900_6_6-30-2017 12-00-00 AM_2017 (6).pdf
2017-09-18 12:26 - 2017-09-18 12:26 - 000191699 _____ C:\Users\Johnson\Downloads\17900_7_7-31-2017 12-00-00 AM_2017 (3).pdf
2017-09-18 12:25 - 2017-09-18 12:25 - 000191456 _____ C:\Users\Johnson\Downloads\17900_8_8-31-2017 12-00-00 AM_2017.pdf
2017-09-18 12:25 - 2017-09-18 12:25 - 000191456 _____ C:\Users\Johnson\Downloads\17900_8_8-31-2017 12-00-00 AM_2017 (1).pdf
2017-09-18 11:22 - 2017-09-18 11:22 - 000218446 _____ C:\Users\Johnson\Downloads\17900_11_11-30-2016 12-00-00 AM_2016 (9).pdf
2017-09-18 11:21 - 2017-09-18 11:21 - 000218446 _____ C:\Users\Johnson\Downloads\17900_11_11-30-2016 12-00-00 AM_2016 (8).pdf
2017-09-16 12:20 - 2017-09-16 12:20 - 000218446 _____ C:\Users\Johnson\Downloads\17900_11_11-30-2016 12-00-00 AM_2016 (7).pdf
2017-09-16 12:20 - 2017-09-16 12:20 - 000218446 _____ C:\Users\Johnson\Downloads\17900_11_11-30-2016 12-00-00 AM_2016 (6).pdf
2017-09-14 20:18 - 2017-09-14 20:18 - 000747225 _____ C:\Users\Johnson\Downloads\2017_08_24_12_18_12 (6).pdf
2017-09-13 16:40 - 2017-09-13 16:40 - 000747225 _____ C:\Users\Johnson\Downloads\2017_08_24_12_18_12 (5).pdf
2017-09-13 16:39 - 2017-09-13 16:40 - 000747225 _____ C:\Users\Johnson\Downloads\2017_08_24_12_18_12 (4).pdf
2017-09-13 11:35 - 2017-08-15 10:06 - 015260160 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-09-13 11:35 - 2017-08-15 09:58 - 013673984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-09-13 11:35 - 2017-08-13 14:58 - 025730560 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-09-13 11:35 - 2017-08-13 12:54 - 020269056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-09-13 11:35 - 2017-08-13 12:51 - 005981696 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-09-13 11:35 - 2017-08-13 12:24 - 002291200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-09-13 11:35 - 2017-08-13 11:48 - 004547072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-09-13 11:34 - 2017-08-19 11:28 - 000197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2017-09-13 11:34 - 2017-08-19 11:10 - 000180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2017-09-13 11:34 - 2017-08-16 11:29 - 000806912 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-09-13 11:34 - 2017-08-16 11:10 - 000629760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2017-09-13 11:34 - 2017-08-16 10:57 - 003224576 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-09-13 11:34 - 2017-08-15 21:10 - 000395976 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-09-13 11:34 - 2017-08-15 20:25 - 000347336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-09-13 11:34 - 2017-08-15 11:29 - 014182400 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-09-13 11:34 - 2017-08-15 11:29 - 001867264 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2017-09-13 11:34 - 2017-08-15 11:10 - 012880896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-09-13 11:34 - 2017-08-15 11:10 - 001499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2017-09-13 11:34 - 2017-08-15 10:01 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-09-13 11:34 - 2017-08-15 10:01 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-09-13 11:34 - 2017-08-15 10:01 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-09-13 11:34 - 2017-08-14 13:35 - 003203584 _____ (Microsoft Corporation) C:\Windows\system32\mmcndmgr.dll
2017-09-13 11:34 - 2017-08-14 13:35 - 002150912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmcndmgr.dll
2017-09-13 11:34 - 2017-08-14 13:35 - 000355328 _____ (Microsoft Corporation) C:\Windows\system32\mmcbase.dll
2017-09-13 11:34 - 2017-08-14 13:35 - 000303104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmcbase.dll
2017-09-13 11:34 - 2017-08-14 13:35 - 000172544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cic.dll
2017-09-13 11:34 - 2017-08-14 13:35 - 000131072 _____ (Microsoft Corporation) C:\Windows\system32\mmcshext.dll
2017-09-13 11:34 - 2017-08-14 13:35 - 000128512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmcshext.dll
2017-09-13 11:34 - 2017-08-14 13:34 - 000211968 _____ (Microsoft Corporation) C:\Windows\system32\cic.dll
2017-09-13 11:34 - 2017-08-13 17:37 - 002144256 _____ (Microsoft Corporation) C:\Windows\system32\mmc.exe
2017-09-13 11:34 - 2017-08-13 17:30 - 001401344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmc.exe
2017-09-13 11:34 - 2017-08-13 13:24 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-09-13 11:34 - 2017-08-13 13:24 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-09-13 11:34 - 2017-08-13 13:06 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-09-13 11:34 - 2017-08-13 13:05 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-09-13 11:34 - 2017-08-13 13:05 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-09-13 11:34 - 2017-08-13 13:05 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-09-13 11:34 - 2017-08-13 13:05 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-09-13 11:34 - 2017-08-13 13:04 - 002899968 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-09-13 11:34 - 2017-08-13 12:56 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-09-13 11:34 - 2017-08-13 12:55 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-09-13 11:34 - 2017-08-13 12:52 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-09-13 11:34 - 2017-08-13 12:51 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-09-13 11:34 - 2017-08-13 12:51 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-09-13 11:34 - 2017-08-13 12:50 - 000817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-09-13 11:34 - 2017-08-13 12:50 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-09-13 11:34 - 2017-08-13 12:46 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-09-13 11:34 - 2017-08-13 12:41 - 000968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-09-13 11:34 - 2017-08-13 12:38 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-09-13 11:34 - 2017-08-13 12:30 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-09-13 11:34 - 2017-08-13 12:29 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-09-13 11:34 - 2017-08-13 12:29 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-09-13 11:34 - 2017-08-13 12:29 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-09-13 11:34 - 2017-08-13 12:29 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-09-13 11:34 - 2017-08-13 12:29 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-09-13 11:34 - 2017-08-13 12:28 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-09-13 11:34 - 2017-08-13 12:27 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-09-13 11:34 - 2017-08-13 12:24 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-09-13 11:34 - 2017-08-13 12:23 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-09-13 11:34 - 2017-08-13 12:22 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-09-13 11:34 - 2017-08-13 12:21 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-09-13 11:34 - 2017-08-13 12:20 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-09-13 11:34 - 2017-08-13 12:19 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-09-13 11:34 - 2017-08-13 12:18 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-09-13 11:34 - 2017-08-13 12:17 - 000663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-09-13 11:34 - 2017-08-13 12:17 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-09-13 11:34 - 2017-08-13 12:17 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-09-13 11:34 - 2017-08-13 12:07 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-09-13 11:34 - 2017-08-13 12:04 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-09-13 11:34 - 2017-08-13 12:04 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-09-13 11:34 - 2017-08-13 12:02 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-09-13 11:34 - 2017-08-13 12:01 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-09-13 11:34 - 2017-08-13 12:01 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-09-13 11:34 - 2017-08-13 12:01 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-09-13 11:34 - 2017-08-13 12:00 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-09-13 11:34 - 2017-08-13 11:57 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-09-13 11:34 - 2017-08-13 11:53 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-09-13 11:34 - 2017-08-13 11:46 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-09-13 11:34 - 2017-08-13 11:44 - 000694784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-09-13 11:34 - 2017-08-13 11:43 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-09-13 11:34 - 2017-08-13 11:43 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-09-13 11:34 - 2017-08-13 11:40 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-09-13 11:34 - 2017-08-13 