Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware blocked some RTP but I noted new user "adminsitrator"

Started by reppucci , Mar 13 2020 09:32 AM

  • Please log in to reply

#1
reppucci
Posted 13 March 2020 - 09:32 AM

reppucci

    Member

  • Member
  • PipPip
  • 15 posts

I was on this forum 2 years ago

 

http://www.geekstogo...emote-download/

 

that was cleared with your help.

 

recently malwarebytes blocked some RTP

 

just noticed today that "adminsitrator" as a new user was created several days ago!

 

here is frst file

 

Attached File  FRST.txt   29.67KB   166 downloads

 

 

Amy help would be appreciated!

 

Thanks

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-03-2020
Ran by Eyeformatics (administrator) on EMRSERVERHPZ600 (Hewlett-Packard HP Z600 Workstation) (13-03-2020 11:08:31)
Running from C:\Users\Eyeformatics\Desktop
Loaded Profiles: User & VSRUSER & Eyeformatics & Guest & MSSQL$SQLEXPRESS & ReportServer$SQLEXPRESS & MSSQLFDLauncher$SQLEXPRESS & ConnectEHR Patient Portal AppPool (Available Profiles: User & VSRUSER & Eyeformatics & Adminsitrator & Administrator & Guest & MSSQL$SQLEXPRESS & ReportServer$SQLEXPRESS & MSSQLFDLauncher$SQLEXPRESS & Classic .NET AppPool & ConnectEHR AppPool & CQMsolution AppPool & DefaultAppPool & ConnectEHR Patient Portal AppPool)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Bitvise Limited -> ) C:\Program Files\Bitvise SSH Server\BssCtrl.exe
(Bitvise Limited -> Bitvise Limited) C:\Program Files\Bitvise SSH Server\BvSshServer.exe
(CobianSoft, Luis Cobian) [File not signed] C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
(Cyber Power Systems, Inc. -> Cyber Power Systems, Inc.) C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe
(Cyber Power Systems, Inc. -> Cyber Power Systems, Inc.) C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe
(Dynamic Health IT, Inc.) [File not signed] C:\Program Files\ConnectEHR\ConnectEHR Agent\ConnectEHR Agent.exe
(Dynamic Health IT, Inc.) [File not signed] C:\Program Files\CQMsolution\CQMAgent\CQMAgent.exe
(FileMaker, Inc -> FileMaker, Inc.) C:\Program Files\FileMaker\FileMaker Server\Database Server\fmsase.exe
(FileMaker, Inc -> FileMaker, Inc.) C:\Program Files\FileMaker\FileMaker Server\Database Server\fmserver.exe
(FileMaker, Inc -> FileMaker, Inc.) C:\Program Files\FileMaker\FileMaker Server\Database Server\fmshelper.exe
(FileMaker, Inc -> FileMaker, Inc.) C:\Program Files\FileMaker\FileMaker Server\Database Server\fmsib.exe
(FileMaker, Inc -> FileMaker, Inc.) C:\Program Files\FileMaker\FileMaker Server\Database Server\fmxdbc_listener.exe
(FileMaker, Inc -> FileMaker, Inc.) C:\Program Files\FileMaker\FileMaker Server\Web Publishing\publishing-engine\cwpc\fmscwpc.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Luis Cobian, CobianSoft) [File not signed] C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe
(Luis Cobian, CobianSoft) [File not signed] C:\Program Files (x86)\Cobian Backup 11\cbService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSRS11.SQLEXPRESS\Reporting Services\ReportServer\bin\ReportingServicesService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\fdhost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\fdlauncher.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\inetsrv\w3wp.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files\Java\jre1.8.0_241\bin\java.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files\Java\jre1.8.0_241\bin\java.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files\Java\jre1.8.0_241\bin\javaw.exe
(PcWinTech.com) [File not signed] C:\Program Files (x86)\CleanMem\Mini_Monitor.exe
(Piriform Ltd -> Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(SurfRight B.V. -> SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-10-17] (Intel Corporation -> Intel Corporation)
HKLM-x32\...\Run: [Cobian Backup 11 interface] => C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe [4407808 2013-03-08] (Luis Cobian, CobianSoft) [File not signed]
HKLM-x32\...\Run: [Bitvise SSH Server Activation State Checker] => C:\Program Files\Bitvise SSH Server\BssActStateCheck.exe [245064 2015-04-09] (Bitvise Limited -> Bitvise Limited)
HKLM-x32\...\Run: [PowerPanel Personal Edition User Interaction] => C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe [379824 2016-07-27] (Cyber Power Systems, Inc. -> Cyber Power Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [646160 2019-12-11] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03132020104951450\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03132020104951486\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-3866400975-1191489592-655960364-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8619224 2016-01-15] (Piriform Ltd -> Piriform Ltd)
HKU\S-1-5-21-3866400975-1191489592-655960364-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03132020104951635\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8619224 2016-01-15] (Piriform Ltd -> Piriform Ltd)
HKU\S-1-5-21-3866400975-1191489592-655960364-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8619224 2016-01-15] (Piriform Ltd -> Piriform Ltd)
HKU\S-1-5-21-3866400975-1191489592-655960364-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03132020104951919\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8619224 2016-01-15] (Piriform Ltd -> Piriform Ltd)
HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03132020104953048\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-80-425977601-1203083412-1631309457-2457533047-3321749933\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-80-425977601-1203083412-1631309457-2457533047-3321749933-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03132020104953117\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-80-997390408-2153310517-3119169589-2253446180-2226563786\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-80-997390408-2153310517-3119169589-2253446180-2226563786-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03132020104953241\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-82-1036420768-1044797643-1061213386-2937092688-4282445334-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03132020104953336\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-82-1817433644-933353629-1310384419-1423244486-3076509252-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03132020104953414\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-82-2489493308-486773822-1786417886-2571693098-4028040717-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03132020104953523\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03132020104953644\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-82-4016458102-2210263096-3625409667-1209427945-2153979972\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-82-4016458102-2210263096-3625409667-1209427945-2153979972-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03132020104953730\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\80.0.3987.132\Installer\chrmstp.exe [2020-03-04] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2017-01-17] (Adobe Systems, Incorporated -> Adobe Systems, Inc.)
Lsa: [Authentication Packages] msv1_0 BvLsa

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0D390859-4532-450F-9CE9-987B76B56DA0} - System32\Tasks\WeeklyMirror => C:\Users\Eyeformatics\Documents\mirrorffs.bat [105 2017-04-05] () [File not signed]
Task: {1BB561B3-675E-42C4-8253-AE7D779AEE15} - System32\Tasks\G2MUpdateTask-S-1-5-21-3866400975-1191489592-655960364-1002 => C:\Users\Eyeformatics\AppData\Local\GoToMeeting\8199\g2mupdate.exe
Task: {2FEEF02C-DDC5-440C-8838-10265ECFBE9E} - System32\Tasks\FileSync DB => C:\Users\Eyeformatics\Documents\dailyffs.bat [115 2017-04-05] () [File not signed]
Task: {30382559-196A-4774-8FE1-33D311F14759} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {38A155C3-2909-49B0-844F-814CA416D0BA} - System32\Tasks\CleanMem Mini Monitor => C:\Program Files (x86)\CleanMem\mini_monitor.exe [1421312 2014-08-20] (PcWinTech.com) [File not signed]
Task: {64898C46-62DC-4B91-A8BA-0FA94E51880D} - System32\Tasks\Bitvise\Persistent BvSshServer Control Panel\S-1-5-21-3866400975-1191489592-655960364-1002 => C:\Program Files\Bitvise SSH Server\BssCtrl.exe [4760368 2015-04-09] (Bitvise Limited -> )
Task: {7FFE1D4F-D1F0-4EDF-85D5-11C9C6987491} - System32\Tasks\Clean System Memory => C:\Windows\syswow64\CleanMem.exe [61440 2014-08-20] (PcWinTech.com) [File not signed]
Task: {83BC1EB2-B03C-452F-BBDC-0AE37FCA99A4} - System32\Tasks\fmserestart => C:\Users\Eyeformatics\Desktop\restartfmse.bat [73 2018-08-21] () [File not signed]
Task: {973B6504-985B-4B53-B3D8-9882BEAF6CD5} - System32\Tasks\Run Hl7 Batch => C:\HL7\HL7Grab.bat [91 2015-03-04] () [File not signed]
Task: {9F5824C6-ACFA-4F2C-AA71-232A342B6087} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [410784 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {BD5FC1CA-5A56-4501-84E6-5B64BBD08869} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1160408 2016-11-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {C0FEAFF2-9223-4E77-A0B8-ECFB1FECAA1A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {C31D4ACD-A586-44F0-ACA0-47A6F484B23F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [6628056 2016-01-15] (Piriform Ltd -> Piriform Ltd)
Task: {E4404C67-0974-46D2-ACFD-699D03D4361D} - System32\Tasks\hl7 Grab Messages => C:\HL7\HL7Grab.bat [91 2015-03-04] () [File not signed]

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968 2011-08-31] (Apple Inc. -> Apple Inc.)
Tcpip\..\Interfaces\{385993E2-FCF6-42E8-989B-34FDF866CEFA}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{5FCA3713-F36F-4F94-BA68-BA1AF0357EF2}: [DhcpNameServer] 167.206.112.138 167.206.7.4
HKLM\System\...\Parameters\PersistentRoutes: [0.0.0.0,0.0.0.0,192.168.1.1,-1]

Internet Explorer:
==================
HKU\S-1-5-21-3866400975-1191489592-655960364-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-3866400975-1191489592-655960364-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03132020104951551\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-3866400975-1191489592-655960364-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-3866400975-1191489592-655960364-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03132020104951635\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
URLSearchHook: [S-1-5-21-3866400975-1191489592-655960364-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03132020104952822] ATTENTION => Default URLSearchHook is missing
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_241\bin\ssv.dll [2020-01-17] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_241\bin\jp2ssv.dll [2020-01-17] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\ssv.dll [2020-01-17] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\jp2ssv.dll [2020-01-17] (Oracle America, Inc. -> Oracle Corporation)