11:27 - 001544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-09-13 11:34 - 2017-08-13 11:18 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-09-13 11:34 - 2017-08-13 11:17 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-09-13 11:34 - 2017-08-13 11:14 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-09-13 11:34 - 2017-08-13 11:13 - 001314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-09-13 11:34 - 2017-08-11 02:42 - 000631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-09-13 11:34 - 2017-08-11 02:38 - 005547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-09-13 11:34 - 2017-08-11 02:38 - 000706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-09-13 11:34 - 2017-08-11 02:36 - 001732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-09-13 11:34 - 2017-08-11 02:35 - 002065408 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-09-13 11:34 - 2017-08-11 02:35 - 000757248 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-09-13 11:34 - 2017-08-11 02:35 - 000512000 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2017-09-13 11:34 - 2017-08-11 02:35 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-09-13 11:34 - 2017-08-11 02:35 - 000362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-09-13 11:34 - 2017-08-11 02:35 - 000346112 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2017-09-13 11:34 - 2017-08-11 02:35 - 000313856 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2017-09-13 11:34 - 2017-08-11 02:35 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-09-13 11:34 - 2017-08-11 02:35 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-09-13 11:34 - 2017-08-11 02:35 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-09-13 11:34 - 2017-08-11 02:35 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-09-13 11:34 - 2017-08-11 02:35 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2017-09-13 11:34 - 2017-08-11 02:35 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\nsisvc.dll
2017-09-13 11:34 - 2017-08-11 02:35 - 000025600 _____ (Microsoft Corporation) C:\Windows\system32\winnsi.dll
2017-09-13 11:34 - 2017-08-11 02:35 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-09-13 11:34 - 2017-08-11 02:35 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-09-13 11:34 - 2017-08-11 02:35 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\nsi.dll
2017-09-13 11:34 - 2017-08-11 02:34 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-09-13 11:34 - 2017-08-11 02:34 - 000971776 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2017-09-13 11:34 - 2017-08-11 02:34 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-09-13 11:34 - 2017-08-11 02:34 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-09-13 11:34 - 2017-08-11 02:34 - 000166400 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2017-09-13 11:34 - 2017-08-11 02:34 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-09-13 11:34 - 2017-08-11 02:34 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-09-13 11:34 - 2017-08-11 02:34 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-09-13 11:34 - 2017-08-11 02:34 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll
2017-09-13 11:34 - 2017-08-11 02:34 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2017-09-13 11:34 - 2017-08-11 02:34 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-09-13 11:34 - 2017-08-11 02:34 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-09-13 11:34 - 2017-08-11 02:34 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-09-13 11:34 - 2017-08-11 02:34 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-09-13 11:34 - 2017-08-11 02:34 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-09-13 11:34 - 2017-08-11 02:34 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-09-13 11:34 - 2017-08-11 02:34 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-09-13 11:34 - 2017-08-11 02:34 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-09-13 11:34 - 2017-08-11 02:34 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-09-13 11:34 - 2017-08-11 02:34 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-09-13 11:34 - 2017-08-11 02:34 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-09-13 11:34 - 2017-08-11 02:34 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-09-13 11:34 - 2017-08-11 02:34 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-09-13 11:34 - 2017-08-11 02:34 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-09-13 11:34 - 2017-08-11 02:34 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-09-13 11:34 - 2017-08-11 02:34 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-09-13 11:34 - 2017-08-11 02:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-09-13 11:34 - 2017-08-11 02:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-09-13 11:34 - 2017-08-11 02:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-09-13 11:34 - 2017-08-11 02:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-09-13 11:34 - 2017-08-11 02:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-09-13 11:34 - 2017-08-11 02:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-09-13 11:34 - 2017-08-11 02:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-09-13 11:34 - 2017-08-11 02:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-09-13 11:34 - 2017-08-11 02:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-09-13 11:34 - 2017-08-11 02:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-09-13 11:34 - 2017-08-11 02:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-09-13 11:34 - 2017-08-11 02:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-09-13 11:34 - 2017-08-11 02:34 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-09-13 11:34 - 2017-08-11 02:24 - 004001000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-09-13 11:34 - 2017-08-11 02:24 - 003945704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-09-13 11:34 - 2017-08-11 02:21 - 001314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-09-13 11:34 - 2017-08-11 02:20 - 000061952 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe
2017-09-13 11:34 - 2017-08-11 02:20 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\wpnpinst.exe
2017-09-13 11:34 - 2017-08-11 02:19 - 001417728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2017-09-13 11:34 - 2017-08-11 02:19 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-09-13 11:34 - 2017-08-11 02:19 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-09-13 11:34 - 2017-08-11 02:19 - 000497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2017-09-13 11:34 - 2017-08-11 02:19 - 000299008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
2017-09-13 11:34 - 2017-08-11 02:19 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-09-13 11:34 - 2017-08-11 02:19 - 000271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
2017-09-13 11:34 - 2017-08-11 02:19 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-09-13 11:34 - 2017-08-11 02:19 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-09-13 11:34 - 2017-08-11 02:19 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
2017-09-13 11:34 - 2017-08-11 02:19 - 000016384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winnsi.dll
2017-09-13 11:34 - 2017-08-11 02:19 - 000008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nsi.dll
2017-09-13 11:34 - 2017-08-11 02:19 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-09-13 11:34 - 2017-08-11 02:19 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-09-13 11:34 - 2017-08-11 02:19 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-09-13 11:34 - 2017-08-11 02:19 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-09-13 11:34 - 2017-08-11 02:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-09-13 11:34 - 2017-08-11 02:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-09-13 11:34 - 2017-08-11 02:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-09-13 11:34 - 2017-08-11 02:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-09-13 11:34 - 2017-08-11 02:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-09-13 11:34 - 2017-08-11 02:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-09-13 11:34 - 2017-08-11 02:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-09-13 11:34 - 2017-08-11 02:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-09-13 11:34 - 2017-08-11 02:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-09-13 11:34 - 2017-08-11 02:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-09-13 11:34 - 2017-08-11 02:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-09-13 11:34 - 2017-08-11 02:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-09-13 11:34 - 2017-08-11 02:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-09-13 11:34 - 2017-08-11 02:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-09-13 11:34 - 2017-08-11 02:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-09-13 11:34 - 2017-08-11 02:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-09-13 11:34 - 2017-08-11 02:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-09-13 11:34 - 2017-08-11 02:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-09-13 11:34 - 2017-08-11 02:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-09-13 11:34 - 2017-08-11 02:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-09-13 11:34 - 2017-08-11 02:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-09-13 11:34 - 2017-08-11 02:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-09-13 11:34 - 2017-08-11 02:12 - 000025088 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2017-09-13 11:34 - 2017-08-11 02:09 - 000061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.exe