FireFox:
========
FF DefaultProfile: y1n7dfxv.default
FF ProfilePath: C:\Users\Eyeformatics\AppData\Roaming\Mozilla\Firefox\Profiles\y1n7dfxv.default [2020-03-13]
FF Plugin: @java.com/DTPlugin,version=11.241.2 -> C:\Program Files\Java\jre1.8.0_241\bin\dtplugin\npDeployJava1.dll [2020-01-17] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.241.2 -> C:\Program Files\Java\jre1.8.0_241\bin\plugin2\npjp2.dll [2020-01-17] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.241.2 -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\dtplugin\npDeployJava1.dll [2020-01-17] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.241.2 -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\plugin2\npjp2.dll [2020-01-17] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2012-02-09] (NVIDIA Corporation -> NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2012-02-09] (NVIDIA Corporation -> NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-01-17] (Adobe Systems, Incorporated -> Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Eyeformatics\AppData\Local\Google\Chrome\User Data\Default [2020-03-10]
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Extension: (Google Drive) - C:\Users\Eyeformatics\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-19]
CHR Extension: (YouTube) - C:\Users\Eyeformatics\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-30]
CHR Extension: (Google Search) - C:\Users\Eyeformatics\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-19]
CHR Extension: (Google Docs Offline) - C:\Users\Eyeformatics\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-01-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Eyeformatics\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-01-07]
CHR Extension: (Gmail) - C:\Users\Eyeformatics\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-07-26]
CHR Extension: (Chrome Media Router) - C:\Users\Eyeformatics\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-03-03]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [204288 2012-05-23] (Microsoft Windows Hardware Compatibility Publisher -> AMD)
R2 BvSshServer; C:\Program Files\Bitvise SSH Server\BvSshServer.exe [14359408 2015-04-09] (Bitvise Limited -> Bitvise Limited)
R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-08] (CobianSoft, Luis Cobian) [File not signed]
R2 CobianBackup11; C:\Program Files (x86)\Cobian Backup 11\cbService.exe [1131008 2013-03-08] (Luis Cobian, CobianSoft) [File not signed]
R2 ConnectEHR_Agent; C:\Program Files\ConnectEHR\ConnectEHR Agent\ConnectEHR Agent.exe [49152 2014-09-25] (Dynamic Health IT, Inc.) [File not signed]
R2 CQMsolution_Agent; C:\Program Files\CQMsolution\CQMAgent\CQMAgent.exe [23552 2014-09-17] (Dynamic Health IT, Inc.) [File not signed]
R2 FileMaker Server; C:\Program Files\FileMaker\FileMaker Server\Database Server\fmshelper.exe [379224 2014-11-11] (FileMaker, Inc -> FileMaker, Inc.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [162392 2020-01-20] (SurfRight B.V. -> SurfRight B.V.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6960640 2019-11-25] (Malwarebytes Inc -> Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [190904 2012-06-12] (Microsoft Corporation -> Microsoft Corporation)
R3 MSSQLFDLauncher$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\fdlauncher.exe [49752 2012-02-11] (Microsoft Corporation -> Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
R2 ppped; C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe [1113008 2016-07-27] (Cyber Power Systems, Inc. -> Cyber Power Systems, Inc.)
R2 ReportServer$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSRS11.SQLEXPRESS\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2348472 2012-06-12] (Microsoft Corporation -> Microsoft Corporation)
S2 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [608696 2012-06-12] (Microsoft Corporation -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13206544 2020-03-09] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
S3 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [10752 2009-07-13] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [10497024 2012-05-24] (Microsoft Windows Hardware Compatibility Publisher -> ATI Technologies Inc.)
R3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [326656 2012-05-23] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
S3 atikmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [10497024 2012-05-24] (Microsoft Windows Hardware Compatibility Publisher -> ATI Technologies Inc.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153312 2020-02-18] (Malwarebytes Corporation -> Malwarebytes)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [214496 2020-02-18] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [226448 2020-02-24] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [73584 2020-02-24] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248968 2020-02-24] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [109168 2020-02-24] (Malwarebytes Inc -> Malwarebytes)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] (MiniTool Solution Ltd -> )
S4 RsFx0200; C:\Windows\System32\DRIVERS\RsFx0200.sys [334936 2012-02-11] (Microsoft Corporation -> Microsoft Corporation)
U3 aswbdisk; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-03-13 11:08 - 2020-03-13 10:52 - 002279936 _____ (Farbar) C:\Users\Eyeformatics\Desktop\FRST64 (1).exe
2020-02-24 08:32 - 2020-02-24 08:32 - 000226448 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2020-02-24 08:32 - 2020-02-24 08:32 - 000073584 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2020-02-24 08:31 - 2020-02-24 08:31 - 000109168 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2020-02-24 08:29 - 2020-02-24 08:29 - 000248968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2020-02-18 21:09 - 2020-02-18 21:09 - 000214496 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-03-13 11:10 - 2015-03-04 16:02 - 000000600 _____ C:\Users\Eyeformatics\AppData\Roaming\winscp.rnd
2020-03-13 11:09 - 2018-01-23 20:10 - 000025727 _____ C:\Users\Eyeformatics\Desktop\FRST.txt
2020-03-13 11:09 - 2018-01-23 20:01 - 000000000 ____D C:\FRST
2020-03-13 10:53 - 2018-01-23 20:14 - 000040761 _____ C:\Users\Eyeformatics\Desktop\Addition.txt
2020-03-13 03:16 - 2009-07-14 00:45 - 000034704 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2020-03-13 03:16 - 2009-07-14 00:45 - 000034704 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2020-03-13 01:00 - 2017-04-25 14:58 - 000000000 ____D C:\Program Files (x86)\CyberPower PowerPanel Personal Edition
2020-03-12 01:11 - 2020-01-28 13:49 - 000000000 ____D C:\Users\Adminsitrator
2020-03-12 01:11 - 2015-04-28 07:23 - 000000000 ____D C:\Users\Administrator
2020-03-12 01:11 - 2014-12-24 10:37 - 000000000 ____D C:\Users\ConnectEHR AppPool
2020-03-12 01:11 - 2014-12-24 10:25 - 000000000 ____D C:\Users\ConnectEHR Patient Portal AppPool
2020-03-12 01:11 - 2014-12-24 10:24 - 000000000 ____D C:\Users\CQMsolution AppPool
2020-03-12 01:11 - 2014-12-23 15:39 - 000000000 ____D C:\Users\Classic .NET AppPool
2020-03-12 01:11 - 2014-12-23 14:42 - 000000000 ____D C:\Users\DefaultAppPool
2020-03-11 21:00 - 2014-12-20 13:30 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2020-03-10 14:10 - 2017-04-05 11:19 - 000003612 _____ C:\Windows\system32\Tasks\WeeklyMirror
2020-03-10 13:20 - 2014-12-22 15:12 - 000000000 ____D C:\Users\Guest
2020-03-04 16:57 - 2014-12-19 16:34 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-03-04 16:57 - 2014-12-19 16:34 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-03-04 16:57 - 2014-12-19 16:34 - 000002183 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-03-03 14:02 - 2015-03-04 15:07 - 000000000 ____D C:\HL7
2020-03-03 11:46 - 2009-07-14 01:13 - 000998798 _____ C:\Windows\system32\PerfStringBackup.INI
2020-03-03 11:46 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf
2020-03-02 17:00 - 2017-01-09 15:50 - 000000000 ____D C:\Users\Eyeformatics\AppData\Local\ElevatedDiagnostics
2020-03-02 17:00 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\system32\NDF
2020-02-24 08:29 - 2013-06-18 15:00 - 000000000 ____D C:\ProgramData\NVIDIA
2020-02-24 08:29 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-02-24 08:24 - 2019-11-25 08:47 - 000000000 ____D C:\Users\Eyeformatics\AppData\Local\cache
2020-02-18 21:08 - 2019-11-11 08:44 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys

==================== Files in the root of some directories ========

2015-04-24 08:20 - 2015-04-24 08:18 - 000000022 _____ () C:\Users\SuperContainer\get all files recursive.bat
2017-04-24 18:15 - 2018-08-17 14:41 - 000000600 _____ () C:\Users\Eyeformatics\AppData\Roaming\PUTTY.RND
2015-03-04 16:02 - 2020-03-13 11:10 - 000000600 _____ () C:\Users\Eyeformatics\AppData\Roaming\winscp.rnd
2015-04-16 12:44 - 2019-11-19 08:50 - 000000600 _____ () C:\Users\Eyeformatics\AppData\Local\PUTTY.RND
2015-04-20 15:23 - 2019-01-29 16:53 - 000007604 _____ () C:\Users\Eyeformatics\AppData\Local\Resmon.ResmonCfg

==================== FLock ==============================

2015-11-20 15:40 C:\Windows\ERUNT.exe
2017-07-17 13:30 C:\Windows\mod_frst.exe

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2020-03-08 01:08
==================== End of FRST.txt ========================


  • 0

Advertisements

#2
reppucci
Posted 13 March 2020 - 08:42 PM

reppucci

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

Here is the addition.txt file

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-03-2020
Ran by Eyeformatics (13-03-2020 11:10:35)
Running from C:\Users\Eyeformatics\Desktop
Windows 7 Professional Service Pack 1 (X64) (2013-06-18 17:40:28)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3866400975-1191489592-655960364-500 - Administrator - Enabled) => C:\Users\Administrator
Adminsitrator (S-1-5-21-3866400975-1191489592-655960364-1007 - Administrator - Enabled) => C:\Users\Adminsitrator
ConnectEHRService (S-1-5-21-3866400975-1191489592-655960364-1005 - Administrator - Enabled)
CQMSolution (S-1-5-21-3866400975-1191489592-655960364-1006 - Administrator - Enabled)
Eyeformatics (S-1-5-21-3866400975-1191489592-655960364-1002 - Administrator - Enabled) => C:\Users\Eyeformatics
Guest (S-1-5-21-3866400975-1191489592-655960364-501 - Limited - Enabled) => C:\Users\Guest
User (S-1-5-21-3866400975-1191489592-655960364-1000 - Administrator - Disabled) => C:\Users\User
VSRUSER (S-1-5-21-3866400975-1191489592-655960364-1001 - Administrator - Enabled) => C:\Users\VSRUSER
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{44E71915-81AF-94DC-C1B7-292BEB98D0A7}) (Version: 3.0.851.0 - Advanced Micro Devices, Inc.)
Bitvise SSH Server 6.24 (remove only) (HKLM-x32\...\Bitvise SSH Server) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.14 - Piriform)
Citrix Online Launcher (HKLM-x32\...\{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}) (Version: 1.0.408 - Citrix)
CleanMem (HKLM-x32\...\CleanMem) (Version: v2.5.0 - PcWinTech.com)
Cobian Backup 11 Gravity (HKLM-x32\...\CobBackup11) (Version:  - )
CPUID CPU-Z 1.78 (HKLM\...\CPUID CPU-Z_is1) (Version:  - ) <==== ATTENTION
CyberPower PowerPanel Personal Edition 1.6.2 (HKLM-x32\...\{3A53EB0A-8E61-4A33-9ECE-385C7EA26BED}) (Version: 1.6.2 - Cyber Power Systems, Inc.)
FileMaker ODBC Driver (64-bit) (HKLM\...\{E967A54C-BABE-4FDF-A6F7-9F9607BBBE68}) (Version: 13.2.14 - FileMaker, Inc.)
FileMaker ODBC Driver (HKLM-x32\...\{124DFD5B-44A5-42B3-BA31-D17D98C57CCB}) (Version: 13.2.14 - FileMaker, Inc.)
FileMaker Pro 13 (HKLM-x32\...\{EA92821A-03A5-4B00-85F4-834BBD8ABC24}) (Version: 13.0.4.0 - FileMaker, Inc.) Hidden
FileMaker Pro 13 (HKLM-x32\...\{EA92821A-03A5-4B00-85F4-834BBD8ABC24}_FileMaker) (Version: 13.0.4.0 - FileMaker, Inc.)
FileMaker Pro 13 Advanced (HKLM-x32\...\{4B2ABFE4-3A1D-4FFB-B6E8-A256ADFB0D7A}) (Version: 13.0.5.0 - FileMaker, Inc.) Hidden
FileMaker Pro 13 Advanced (HKLM-x32\...\{4B2ABFE4-3A1D-4FFB-B6E8-A256ADFB0D7A}_FileMaker) (Version: 13.0.5.0 - FileMaker, Inc.)
FileMaker Server 13 (HKLM\...\{71356255-96FC-4A56-AAF4-F9331034CCBF}) (Version: 13.0.5.520 - FileMaker, Inc.)
FreeFileSync 8.10 (HKLM-x32\...\FreeFileSync_is1) (Version: 8.10 - www.FreeFileSync.org)
GDR 2218 for SQL Server 2012 (KB2716442) (64-bit) (HKLM\...\KB2716442) (Version: 11.0.2218.0 - Microsoft Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 80.0.3987.132 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.441 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
HitmanPro 3.8 (HKLM\...\HitmanPro38) (Version: 3.8.16.310 - SurfRight B.V.)
HP Product Detection (HKLM-x32\...\{ACAA0152-96A4-4D93-92F5-1B4728C3D984}) (Version: 11.15.0008 - HP)
HydraVision (HKLM-x32\...\{F1218521-0C19-8D0C-817A-648C767F07A2}) (Version: 4.2.218.0 - Advanced Micro Devices, Inc.) Hidden
IIS URL Rewrite Module 2 (HKLM\...\{EB675D0A-2C95-405B-BEE8-B42A65D23E11}) (Version: 7.2.2 - Microsoft Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.8.0.1003 - Intel Corporation)
Java 8 Update 241 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180241F0}) (Version: 8.0.2410.7 - Oracle Corporation)
Java 8 Update 241 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180241F0}) (Version: 8.0.2410.7 - Oracle Corporation)
Malwarebytes version 4.0.4.49 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.0.4.49 - Malwarebytes)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Application Request Routing 3.0 (HKLM\...\{78FD26A2-9214-48CD-AF71-7F33D1A78892}) (Version: 3.0.1750 - Microsoft Corporation)
Microsoft External Cache Version 1 for IIS 7 (HKLM\...\{4F11656E-9861-4A97-B224-CFF2996998C6}) (Version: 1.1.0490 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Network Monitor 3.4 (HKLM\...\{8C5B5A11-CBF8-451B-B201-77FAB0D0B77D}) (Version: 3.4.2350.0 - Microsoft Corporation)