2017-09-13 11:34 - 2017-08-11 02:07 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-09-13 11:34 - 2017-08-11 02:07 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-09-13 11:34 - 2017-08-11 02:07 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-09-13 11:34 - 2017-08-11 02:03 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-09-13 11:34 - 2017-08-11 02:03 - 000026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe
2017-09-13 11:34 - 2017-08-11 02:02 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-09-13 11:34 - 2017-08-11 02:01 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
2017-09-13 11:34 - 2017-08-11 02:00 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2017-09-13 11:34 - 2017-08-11 01:59 - 000460800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-09-13 11:34 - 2017-08-11 01:59 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-09-13 11:34 - 2017-08-11 01:59 - 000168448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-09-13 11:34 - 2017-08-11 01:58 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-09-13 11:34 - 2017-08-11 01:58 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nsiproxy.sys
2017-09-13 11:34 - 2017-08-11 01:56 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-09-13 11:34 - 2017-08-11 01:56 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-09-13 11:34 - 2017-08-11 01:56 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-09-13 11:34 - 2017-08-11 01:56 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-09-13 11:34 - 2017-08-11 01:55 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-09-13 11:34 - 2017-08-11 01:55 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-09-13 11:34 - 2017-08-11 01:55 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-09-13 11:34 - 2017-08-11 01:55 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-09-13 11:34 - 2017-07-07 11:29 - 001143296 _____ (Microsoft Corporation) C:\Windows\system32\DXPTaskRingtone.dll
2017-09-13 11:34 - 2017-07-07 11:10 - 000973312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DXPTaskRingtone.dll
2017-09-09 11:54 - 2017-09-09 11:54 - 000136041 _____ C:\Users\Johnson\Downloads\InsuranceIDCard.pdf
2017-09-08 18:00 - 2017-09-08 18:00 - 000747225 _____ C:\Users\Johnson\Downloads\2017_08_24_12_18_12 (3).pdf
2017-09-08 18:00 - 2017-09-08 18:00 - 000747225 _____ C:\Users\Johnson\Downloads\2017_08_24_12_18_12 (2).pdf
2017-09-08 18:00 - 2017-09-08 18:00 - 000747225 _____ C:\Users\Johnson\Downloads\2017_08_24_12_18_12 (1).pdf
2017-09-08 17:51 - 2017-09-08 17:51 - 000747225 _____ C:\Users\Johnson\Downloads\2017_08_24_12_18_12.pdf
2017-09-08 17:44 - 2017-09-08 17:44 - 000218446 _____ C:\Users\Johnson\Downloads\17900_11_11-30-2016 12-00-00 AM_2016 (5).pdf
2017-09-08 17:40 - 2017-09-08 17:40 - 000182453 _____ C:\Users\Johnson\Downloads\17900_10_10-31-2016 12-00-00 AM_2016 (6).pdf
2017-09-06 11:44 - 2017-09-06 11:44 - 000060230 _____ C:\Users\Johnson\Downloads\https___www.foragentsonly.com_ManagePolicies_Policy_Payments_re.pdf
2017-08-31 16:30 - 2017-08-31 16:30 - 000198599 _____ C:\Users\Johnson\Downloads\17900_1_1-31-2017 12-00-00 AM_2017 (9).pdf
2017-08-31 16:29 - 2017-08-31 16:29 - 000223382 _____ C:\Users\Johnson\Downloads\17900_4_4-30-2017 12-00-00 AM_2017 (15).pdf
2017-08-31 16:27 - 2017-08-31 16:27 - 000224908 _____ C:\Users\Johnson\Downloads\17900_3_3-31-2017 12-00-00 AM_2017 (16).pdf
2017-08-31 16:27 - 2017-08-31 16:27 - 000224908 _____ C:\Users\Johnson\Downloads\17900_3_3-31-2017 12-00-00 AM_2017 (15).pdf
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-09-25 21:04 - 2012-08-26 16:59 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2017-09-25 21:04 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf
2017-09-25 18:38 - 2012-03-27 18:43 - 000000000 ____D C:\ProgramData\{559F25A3-87D2-4D88-ADC5-DF4C277CDD45}
2017-09-25 16:47 - 2009-07-14 00:45 - 000037072 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-09-25 16:47 - 2009-07-14 00:45 - 000037072 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-09-25 16:37 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-09-25 15:55 - 2013-10-05 13:45 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-09-25 15:49 - 2009-07-14 01:08 - 000032548 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-09-25 15:48 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\L2Schemas
2017-09-25 14:55 - 2012-06-01 14:24 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-09-25 14:50 - 2016-10-26 22:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2017-09-25 14:25 - 2016-10-30 15:55 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-09-24 22:10 - 2016-10-19 09:31 - 000003942 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{115192F2-C806-4F64-89F3-F776CB244BA3}
2017-09-23 10:31 - 2015-12-07 10:14 - 000000000 ___RD C:\Users\Johnson\Documents\Scanned Documents
2017-09-22 15:11 - 2011-09-13 20:04 - 000000000 ____D C:\Users\Johnson\AppData\Roaming\SoftGrid Client
2017-09-22 11:17 - 2014-04-18 18:57 - 000000000 ____D C:\Users\Johnson\AppData\Roaming\Dropbox
2017-09-19 15:05 - 2017-08-14 14:16 - 000000000 ____D C:\Program Files\Family Tree Maker 2017
2017-09-19 15:05 - 2011-08-02 00:18 - 000000000 ____D C:\Users\Johnson\Documents\Family Tree Maker
2017-09-19 11:17 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\rescache
2017-09-13 17:19 - 2009-07-14 01:13 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI
2017-09-13 13:20 - 2013-07-23 13:55 - 000000000 ____D C:\Windows\system32\MRT
2017-09-13 13:14 - 2016-11-01 17:45 - 138202976 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-09-13 13:06 - 2016-11-02 03:46 - 000774192 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-08-31 13:52 - 2016-02-08 21:26 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-08-29 11:11 - 2012-05-04 13:50 - 000002400 _____ C:\Users\Johnson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-29 11:10 - 2012-05-04 13:50 - 000002392 _____ C:\Users\Johnson\Desktop\Google Chrome.lnk
==================== Files in the root of some directories =======
2015-08-14 17:57 - 2015-08-15 11:09 - 000000115 _____ () C:\Users\Johnson\AppData\Roaming\LogFile.txt
2014-04-14 16:13 - 2015-03-13 18:35 - 000000600 _____ () C:\Users\Johnson\AppData\Roaming\winscp.rnd
2016-10-31 22:06 - 2016-10-31 22:06 - 000000159 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
Some files in TEMP:
====================
2017-09-25 14:49 - 2017-09-25 14:50 - 007178424 _____ (VS Revo Group ) C:\Users\Johnson\AppData\Local\Temp\VSUSetup.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-09-19 11:08
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-09-2017 01
Ran by Johnson (25-09-2017 21:10:20)
Running from C:\Users\Johnson\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2016-11-01 02:33:34)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1987314858-254871922-1720385071-500 - Administrator - Disabled)
Guest (S-1-5-21-1987314858-254871922-1720385071-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1987314858-254871922-1720385071-1006 - Limited - Enabled)
Johnson (S-1-5-21-1987314858-254871922-1720385071-1001 - Administrator - Enabled) => C:\Users\Johnson
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.205 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.185 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
Agatha Christie - Peril at End House (HKLM-x32\...\WT089362) (Version: 2.2.0.95 - WildTangent) Hidden
Bejeweled 2 Deluxe (HKLM-x32\...\WT089453) (Version: 2.2.0.95 - WildTangent) Hidden
Bejeweled 3 (HKLM-x32\...\WT089498) (Version: 2.2.0.95 - WildTangent) Hidden
Blackhawk Striker 2 (HKLM-x32\...\WT087328) (Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (HKLM-x32\...\WT089308) (Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}) (Version: 2.2.6699 - K-NFB Reading Technology, Inc.)
Bounce Symphony (HKLM-x32\...\WT087330) (Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot 2 (HKLM-x32\...\WT087335) (Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (HKLM-x32\...\WT089359) (Version: 2.2.0.95 - WildTangent) Hidden
Canon CanoScan LiDE 120 On-screen Manual (HKLM-x32\...\Canon CanoScan LiDE 120 On-screen Manual) (Version: 7.7.1 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.11.1 - Canon Inc.)
CanoScan LiDE 120 Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2415) (Version: 1.00 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.23 - Piriform)
Chuzzle Deluxe (HKLM-x32\...\WT089454) (Version: 2.2.0.95 - WildTangent) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.1.4305 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (HKLM-x32\...\WT087536) (Version: 2.2.0.95 - WildTangent) Hidden
Dora's World Adventure (HKLM-x32\...\WT087343) (Version: 2.2.0.95 - WildTangent) Hidden
Dropbox (HKU\S-1-5-21-1987314858-254871922-1720385071-1001\...\Dropbox) (Version: 35.4.20 - Dropbox, Inc.)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version: - Lars Hederer)
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Evernote v. 4.2.2 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.2.3979 - Evernote Corp.)
Family Tree Maker 2005 (HKLM-x32\...\{B136E4A4-7660-4F15-9752-EF8E6BA7866D}) (Version: - )
Family Tree Maker 2006 (HKLM-x32\...\{F2F4C144-7D1A-47C4-9D53-395A57B0CD64}) (Version: - )
Family Tree Maker 2012 (HKLM-x32\...\{1CB0993B-1CD4-4A18-9C85-9732AFD9843F}) (Version: 21.0.452 - Ancestry.com, Inc.) Hidden
Family Tree Maker 2012 (HKLM-x32\...\Family Tree Maker 2012) (Version: 21.0.452 - Ancestry.com, Inc.)
Family Tree Maker 2014.1 (HKLM\...\{6DF6B967-71FE-4921-BC4C-91724F22726C}) (Version: 22.0.1510 - Software MacKiev)
Family Tree Maker 2017 (HKLM\...\{6BEF69F9-92AA-4BCC-8529-DA42F585EC36}) (Version: 23.0.1343 - Software MacKiev)
Farm Frenzy (HKLM-x32\...\WT089328) (Version: 2.2.0.95 - WildTangent) Hidden
FATE - The Traitor Soul (HKLM-x32\...\WT089470) (Version: 2.2.0.95 - WildTangent) Hidden
Garmin City Navigator North America NT 2013.20 Update (HKLM-x32\...\{8BBC40D0-95A4-40F1-817B-F2B30A1ADF02}) (Version: 16.20.0.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{550331CC-C34B-494F-BCDA-37CE4EF6E924}) (Version: 4.0.3 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{31a12940-e5c8-4d27-a6ac-005212152f1f}) (Version: 2.2.21 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{658AB1BF-9A07-4AAD-B6BB-7CADD2307C75}) (Version: 2.2.21 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (HKLM-x32\...\{417F3E7E-C754-4707-BF5B-94750B83D58A}) (Version: 2.2.21 - Garmin Ltd or its subsidiaries) Hidden
Garmin Update Service (HKLM-x32\...\{42B9D779-CF1F-478D-A393-950CE0E48177}) (Version: 2.2.21 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKU\S-1-5-21-1987314858-254871922-1720385071-1001\...\Google Chrome) (Version: 60.0.3112.113 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GoTo Opener (HKLM-x32\...\{8B2D47CC-1558-4939-B27F-41E30530072A}) (Version: 1.0.467 - LogMeIn, Inc.)
GWX Control Panel (HKLM-x32\...\UltimateOutsider_GwxControlPanel) (Version: - UltimateOutsider)
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Connection Manager (HKLM-x32\...\{7A6B4340-7090-418F-8976-EE9650B35550}) (Version: 4.1.22.1 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{6C453C9C-38AE-494D-BF89-7AA0DE87F3E5}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.4 - WildTangent)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
HP On Screen Display (HKLM-x32\...\{D7670221-BF9B-4DFF-B26B-5BE55A87329F}) (Version: 1.2.2 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{E44578C7-4667-4124-8BC2-1161BCA54978}) (Version: 1.4.4 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{210A03F5-B2ED-4947-B27E-516F50CBB292}) (Version: 8.6.4530.3651 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13253.3682 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{962CB079-85E6-405F-8704-1C62365AE46F}) (Version: 4.5.10.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6341.0 - IDT)
IHA_MessageCenter (HKLM-x32\...\{53C49C8D-DFB2-42B9-A7EF-0F9CA386CC13}) (Version: 1.8.17 - Verizon)
Java 8 Update 141 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180141F0}) (Version: 8.0.1410.15 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
KODAK Share Button App (HKLM-x32\...\{F5930CDE-2FF5-4A8D-9DBD-3177C816D4A9}) (Version: 4.05.0000.0000 - Eastman Kodak Company)
Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version: 3.0 - EasyBits Software AS)
Mah Jong Medley (HKLM-x32\...\WT087393) (Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.6122.5000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.7128.5001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1987314858-254871922-1720385071-1001\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 12.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 12.0 (x86 en-US)) (Version: 12.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 55.0.3.6445 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery P.I. - Stolen in San Francisco (HKLM-x32\...\WT089496) (Version: 2.2.0.95 - WildTangent) Hidden
Namco All-Stars PAC-MAN (HKLM-x32\...\WT089484) (Version: 2.2.0.95 - WildTangent) Hidden
Penguins! (HKLM-x32\...\WT087394) (Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WT089458) (Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (HKLM-x32\...\WT087395) (Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (HKLM-x32\...\WT087396) (Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (HKLM-x32\...\WT087397) (Version: 2.2.0.95 - WildTangent) Hidden
Power Undelete Wizard 3.9 (HKLM-x32\...\Power Undelete Wizard) (Version: 3.9 - www.power-undelete.com)
Puran Defrag 7.7.1 (HKLM\...\Puran Defrag_is1) (Version: - Puran Software)
Ralink RT5390 802.11b/g/n WiFi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 3.02.07.0 - Ralink)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.46.610.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.84 - Realtek Semiconductor Corp.)
Recovery Manager (HKLM-x32\...\{DBCD5E64-7379-4648-9444-8A6558DCB614}) (Version: 2.0.0 - Hewlett-Packard) Hidden
Revo Uninstaller 2.0.3 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.3 - VS Revo Group, Ltd.)
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow)
Seagate Dashboard (HKLM-x32\...\{EA266F00-A8E7-43A0-8DED-FBFE3F076934}) (Version: 4.2.002.0 - Seagate)
Slingo Supreme (HKLM-x32\...\WT089457) (Version: 2.2.0.95 - WildTangent) Hidden
Symform (HKLM\...\{73EDDF5E-CE9E-4A77-917F-58BBA5110300}) (Version: 4.24.0.0 - Symform, Inc.)
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.66695 - TeamViewer)
TurboTax 2015 (HKLM-x32\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
Tweaking.com - Simple System Tweaker (HKLM-x32\...\Tweaking.com - Simple System Tweaker) (Version: 2.1.0 - Tweaking.com) <==== ATTENTION
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden
Verizon Download Manager (HKLM-x32\...\{6DFF9444-9007-466A-9783-6E7D6749C97B}) (Version: 44 - SupportSoft)
Verizon Quick Connect (HKLM-x32\...\QuickConnect) (Version: 8.6.10645.30 - PlumChoice, Inc.)
Virtual Villagers 4 - The Tree of Life (HKLM-x32\...\WT089307) (Version: 2.2.0.95 - WildTangent) Hidden
Vz In-Home Agent (HKLM-x32\...\VzInHomeAgent) (Version: 9.0.96.0 - Verizon)
Wheel of Fortune 2 (HKLM-x32\...\WT087415) (Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App (HP Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.5.2 - WildTangent) Hidden
Windows Driver Package - Eastman Kodak KODAK Digital Camera (01/29/2010 1.4.1.0) (HKLM\...\3D970B9F930E7AAE23C06D39A1AC98548C90B442) (Version: 01/29/2010 1.4.1.0 - Eastman Kodak)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version: - )
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Zuma Deluxe (HKLM-x32\...\WT089455) (Version: 2.2.0.95 - WildTangent) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
HKU\S-1-5-21-1987314858-254871922-1720385071-1001\...\ChromeHTML: -> C:\Users\Johnson\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1987314858-254871922-1720385071-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Johnson\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1987314858-254871922-1720385071-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Johnson\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1987314858-254871922-1720385071-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Johnson\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1987314858-254871922-1720385071-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Johnson\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1987314858-254871922-1720385071-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Johnson\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328_1\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1987314858-254871922-1720385071-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Johnson\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328_1\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1987314858-254871922-1720385071-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Johnson\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328_1\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1987314858-254871922-1720385071-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Johnson\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1987314858-254871922-1720385071-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Johnson\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1987314858-254871922-1720385071-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Johnson\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1987314858-254871922-1720385071-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Johnson\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328_1\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1987314858-254871922-1720385071-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Johnson\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328_1\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1987314858-254871922-1720385071-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Johnson\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1987314858-254871922-1720385071-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Johnson\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1987314858-254871922-1720385071-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Johnson\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1987314858-254871922-1720385071-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Johnson\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1987314858-254871922-1720385071-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Johnson\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1987314858-254871922-1720385071-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Johnson\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1987314858-254871922-1720385071-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Johnson\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1987314858-254871922-1720385071-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Johnson\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1987314858-254871922-1720385071-1001_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Johnson\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1987314858-254871922-1720385071-1001_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Johnson\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1987314858-254871922-1720385071-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Johnson\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Johnson\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Johnson\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Johnson\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Johnson\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Johnson\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Johnson\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Johnson\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers1: [PuranDefrag] -> {E23C9C4A-0F55-40e2-A47F-93DCB54DF04D} => C:\Windows\system32\PuranDefrag.dll [2013-08-15] (Puran Software)
ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WINZIPSSSecureExt] -> {C2BB2CFD-5FBC-4a1f-94A8-4186D8602366} => -> No File
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers2: [PuranDefrag] -> {E23C9C4A-0F55-40e2-A47F-93DCB54DF04D} => C:\Windows\system32\PuranDefrag.dll [2013-08-15] (Puran Software)
ContextMenuHandlers2: [WINZIPSSSecureExt] -> {C2BB2CFD-5FBC-4a1f-94A8-4186D8602366} => -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers4: [MSSE] -> {0365FE2C-F183-4091-AC82-BFC39FB75C49} => -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers6: [PuranDefrag] -> {E23C9C4A-0F55-40e2-A47F-93DCB54DF04D} => C:\Windows\system32\PuranDefrag.dll [2013-08-15] (Puran Software)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WINZIPSSSecureExt] -> {C2BB2CFD-5FBC-4a1f-94A8-4186D8602366} => -> No File
ContextMenuHandlers1_S-1-5-21-1987314858-254871922-1720385071-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Johnson\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-1987314858-254871922-1720385071-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Johnson\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-1987314858-254871922-1720385071-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Johnson\AppData\Roaming\Dropbox\bin\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0A8F1904-243B-4E62-976A-5FC1239AC63B} - System32\Tasks\Johnson Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2015-07-15] (Seagate Technology LLC)
Task: {137A4448-2206-47A8-9A89-AC0D5FADABC3} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\SymErr.exe
Task: {180AB672-49B1-43B9-8863-486D2CC70DE9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-08-27] (Hewlett-Packard)
Task: {24FA368B-23A9-4D17-A5D7-1694D6CDA5E9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {27B15DF8-3777-4667-AD98-111FFB7BB622} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1987314858-254871922-1720385071-1001Core => C:\Users\Johnson\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {34789836-9E16-4742-B62D-6CDF2D68413F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1987314858-254871922-1720385071-1001Core1cf8a72d76f8cd2 => C:\Users\Johnson\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {36F93BD4-5647-4539-A5FF-C81F80A889AD} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1987314858-254871922-1720385071-1001
Task: {39E816D4-8EF0-464A-B6EB-15D8919C1593} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-09-28] (Piriform Ltd)
Task: {4F542276-2C18-44DF-A674-63281E7B3458} - System32\Tasks\ERUNT => C:\Program Files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20] ()
Task: {527D6CF2-F52E-4297-B2D5-8056F067500C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-02] (Google Inc.)
Task: {5D0A71D1-AF3B-4046-A870-A3B8DBCFA208} - System32\Tasks\JetCleanLoginCheckUpdate => C:\remote-service\jetclean\AutoUpdate.exe
Task: {6D272159-BFAA-4AEC-B61E-CD488C09DC94} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1987314858-254871922-1720385071-1001UA => C:\Users\Johnson\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {707F813A-DDD1-4E82-83EB-E9086F4E8987} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {83524013-1AC5-4AF4-ABE6-8CDAA2B0555D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-08-27] (Hewlett-Packard)
Task: {8621748A-16D6-4A2C-A74F-C5E5B49DB8A1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {8FAE213D-BB2C-43DC-98BD-2B23067F0600} - System32\Tasks\SymformLogUploader => C:\Program Files\Symform\Node Service\LogUploader.exe [2014-11-19] (Symform, Inc.)