Microsoft Report Viewer 2012 Runtime (HKLM-x32\...\{9CCE40CE-A9E6-4916-8729-B008558EEF3F}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2012) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM\...\{A007BD05-ECFD-4F64-89F6-7E95F91F0DFB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{FA0A244E-F3C2-4589-B42A-3D522DE79A42}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{587F8B5C-D30D-4EEC-849B-FC410EA38AAF}) (Version: 11.0.2218.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Setup (English) (HKLM\...\{8CB0713F-CFE0-445D-BCB2-538465860E1A}) (Version: 11.1.3128.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service  (HKLM\...\{03A2AE02-CBC9-4746-A376-0F7BF6AF5F39}) (Version: 11.0.2218.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM\...\{CC8B009A-98C9-497F-99AF-CEBE35D8C0CF}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server Data Tools – Database Projects – Web installer entry point (HKLM-x32\...\{F3BBC56F-2282-4464-952F-A89772181F30}) (Version: 10.3.20116.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Integrated) - ENU (HKLM-x32\...\{012D26C3-E12A-3BDA-8ECE-DF14E721A507}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications Design-Time 3.0 (HKLM-x32\...\{5A03C202-08B4-3F1D-9A60-A4F53EF1B636}) (Version: 10.0.40220 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications x86 Runtime 3.0 (HKLM-x32\...\{191A6F65-6878-398D-A272-EF011B80F371}) (Version: 10.0.40220 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2012 (HKLM\...\{3E0DD83F-BE4C-4478-86A0-AD0D79D1353E}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Web Farm Framework (HKLM\...\{997E542E-B134-49E6-882E-66AA05E46464}) (Version: 1.1.1292 - Microsoft Corporation)
MiniTool Partition Wizard Home Edition 8.1.1 (HKLM-x32\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
NVIDIA 3D Vision Controller Driver 295.73 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 295.73 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 295.73 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 295.73 - NVIDIA Corporation)
NVIDIA Graphics Driver 295.73 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 295.73 - NVIDIA Corporation)
NVIDIA nView 136.18 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 136.18 - NVIDIA Corporation)
Prerequisites for SSDT  (HKLM-x32\...\{9169C939-ED01-446A-BD0C-29873BAF4E48}) (Version: 11.0.2100.60 - Microsoft Corporation)
Ralink RT2870 Wireless LAN Card (HKLM-x32\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.14.0 - Ralink)
SQL Server 2012 BI Development Studio (HKLM\...\{656E214E-B73F-458C-AD64-ED316F008207}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 BI Development Studio (HKLM\...\{EE1B54D1-BFBC-4C19-8D66-E0AF3E967896}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Common Files (HKLM\...\{1D411379-9CE0-4B13-A19B-72D3222DD620}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Common Files (HKLM\...\{202AAF1F-69AA-442A-B59F-6B54B1AD07C6}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (HKLM\...\{18B2A97C-92C3-4AC7-BE72-F823E0BC895B}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (HKLM\...\{84FBCA4A-D650-4B0D-8094-EC0671FA9B91}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (HKLM\...\{54FF8FAB-DE27-4187-82F1-EBAE6AEE869A}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (HKLM\...\{6603C2CE-3C54-4F1D-92F9-8390CD4CCCA8}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Documentation Components (HKLM\...\{7272DF1C-2F88-43AC-A481-84DD67DF9746}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Documentation Components (HKLM\...\{B3192F55-2CE8-4C8E-9E40-D3B4998276B2}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Documentation Components (HKLM\...\{CECA0188-BD7A-43EF-B1F7-DDF719099C46}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Full text search (HKLM\...\{34A7A77A-A23D-44ED-B3B6-EC8198BE2622}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Management Studio (HKLM\...\{26BFF1F1-5C03-4C55-9C7C-FD65889AFA70}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Management Studio (HKLM\...\{A7037EB2-F953-4B12-B843-195F4D988DA1}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Reporting Services (HKLM\...\{DCCB1789-1DA0-4E3A-A52F-7815B602CC98}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Reporting Services (HKLM\...\{FCD81E1A-6ED6-4F19-A572-82FFE102654E}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 SQL Data Quality Common (HKLM\...\{D307B5CF-D1F0-48A4-8DA3-54765F535208}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2012 (HKLM-x32\...\{4B9E6EB0-0EED-4E74-9479-F982C3254F71}) (Version: 11.0.2100.60 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (HKLM\...\{BED1EA3D-592D-4305-9D1F-20F03726EFC1}) (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.3.8497 - TeamViewer)
Update 4.0.2 for Microsoft .NET Framework 4 Client Profile (KB2544514) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2544514) (Version: 1 - Microsoft Corporation)
Update 4.0.2 for Microsoft .NET Framework 4 Extended (KB2544514) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2544514) (Version: 1 - Microsoft Corporation)
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
WinDirStat 1.1.2 (HKU\S-1-5-21-3866400975-1191489592-655960364-1002\...\WinDirStat) (Version:  - )
WinDirStat 1.1.2 (HKU\S-1-5-21-3866400975-1191489592-655960364-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03132020104951919\...\WinDirStat) (Version:  - )
WinSCP 5.7 (HKLM-x32\...\winscp3_is1) (Version: 5.7 - Martin Prikryl)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [00nView] -> {1E9B04FB-F9E5-4718-997B-B8DA88302A48} => C:\Program Files\NVIDIA Corporation\nview\nvshell.dll [2012-02-10] (NVIDIA Corporation -> )
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2012-02-09] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
 
==================== Loaded Modules (Whitelisted) =============
 
2013-06-18 14:59 - 2011-10-17 15:08 - 000059904 _____ () [File not signed] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2014-12-23 15:42 - 2014-05-08 13:57 - 000201728 _____ () [File not signed] C:\Program Files\CQMsolution\CQMAgent\Topshelf.dll
2019-07-26 18:14 - 2019-07-26 18:14 - 000172544 _____ () [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\6718cb8a1da5a7365fa686a5111493f6\IsdiInterop.ni.dll
2014-12-23 14:46 - 2015-03-04 16:04 - 012374764 _____ (360Works) [File not signed] C:\Program Files\FileMaker\FileMaker Server\Database Server\Extensions\EMRPlugin.fmx64
2014-12-23 15:42 - 2014-09-17 14:30 - 000254464 _____ (Dynamic Health IT, Inc.) [File not signed] C:\Program Files\CQMsolution\CQMAgent\CQMDataModel.dll
2014-12-23 15:42 - 2014-09-17 14:29 - 000072704 _____ (Dynamic Health IT, Inc.) [File not signed] C:\Program Files\CQMsolution\CQMAgent\CQMsolutionUtility.dll
2019-07-26 18:14 - 2019-07-26 18:14 - 000014336 _____ (Intel Corp.) [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\02de6c9c0687f3f038c679dff7d37f1e\IAStorCommon.ni.dll
2013-06-18 14:59 - 2011-10-17 15:08 - 000174592 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorUIHelper.dll
2013-06-18 14:59 - 2011-10-17 15:08 - 001318912 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IntelVisualDesign.dll
2013-06-18 14:59 - 2011-10-17 14:56 - 000278528 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\ISDI.dll
2019-07-26 18:14 - 2019-07-26 18:14 - 000225792 _____ (Intel Corporation) [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorDataMgr\dc548d7a7488ae3a7c75d20d0bf61bc6\IAStorDataMgr.ni.dll
2019-07-26 18:14 - 2019-07-26 18:14 - 000491520 _____ (Intel Corporation) [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\4eccf63a9d9924d14bac8c543fed3d87\IAStorUtil.ni.dll
2015-02-11 08:36 - 2013-03-08 00:07 - 000009728 _____ (Luis Cobian) [File not signed] C:\Program Files (x86)\Cobian Backup 11\CobStringList.dll
2015-02-11 08:36 - 2013-03-08 00:27 - 002684928 _____ (Luis Cobian, CobianSoft) [File not signed] C:\Program Files (x86)\Cobian Backup 11\cbEngine.dll
2016-02-06 13:27 - 2016-02-06 13:27 - 000109568 _____ (Microsoft Corporation) [File not signed] C:\Windows\Microsoft.Net\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
2016-02-06 13:28 - 2016-02-06 13:28 - 000125440 _____ (Microsoft Corporation) [File not signed] C:\Windows\Microsoft.Net\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
2014-12-23 14:57 - 2014-12-23 14:57 - 000113664 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\amd64_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.6229_none_8a167c0b2edeae4c\ATL80.DLL
2014-12-23 14:57 - 2014-12-23 14:57 - 000515072 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_88dcc0bf2fb1b808\msvcm80.dll
2014-12-23 14:57 - 2014-12-23 14:57 - 001062400 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_88dcc0bf2fb1b808\MSVCP80.dll
2014-12-23 14:57 - 2014-12-23 14:57 - 000796672 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_88dcc0bf2fb1b808\MSVCR80.dll
2014-12-23 14:57 - 2014-12-23 14:57 - 000626688 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\MSVCR80.dll
2017-01-10 06:41 - 2017-01-10 06:41 - 000225280 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcm90.dll
2011-03-08 14:35 - 2011-03-08 13:54 - 000229376 _____ (PcWinTech.com) [File not signed] C:\Program Files (x86)\CleanMem\pcwintech_tabs.ocx
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer trusted/restricted ==========
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2009-06-10 17:00 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\FileMaker\FileMaker Server\Web Publishing\publishing-engine\php\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\FileMaker\FileMaker Server\Database Server\;c:\Program Files (x86)\Microsoft SQL Server\110\Tools\Binn\;c:\Program Files\Microsoft SQL Server\110\Tools\Binn\;c:\Program Files\Microsoft SQL Server\110\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\110\Tools\Binn\ManagementStudio\;c:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\110\DTS\Binn\;C:\Program Files\Microsoft Network Monitor 3\
HKU\S-1-5-21-3866400975-1191489592-655960364-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3866400975-1191489592-655960364-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03132020104951551\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3866400975-1191489592-655960364-1001\Control Panel\Desktop\\Wallpaper -> 
HKU\S-1-5-21-3866400975-1191489592-655960364-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03132020104951635\Control Panel\Desktop\\Wallpaper -> 
HKU\S-1-5-21-3866400975-1191489592-655960364-1002\Control Panel\Desktop\\Wallpaper -> 
HKU\S-1-5-21-3866400975-1191489592-655960364-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03132020104951919\Control Panel\Desktop\\Wallpaper -> 
HKU\S-1-5-21-3866400975-1191489592-655960364-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03132020104952850\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3866400975-1191489592-655960364-501\Control Panel\Desktop\\Wallpaper -> C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3866400975-1191489592-655960364-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03132020104953005\Control Panel\Desktop\\Wallpaper -> C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe No File
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe No File
FirewallRules: [TCP Query User{DA773CAA-9F84-4AED-B75B-3F28FD396A63}C:\program files (x86)\hp\common\hpdevicedetection3.exe] => (Allow) C:\program files (x86)\hp\common\hpdevicedetection3.exe (Hewlett-Packard Company -> Hewlett-Packard Company)
FirewallRules: [UDP Query User{C960AEBC-057E-4D0C-9C41-BDF7D0C7174A}C:\program files (x86)\hp\common\hpdevicedetection3.exe] => (Allow) C:\program files (x86)\hp\common\hpdevicedetection3.exe (Hewlett-Packard Company -> Hewlett-Packard Company)
FirewallRules: [{6B29E637-BED2-406E-B2EA-53F2CF6DFFC8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{E436856A-56BC-4BF9-BC5B-A642A749BEE7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8BC849E9-1841-4B11-B3EE-A82E9B64C6B0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2C767DFA-673D-4A51-AB51-7EB0B8D3C6CA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{4ECEBE59-4689-473B-8635-109BE671586F}] => (Allow) C:\Program Files\FileMaker\FileMaker Server\Database Server\fmserver.exe (FileMaker, Inc -> FileMaker, Inc.)
FirewallRules: [{BEAFC54D-8F1E-4740-A87B-634F8CF9642F}] => (Allow) C:\Program Files\FileMaker\FileMaker Server\Database Server\fmserver.exe (FileMaker, Inc -> FileMaker, Inc.)
FirewallRules: [{879EB1A2-59E5-406E-945D-D3654976099C}] => (Allow) C:\Program Files\FileMaker\FileMaker Server\Database Server\fmserver.exe (FileMaker, Inc -> FileMaker, Inc.)
FirewallRules: [{42AA337E-69A9-4313-B0EF-474401A49F48}] => (Allow) C:\Program Files\FileMaker\FileMaker Server\Database Server\fmserver.exe (FileMaker, Inc -> FileMaker, Inc.)
FirewallRules: [{2EC335A3-6BF8-4CC2-934C-C29A42812D0E}] => (Allow) LPort=443
FirewallRules: [{5B3AAB59-4067-4CA7-92BF-B0F708E8CA9E}] => (Allow) LPort=3365
FirewallRules: [TCP Query User{79FCC443-B645-42B6-93C5-0E03A763F721}C:\program files\filemaker\filemaker server\database server\fmsadmin.exe] => (Allow) C:\program files\filemaker\filemaker server\database server\fmsadmin.exe (FileMaker, Inc -> FileMaker, Inc.)
FirewallRules: [UDP Query User{475F7215-0C0B-495A-937A-66EC1CFE2785}C:\program files\filemaker\filemaker server\database server\fmsadmin.exe] => (Allow) C:\program files\filemaker\filemaker server\database server\fmsadmin.exe (FileMaker, Inc -> FileMaker, Inc.)