Task: {A13CC8A7-6761-4181-B485-539414D70333} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2015-07-15] (Seagate Technology LLC)
Task: {A1D60D55-A6B8-401B-BC05-2938E02DF2F2} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => d:\program files\windows defender\MpCmdRun.exe
Task: {A21C0C2C-139C-4BFA-B5CC-B819D1934742} - \SidebarExecute -> No File <==== ATTENTION
Task: {A5D58414-27C0-40F5-92EF-9C97DF3FAC25} - System32\Tasks\Johnson DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2015-07-15] (Seagate Technology LLC)
Task: {AB9F22A1-E2AF-486E-A9FA-4C3436164C2C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {B8223565-17CD-4A83-8C3F-952E9065D8E4} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\SymErr.exe
Task: {C2605A12-4142-4521-9BBD-2DAA3DF29C9F} - System32\Tasks\Johnson => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2015-07-15] (Seagate Technology LLC)
Task: {C2C3C7DD-DF22-4BA9-8501-9B84DD0DC1A4} - \SymformServicesRestart -> No File <==== ATTENTION
Task: {C4E8B14A-4159-4C58-BDAD-281DBBFC97E8} - System32\Tasks\Microsoft\Windows Defender\MpIdleTask => d:\program files\windows defender\MpCmdRun.exe
Task: {D524D9D4-50CB-44BF-AB05-E3D492AFDCDB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {DB1E5E99-2E7D-46AD-920F-4DE0F0FB7920} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {F7E92695-0D47-4F4C-BBB4-9713D20CB165} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-07-06] (CyberLink)
Task: {FD42B921-BACA-472C-9782-45E8F83241E2} - \{AD866EED-97B9-4902-8915-CFA9E9FA1CC6} -> No File <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Bomgar Task 3473783.job => C:\Users\Johnson\AppData\Local\Google\Chrome\Application\chrome.exehxxps:/verizon1.safelinkpc.com/
Task: C:\Windows\Tasks\Bomgar Task 4778497.job => C:\Users\Johnson\AppData\Local\Google\Chrome\Application\chrome.exehxxps:/verizon1.safelinkpc.com/
Task: C:\Windows\Tasks\Bomgar Task 595502.job => C:\Users\Johnson\AppData\Local\Google\Chrome\Application\chrome.exehxxps:/verizon1.safelinkpc.com/
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2017-09-25 15:55 - 2017-08-24 11:27 - 002264528 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2014-10-08 11:29 - 2014-10-08 11:29 - 000292304 _____ () C:\Program Files\Symform\Node Service\AlphaFS.dll
2014-11-19 16:00 - 2014-11-19 16:00 - 000163256 _____ () C:\Program Files\Symform\Node Service\symformutp.DLL
2014-10-08 11:29 - 2014-10-08 11:29 - 000057544 _____ () C:\Program Files\Symform\Node Service\Mono.Nat.dll
2017-09-22 11:17 - 2017-09-20 12:48 - 000771904 _____ () C:\Users\Johnson\AppData\Roaming\Dropbox\bin\dropbox_watchdog.dll
2017-09-22 11:17 - 2017-09-20 12:48 - 001804608 _____ () C:\Users\Johnson\AppData\Roaming\Dropbox\bin\dropbox_crashpad.dll
2017-09-22 11:17 - 2017-09-20 12:49 - 000023872 _____ () C:\Users\Johnson\AppData\Roaming\Dropbox\bin\dropbox_bootstrap.dll
2017-09-22 11:17 - 2017-09-20 12:48 - 000100296 _____ () C:\Users\Johnson\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2017-09-22 11:17 - 2017-09-20 12:48 - 000018888 _____ () C:\Users\Johnson\AppData\Roaming\Dropbox\bin\select.pyd
2017-09-22 11:17 - 2017-09-20 12:50 - 000020800 _____ () C:\Users\Johnson\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2017-09-22 11:17 - 2017-09-20 12:48 - 000035792 _____ () C:\Users\Johnson\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2017-09-22 11:17 - 2017-09-20 12:49 - 000021848 _____ () C:\Users\Johnson\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2017-09-22 11:17 - 2017-09-20 12:48 - 000125904 _____ () C:\Users\Johnson\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2017-09-22 11:17 - 2017-09-20 12:48 - 000694224 _____ () C:\Users\Johnson\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2017-09-22 11:17 - 2017-09-20 12:49 - 001862992 _____ () C:\Users\Johnson\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2017-09-22 11:17 - 2017-09-20 12:49 - 000022864 _____ () C:\Users\Johnson\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2017-09-22 11:17 - 2017-09-20 12:48 - 000145864 _____ () C:\Users\Johnson\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2017-09-22 11:17 - 2017-09-20 12:48 - 000116688 _____ () C:\Users\Johnson\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2017-09-22 11:17 - 2017-09-20 12:48 - 000105928 _____ () C:\Users\Johnson\AppData\Roaming\Dropbox\bin\win32api.pyd
2017-09-22 11:17 - 2017-09-20 12:50 - 000022864 _____ () C:\Users\Johnson\AppData\Roaming\Dropbox\bin\winffi.crt.compiled._winffi_crt.pyd
2017-09-22 11:17 - 2017-09-20 12:49 - 000062784 _____ () C:\Users\Johnson\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2017-09-22 11:17 - 2017-09-20 12:48 - 000024528 _____ () C:\Users\Johnson\AppData\Roaming\Dropbox\bin\win32event.pyd
2017-09-22 11:17 - 2017-09-20 12:49 - 000040248 _____ () C:\Users\Johnson\AppData\Roaming\Dropbox\bin\fastpath.pyd
2017-09-22 11:17 - 2017-09-20 12:48 - 000020936 _____ () C:\Users\Johnson\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2017-09-22 11:17 - 2017-09-20 12:48 - 000124880 _____ () C:\Users\Johnson\AppData\Roaming\Dropbox\bin\win32file.pyd
2017-09-22 11:17 - 2017-09-20 12:48 - 000116176 _____ () C:\Users\Johnson\AppData\Roaming\Dropbox\bin\win32security.pyd
2017-09-22 11:17 - 2017-09-20 12:48 - 000392656 _____ () C:\Users\Johnson\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2017-09-22 11:17 - 2017-09-20 12:50 - 000392512 _____ () C:\Users\Johnson\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2017-09-22 11:17 - 2017-09-20 12:50 - 000026456 _____ () C:\Users\Johnson\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-09-22 11:17 - 2017-09-20 12:48 - 000024016 _____ () C:\Users\Johnson\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2017-09-22 11:17 - 2017-09-20 12:48 - 000175560 _____ () C:\Users\Johnson\AppData\Roaming\Dropbox\bin\win32gui.pyd
2017-09-22 11:17 - 2017-09-20 12:48 - 000030160 _____ () C:\Users\Johnson\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2017-09-22 11:17 - 2017-09-20 12:48 - 000043472 _____ () C:\Users\Johnson\AppData\Roaming\Dropbox\bin\win32process.pyd
2017-09-22 11:17 - 2017-09-20 12:48 - 000026056 _____ () C:\Users\Johnson\AppData\Roaming\Dropbox\bin\win32job.pyd
2017-09-22 11:17 - 2017-09-20 12:48 - 000048592 _____ () C:\Users\Johnson\AppData\Roaming\Dropbox\bin\win32service.pyd
2017-09-22 11:17 - 2017-09-20 12:48 - 000057808 _____ () C:\Users\Johnson\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2017-09-22 11:17 - 2017-09-20 12:49 - 000022336 _____ () C:\Users\Johnson\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2017-09-22 11:17 - 2017-09-20 12:50 - 000023368 _____ () C:\Users\Johnson\AppData\Roaming\Dropbox\bin\winshell.compiled._winshell.pyd
2017-09-22 11:17 - 2017-09-20 12:49 - 000023368 _____ () C:\Users\Johnson\AppData\Roaming\Dropbox\bin\crashpad.compiled._Crashpad.pyd
2017-09-22 11:17 - 2017-09-20 12:50 - 000082264 _____ () C:\Users\Johnson\AppData\Roaming\Dropbox\bin\winenumhandles.compiled._WinEnumHandles.pyd
2017-09-22 11:17 - 2017-09-20 12:50 - 000025432 _____ () C:\Users\Johnson\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2017-09-22 11:17 - 2017-09-20 12:48 - 000028616 _____ () C:\Users\Johnson\AppData\Roaming\Dropbox\bin\win32ts.pyd
2017-09-22 11:17 - 2017-09-20 12:48 - 000024016 _____ () C:\Users\Johnson\AppData\Roaming\Dropbox\bin\win32profile.pyd
2017-09-22 11:17 - 2017-09-20 12:49 - 001796920 _____ () C:\Users\Johnson\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2017-09-22 11:17 - 2017-09-20 12:48 - 000084424 _____ () C:\Users\Johnson\AppData\Roaming\Dropbox\bin\sip.pyd
2017-09-22 11:17 - 2017-09-20 12:49 - 001956152 _____ () C:\Users\Johnson\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2017-09-22 11:17 - 2017-09-20 12:50 - 003859264 _____ () C:\Users\Johnson\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2017-09-22 11:17 - 2017-09-20 12:50 - 000154440 _____ () C:\Users\Johnson\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2017-09-22 11:17 - 2017-09-20 12:49 - 000521024 _____ () C:\Users\Johnson\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2017-09-22 11:17 - 2017-09-20 12:50 - 000045888 _____ () C:\Users\Johnson\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineCore.pyd
2017-09-22 11:17 - 2017-09-20 12:50 - 000042304 _____ () C:\Users\Johnson\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2017-09-22 11:17 - 2017-09-20 12:50 - 000131384 _____ () C:\Users\Johnson\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2017-09-22 11:17 - 2017-09-20 12:50 - 000218944 _____ () C:\Users\Johnson\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2017-09-22 11:17 - 2017-09-20 12:49 - 000204096 _____ () C:\Users\Johnson\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2017-09-22 11:17 - 2017-09-20 12:48 - 000060880 _____ () C:\Users\Johnson\AppData\Roaming\Dropbox\bin\win32print.pyd
2017-09-22 11:17 - 2017-09-20 12:50 - 000054608 _____ () C:\Users\Johnson\AppData\Roaming\Dropbox\bin\winrpcserver.compiled._RPCServer.pyd
2017-09-22 11:17 - 2017-09-20 12:50 - 000022864 _____ () C:\Users\Johnson\AppData\Roaming\Dropbox\bin\winffi.user32.compiled._winffi_user32.pyd
2017-09-22 11:17 - 2017-09-20 12:50 - 000022872 _____ () C:\Users\Johnson\AppData\Roaming\Dropbox\bin\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-09-22 11:17 - 2017-09-20 12:50 - 000021848 _____ () C:\Users\Johnson\AppData\Roaming\Dropbox\bin\winffi.winerror.compiled._winffi_winerror.pyd
2017-09-22 11:17 - 2017-09-20 12:50 - 000022872 _____ () C:\Users\Johnson\AppData\Roaming\Dropbox\bin\winffi.wininet.compiled._winffi_wininet.pyd
2017-09-22 11:17 - 2017-09-20 12:49 - 000027488 _____ () C:\Users\Johnson\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-09-22 11:17 - 2017-09-20 12:48 - 000349128 _____ () C:\Users\Johnson\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2017-09-22 11:17 - 2017-09-20 12:50 - 000023896 _____ () C:\Users\Johnson\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2017-09-22 11:17 - 2017-09-20 12:49 - 000025936 _____ () C:\Users\Johnson\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2017-09-22 11:17 - 2017-09-20 12:48 - 000036296 _____ () C:\Users\Johnson\AppData\Roaming\Dropbox\bin\librsync.dll
2017-09-22 11:17 - 2017-09-20 12:49 - 000181056 _____ () C:\Users\Johnson\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2017-09-22 11:17 - 2017-09-20 12:50 - 000030536 _____ () C:\Users\Johnson\AppData\Roaming\Dropbox\bin\wind3d11.compiled._wind3d11.pyd
2017-09-22 11:17 - 2017-09-20 12:49 - 000024368 _____ () C:\Users\Johnson\AppData\Roaming\Dropbox\bin\libEGL.DLL
2017-09-22 11:17 - 2017-09-20 12:49 - 001638200 _____ () C:\Users\Johnson\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2017-09-22 11:17 - 2017-09-20 12:50 - 000026456 _____ () C:\Users\Johnson\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-09-22 11:17 - 2017-09-20 12:50 - 000545080 _____ () C:\Users\Johnson\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2017-09-22 11:17 - 2017-09-20 12:50 - 000359224 _____ () C:\Users\Johnson\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2017-09-22 11:17 - 2017-09-20 12:50 - 000038208 _____ () C:\Users\Johnson\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngine.pyd
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-1987314858-254871922-1720385071-1001\...\amazon.com -> hxxps://amazon.com
IE trusted site: HKU\S-1-5-21-1987314858-254871922-1720385071-1001\...\gtefinancial.org -> hxxps://www.gtefinancial.org
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 22:34 - 2016-10-30 18:07 - 000000855 _____ C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1987314858-254871922-1720385071-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Johnson\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: dot3svc => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: RoxioNow Service => 2
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Easybits Recovery => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
MSCONFIG\startupreg: Google Update => "C:\Users\Johnson\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HP Quick Launch => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
MSCONFIG\startupreg: HPConnectionManager => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
MSCONFIG\startupreg: HPOSD => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
MSCONFIG\startupreg: KGShareApp => C:\Program Files (x86)\Kodak\KODAK Share Button App\KGShare_App.exe
MSCONFIG\startupreg: Magic Desktop for HP notification => "C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe"
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray64.exe
MSCONFIG\startupreg: tvncontrol => "C:\Program Files (x86)\ShowMyPCService\tvnserver.exe" -controlservice -slave
MSCONFIG\startupreg: Uploader => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
MSCONFIG\startupreg: VERIZONDM => "C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe" /P VERIZONDM
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{60F016D8-A862-4039-B2CC-572E78C1689A}] => (Allow) LPort=8888
FirewallRules: [{6E0DE36F-A093-4C02-9353-2004F74E6CB9}] => (Allow) C:\Users\Johnson\AppData\Local\Temp\ShowMyPC\-80020891a0e9eebbb06f054ebcc74ca0\tvnserver.exe
FirewallRules: [{D45ECA5F-DCDB-4008-8717-0E98DEDEEEDE}] => (Allow) C:\Users\Johnson\AppData\Local\Temp\ShowMyPC\-80020891a0e9eebbb06f054ebcc74ca0\SMPCSetup.exe
FirewallRules: [UDP Query User{D60B4ED2-62A4-4C50-8C42-079EC7437B1F}C:\users\johnson\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\johnson\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{2D64AF72-6CA8-443F-8863-94C59758837C}C:\users\johnson\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\johnson\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [{5EEB4CE6-A417-4B35-9FBA-F5D27A35FB42}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{A53D5B64-AEBC-4DC1-944D-8A8E2ABA0F8B}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{6E47B03C-AD54-4AE1-A48A-6EE4D9CD9741}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{C4B1F099-AAA5-4E02-A4F1-EE0EE70893C0}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{F4309514-A650-4A09-8B1B-475617910140}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{EA5AD936-EB01-4E52-ADA5-EF5107E44A45}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [UDP Query User{716452F4-BCE6-4F20-A48A-01492D2E83B1}C:\users\johnson\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\johnson\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{70E8D342-0964-464D-B046-107D62233276}C:\users\johnson\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\johnson\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [{13A4C2DA-74BF-45BC-985C-D3607B7B562C}] => (Allow) LPort=50001
FirewallRules: [{6537AC8B-A695-4732-B41D-2F03D6DD48EA}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{B0CCE49F-0276-44E0-8157-DF436E42FA40}] => (Allow) LPort=8888
FirewallRules: [{91732A4D-25D7-4D47-AF7A-52244BD6ED01}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{E6DEE6D9-1A7F-4BA1-A886-05A9FC737D93}] => (Allow) LPort=1900
FirewallRules: [{DE3BF7C8-DB4A-4CAF-9192-91A249E5396F}] => (Allow) LPort=2869
FirewallRules: [{690B9F22-E379-4F87-9882-FECE9E13203F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{F0175AF1-21BF-4811-9250-8A146F87E789}] => (Allow) LPort=8888
FirewallRules: [UDP Query User{C03813CC-83C9-48C8-A663-02CBC4EE8A26}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [TCP Query User{D02E8B7D-C9EC-4973-9FCE-FED2A7D34C46}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [{CC738E55-E1FB-4D47-B11F-8EC259E79281}] => (Allow) LPort=50001
FirewallRules: [{8EAE7AA2-485B-46DA-BD57-3697A7CAD365}] => (Allow) C:\Program Files\Symform\Node Service\symformcontrib.exe
FirewallRules: [{A67A4662-5A2E-461D-9CB3-6461B986FD52}] => (Allow) C:\Program Files\Symform\Node Service\symformconfig.exe
FirewallRules: [UDP Query User{BC0F23B6-E9AA-4A98-854A-002C1DA134DA}C:\users\johnson\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\johnson\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{CA1FD3EE-2E57-4D8A-AB1A-939F7A1B5ED2}C:\users\johnson\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\johnson\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{5633A50B-B61B-47A9-8BD1-049E754063EB}] => (Allow) C:\Users\Johnson\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{C525135E-04B5-4D4D-A6E8-E556872ABF53}] => (Allow) C:\Users\Johnson\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [UDP Query User{04F16E35-064B-4E2E-A595-BEF2ED2D9E79}C:\users\johnson\appdata\local\logmein rescue applet\lmir0003.tmp\lmi_rescue.exe] => (Allow) C:\users\johnson\appdata\local\logmein rescue applet\lmir0003.tmp\lmi_rescue.exe
FirewallRules: [TCP Query User{B359D962-8DE2-49AC-A871-025AB4681C38}C:\users\johnson\appdata\local\logmein rescue applet\lmir0003.tmp\lmi_rescue.exe] => (Allow) C:\users\johnson\appdata\local\logmein rescue applet\lmir0003.tmp\lmi_rescue.exe
FirewallRules: [UDP Query User{3E84D272-C06F-43D0-A560-47E1675720B4}C:\users\johnson\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe] => (Allow) C:\users\johnson\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe
FirewallRules: [TCP Query User{46ECCC48-8123-4E46-A99A-6E0E70AB644C}C:\users\johnson\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe] => (Allow) C:\users\johnson\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe
FirewallRules: [{E6A3BA0E-CE70-4201-AE32-69C9881B4528}] => (Allow) C:\Users\Johnson\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [UDP Query User{C2A432A7-35BD-47E1-8CF4-51E05768CAD4}C:\users\johnson\appdata\local\temp\showmypc\smpc3152\smpcph.exe] => (Allow) C:\users\johnson\appdata\local\temp\showmypc\smpc3152\smpcph.exe
FirewallRules: [TCP Query User{63AFCA93-D10F-45E6-B527-9076782944E2}C:\users\johnson\appdata\local\temp\showmypc\smpc3152\smpcph.exe] => (Allow) C:\users\johnson\appdata\local\temp\showmypc\smpc3152\smpcph.exe
FirewallRules: [{FFF1E15E-A8EE-4370-8FDE-19A62763387A}] => (Allow) LPort=50000
FirewallRules: [{2688077A-EE86-4A82-9F82-9F521283467A}] => (Allow) LPort=50000
FirewallRules: [UDP Query User{B76D4FCD-26BD-4EFF-8FC9-F522D71197D0}C:\users\johnson\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\johnson\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [TCP Query User{B489F71B-9440-4980-878F-5FCEF2591A94}C:\users\johnson\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\johnson\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [{16CF247F-A741-48F4-8938-1C74E4B3AAC7}] => (Allow) C:\Program Files (x86)\EasyBits For Kids\ezDesktop.exe
FirewallRules: [{35788D79-BECA-4593-9FED-814201DEBC36}] => (Allow) C:\Windows\system32\ezSharedSvcHost.exe
FirewallRules: [{4016F0C6-FA7B-45F5-9B84-32109805D0BA}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
FirewallRules: [{91803447-188C-46E2-A413-1388FC1DE3B0}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
FirewallRules: [{A82602FC-7315-4BE3-8CD5-0D14EF9C05C3}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
FirewallRules: [{A2083E66-516F-40D2-B7D0-D4D40872771D}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
FirewallRules: [{CFF4490E-8B43-465B-8BE1-DC4DCEABB0A2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{D03ACFD1-17DA-4768-A80C-CE7CBC7461C5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{996FC750-06D8-43FC-8B40-36FC55F10BD2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{C909BB18-07F0-4443-92E2-9C428B11161A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
==================== Restore Points =========================
18-09-2017 11:06:39 Windows Backup
18-09-2017 12:16:52 Windows Update
22-09-2017 11:22:58 Windows Update
24-09-2017 22:21:00 Windows Backup
25-09-2017 14:50:58 Revo Uninstaller's restore point - Malwarebytes version 3.2.2.2029
25-09-2017 16:31:55 Windows Update
==================== Faulty Device Manager Devices =============
Name: MpKslba53c300
Description: MpKslba53c300
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: MpKslba53c300
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (09/25/2017 04:39:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (09/25/2017 03:50:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (09/25/2017 02:56:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (09/25/2017 02:23:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (09/25/2017 12:01:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (09/25/2017 06:06:27 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).
Error: (09/25/2017 05:32:19 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).
Error: (09/25/2017 12:24:12 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (09/24/2017 10:31:24 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).
Error: (09/24/2017 10:07:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
System errors:
=============
Error: (09/25/2017 08:21:27 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (09/25/2017 08:21:27 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (09/25/2017 08:21:27 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070422'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
Error: (09/25/2017 06:54:36 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (09/25/2017 06:54:36 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (09/25/2017 06:54:36 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070422'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
Error: (09/25/2017 06:54:32 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (09/25/2017 06:54:32 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (09/25/2017 06:54:32 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070422'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
Error: (09/25/2017 06:54:14 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Garmin Core Update Service service.
CodeIntegrity:
===================================
Date: 2016-10-28 16:43:24.097
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe because the set of per-page image hashes could not be found on the system.
Date: 2016-10-28 16:43:23.941
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe because the set of per-page image hashes could not be found on the system.
Date: 2016-10-28 16:43:23.754
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\SMCLpav\Pav2WSC.exe because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: AMD Phenom™ II P650 Dual-Core Processor
Percentage of memory in use: 56%
Total physical RAM: 3834.9 MB
Available physical RAM: 1664.67 MB
Total Virtual: 9833.09 MB
Available Virtual: 7381.69 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:450.76 GB) (Free:370.55 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:14.7 GB) (Free:1.63 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 08F0C05B)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14.7 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)
==================== End of Addition.txt ============================
Sign In
Create Account