FirewallRules: [TCP Query User{292C386B-5899-48FA-AEC0-574A109EE61B}C:\program files (x86)\filemaker\filemaker pro 13 advanced\filemaker pro advanced.exe] => (Allow) C:\program files (x86)\filemaker\filemaker pro 13 advanced\filemaker pro advanced.exe (FileMaker, Inc -> FileMaker, Inc.)
FirewallRules: [UDP Query User{95EFBBC4-F7DB-4453-B314-A2F8E1059B63}C:\program files (x86)\filemaker\filemaker pro 13 advanced\filemaker pro advanced.exe] => (Allow) C:\program files (x86)\filemaker\filemaker pro 13 advanced\filemaker pro advanced.exe (FileMaker, Inc -> FileMaker, Inc.)
FirewallRules: [TCP Query User{EC1F1371-88CE-4AAD-A4CC-CA6C5CAD15BD}C:\program files\java\jre1.8.0_131\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_131\bin\javaw.exe No File
FirewallRules: [UDP Query User{5F1CAA5E-D9A8-4F53-A5AB-A7D93E54E7E0}C:\program files\java\jre1.8.0_131\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_131\bin\javaw.exe No File
FirewallRules: [{61355E49-322D-4103-9021-60B0EE95DC8D}] => (Block) LPort=5003
FirewallRules: [{9873B64D-2BB9-41FA-9A79-BAEDB3D41C0F}] => (Allow) LPort=3365
FirewallRules: [TCP Query User{DC6574D6-2859-4C8A-9E83-B44C17A81AA4}C:\program files (x86)\filemaker\filemaker pro 13\filemaker pro.exe] => (Block) C:\program files (x86)\filemaker\filemaker pro 13\filemaker pro.exe (FileMaker, Inc -> FileMaker, Inc.)
FirewallRules: [UDP Query User{BB876D49-9BB3-4EA0-9D80-399426BF6185}C:\program files (x86)\filemaker\filemaker pro 13\filemaker pro.exe] => (Block) C:\program files (x86)\filemaker\filemaker pro 13\filemaker pro.exe (FileMaker, Inc -> FileMaker, Inc.)
FirewallRules: [{173A4F6B-BF2E-4CF1-8E36-4F6DE32E5CAE}] => (Allow) LPort=3365
FirewallRules: [{50B8DE96-7B4A-4236-9C3C-2FF138639F7F}] => (Allow) C:\Program Files (x86)\XPS Rasterization Service Component\xps.exe No File
FirewallRules: [{AD4AD500-365A-422E-8CE5-9CA5227B069C}] => (Allow) C:\Program Files (x86)\XPS Rasterization Service Component\xps.exe No File
FirewallRules: [TCP Query User{D1BE34C7-116C-472A-BF0E-C84F9ACFC3F0}C:\program files (x86)\filemaker\filemaker pro 13\filemaker pro.exe] => (Allow) C:\program files (x86)\filemaker\filemaker pro 13\filemaker pro.exe (FileMaker, Inc -> FileMaker, Inc.)
FirewallRules: [UDP Query User{FEFB90D0-3866-4B8E-AE24-D72C4E31B29C}C:\program files (x86)\filemaker\filemaker pro 13\filemaker pro.exe] => (Allow) C:\program files (x86)\filemaker\filemaker pro 13\filemaker pro.exe (FileMaker, Inc -> FileMaker, Inc.)
FirewallRules: [TCP Query User{2449BF50-060F-491D-AD8A-328D88B86867}C:\program files\filemaker\filemaker server\database server\fmsadmin.exe] => (Block) C:\program files\filemaker\filemaker server\database server\fmsadmin.exe (FileMaker, Inc -> FileMaker, Inc.)
FirewallRules: [UDP Query User{0C125622-5DE6-46C6-9469-A92B20E18F3A}C:\program files\filemaker\filemaker server\database server\fmsadmin.exe] => (Block) C:\program files\filemaker\filemaker server\database server\fmsadmin.exe (FileMaker, Inc -> FileMaker, Inc.)
FirewallRules: [{9EEFEB69-4F65-434A-8B5A-0C1DD2B4E1E9}] => (Allow) C:\program files (x86)\filemaker\filemaker pro 13\filemaker pro.exe (FileMaker, Inc -> FileMaker, Inc.)
FirewallRules: [{151668F5-077A-4FC9-84CB-E2A0B9E09642}] => (Allow) C:\program files (x86)\filemaker\filemaker pro 13\filemaker pro.exe (FileMaker, Inc -> FileMaker, Inc.)
FirewallRules: [TCP Query User{8F6CC7FA-2945-4F7E-845A-4E8018C25886}C:\program files (x86)\cobian backup 11\cbremotemanager.exe] => (Allow) C:\program files (x86)\cobian backup 11\cbremotemanager.exe (Luis Cobian, CobianSoft) [File not signed]
FirewallRules: [UDP Query User{3EAC7B9E-CF6B-4EC1-8CE2-C5BB46B0911E}C:\program files (x86)\cobian backup 11\cbremotemanager.exe] => (Allow) C:\program files (x86)\cobian backup 11\cbremotemanager.exe (Luis Cobian, CobianSoft) [File not signed]
FirewallRules: [{387991ED-B789-482A-9127-34D215424368}] => (Allow) C:\Program Files (x86)\Cobian Backup 11\Cobian.exe (Luis Cobian, CobianSoft) [File not signed]
FirewallRules: [{DAA3A0AB-298E-4C6B-9E98-50D7E0095FE2}] => (Allow) C:\Program Files (x86)\Cobian Backup 11\Cobian.exe (Luis Cobian, CobianSoft) [File not signed]
FirewallRules: [{854C7055-6DC2-416D-9EAD-DC21628D8C34}] => (Allow) C:\Program Files (x86)\Cobian Backup 11\Cobian.exe (Luis Cobian, CobianSoft) [File not signed]
FirewallRules: [{73BD0685-139A-4B34-8B84-5A8995F84BD6}] => (Allow) C:\Program Files (x86)\Cobian Backup 11\Cobian.exe (Luis Cobian, CobianSoft) [File not signed]
FirewallRules: [{2DCE653F-87EF-416E-BEFA-852CFD8F13AE}] => (Allow) LPort=3365
FirewallRules: [TCP Query User{EB504930-39A9-4B65-B92B-AE867D6396A3}C:\users\eyeformatics\appdata\local\temp\temp1_listen.zip\listen.exe] => (Allow) C:\users\eyeformatics\appdata\local\temp\temp1_listen.zip\listen.exe No File
FirewallRules: [UDP Query User{913CA0F5-45AD-4115-8954-FB08A62FFACA}C:\users\eyeformatics\appdata\local\temp\temp1_listen.zip\listen.exe] => (Allow) C:\users\eyeformatics\appdata\local\temp\temp1_listen.zip\listen.exe No File
FirewallRules: [{EEA31D02-DDC3-4C79-9C5A-B4F875679176}] => (Allow) LPort=3365
FirewallRules: [TCP Query User{FB7AE977-21CA-4042-AA6E-58833860510D}C:\program files\java\jre1.8.0_181\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_181\bin\javaw.exe No File
FirewallRules: [UDP Query User{7993593A-ED7D-4D12-9497-656B81500E24}C:\program files\java\jre1.8.0_181\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_181\bin\javaw.exe No File
FirewallRules: [TCP Query User{E59A3FCB-4CBB-4ADB-8F99-692FEC6F3ED4}C:\program files\java\jre1.8.0_201\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_201\bin\javaw.exe No File
FirewallRules: [UDP Query User{BEF007CA-BB74-47B4-8292-DB9795E85439}C:\program files\java\jre1.8.0_201\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_201\bin\javaw.exe No File
FirewallRules: [TCP Query User{867484AC-5037-4041-9455-09F220AA6ABA}C:\program files\java\jre1.8.0_221\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_221\bin\javaw.exe No File
FirewallRules: [UDP Query User{AFF2ECE4-BF69-4AFD-AD0A-690EE582A1E2}C:\program files\java\jre1.8.0_221\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_221\bin\javaw.exe No File
FirewallRules: [TCP Query User{F93061FA-7BEF-42C6-96E2-8E7240955761}C:\program files\java\jre1.8.0_221\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_221\bin\javaw.exe No File
FirewallRules: [UDP Query User{5B6FB142-AC05-4ED8-A724-3C38C781F5BE}C:\program files\java\jre1.8.0_221\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_221\bin\javaw.exe No File
FirewallRules: [TCP Query User{AFC690E7-E44C-48B8-A1BF-AA44BDFFE122}C:\program files\java\jre1.8.0_241\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_241\bin\javaw.exe
FirewallRules: [UDP Query User{E682C9BC-4B2B-4C1F-8EF3-3575C1971743}C:\program files\java\jre1.8.0_241\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_241\bin\javaw.exe
FirewallRules: [{FD35CFE6-F714-44F0-8AAC-5CFD7C6FA507}] => (Allow) C:\Program Files\Bitvise SSH Server\BvSshServer.exe (Bitvise Limited -> Bitvise Limited)
FirewallRules: [{C1B8E528-0275-4B0A-A6D7-7D6047E397B7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{48268F80-8544-4C74-A6E1-5A5D94F6173E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{1A6D2B90-ED03-40ED-92DD-AF8EAC7540C2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{57DFAD1A-7DDB-4CCE-A6B2-6A5BF2064572}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{21D711D0-4524-4324-B1C6-051E4EB67E3C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
 
==================== Restore Points =========================
 
14-01-2020 09:02:46 Windows Update
17-01-2020 14:24:22 Windows Update
20-01-2020 13:44:22 Windows Update
23-01-2020 14:07:23 Windows Update
26-01-2020 14:12:36 Windows Update
30-01-2020 14:07:52 Windows Update
01-02-2020 09:07:39 Windows Backup
03-02-2020 14:08:09 Windows Update
07-02-2020 14:07:58 Windows Update
11-02-2020 14:08:27 Windows Update
15-02-2020 14:14:44 Windows Update
19-02-2020 14:08:25 Windows Update
23-02-2020 02:40:42 Windows Update
26-02-2020 08:46:18 Windows Update
01-03-2020 02:58:22 Windows Update
04-03-2020 08:46:38 Windows Update
07-03-2020 08:50:34 Windows Update
11-03-2020 22:13:32 Windows Update
 
==================== Faulty Device Manager Devices ============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (03/12/2020 12:11:03 PM) (Source: FileMaker Server 13) (EventID: 757) (User: )
Description: Schedule "HL7 Read and Apply Messages" aborted; FileMaker scripts can't be run because FileMaker Script Engine (FMSE) process is stopped. Use the command "fmsadmin start fmse" to start the FMSE process.
 
Error: (03/11/2020 09:00:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   23 5.7.3.0.9.D.F.6.0.4.6.F.F.8.C.E.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR EMRSERVERHPZ600.local.
 
Error: (03/11/2020 09:00:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.3:5353   25 5.7.3.0.9.D.F.6.0.4.6.F.F.8.C.E.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR EMRSERVERHPZ600-2.local.
 
Error: (03/11/2020 09:00:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   23 5.7.3.0.9.D.F.6.0.4.6.F.F.8.C.E.0.0.F.5.2.0.0.6.5.0.0.3.3.0.6.2.ip6.arpa. PTR EMRSERVERHPZ600.local.
 
Error: (03/11/2020 09:00:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.3:5353   25 5.7.3.0.9.D.F.6.0.4.6.F.F.8.C.E.0.0.F.5.2.0.0.6.5.0.0.3.3.0.6.2.ip6.arpa. PTR EMRSERVERHPZ600-2.local.
 
Error: (03/11/2020 09:00:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   23 6.2.E.D.0.0.0.0.0.0.0.0.0.0.0.0.0.0.F.5.2.0.0.6.5.0.0.3.3.0.6.2.ip6.arpa. PTR EMRSERVERHPZ600.local.
 
Error: (03/11/2020 09:00:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.3:5353   25 6.2.E.D.0.0.0.0.0.0.0.0.0.0.0.0.0.0.F.5.2.0.0.6.5.0.0.3.3.0.6.2.ip6.arpa. PTR EMRSERVERHPZ600-2.local.
 
Error: (03/11/2020 09:00:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   23 3.1.168.192.in-addr.arpa. PTR EMRSERVERHPZ600.local.
 
 
System errors:
=============
Error: (01/27/2020 04:35:50 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk2\DR3, has a bad block.
 
Error: (01/27/2020 04:35:50 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk2\DR3, has a bad block.
 
Error: (01/27/2020 04:35:50 PM) (Source: Virtual Disk Service) (EventID: 10) (User: )
Description: VDS fails to write boot code on a disk during clean operation. Error code: 80070017@02070008
 
Error: (01/27/2020 04:35:27 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk2\DR3, has a bad block.
 
Error: (01/27/2020 04:35:27 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk2\DR3, has a bad block.
 
Error: (01/27/2020 04:35:27 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk2\DR3, has a bad block.
 
Error: (01/27/2020 04:35:09 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk2\DR3, has a bad block.
 
Error: (01/27/2020 04:35:09 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk2\DR3, has a bad block.
 
 
==================== Memory info =========================== 
 
BIOS: Hewlett-Packard 786G4 v03.19 03/11/2011
Motherboard: Hewlett-Packard 0B54h
Processor: Intel® Xeon® CPU E5620 @ 2.40GHz
Percentage of memory in use: 23%
Total physical RAM: 49135.22 MB
Available physical RAM: 37804.53 MB
Total Virtual: 98933.37 MB
Available Virtual: 73513.25 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.41 GB) (Free:512.72 GB) NTFS
Drive e: (Backup) (Fixed) (Total:853.22 GB) (Free:720.86 GB) NTFS
Drive s: (swap) (Fixed) (Total:73.24 GB) (Free:25.21 GB) NTFS
Drive u: () (Network) (Total:199.99 GB) (Free:51.48 GB) 
 
\\?\Volume{9e386f62-d853-11e2-8a4b-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
\\?\Volume{0207e13a-1656-11e7-b223-78acc0a96278}\ () (Fixed) (Total:5.05 GB) (Free:0.21 GB) NTFS
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 2FDA0A4D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
 
==========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: D5A3F0AF)
Partition 1: (Not Active) - (Size=73.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=853.2 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=5 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt =======================

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP