Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Internet issues, DNS issues, laggy pages, packet loss.

Started by Wilmaa , Jan 08 2017 06:05 PM

Internet issues internet DNS packet loss ping laggy lag

Please log in to reply

#1
Wilmaa

Posted 08 January 2017 - 06:05 PM

New Member

Member
9 posts

I built my computer about 6 months ago and up until about a month ago, everything worked beautifully - fast, responsive, internet was lightning fast. Now, about 3 times per day I'm having DNS issues, pages take forever to load, servers cannot be found, I'm not getting emails, emails are coming in twice (not sure if the email issues is an internet thing or just Outlook being inherently ridiculous). I've ipconfig'd, flushed DNS, changed something to 8.8.4.4, 8.8.8.8, 207.###.###, restarted, rebooted, ran diagnostics, etc... nothing is working. I just pinged google.com and this is the first time that I've seen packet loss:

Pinging google.com [216.58.194.110] with 32 bytes of data:

Reply from 216.58.194.110: bytes=32 time=41ms TTL=55

Reply from 216.58.194.110: bytes=32 time=42ms TTL=55

Reply from 216.58.194.110: bytes=32 time=40ms TTL=55

Request timed out.

Ping statistics for 216.58.194.110:

Packets: Sent = 4, Received = 3, Lost = 1 (25% loss),

Approximate round trip times in milli-seconds:

Minimum = 40ms, Maximum = 42ms, Average = 41ms

I think that if I play around with anything any further, I will end up breaking the entire thing. This may all be an issue that I've created trying to fix one thing or another.

Please help!

#2
RKinner

Posted 09 January 2017 - 12:08 PM

Malware Expert

Expert
24,625 posts

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:

Flush DNS

Report IE Proxy Settings

Reset IE Proxy Settings

Report FF Proxy Settings

Reset FF Proxy Settings

List content of Hosts

List IP configuration

List Winsock Entries

List last 10 Event Viewer Errors

List Installed Programs

List Devices

List Users, Partitions and Memory size.

List Minidump Files

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

Get Process Explorer

http://live.sysinter...com/procexp.exe

Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK

Options, Verify Image Signatures

Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a full minute then:

File, Save As, Save. Note the file name. Open the file on your desktop and copy and paste the text to a reply.

Get the free version of Speccy:

http://www.filehippo...download_speccy (Look in the upper right for the Download

Latest Version button - Do NOT press the large Start Download button on the upper left!)

Download, Save and Install it. Tell it you do not need CCLEANER. Run Speccy. When it finishes (the little icon in the bottom left will stop moving),

File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System.

(It will be near the top about 10 lines down.) Save the file. Attach the file to your next post. (More Reply Options, Choose File, Open, Attach This File)

#3
Wilmaa

Posted 09 January 2017 - 06:45 PM

New Member

Topic Starter
Member
9 posts

Hello! Thank you!

MiniToolBox by Farbar Version: 17-06-2016

Ran by Zoe (administrator) on 09-01-2017 at 18:37:43

Running from "C:\Users\Zoe\Downloads"

Microsoft Windows 10 Home (X64)

Model: To be filled by O.E.M. Manufacturer: Gigabyte Technology Co., Ltd.

Boot Mode: Normal

***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.

ProxyServer: localhost:7769

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Ethernet 2 (Connected)

Kaspersky Security Data Escort Adapter = Ethernet 3 (Media disconnected)

# ----------------------------------

# IPv4 Configuration

# ----------------------------------

pushd interface ipv4

reset

set global icmpredirects=enabled

set interface interface="Ethernet 4" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

popd

# End of IPv4 configuration

Windows IP Configuration

Host Name . . . . . . . . . . . . : ZoeNew

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Ethernet 2:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller #2

Physical Address. . . . . . . . . : 40-8D-5C-51-95-CF

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

Link-local IPv6 Address . . . . . : fe80::21a0:d9e3:76d4:2319%4(Preferred)

IPv4 Address. . . . . . . . . . . : 10.0.0.14(Preferred)

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Lease Obtained. . . . . . . . . . : Saturday, January 7, 2017 5:38:29 PM

Lease Expires . . . . . . . . . . : Tuesday, January 10, 2017 5:52:32 PM

Default Gateway . . . . . . . . . : 10.0.0.1

DHCP Server . . . . . . . . . . . : 10.0.0.1

DHCPv6 IAID . . . . . . . . . . . : 104893788

DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1F-21-6A-3F-40-8D-5C-51-95-CF

DNS Servers . . . . . . . . . . . : 2001:4860:4860::8888

2001:4860:4860::8844

8.8.8.8

8.8.4.4

208.67.222.222

208.67.220.220

8.8.8.8

8.8.4.4

NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Ethernet 3:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Kaspersky Security Data Escort Adapter

Physical Address. . . . . . . . . : 00-FF-58-EA-12-DF

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{1D5C43DE-F4B5-4AF2-BC47-C06694BBC681}:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2

Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

Server: UnKnown

Address: 2001:4860:4860::8888

Pinging google.com [216.58.218.142] with 32 bytes of data:

Reply from 216.58.218.142: bytes=32 time=21ms TTL=55

Reply from 216.58.218.142: bytes=32 time=22ms TTL=55

Ping statistics for 216.58.218.142:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 21ms, Maximum = 22ms, Average = 21ms

Server: UnKnown

Address: 2001:4860:4860::8888

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:

Reply from 98.139.183.24: bytes=32 time=67ms TTL=53

Reply from 98.139.183.24: bytes=32 time=74ms TTL=53

Ping statistics for 98.139.183.24:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 67ms, Maximum = 74ms, Average = 70ms

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================

Interface List

4...40 8d 5c 51 95 cf ......Realtek PCIe GBE Family Controller #2

8...00 ff 58 ea 12 df ......Kaspersky Security Data Escort Adapter

1...........................Software Loopback Interface 1

16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2

===========================================================================

IPv4 Route Table

===========================================================================

Active Routes:

Network Destination Netmask Gateway Interface Metric

0.0.0.0 0.0.0.0 10.0.0.1 10.0.0.14 35

10.0.0.0 255.255.255.0 On-link 10.0.0.14 291

10.0.0.14 255.255.255.255 On-link 10.0.0.14 291

10.0.0.255 255.255.255.255 On-link 10.0.0.14 291

127.0.0.0 255.0.0.0 On-link 127.0.0.1 331

127.0.0.1 255.255.255.255 On-link 127.0.0.1 331

127.255.255.255 255.255.255.255 On-link 127.0.0.1 331

224.0.0.0 240.0.0.0 On-link 127.0.0.1 331

224.0.0.0 240.0.0.0 On-link 10.0.0.14 291

255.255.255.255 255.255.255.255 On-link 127.0.0.1 331

255.255.255.255 255.255.255.255 On-link 10.0.0.14 291

===========================================================================

Persistent Routes:

None

IPv6 Route Table

===========================================================================

Active Routes:

If Metric Network Destination Gateway

1 331 ::1/128 On-link

4 291 fe80::/64 On-link

4 291 fe80::21a0:d9e3:76d4:2319/128

On-link

1 331 ff00::/8 On-link

4 291 ff00::/8 On-link

===========================================================================

Persistent Routes:

None

========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\SysWoW64\napinsp.dll [55808] (Microsoft Corporation)

Catalog5 02 C:\WINDOWS\SysWoW64\pnrpnsp.dll [70656] (Microsoft Corporation)

Catalog5 03 C:\WINDOWS\SysWoW64\pnrpnsp.dll [70656] (Microsoft Corporation)

Catalog5 04 C:\WINDOWS\SysWoW64\NLAapi.dll [65024] (Microsoft Corporation)

Catalog5 05 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)

Catalog5 06 C:\WINDOWS\SysWoW64\winrnr.dll [24064] (Microsoft Corporation)

Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128] (Apple Inc.)

Catalog9 01 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)

Catalog9 02 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)

Catalog9 03 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)

Catalog9 04 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)

Catalog9 05 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)

Catalog9 06 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)

Catalog9 07 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)

Catalog9 08 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)

Catalog9 09 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)

Catalog9 10 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)

Catalog9 11 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)

Catalog9 12 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)

x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67584] (Microsoft Corporation)

x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)

x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)

x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [80896] (Microsoft Corporation)

x64-Catalog5 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)

x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31744] (Microsoft Corporation)

x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [133392] (Apple Inc.)

x64-Catalog9 01 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)

x64-Catalog9 02 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)

x64-Catalog9 03 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)

x64-Catalog9 04 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)

x64-Catalog9 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)

x64-Catalog9 06 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)

x64-Catalog9 07 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)

x64-Catalog9 08 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)

x64-Catalog9 09 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)

x64-Catalog9 10 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)

x64-Catalog9 11 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)

x64-Catalog9 12 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:

==================

Error: (01/07/2017 05:40:46 PM) (Source: Microsoft-Windows-EFS) (User: ZOENEW)

Description: 7.488: EFS service failed to provision a user for EDP. Error code: 0x80070005.

Error: (01/07/2017 05:38:40 PM) (Source: DbxSvc) (User: )

Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (01/07/2017 05:38:30 PM) (Source: Windows Search Service) (User: )

Description: Enumerating user sessions to generate filter pools failed.

Details:

(HRESULT : 0x80040210) (0x80040210)

Error: (01/07/2017 05:38:30 PM) (Source: Windows Search Service) (User: )

Description: Enumerating user sessions to generate filter pools failed.

Details:

(HRESULT : 0x80040210) (0x80040210)

Error: (01/07/2017 05:38:30 PM) (Source: Windows Search Service) (User: )

Description: Enumerating user sessions to generate filter pools failed.

Details:

(HRESULT : 0x80040210) (0x80040210)

Error: (01/07/2017 05:38:30 PM) (Source: Windows Search Service) (User: )

Description: Enumerating user sessions to generate filter pools failed.

Details:

(HRESULT : 0x80040210) (0x80040210)

Error: (01/07/2017 05:38:30 PM) (Source: Windows Search Service) (User: )

Description: Enumerating user sessions to generate filter pools failed.

Details:

(HRESULT : 0x80040210) (0x80040210)

Error: (01/07/2017 05:38:30 PM) (Source: Windows Search Service) (User: )

Description: Enumerating user sessions to generate filter pools failed.

Details:

(HRESULT : 0x80040210) (0x80040210)

Error: (01/07/2017 05:38:30 PM) (Source: Windows Search Service) (User: )

Description: Enumerating user sessions to generate filter pools failed.

Details:

(HRESULT : 0x80040210) (0x80040210)

Error: (01/07/2017 05:38:30 PM) (Source: Windows Search Service) (User: )

Description: Enumerating user sessions to generate filter pools failed.

Details:

(HRESULT : 0x80040210) (0x80040210)

System errors:

=============

Error: (01/07/2017 05:38:43 PM) (Source: DCOM) (User: NT AUTHORITY)

Description: application-specificLocalActivation{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}{F72671A9-012C-4725-9D2F-2A4D32D65169}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (01/07/2017 05:38:02 PM) (Source: DCOM) (User: ZOENEW)

Description: App.AppXryc2qd338f5728r9gzzazav8206ba77s.mca

Error: (01/07/2017 04:58:40 PM) (Source: Microsoft-Windows-NDIS) (User: NT AUTHORITY)

Description: Miniport Apple Mobile Device Ethernet, {7A2BA90B-2DC7-49FC-92EC-D0B3F2D96451}, had event 76

Error: (01/06/2017 06:22:22 PM) (Source: DCOM) (User: NT AUTHORITY)

Description: application-specificLocalActivation{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}{F72671A9-012C-4725-9D2F-2A4D32D65169}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (01/06/2017 06:07:19 PM) (Source: EventLog) (User: )

Description: The previous system shutdown at 4:37:12 PM on ‎1/‎6/‎2017 was unexpected.

Error: (01/01/2017 12:03:03 PM) (Source: DCOM) (User: NT AUTHORITY)

Description: application-specificLocalActivation{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}{F72671A9-012C-4725-9D2F-2A4D32D65169}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (01/01/2017 12:01:51 PM) (Source: DCOM) (User: ZOENEW)

Description: Windows.Media.Capture.Internal.AppCaptureShell

Error: (12/29/2016 06:22:36 PM) (Source: DCOM) (User: NT AUTHORITY)

Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (12/29/2016 11:07:27 AM) (Source: DCOM) (User: NT AUTHORITY)

Description: application-specificLocalActivation{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}{F72671A9-012C-4725-9D2F-2A4D32D65169}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (12/29/2016 11:06:52 AM) (Source: DCOM) (User: ZOENEW)

Description: {16D99191-6280-4B33-A2F5-04805A0FC582}

Microsoft Office Sessions:

=========================

Error: (01/07/2017 05:40:46 PM) (Source: Microsoft-Windows-EFS)(User: ZOENEW)

Description: 74880x80070005

Error: (01/07/2017 05:38:40 PM) (Source: DbxSvc)(User: )

Description: (-2147024894) The system cannot find the file specified.

Error: (01/07/2017 05:38:30 PM) (Source: Windows Search Service)(User: )

Description:

Details:

(HRESULT : 0x80040210) (0x80040210)

Error: (01/07/2017 05:38:30 PM) (Source: Windows Search Service)(User: )

Description:

Details:

(HRESULT : 0x80040210) (0x80040210)

Error: (01/07/2017 05:38:30 PM) (Source: Windows Search Service)(User: )

Description:

Details:

(HRESULT : 0x80040210) (0x80040210)

Error: (01/07/2017 05:38:30 PM) (Source: Windows Search Service)(User: )

Description:

Details:

(HRESULT : 0x80040210) (0x80040210)

Error: (01/07/2017 05:38:30 PM) (Source: Windows Search Service)(User: )

Description:

Details:

(HRESULT : 0x80040210) (0x80040210)

Error: (01/07/2017 05:38:30 PM) (Source: Windows Search Service)(User: )

Description:

Details:

(HRESULT : 0x80040210) (0x80040210)

Error: (01/07/2017 05:38:30 PM) (Source: Windows Search Service)(User: )

Description:

Details:

(HRESULT : 0x80040210) (0x80040210)

Error: (01/07/2017 05:38:30 PM) (Source: Windows Search Service)(User: )

Description:

Details:

(HRESULT : 0x80040210) (0x80040210)

=========================== Installed Programs ============================

Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)

Apple Application Support (32-bit) (HKLM-x32\...\{D079CAAD-0C31-47A2-9AF5-A82F9CD9B221}) (Version: 5.2 - Apple Inc.)

Apple Application Support (64-bit) (HKLM\...\{64E6007B-1DA9-42CD-BBE4-D5FA67A7C71D}) (Version: 5.2 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)

Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{0E4C791E-B78E-477D-BD5A-CDD0985BA6EC}) (Version: 7.0.20622.1 - Microsoft Corporation)

AutoHotkey 1.1.22.09 (HKLM\...\AutoHotkey) (Version: 1.1.22.09 - Lexikos)

Azure AD Authentication Connected Service (HKLM-x32\...\{8A1AD070-269F-4A15-AAB5-76AB896EF195}) (Version: 14.0.25420 - Microsoft Corporation) Hidden

AzureTools.Notifications (HKLM-x32\...\{1E5CA362-39B6-4BD0-B9C0-69CF15F0FEA2}) (Version: 2.7.30611.1601 - Microsoft Corporation) Hidden

Blend for Visual Studio SDK for .NET 4.5 (HKLM-x32\...\{37E53780-3944-4A6A-842F-727128E8616E}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden

Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)

Color Search version 3.0 (HKLM-x32\...\{9531A0B6-7DDA-4ED7-8B49-9BC3C0ABAEEC}_is1) (Version: 3.0 - Loaded Dog Enterprises)

Dotfuscator and Analytics Community Edition 5.22.0 (HKLM-x32\...\{60018889-9E0F-43E8-9B89-29E8C828B40A}) (Version: 5.22.0.3788 - PreEmptive Solutions) Hidden

Dropbox (HKLM-x32\...\Dropbox) (Version: 16.4.30 - Dropbox, Inc.)

Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)

Google Chrome Canary (HKCU\...\Google Chrome SxS) (Version: 57.0.2976.0 - Google Inc.)

Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.32.7 - Google Inc.) Hidden

gpedt.msc 1.0 (HKLM-x32\...\{10B9C608-BF7C-4CCF-A658-C01D969DCA21}_is1) (Version: - Richard)

Gtk# for .Net 2.12.26 (HKLM-x32\...\{BC25B808-A11C-4C9F-9C0A-6682E47AAB83}) (Version: 2.12.26 - Xamarin, Inc.)

iCloud (HKLM\...\{4BB313CE-D3D1-424C-8823-15CF85B00B05}) (Version: 6.1.0.30 - Apple Inc.)

Inquisit 4 Web Player (HKLM\...\{FBB69BDD-AE2D-4E69-BE47-704EBC5B3FC0}) (Version: 4.0.9.0 - Millisecond Software)

Inquisit 5 Player (HKLM\...\{79201F7C-2CDE-4309-BF6F-F831A82DCA31}) (Version: 5.0.6.0 - Millisecond Software)

Intel® Chipset Device Software (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel® Corporation) Hidden

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4534 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.8.0.1042 - Intel Corporation)

iTunes (HKLM\...\{81C96689-EA5B-4B7D-A04F-16326EC51BC2}) (Version: 12.5.4.42 - Apple Inc.)

Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)

Kaspersky Password Manager (HKLM-x32\...\{2C74A102-DC39-4158-A831-02BDE2EC7D5D}) (Version: 8.0.5.485 - Kaspersky Lab) Hidden

Kaspersky Password Manager (HKLM-x32\...\InstallWIX_{2C74A102-DC39-4158-A831-02BDE2EC7D5D}) (Version: 8.0.5.485 - Kaspersky Lab)

Kaspersky Secure Connection (HKLM-x32\...\{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab) Hidden

Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab)

Kaspersky Total Security (HKLM-x32\...\{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab) Hidden

Kaspersky Total Security (HKLM-x32\...\InstallWIX_{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab)

Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)

Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)

Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation)

Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)

Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation)

Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)

Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)

Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)

Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)

Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.25420 - Microsoft Corporation)

Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.7.133.0 - Microsoft Corporation)

Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.6965.2115 - Microsoft Corporation)

Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.6720.1207 - Microsoft Corporation)

Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)

Microsoft SQL Server 2014 Management Objects (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)

Microsoft SQL Server 2014 Management Objects (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)

Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)

Microsoft SQL Server 2014 T-SQL Language Service (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)

Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)

Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation)

Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)

Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)

Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)

Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)

Microsoft Visual Studio Community 2015 with Updates (HKLM-x32\...\{79b486b9-c5f0-4096-a00c-8351f59587c2}) (Version: 14.0.25420.1 - Microsoft Corporation)

Microsoft Web Deploy 3.6 (HKLM\...\{94E1227C-08A9-4962-B388-1F05D89AEA75}) (Version: 3.1238.1962 - Microsoft Corporation)

Mozilla Firefox 50.1.0 (x64 en-US) (HKLM\...\Mozilla Firefox 50.1.0 (x64 en-US)) (Version: 50.1.0 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0 - Mozilla)

MSBuild/NuGet Integration 14.0 (x86) (HKLM-x32\...\{128C1654-3B9E-4959-8BFB-CE6F09C0A01D}) (Version: 14.0.25420 - Microsoft Corporation) Hidden

Multi-Device Hybrid Apps using C# - Templates - ENU (HKLM-x32\...\{12D99739-FFD3-3761-8AA6-F929E0FE407E}) (Version: 14.0.23107 - Microsoft Corporation) Hidden

No-IP DUC (HKLM-x32\...\NoIPDUC) (Version: 4.1.1 - Vitalwerks Internet Solutions LLC)

Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.6965.2115 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.6965.2115 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.6965.2115 - Microsoft Corporation) Hidden

Pale Moon 26.5.0 (x86 en-US) (HKLM-x32\...\Pale Moon 26.5.0 (x86 en-US)) (Version: 26.5.0 - Moonchild Productions)

PicToWeave Version 3.7.2.2 (HKLM-x32\...\PicToWeave_is1) (Version: - Loaded Dog Enterprises)

PreEmptive Analytics Visual Studio Components (HKLM-x32\...\{436A18DD-5F2C-4B3C-985E-AD3C13B0CC25}) (Version: 1.2.5134.1 - PreEmptive Solutions) Hidden

Pulover's Macro Creator version 5.0.5 (HKLM\...\{223FFB42-2D49-4AF6-9EF2-82B7D0CAF8B4}_is1) (Version: 5.0.5 - Rodolfo U. Batista)

Pushbullet version 338 (HKLM-x32\...\{7578F204-49E7-4830-B051-14C23F408BFE}_is1) (Version: 338 - Pushbullet Inc)

RAPID Mode (HKLM\...\{18DF567E-AA9B-434D-BE77-BFE2292712F6}) (Version: 1.0.1.96 - Samsung Electronics Co., Ltd.) Hidden

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.6.1001.2015 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7541 - Realtek Semiconductor Corp.)

Roslyn Language Services - x86 (HKLM-x32\...\{6C1985E7-E1C5-3A95-86EF-2C62465F15C3}) (Version: 14.0.23107 - Microsoft Corporation) Hidden

Roslyn Language Services - x86 (HKLM-x32\...\{87BFB956-DC1D-38FC-A849-A9997A183F63}) (Version: 14.0.25425 - Microsoft Corporation) Hidden

Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.9.7 - Samsung Electronics)

Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform)

Synergy (64-bit) (HKLM\...\{AE81EF09-AD7A-49BB-897D-F2C9C4453A4B}) (Version: 1.8.2 - The Synergy Project)

Team Explorer for Microsoft Visual Studio 2015 Update 3.1 (HKLM-x32\...\{23F3B544-D6BD-322B-A48A-C66790A8AE0D}) (Version: 14.102.25521 - Microsoft) Hidden

TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.66695 - TeamViewer)

Test Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{9EABBFE1-7EED-47D9-8FB8-21D7E4808057}) (Version: 14.0.23107 - Microsoft Corporation) Hidden

TypeScript Power Tool (HKLM-x32\...\{465ACA24-B8D6-4FEC-A42D-9EFCB92CD560}) (Version: 1.8.34.0 - Microsoft Corporation) Hidden

TypeScript Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{BA5762C7-D35F-4725-A4BD-525854127018}) (Version: 1.8.36.0 - Microsoft Corporation) Hidden

Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)

UserTesting (HKCU\...\UserTestingPlugin) (Version: - UserTesting.com)

Visual Studio 2015 Update 3 (KB3022398) (HKLM-x32\...\{7a68448b-9cf2-4049-bd73-5875f1aa7ba2}) (Version: 14.0.25420 - Microsoft Corporation)

Vivaldi (HKCU\...\Vivaldi) (Version: 1.6.689.40 - Vivaldi)

VNC Server 6.0.0 (HKLM\...\{55233098-158E-4500-B536-7FC644535F29}) (Version: 6.0.0.23442 - RealVNC Ltd)

VNC Viewer 6.0.0 (HKLM\...\{A55C0FBA-8B96-4C1C-B276-2E5328C57254}) (Version: 6.0.0.23442 - RealVNC Ltd)

VS Update core components (HKLM-x32\...\{2FAE53FC-8859-3EB9-BAAA-3A9BE26931BC}) (Version: 14.0.25425 - Microsoft Corporation) Hidden

vs_update3notification (HKLM-x32\...\{D949D8A9-0CEF-3997-BA76-75EA19E62137}) (Version: 14.0.25425 - Microsoft Corporation) Hidden

WCF Data Services 5.6.4 Runtime (HKLM-x32\...\{DB85E7BD-B2DD-43D4-B3C0-23D7B527B597}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden

WCF Data Services Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{0A3B508E-5638-4471-BCC9-954E1868CB86}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden

WebM Project Directshow Filters (HKCU\...\webmdshow) (Version: 1.0.4.1 - WebM Project)

Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)

========================= Devices: ================================

========================= Memory info: ===================================

Percentage of memory in use: 47%

Total physical RAM: 16197.37 MB

Available physical RAM: 8484.64 MB

Total Virtual: 17221.37 MB

Available Virtual: 7735.04 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:232.4 GB) (Free:157.75 GB) NTFS

3 Drive e: () (Fixed) (Total:931.51 GB) (Free:930.89 GB) NTFS

========================= Users: ========================================

User accounts for \\ZOENEW

Administrator DefaultAccount Guest

Zoe

========================= Minidump Files ==================================

No minidump file found

========================= Restore Points ==================================

24-12-2016 16:53:33 Scheduled Checkpoint

02-01-2017 15:46:51 Scheduled Checkpoint

**** End of log ****

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer

System Idle Process 81.35 0 K 4 K 0

chrome.exe 9.13 387,960 K 338,648 K 1484 Google Chrome Google Inc. (Verified) Google Inc

vivaldi.exe 2.44 153,528 K 608,800 K 4300 Vivaldi Vivaldi Technologies AS (Verified) Vivaldi Technologies AS

vivaldi.exe 1.29 51,644 K 69,964 K 11688 Vivaldi Vivaldi Technologies AS (Verified) Vivaldi Technologies AS

procexp64.exe 0.88 37,376 K 71,016 K 13296 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation

avp.exe 0.80 444,408 K 163,616 K 2888 Kaspersky Anti-Virus AO Kaspersky Lab (Verified) Kaspersky Lab

System 0.75 200 K 6,548 K 4

dwm.exe 0.67 83,512 K 47,984 K 1044

chrome.exe 0.61 493,120 K 329,992 K 7716 Google Chrome Google Inc. (Verified) Google Inc

Interrupts 0.50 0 K 0 K n/a Hardware Interrupts and DPCs

chrome.exe 0.47 156,760 K 127,548 K 8328 Google Chrome Google Inc. (Verified) Google Inc

vivaldi.exe 0.44 86,508 K 122,420 K 2424

csrss.exe 0.23 2,640 K 9,784 K 788

chrome.exe 0.08 220,160 K 208,076 K 10332 Google Chrome Google Inc. (Verified) Google Inc

chrome.exe 0.07 181,704 K 143,560 K 7924 Google Chrome Google Inc. (Verified) Google Inc

chrome.exe 0.06 160,872 K 185,024 K 12624 Google Chrome Google Inc. (Verified) Google Inc

ipoint.exe 0.04 4,440 K 3,692 K 4920 IPoint.exe Microsoft Corporation (Verified) Microsoft Corporation

kpm.exe 0.04 112,160 K 77,536 K 9232 Kaspersky Password Manager AO Kaspersky Lab (Verified) Kaspersky Lab

chrome.exe 0.04 155,360 K 178,248 K 14600 Google Chrome Google Inc. (Verified) Google Inc

iCloudServices.exe 0.03 123,436 K 33,344 K 9752 iCloud Services Apple Inc. (Verified) Apple Inc.

TeamViewer_Service.exe 0.02 6,060 K 7,784 K 3040 TeamViewer 11 TeamViewer GmbH (Verified) TeamViewer

chrome.exe 0.02 297,700 K 314,328 K 12316 Google Chrome Google Inc. (Verified) Google Inc

SearchIndexer.exe 0.02 58,596 K 55,708 K 1540 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows

explorer.exe 0.01 85,664 K 99,860 K 5512 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows

iPodService.exe 0.01 2,224 K 1,916 K 9428 iPodService Module (64-bit) Apple Inc. (Verified) Apple Inc.

AppleMobileDeviceService.exe < 0.01 4,976 K 5,788 K 2772 MobileDeviceService Apple Inc. (Verified) Apple Inc.

chrome.exe < 0.01 113,952 K 110,004 K 10556 Google Chrome Google Inc. (Verified) Google Inc

svchost.exe < 0.01 7,432 K 15,868 K 2836 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe < 0.01 6,308 K 9,572 K 2924 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe < 0.01 3,964 K 4,488 K 2232 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe < 0.01 6,360 K 9,640 K 712 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

TeamViewer.exe < 0.01 12,616 K 17,060 K 5580 TeamViewer 11 TeamViewer GmbH (Verified) TeamViewer

svchost.exe < 0.01 14,820 K 13,136 K 1164 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

chrome.exe < 0.01 102,180 K 78,084 K 13292 Google Chrome Google Inc. (Verified) Google Inc

chrome.exe < 0.01 113,040 K 127,196 K 4932 Google Chrome Google Inc. (Verified) Google Inc

tv_x64.exe < 0.01 1,492 K 1,048 K 6072

synergyd.exe < 0.01 1,512 K 1,196 K 3032 (Verified) Symless Ltd.

sihost.exe < 0.01 7,316 K 21,736 K 5032 Shell Infrastructure Host Microsoft Corporation (Verified) Microsoft Windows

ducservice.exe < 0.01 22,728 K 12,208 K 972 ducservice (No signature was present in the subject)

tv_w32.exe < 0.01 1,376 K 1,348 K 6000

svchost.exe < 0.01 7,840 K 19,748 K 5040 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe < 0.01 14,512 K 19,552 K 1344 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

OUTLOOK.EXE < 0.01 195,108 K 130,864 K 13220 Microsoft Outlook Microsoft Corporation (Verified) Microsoft Corporation

csrss.exe < 0.01 1,560 K 1,684 K 680

iTunesHelper.exe < 0.01 4,500 K 3,424 K 8896 iTunesHelper Apple Inc. (Verified) Apple Inc.

OfficeClickToRun.exe < 0.01 39,184 K 17,824 K 2876 Microsoft Office Click-to-Run (SxS) Microsoft Corporation (Verified) Microsoft Corporation

WUDFHost.exe 2,112 K 1,200 K 2484

WmiPrvSE.exe 10,420 K 13,304 K 4044

winlogon.exe 2,020 K 992 K 368

wininit.exe 1,160 K 744 K 780

vncserverui.exe 5,920 K 10,456 K 6092 VNC® Server RealVNC Ltd (Verified) RealVNC Ltd

vncserver.exe 5,012 K 31,380 K 3024 VNC® Server RealVNC Ltd (Verified) RealVNC Ltd

vncagent.exe 3,312 K 6,024 K 3468

vivaldi.exe 46,152 K 48,828 K 1420 Vivaldi Vivaldi Technologies AS (Verified) Vivaldi Technologies AS

vivaldi.exe 93,300 K 131,672 K 11860 Vivaldi Vivaldi Technologies AS (Verified) Vivaldi Technologies AS

vivaldi.exe 52,220 K 65,756 K 8268 Vivaldi Vivaldi Technologies AS (Verified) Vivaldi Technologies AS

vivaldi.exe 23,504 K 33,504 K 13716 Vivaldi Vivaldi Technologies AS (Verified) Vivaldi Technologies AS

vivaldi.exe 74,152 K 81,656 K 4220 Vivaldi Vivaldi Technologies AS (Verified) Vivaldi Technologies AS

vivaldi.exe 1,948 K 6,668 K 12236

Updater.exe 5,092 K 5,088 K 3016 Updater Popcorn Time (No signature was present in the subject) Popcorn Time

taskhostw.exe 9,444 K 14,348 K 4960 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows

SystemSettings.exe Suspended 12,648 K 444 K 5068 Settings Microsoft Corporation (Verified) Microsoft Windows

svchost.exe 15,344 K 15,584 K 1068 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 9,996 K 14,868 K 1056 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 28,096 K 38,832 K 1152 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 6,820 K 14,352 K 2964 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 1,596 K 7,484 K 7348 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 9,424 K 14,452 K 964 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 19,972 K 20,200 K 1440 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 2,836 K 5,804 K 1724 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 2,048 K 2,160 K 1804 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 1,596 K 3,136 K 6388 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 2,192 K 6,964 K 9944 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher

spoolsv.exe 9,600 K 12,852 K 1932 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows

smss.exe 440 K 376 K 500

smartscreen.exe 12,860 K 24,428 K 8096 SmartScreen Microsoft Corporation (Verified) Microsoft Windows

SkypeHost.exe Suspended 33,864 K 29,792 K 6768 Microsoft Skype Preview Microsoft Corporation (No signature was present in the subject) Microsoft Corporation

ShellExperienceHost.exe Suspended 98,124 K 98,400 K 6152 Windows Shell Experience Host Microsoft Corporation (Verified) Microsoft Windows

SettingSyncHost.exe 18,556 K 9,776 K 7588 Host Process for Setting Synchronization Microsoft Corporation (Verified) Microsoft Windows

services.exe 3,304 K 5,048 K 856

secd.exe 4,388 K 2,236 K 6928 Apple Security Manager Apple, Inc. (Verified) Apple Inc.

SearchUI.exe Suspended 86,948 K 148,500 K 12280 Search and Cortana application Microsoft Corporation (Verified) Microsoft Windows

SearchProtocolHost.exe 2,620 K 11,800 K 15072

SearchFilterHost.exe 1,924 K 7,340 K 13052

SamsungRapidSvc.exe 644 K 520 K 2844

SamsungRapidApp.exe 892 K 848 K 8716 Samsung RAPID Mode Notification Utility Samsung Electronics Co., Ltd. (Verified) Samsung Electronics Co.

Samsung Magician.exe 22,648 K 6,208 K 6248

RuntimeBroker.exe 30,272 K 53,944 K 5376 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows

pushbullet_client.exe 96,356 K 30,288 K 12352 Pushbullet Pushbullet Inc (Verified) Pushbullet Inc

procexp.exe 3,120 K 10,580 K 11024 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation

PresentationFontCache.exe 25,936 K 1,560 K 5092 PresentationFontCache.exe Microsoft Corporation (Verified) Microsoft Corporation

plugin-nm-server.exe 9,308 K 16,484 K 3824 Google Chrome Plugin AO Kaspersky Lab (Verified) Kaspersky Lab

OneDrive.exe 8,052 K 10,224 K 8344 Microsoft OneDrive Microsoft Corporation (Verified) Microsoft Corporation

notepad.exe 14,656 K 37,548 K 7120

Microsoft.Photos.exe Suspended 189,856 K 177,352 K 4988 (No signature was present in the subject)

Memory Compression 1,276 K 442,880 K 2612

mDNSResponder.exe 1,708 K 2,680 K 2996 Bonjour Service Apple Inc. (Verified) Apple Inc.

lsass.exe 8,104 K 10,772 K 864 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows Publisher

ksdeui.exe 7,864 K 3,640 K 8404 Kaspersky Secure Connection AO Kaspersky Lab (Verified) Kaspersky Lab

ksde.exe 28,436 K 1,596 K 11108 Kaspersky Secure Connection AO Kaspersky Lab (Verified) Kaspersky Lab

jusched.exe 1,584 K 1,312 K 10628 Java Update Scheduler Oracle Corporation (Verified) Oracle America

itype.exe 5,220 K 3,836 K 4828 IType.exe Microsoft Corporation (Verified) Microsoft Corporation

igfxEM.exe 3,660 K 1,912 K 5760 igfxEM Module Intel Corporation (Verified) Intel® pGFX

igfxCUIService.exe 1,652 K 956 K 1560 igfxCUIService Module Intel Corporation (Verified) Intel® pGFX

ID.exe 2,656 K 4,084 K 11228

iCloudDrive.exe 17,604 K 6,420 K 10188 iCloud Drive Apple Inc. (Verified) Apple Inc.

IAStorIcon.exe 27,256 K 3,364 K 2976 IAStorIcon Intel Corporation (Verified) Intel® Rapid Storage Technology

IAStorDataMgrSvc.exe 39,096 K 13,596 K 1628 IAStorDataSvc Intel Corporation (Verified) Intel® Rapid Storage Technology

GoogleCrashHandler64.exe 1,528 K 996 K 7260

GoogleCrashHandler64.exe 1,544 K 1,116 K 2388 Google Crash Handler Google Inc. (Verified) Google Inc

GoogleCrashHandler.exe 1,760 K 1,304 K 7252

GoogleCrashHandler.exe 1,844 K 1,160 K 3244 Google Crash Handler Google Inc. (Verified) Google Inc

DropboxUpdate.exe 2,144 K 1,808 K 4912

Dropbox.exe 206,388 K 53,844 K 10372 Dropbox Dropbox, Inc. (Verified) Dropbox

dllhost.exe 2,404 K 9,240 K 2980 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows

DbxSvc.exe 2,420 K 848 K 2780 Dropbox Service Dropbox, Inc. (Verified) Microsoft Windows Hardware Compatibility Publisher

dasHost.exe 5,856 K 9,036 K 2536

conhost.exe 5,296 K 7,092 K 792 Console Window Host Microsoft Corporation (Verified) Microsoft Windows

cmd.exe 2,652 K 2,608 K 11612 Windows Command Processor Microsoft Corporation (Verified) Microsoft Windows

chrome.exe 2,692 K 2,352 K 7776 Google Chrome Google Inc. (Verified) Google Inc

chrome.exe 45,100 K 32,224 K 13160 Google Chrome Google Inc. (Verified) Google Inc

chrome.exe 40,752 K 54,880 K 11456 Google Chrome Google Inc. (Verified) Google Inc

chrome.exe 57,748 K 53,020 K 11692 Google Chrome Google Inc. (Verified) Google Inc

chrome.exe 46,756 K 53,424 K 13036 Google Chrome Google Inc. (Verified) Google Inc

chrome.exe 2,716 K 2,360 K 7832 Google Chrome Google Inc. (Verified) Google Inc

avpui.exe 97,980 K 3,720 K 5024 Kaspersky Anti-Virus AO Kaspersky Lab (Verified) Kaspersky Lab

AutoHotkey.exe 2,620 K 9,020 K 12892 AutoHotkey Unicode 64-bit (No signature was present in the subject)

audiodg.exe 21,756 K 17,276 K 12548

APSDaemon.exe 4,876 K 6,704 K 9916 Apple Push Apple Inc. (Verified) Apple Inc.

ApplicationFrameHost.exe 11,788 K 15,624 K 6016 Application Frame Host Microsoft Corporation (Verified) Microsoft Windows

ApplePhotoStreams.exe 25,432 K 8,252 K 7452 iCloud Photo Stream Apple Inc. (Verified) Apple Inc.

AppleIEDAV.exe 3,688 K 14,728 K 8548 Apple IE DAV Apple Inc. (Verified) Apple Inc.

Attached Files

ZOENEW.txt 111.01KB 432 downloads

#4
RKinner

Posted 09 January 2017 - 08:05 PM

Malware Expert

Expert
24,625 posts

The only thing I see is Chrome is using a lot of CPU time, Vivaldi has half a dozen instances running and Kaspersky is probably not set up right.

Do you really need vivaldi?

Are you controlling this PC via Team Viewer?

You should reinstall Kaspersky.

I think I'm going to have this moved to the malware forum so I can have you run FRST so I can see what is going on in Chrome.

Get FRST from

http://www.bleepingc...very-scan-tool/

You need to download the appropriate tool for your PC. If you don't know if you have a 32 or 64 bit system get them both. Only one will work and that's the right one.

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.

Check the Addition.txt box

Press Scan button.

It will produce a log called FRST.txt in the same directory the tool is run from.

Please copy and paste log back here.

It will generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

#5
Wilmaa

Posted 09 January 2017 - 09:07 PM

New Member

Topic Starter
Member
9 posts

If this puts my browser mess into perspective.. I work on the Amazon Mechanical Turk platform. I have browsers constantly open (default is 2 windows in vivaldi, 3 windows in chrome 2 of which has 2 pinned tabs and a tab that I work in - I use vivaldi because chrome is such a pain with too many windows open and is the browser that most tasks on AMT require. Also, I run a lot of userscripts running for AMT through tampermonkey. I am not controlling it through teamviewer - a friend of mine sometimes helps with little PC glitches here and there via TV. I use VNC to work from my desktop via my phone or mac laptop.

Going to run the frst thing now. Will post.

#6
Wilmaa

Posted 09 January 2017 - 09:09 PM

New Member

Topic Starter
Member
9 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-01-2017

Ran by Zoe (administrator) on ZOENEW (09-01-2017 21:08:12)

Running from C:\Users\Zoe\Desktop

Loaded Profiles: Zoe (Available Profiles: Zoe)

Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\igfxCUIService.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe

(Samsung Electronics Co., Ltd.) C:\Windows\System32\RAPID\SamsungRapidSvc.exe

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe

(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avp.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Popcorn Time) C:\Program Files (x86)\Popcorn Time\Updater.exe

(RealVNC Ltd) C:\Program Files\RealVNC\VNC Server\vncserver.exe

() C:\Program Files\Synergy\synergyd.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

(RealVNC Ltd) C:\Program Files\RealVNC\VNC Server\vncagent.exe

(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avpui.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe

(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe

(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\igfxEM.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe

(RealVNC Ltd) C:\Program Files\RealVNC\VNC Server\vncserverui.exe

() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe

(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.5\kpm.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe

(Samsung Electronics.) C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe

(Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe

(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

() C:\Users\Zoe\Desktop\AHK\ID.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe

(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe

() C:\Program Files (x86)\No-IP\ducservice.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Zoe\AppData\Local\Google\Update\1.3.32.7\GoogleCrashHandler.exe

(Google Inc.) C:\Users\Zoe\AppData\Local\Google\Update\1.3.32.7\GoogleCrashHandler64.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

(Pushbullet Inc) C:\Users\Zoe\AppData\Local\Pushbullet\bin\pushbullet_client.exe

(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

() C:\Program Files\AutoHotkey\AutoHotkey.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\cmd.exe

(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.5\plugin-nm-server.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe

(Vivaldi Technologies AS) C:\Users\Zoe\AppData\Local\Vivaldi\Application\vivaldi.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\splwow64.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [323056 2015-11-04] (Intel Corporation)

HKLM\...\Run: [SamsungRapidApp] => C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe [281696 2015-09-04] (Samsung Electronics Co., Ltd.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8484056 2015-06-12] (Realtek Semiconductor)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-12-06] (Apple Inc.)

HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25779624 2016-12-21] (Dropbox, Inc.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)

HKLM\...\Policies\Explorer: [NoWinKeys] 1

HKU\S-1-5-21-3591470129-1721147500-3194162361-1001\...\Run: [Speech Recognition] => C:\Windows\Speech\Common\sapisvr.exe [44544 2016-07-16] (Microsoft Corporation)

HKU\S-1-5-21-3591470129-1721147500-3194162361-1001\...\Run: [GM4IE] => C:\Program Files (x86)\GM4IE\gm4ie.exe

HKU\S-1-5-21-3591470129-1721147500-3194162361-1001\...\Run: [kpm.exe] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.5\kpm.exe [7763384 2016-07-15] (AO Kaspersky Lab)

HKU\S-1-5-21-3591470129-1721147500-3194162361-1001\...\Run: [Freedom] => "C:\Users\Zoe\Desktop\Freedom.exe"

HKU\S-1-5-21-3591470129-1721147500-3194162361-1001\...\Run: [Google Update] => C:\Users\Zoe\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-16] (Google Inc.)

HKU\S-1-5-21-3591470129-1721147500-3194162361-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-11-17] (Apple Inc.)

HKU\S-1-5-21-3591470129-1721147500-3194162361-1001\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1084688 2016-07-09] (Apple Inc.)

HKU\S-1-5-21-3591470129-1721147500-3194162361-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2016-11-17] (Apple Inc.)

HKU\S-1-5-21-3591470129-1721147500-3194162361-1001\...\RunOnce: [Application Restart #3] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1104728 2016-12-08] (Google Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)

GroupPolicyScripts-x32\User: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.1

Tcpip\..\Interfaces\{1d5c43de-f4b5-4af2-bc47-c06694bbc681}: [NameServer] 8.8.8.8,8.8.4.4,208.67.222.222,208.67.220.220,8.8.8.8,8.8.4.4

Tcpip\..\Interfaces\{1d5c43de-f4b5-4af2-bc47-c06694bbc681}: [DhcpNameServer] 10.0.0.1

Tcpip\..\Interfaces\{383767de-23bd-4f9a-958f-2e933c4d7bf3}: [DhcpNameServer] 10.0.0.1

Tcpip\..\Interfaces\{58ea12df-fdd1-4038-b49a-0084f397978a}: [DhcpNameServer] 8.8.8.8 8.8.4.4

Tcpip\..\Interfaces\{8b333e37-775d-43c5-944e-258775e0afd9}: [DhcpNameServer] 172.20.10.1

Internet Explorer:

==================

HKU\S-1-5-21-3591470129-1721147500-3194162361-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp

BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\IEExt\ie_plugin.dll [2016-12-08] (AO Kaspersky Lab)

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-12-09] (Microsoft Corporation)

BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-09] (Microsoft Corporation)

BHO: Kaspersky Password Manager -> {F710F7E5-A520-471D-989C-F653AC328FB2} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.5\x64\ie_engine.dll [2016-07-15] (AO Kaspersky Lab)

BHO-x32: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\IEExt\ie_plugin.dll [2016-12-08] (AO Kaspersky Lab)

BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-12-09] (Microsoft Corporation)

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-24] (Oracle Corporation)

BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-12-09] (Microsoft Corporation)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-24] (Oracle Corporation)

BHO-x32: Kaspersky Password Manager -> {F710F7E5-A520-471D-989C-F653AC328FB2} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.5\ie_engine.dll [2016-07-15] (AO Kaspersky Lab)

Toolbar: HKLM - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\IEExt\ie_plugin.dll [2016-12-08] (AO Kaspersky Lab)

Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\IEExt\ie_plugin.dll [2016-12-08] (AO Kaspersky Lab)

Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-09] (Microsoft Corporation)

Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-09] (Microsoft Corporation)

Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-09] (Microsoft Corporation)

Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-09] (Microsoft Corporation)

FireFox:

========

FF DefaultProfile: iyxmst78.default

FF ProfilePath: C:\Users\Zoe\AppData\Roaming\Mozilla\Firefox\Profiles\iyxmst78.default [2017-01-09]

FF user.js: detected! => C:\Users\Zoe\AppData\Roaming\Mozilla\Firefox\Profiles\iyxmst78.default\user.js [2016-12-15]

FF NewTab: Mozilla\Firefox\Profiles\iyxmst78.default -> about:newtab

FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\iyxmst78.default -> Google

FF Extension: (Select-and-Define Google Dictionary) - C:\Users\Zoe\AppData\Roaming\Mozilla\Firefox\Profiles\iyxmst78.default\Extensions\[email protected] [2016-09-01]

FF Extension: (Tile Tabs) - C:\Users\Zoe\AppData\Roaming\Mozilla\Firefox\Profiles\iyxmst78.default\Extensions\[email protected] [2016-11-14]

FF Extension: (Greasemonkey) - C:\Users\Zoe\AppData\Roaming\Mozilla\Firefox\Profiles\iyxmst78.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2016-08-24]

FF ProfilePath: C:\Users\Zoe\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\pv04n2i1.default [2017-01-04]

FF Extension: (Guerilla Scripting) - C:\Users\Zoe\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\pv04n2i1.default\Extensions\[email protected] [2016-12-05] [not signed]

FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi

FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2016-12-08]

FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi

FF HKU\S-1-5-21-3591470129-1721147500-3194162361-1001\...\Firefox\Extensions: [kpm_win_add_on@kaspersky] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.5\kpm_win_add_on@kaspersky

FF Extension: (Kaspersky Password Manager) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.5\kpm_win_add_on@kaspersky [2016-09-17]

FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-14] ()

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-14] ()

FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-24] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-24] (Oracle Corporation)

FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-12-09] (Microsoft Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-09] (Microsoft Corporation)

FF Plugin-x32: @millisecond.com/npInquisit,version=3.0 -> C:\Program Files (x86)\Millisecond Software\Inquisit 3.0 Mozilla Plugin\npInquisit_3060.dll [No File]

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)

FF Plugin HKU\S-1-5-21-3591470129-1721147500-3194162361-1001: @millisecond.com/npInquisit,version=3.0 -> C:\Program Files (x86)\Millisecond Software\Inquisit 3.0 Mozilla Plugin\npInquisit_3060.dll [No File]

FF Plugin HKU\S-1-5-21-3591470129-1721147500-3194162361-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Zoe\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)

FF Plugin HKU\S-1-5-21-3591470129-1721147500-3194162361-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Zoe\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)

FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\itms.js [2016-11-17]

Chrome:

=======

CHR HomePage: Default -> hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_011&type=mcy_mdmac_15_35&param1=yhsbeacon&param2=f%3D7%26b%3DChrome%26cc%3DUS%26p%3Dmcyahoo%26cd%3D2XzuyEtN2Y1L1QzuyEyCyDyE0C0A0ByCtGtAyEyCtBtGyDyDtA0DtG0BtAyDtAtGtAyEtC0Dzz0EyCtByDyEzy0BtN1L1G1B1V1N2Y1L1Qzu2StAtB0DtAyB0DyBtBtG0Bzyzy0EtGyEtBtAtAtG0B0A0F0CtGyE0C0ByEzyyDtCyDyDtD0EyD2QtN1Q2Zzu0StCtAtAyCtN1L2XzutAtFyDtFtDtFyEyBtN1L1Czu%26cr%3D2095797066%26a%3Dmcy_mdmac_15_35

CHR StartupUrls: Default -> "hxxp://www.mturk.com/"

CHR Profile: C:\Users\Zoe\AppData\Local\Google\Chrome\User Data\Default [2017-01-09]

CHR Extension: (Easy Auto Refresh) - C:\Users\Zoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc [2016-11-17]

CHR Extension: (Google Slides) - C:\Users\Zoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-07-20]

CHR Extension: (Google Docs) - C:\Users\Zoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-07-20]

CHR Extension: (Google Drive) - C:\Users\Zoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-20]

CHR Extension: (YouTube) - C:\Users\Zoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-20]

CHR Extension: (Honey) - C:\Users\Zoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2016-12-29]

CHR Extension: (Pushbullet) - C:\Users\Zoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2017-01-02]

CHR Extension: (Tampermonkey) - C:\Users\Zoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2016-12-15]

CHR Extension: (Text To Speech with Google Drive) - C:\Users\Zoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\dogdgjickfenmhihlgiedkadbbabiagm [2017-01-05]

CHR Extension: (Chrome Connectivity Diagnostics) - C:\Users\Zoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\eemlkeanncmjljgehlbplemhmdmalhdc [2017-01-07]

CHR Extension: (Google Sheets) - C:\Users\Zoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-07-20]

CHR Extension: (User-Agent Switcher for Google Chrome) - C:\Users\Zoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffhkkpnppgnfaobgihpdblnhmmbodake [2016-11-10]

CHR Extension: (Kaspersky Protection) - C:\Users\Zoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib [2016-08-15]

CHR Extension: (Kaspersky Password Manager) - C:\Users\Zoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\gebpdbfmpedcnopofelmhndhincfkhki [2016-09-17]

CHR Extension: (Google Docs Offline) - C:\Users\Zoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-20]

CHR Extension: (Mturk Suite) - C:\Users\Zoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\iglbakfobmoijpbigmlfklckogbefnlf [2017-01-09]

CHR Extension: (Distill Web Monitor) - C:\Users\Zoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\inlikjemeeknofckkjolnjbpehgadgge [2016-12-06]

CHR Extension: (Extensity) - C:\Users\Zoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjmflmamggggndanpgfnpelongoepncg [2016-09-12]

CHR Extension: (Open Link in Same Tab) - C:\Users\Zoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgpefningcojblgciiljmabggbbjiojb [2016-12-18]

CHR Extension: (Google Dictionary (by Google)) - C:\Users\Zoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2016-08-13]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Zoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-20]

CHR Extension: (Auto Refresh Plus) - C:\Users\Zoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohfjpkccecpdfkpmfocndhepolhljfhg [2016-09-03]

CHR Extension: (Data Saver) - C:\Users\Zoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmgfdlgomnbgkofeojodiodmgpgmkac [2016-12-27]

CHR Extension: (Gmail) - C:\Users\Zoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-20]

CHR Extension: (Chrome Media Router) - C:\Users\Zoe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-15]

CHR Extension: (Turk Assist) - C:\Users\Zoe\Desktop\Turk\TA\ta again [2016-10-26]

CHR Profile: C:\Users\Zoe\AppData\Local\Google\Chrome\User Data\System Profile [2016-10-25]

CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib

CHR HKU\S-1-5-21-3591470129-1721147500-3194162361-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gebpdbfmpedcnopofelmhndhincfkhki] - hxxps://chrome.google.com/webstore/detail/gebpdbfmpedcnopofelmhndhincfkhki

CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)

R2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2946304 2016-12-09] (Microsoft Corporation)

S3 cphs; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\IntelCpHeciSvc.exe [301536 2016-11-01] (Intel Corporation)

S3 cplspcon; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\IntelCpHDCPSvc.exe [480224 2016-11-01] (Intel Corporation)

S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-10-07] (Dropbox, Inc.)

S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-10-07] (Dropbox, Inc.)

R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [42096 2016-12-21] (Dropbox, Inc.)

R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [19440 2015-11-04] (Intel Corporation)

R2 igfxCUIService2.0.0.0; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\igfxCUIService.exe [341984 2016-11-01] (Intel Corporation)

S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\vssbridge64.exe [77328 2016-06-28] (AO Kaspersky Lab)

R2 KSDE1.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-28] (AO Kaspersky Lab)

R2 NoIPDUCService4; C:\Program Files (x86)\No-IP\ducservice.exe [12288 2015-07-20] () [File not signed]

R2 SamsungRapidSvc; C:\WINDOWS\System32\RAPID\SamsungRapidSvc.exe [28256 2015-09-04] (Samsung Electronics Co., Ltd.)

R2 Synergy; C:\Program Files\Synergy\synergyd.exe [314024 2016-08-08] ()

R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)

R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2016-08-26] (Popcorn Time) [File not signed]

R2 vncserver; C:\Program Files\RealVNC\VNC Server\vncserver.exe [6693456 2016-10-31] (RealVNC Ltd)

S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-07-26] (Microsoft Corporation)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab)

R3 igfx; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\igdkmd64.sys [11033056 2016-11-01] (Intel Corporation)

R1 inpoutx64; C:\WINDOWS\System32\drivers\inpoutx64.sys [15008 2016-03-08] (Highresolution Enterprises [www.highrez.co.uk])

R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab)

R0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-07] (AO Kaspersky Lab)

R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [86352 2016-06-14] (AO Kaspersky Lab)

R2 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab)

S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [28792 2016-03-30] (AO Kaspersky Lab)

R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [191312 2016-06-26] (AO Kaspersky Lab)

R1 klhk; C:\WINDOWS\System32\drivers\klhk.sys [435032 2016-09-08] (AO Kaspersky Lab)

R3 klids; C:\ProgramData\Kaspersky Lab\AVP17.0.0\Bases\klids.sys [182360 2016-08-15] (AO Kaspersky Lab)

R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1019616 2016-12-08] (AO Kaspersky Lab)

R1 KLIM6; C:\WINDOWS\system32\DRIVERS\klim6.sys [57424 2016-12-08] (AO Kaspersky Lab)

R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [52136 2016-05-18] (AO Kaspersky Lab)

R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)

R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [45488 2016-05-31] (AO Kaspersky Lab)

R3 kltap; C:\WINDOWS\System32\drivers\kltap.sys [52152 2016-06-07] (The OpenVPN Project)

R0 klupd_klif_arkmon; C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [218920 2016-12-08] (AO Kaspersky Lab)

R3 klupd_klif_kimul; C:\WINDOWS\System32\Drivers\klupd_klif_kimul.sys [85984 2016-12-15] ()

R3 klupd_klif_klark; C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys [245512 2016-12-08] (AO Kaspersky Lab)

R0 klupd_klif_klbg; C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [104720 2016-12-08] (AO Kaspersky Lab)

R3 klupd_klif_mark; C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [164888 2016-12-08] (AO Kaspersky Lab)

R1 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [85320 2016-06-18] (AO Kaspersky Lab)

R1 Klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [134880 2016-12-08] (AO Kaspersky Lab)

R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [194480 2016-06-14] (AO Kaspersky Lab)

S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()

R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [935168 2016-07-19] (Realtek )

R0 SamsungRapidDiskFltr; C:\WINDOWS\System32\DRIVERS\SamsungRapidDiskFltr.sys [271968 2015-09-04] (Samsung Electronics Co., Ltd.)

R0 SamsungRapidFSFltr; C:\WINDOWS\System32\DRIVERS\SamsungRapidFSFltr.sys [110688 2015-09-04] (Samsung Electronics Co., Ltd.)

R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [216064 2016-07-16] (Microsoft Corporation)

S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)

S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)

S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)

R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)

S3 dbx; system32\DRIVERS\dbx.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-09 21:08 - 2017-01-09 21:08 - 00034371 _____ C:\Users\Zoe\Desktop\FRST.txt

2017-01-09 21:08 - 2017-01-09 21:08 - 00000000 ____D C:\FRST

2017-01-09 21:07 - 2017-01-09 21:07 - 02419200 _____ (Farbar) C:\Users\Zoe\Downloads\FRST64.exe

2017-01-09 21:07 - 2017-01-09 21:07 - 02419200 _____ (Farbar) C:\Users\Zoe\Desktop\FRST64.exe

2017-01-09 18:42 - 2017-01-09 18:43 - 00113679 _____ C:\Users\Zoe\Desktop\ZOENEW.txt

2017-01-09 18:42 - 2017-01-09 18:42 - 00012573 _____ C:\Users\Zoe\Desktop\System Idle Process.txt

2017-01-09 18:39 - 2017-01-09 18:39 - 02720928 _____ (Sysinternals - www.sysinternals.com) C:\Users\Zoe\Downloads\procexp.exe

2017-01-09 18:39 - 2017-01-09 18:39 - 02720928 _____ (Sysinternals - www.sysinternals.com) C:\Users\Zoe\Desktop\procexp.exe

2017-01-09 18:39 - 2017-01-09 18:39 - 00030598 _____ C:\Users\Zoe\Desktop\MTB.txt

2017-01-09 18:37 - 2017-01-09 18:37 - 00030598 _____ C:\Users\Zoe\Downloads\MTB.txt

2017-01-09 18:36 - 2017-01-09 18:36 - 00892416 _____ (Farbar) C:\Users\Zoe\Downloads\MiniToolBox.exe

2017-01-09 17:42 - 2017-01-09 17:42 - 00087672 _____ C:\Users\Zoe\Desktop\AZGBKAM5JUV5A.xlsx

2017-01-09 17:35 - 2017-01-09 17:35 - 00126768 _____ C:\Users\Zoe\Downloads\EA2 (1).xlsx

2017-01-09 17:33 - 2017-01-09 17:33 - 00126768 _____ C:\Users\Zoe\Downloads\EA2.xlsx

2017-01-09 15:32 - 2017-01-09 15:32 - 00871396 _____ C:\Users\Zoe\Desktop\CHEM123 Proctor.pdf

2017-01-09 14:34 - 2017-01-09 14:36 - 00287744 _____ C:\Users\Zoe\Downloads\Chapter_8_students.ppt

2017-01-09 14:34 - 2017-01-09 14:34 - 00240640 _____ C:\Users\Zoe\Downloads\Chapter_4 students.ppt

2017-01-09 14:34 - 2017-01-09 14:34 - 00237056 _____ C:\Users\Zoe\Downloads\Chapter_3_students.ppt

2017-01-08 21:40 - 2017-01-08 21:40 - 00116577 _____ C:\Users\Zoe\Downloads\B4.xlsx

2017-01-08 20:24 - 2017-01-08 20:24 - 00000000 ____D C:\Users\Zoe\Desktop\HLTH 451

2017-01-08 20:24 - 2017-01-08 20:24 - 00000000 ____D C:\Users\Zoe\Desktop\HLTH 320

2017-01-08 20:21 - 2017-01-09 15:37 - 00000000 ____D C:\Users\Zoe\Desktop\KNES 101

2017-01-08 20:19 - 2017-01-09 12:05 - 00305152 _____ C:\Users\Zoe\Downloads\Chapter_10_Students.ppt

2017-01-08 20:19 - 2017-01-08 20:19 - 00271360 _____ C:\Users\Zoe\Downloads\Chapter_2_Students.ppt

2017-01-08 20:18 - 2017-01-08 21:28 - 00436224 _____ C:\Users\Zoe\Downloads\Chapter_1_Students.ppt

2017-01-08 18:05 - 2017-01-08 18:10 - 00000121 _____ C:\Users\Zoe\Desktop\Internet issues, DNS issues, laggy pages, packet loss. - Networking.url

2017-01-08 17:44 - 2017-01-08 17:44 - 03961184 _____ C:\Users\Zoe\Downloads\hitdb_queryResults.csv

2017-01-07 23:01 - 2017-01-07 23:01 - 00000000 ____D C:\Users\Zoe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Canary Apps

2017-01-07 17:37 - 2017-01-07 17:37 - 00000090 _____ C:\Users\Zoe\Desktop\Google Chrome loads very slow. [Solved].url

2017-01-07 17:31 - 2017-01-07 17:31 - 00000112 _____ C:\Users\Zoe\Desktop\Find Hidden Features On Chrome’s Internal Chrome--- Pages.url

2017-01-07 17:23 - 2017-01-07 17:23 - 00000000 ____D C:\Users\Zoe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

2017-01-07 09:09 - 2017-01-07 09:09 - 00000135 _____ C:\Users\Zoe\Desktop\Amazon Mechanical Turk - All Qualifications.url

2017-01-04 07:24 - 2017-01-04 07:24 - 00000000 ____D C:\Users\Zoe\Desktop\OT Stuff

2017-01-04 07:23 - 2017-01-04 07:23 - 00000000 ____D C:\Users\Zoe\Desktop\Chem 123

2017-01-02 16:51 - 2017-01-02 16:51 - 00000000 ____D C:\Users\Zoe\AppData\Local\Pushbullet_Inc

2017-01-02 16:49 - 2017-01-07 19:53 - 00000000 ____D C:\Users\Zoe\AppData\Local\Pushbullet

2017-01-02 16:49 - 2017-01-02 16:49 - 00001104 _____ C:\Users\Public\Desktop\Pushbullet.lnk

2017-01-02 16:49 - 2017-01-02 16:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pushbullet

2017-01-02 16:49 - 2017-01-02 16:49 - 00000000 ____D C:\Program Files (x86)\Pushbullet

2017-01-02 15:10 - 2017-01-02 15:10 - 00000837 _____ C:\Users\Public\Desktop\Speccy.lnk

2017-01-02 15:10 - 2017-01-02 15:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy

2017-01-02 15:10 - 2017-01-02 15:10 - 00000000 ____D C:\Program Files\Speccy

2017-01-02 10:26 - 2017-01-02 10:26 - 00000070 _____ C:\Users\Zoe\Desktop\hwf.url

2017-01-02 10:26 - 2017-01-02 10:26 - 00000065 _____ C:\Users\Zoe\Desktop\hwf2.url

2016-12-29 19:13 - 2016-12-31 09:15 - 00017391 _____ C:\Users\Zoe\Desktop\Elements song.docx

2016-12-29 07:45 - 2016-12-29 07:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud

2016-12-29 07:44 - 2016-12-29 07:44 - 00001822 _____ C:\Users\Public\Desktop\iTunes.lnk

2016-12-29 07:44 - 2016-12-29 07:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

2016-12-29 07:44 - 2016-12-29 07:44 - 00000000 ____D C:\Program Files\iTunes

2016-12-29 07:44 - 2016-12-29 07:44 - 00000000 ____D C:\Program Files\iPod

2016-12-21 19:46 - 2016-12-21 19:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox

2016-12-21 12:15 - 2016-12-21 12:15 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys

2016-12-21 12:15 - 2016-12-21 12:15 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys

2016-12-21 12:15 - 2016-12-21 12:15 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys

2016-12-21 12:15 - 2016-12-21 12:15 - 00042096 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe

2016-12-20 16:38 - 2017-01-07 17:54 - 00003240 _____ C:\WINDOWS\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}

2016-12-20 16:24 - 2016-12-20 16:24 - 00046156 _____ C:\Users\Zoe\Desktop\DNS default settings.JPG

2016-12-19 22:12 - 2016-12-19 22:12 - 00003268 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2

2016-12-16 00:26 - 2016-12-16 00:30 - 00625623 _____ C:\Users\Zoe\Desktop\BPS12162016_0003.jpg

2016-12-15 08:29 - 2016-12-15 08:29 - 00085984 _____ C:\WINDOWS\system32\Drivers\klupd_klif_kimul.sys

2016-12-15 00:40 - 2016-12-15 00:40 - 00001156 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2016-12-13 23:06 - 2016-12-09 04:42 - 01637728 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll

2016-12-13 23:06 - 2016-12-09 04:42 - 00137568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll

2016-12-13 23:06 - 2016-12-09 04:34 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi

2016-12-13 23:06 - 2016-12-09 04:34 - 00894096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe

2016-12-13 23:06 - 2016-12-09 04:33 - 01354320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi

2016-12-13 23:06 - 2016-12-09 04:33 - 01173496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe

2016-12-13 23:06 - 2016-12-09 04:32 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe

2016-12-13 23:06 - 2016-12-09 04:30 - 00377184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys

2016-12-13 23:06 - 2016-12-09 04:29 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll

2016-12-13 23:06 - 2016-12-09 04:28 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll

2016-12-13 23:06 - 2016-12-09 04:27 - 00172528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll

2016-12-13 23:06 - 2016-12-09 04:20 - 02677544 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll

2016-12-13 23:06 - 2016-12-09 04:20 - 02189664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys

2016-12-13 23:06 - 2016-12-09 04:20 - 01738560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll

2016-12-13 23:06 - 2016-12-09 04:20 - 00658784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys

2016-12-13 23:06 - 2016-12-09 04:20 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys

2016-12-13 23:06 - 2016-12-09 04:19 - 01293152 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll

2016-12-13 23:06 - 2016-12-09 04:19 - 00168424 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll

2016-12-13 23:06 - 2016-12-09 04:18 - 02913144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll

2016-12-13 23:06 - 2016-12-09 04:18 - 01267512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll

2016-12-13 23:06 - 2016-12-09 04:18 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe

2016-12-13 23:06 - 2016-12-09 04:18 - 00989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe

2016-12-13 23:06 - 2016-12-09 04:18 - 00947552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi

2016-12-13 23:06 - 2016-12-09 04:18 - 00811872 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe

2016-12-13 23:06 - 2016-12-09 04:18 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys

2016-12-13 23:06 - 2016-12-09 04:15 - 08168000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll

2016-12-13 23:06 - 2016-12-09 04:15 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll

2016-12-13 23:06 - 2016-12-09 04:14 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll

2016-12-13 23:06 - 2016-12-09 04:14 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll

2016-12-13 23:06 - 2016-12-09 04:11 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll

2016-12-13 23:06 - 2016-12-09 04:10 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll

2016-12-13 23:06 - 2016-12-09 04:10 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll

2016-12-13 23:06 - 2016-12-09 04:09 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe

2016-12-13 23:06 - 2016-12-09 04:01 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll

2016-12-13 23:06 - 2016-12-09 04:01 - 01503544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll

2016-12-13 23:06 - 2016-12-09 04:01 - 00861024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll

2016-12-13 23:06 - 2016-12-09 04:00 - 00106896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll

2016-12-13 23:06 - 2016-12-09 03:59 - 02166752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll

2016-12-13 23:06 - 2016-12-09 03:59 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll

2016-12-13 23:06 - 2016-12-09 03:57 - 06668040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll

2016-12-13 23:06 - 2016-12-09 03:57 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll

2016-12-13 23:06 - 2016-12-09 03:56 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll

2016-12-13 23:06 - 2016-12-09 03:52 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll

2016-12-13 23:06 - 2016-12-09 03:52 - 01415752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll

2016-12-13 23:06 - 2016-12-09 03:51 - 00117240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll

2016-12-13 23:06 - 2016-12-09 03:47 - 22563328 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll

2016-12-13 23:06 - 2016-12-09 03:45 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys

2016-12-13 23:06 - 2016-12-09 03:45 - 00082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSD3DWARP12Debug.dll

2016-12-13 23:06 - 2016-12-09 03:45 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll

2016-12-13 23:06 - 2016-12-09 03:42 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll

2016-12-13 23:06 - 2016-12-09 03:42 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSD3DWARPDebug.dll

2016-12-13 23:06 - 2016-12-09 03:41 - 00380928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll

2016-12-13 23:06 - 2016-12-09 03:41 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll

2016-12-13 23:06 - 2016-12-09 03:40 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys

2016-12-13 23:06 - 2016-12-09 03:40 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VSD3DWARP12Debug.dll

2016-12-13 23:06 - 2016-12-09 03:38 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll

2016-12-13 23:06 - 2016-12-09 03:37 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll

2016-12-13 23:06 - 2016-12-09 03:37 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll

2016-12-13 23:06 - 2016-12-09 03:37 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VSD3DWARPDebug.dll

2016-12-13 23:06 - 2016-12-09 03:37 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll

2016-12-13 23:06 - 2016-12-09 03:36 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll

2016-12-13 23:06 - 2016-12-09 03:36 - 03059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll

2016-12-13 23:06 - 2016-12-09 03:36 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll

2016-12-13 23:06 - 2016-12-09 03:36 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll

2016-12-13 23:06 - 2016-12-09 03:36 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll

2016-12-13 23:06 - 2016-12-09 03:34 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll

2016-12-13 23:06 - 2016-12-09 03:34 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll

2016-12-13 23:06 - 2016-12-09 03:33 - 03777536 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll

2016-12-13 23:06 - 2016-12-09 03:33 - 01589760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll

2016-12-13 23:06 - 2016-12-09 03:32 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll

2016-12-13 23:06 - 2016-12-09 03:31 - 03689984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll

2016-12-13 23:06 - 2016-12-09 03:31 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll

2016-12-13 23:06 - 2016-12-09 03:31 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll

2016-12-13 23:06 - 2016-12-09 03:30 - 23677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2016-12-13 23:06 - 2016-12-09 03:30 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll

2016-12-13 23:06 - 2016-12-09 03:30 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll

2016-12-13 23:06 - 2016-12-09 03:29 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll

2016-12-13 23:06 - 2016-12-09 03:28 - 03306496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll

2016-12-13 23:06 - 2016-12-09 03:28 - 01004544 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll

2016-12-13 23:06 - 2016-12-09 03:27 - 19417088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2016-12-13 23:06 - 2016-12-09 03:27 - 13084160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2016-12-13 23:06 - 2016-12-09 03:27 - 05114368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll

2016-12-13 23:06 - 2016-12-09 03:27 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll

2016-12-13 23:06 - 2016-12-09 03:26 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll

2016-12-13 23:06 - 2016-12-09 03:26 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll

2016-12-13 23:06 - 2016-12-09 03:25 - 00376832 _____ (Microsoft Corporation) C:\WINDOWS\system32\CryptoWinRT.dll

2016-12-13 23:06 - 2016-12-09 03:24 - 06583296 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d12warp.dll

2016-12-13 23:06 - 2016-12-09 03:24 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll

2016-12-13 23:06 - 2016-12-09 03:23 - 12177920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

2016-12-13 23:06 - 2016-12-09 03:22 - 02820096 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll

2016-12-13 23:06 - 2016-12-09 03:22 - 02688512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll

2016-12-13 23:06 - 2016-12-09 03:22 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll

2016-12-13 23:06 - 2016-12-09 03:21 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll

2016-12-13 23:06 - 2016-12-09 03:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys

2016-12-13 23:06 - 2016-12-09 03:21 - 01512960 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys

2016-12-13 23:06 - 2016-12-09 03:21 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll

2016-12-13 23:06 - 2016-12-09 03:20 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll

2016-12-13 23:06 - 2016-12-09 03:20 - 03198464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll

2016-12-13 23:06 - 2016-12-09 03:20 - 00730624 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll

2016-12-13 23:06 - 2016-12-09 03:20 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll

2016-12-13 23:06 - 2016-12-09 03:20 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe

2016-12-13 23:06 - 2016-12-09 03:19 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll

2016-12-13 23:06 - 2016-12-09 03:19 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll

2016-12-13 23:06 - 2016-12-09 03:19 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll

2016-12-13 23:06 - 2016-12-09 03:19 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll

2016-12-13 23:06 - 2016-12-09 03:19 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll

2016-12-13 23:06 - 2016-12-09 03:18 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll

2016-12-13 23:06 - 2016-12-09 03:18 - 02138112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll

2016-12-13 23:06 - 2016-12-09 03:18 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll

2016-12-13 23:06 - 2016-12-09 03:17 - 04978176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d12warp.dll

2016-12-13 23:06 - 2016-12-09 03:17 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll

2016-12-13 23:06 - 2016-12-09 03:17 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll

2016-12-13 23:06 - 2016-12-09 03:16 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys

2016-12-13 23:06 - 2016-12-09 03:16 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll

2016-12-13 23:06 - 2016-12-09 03:16 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll

2016-12-13 23:06 - 2016-12-09 03:15 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll

2016-12-13 23:06 - 2016-12-09 03:15 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll

2016-12-13 23:06 - 2016-12-09 03:15 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll

2016-12-13 23:06 - 2016-12-09 02:54 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll

2016-12-13 23:06 - 2016-11-02 04:28 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll

2016-12-13 23:06 - 2016-11-02 04:25 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll

2016-12-13 23:06 - 2016-09-15 10:36 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-09 21:04 - 2016-07-20 17:35 - 00000000 ____D C:\ProgramData\Kaspersky Lab

2017-01-09 20:57 - 2016-09-30 02:32 - 00000000 ____D C:\WINDOWS\system32\SleepStudy

2017-01-09 18:51 - 2016-07-16 05:45 - 00000000 ____D C:\WINDOWS\INF

2017-01-09 17:35 - 2016-07-20 11:14 - 00000000 ____D C:\Users\Zoe\AppData\Local\Packages

2017-01-08 20:25 - 2016-10-10 14:17 - 00000000 ____D C:\Users\Zoe\Desktop\ADVISING

2017-01-08 09:23 - 2016-10-25 21:55 - 00002513 _____ C:\Users\Zoe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome Canary.lnk

2017-01-07 17:44 - 2016-09-30 02:34 - 01338214 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2017-01-07 17:39 - 2016-11-10 17:11 - 00000000 ___RD C:\Users\Zoe\iCloudDrive

2017-01-07 17:39 - 2016-10-07 09:37 - 00000000 ___RD C:\Users\Zoe\Dropbox

2017-01-07 17:38 - 2016-09-30 02:41 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2017-01-07 17:38 - 2016-09-30 02:34 - 00000000 ____D C:\Users\Zoe

2017-01-07 17:38 - 2016-07-19 20:39 - 00000000 __SHD C:\Users\Zoe\IntelGraphicsProfiles

2017-01-07 17:38 - 2016-07-16 00:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI

2017-01-07 17:21 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\NDF

2017-01-07 08:57 - 2016-07-21 14:11 - 00000000 ____D C:\Users\Zoe\Desktop\Turk

2017-01-07 08:49 - 2016-10-26 09:28 - 00000000 ____D C:\Users\Zoe\Desktop\Shopping

2017-01-06 08:10 - 2016-11-10 17:10 - 00003482 _____ C:\WINDOWS\System32\Tasks\Apple Diagnostics

2017-01-06 02:40 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\AppReadiness

2017-01-05 02:32 - 2016-07-16 05:47 - 00000000 ___HD C:\Program Files\WindowsApps

2017-01-04 07:25 - 2016-07-25 06:15 - 00000000 ____D C:\Program Files (x86)\ShopTracker

2017-01-03 18:56 - 2016-11-30 06:27 - 00000000 ____D C:\Users\Zoe\AppData\LocalLow\Mozilla

2017-01-01 12:08 - 2016-07-19 20:37 - 00000000 ____D C:\Users\Zoe\AppData\Local\ElevatedDiagnostics

2017-01-01 12:03 - 2016-07-16 05:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft

2017-01-01 12:02 - 2016-07-20 10:59 - 00000000 ____D C:\Program Files (x86)\Microsoft Office

2016-12-30 17:12 - 2015-10-11 15:51 - 00000000 ____D C:\Users\Zoe\Resume

2016-12-29 18:23 - 2016-09-08 16:36 - 00000000 ____D C:\Users\Zoe\Documents\Visual Studio 2015

2016-12-29 18:22 - 2016-09-30 02:34 - 00000000 ____D C:\Users\Zoe\AppData\Roaming

2016-12-29 18:22 - 2016-09-30 02:34 - 00000000 ____D C:\Users\Zoe\AppData\Local\Microsoft

2016-12-29 07:44 - 2016-11-05 19:08 - 00000000 ____D C:\Program Files\Common Files\Apple

2016-12-28 07:35 - 2016-11-16 07:36 - 00000000 ____D C:\Users\Zoe\Desktop\Jerry

2016-12-27 13:46 - 2016-07-25 11:09 - 00000000 ____D C:\Users\Zoe\AppData\Roaming\Millisecond Software

2016-12-27 06:38 - 2016-07-16 00:04 - 00000000 ____D C:\WINDOWS\system32\config

2016-12-26 18:31 - 2016-09-02 06:44 - 00000000 ___RD C:\Users\Zoe\Desktop\Kaspersky

2016-12-26 18:31 - 2016-08-24 06:41 - 00000000 ____D C:\Users\Zoe\Desktop\Browsers

2016-12-22 13:08 - 2016-12-05 14:04 - 00002324 _____ C:\Users\Zoe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vivaldi.lnk

2016-12-22 13:08 - 2016-07-20 11:35 - 00000000 ____D C:\Users\Zoe\AppData\Local\Vivaldi

2016-12-22 09:07 - 2016-09-30 02:34 - 00524288 ___SH C:\WINDOWS\system32\config\COMPONENTS{f5b135e6-4b48-11e6-80cb-e41d2d012050}.TMContainer00000000000000000001.regtrans-ms

2016-12-22 09:07 - 2016-09-30 02:34 - 00065536 ___SH C:\WINDOWS\system32\config\COMPONENTS{f5b135e6-4b48-11e6-80cb-e41d2d012050}.TM.blf

2016-12-22 09:07 - 2016-07-16 00:04 - 45350912 _____ C:\WINDOWS\system32\config\COMPONENTS

2016-12-21 19:46 - 2016-07-20 11:41 - 00000000 ____D C:\Program Files (x86)\Dropbox

2016-12-21 11:39 - 2016-08-13 15:49 - 00000000 ___RD C:\Users\Zoe\Documents\Scanned Documents

2016-12-20 16:38 - 2016-08-15 12:27 - 00000000 ____D C:\Program Files\Common Files\AV

2016-12-20 16:32 - 2016-07-20 10:41 - 00000000 ____D C:\Program Files (x86)\TeamViewer

2016-12-19 22:12 - 2016-07-20 11:15 - 00002361 _____ C:\Users\Zoe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

2016-12-19 22:12 - 2016-07-20 11:15 - 00000000 ___RD C:\Users\Zoe\OneDrive

2016-12-18 22:13 - 2016-09-30 02:39 - 00000000 ____D C:\Users\Zoe\AmazonMeter

2016-12-18 22:13 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\WDI

2016-12-17 21:11 - 2016-12-07 20:43 - 00004048 _____ C:\Users\Zoe\Desktop\cookie game.txt

2016-12-16 18:17 - 2016-10-25 21:55 - 00003676 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3591470129-1721147500-3194162361-1001UA

2016-12-16 18:17 - 2016-10-25 21:55 - 00003408 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3591470129-1721147500-3194162361-1001Core

2016-12-16 18:17 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\Tasks

2016-12-16 16:11 - 2016-10-26 09:32 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA

2016-12-16 16:11 - 2016-10-26 09:32 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

2016-12-16 10:42 - 2016-09-30 02:34 - 00524288 ___SH C:\WINDOWS\system32\config\COMPONENTS{f5b135e6-4b48-11e6-80cb-e41d2d012050}.TMContainer00000000000000000002.regtrans-ms

2016-12-16 10:22 - 2016-07-16 00:04 - 00000000 ____D C:\WINDOWS\WinSxS

2016-12-16 10:19 - 2016-07-16 05:47 - 00000000 ___RD C:\WINDOWS\assembly

2016-12-15 19:23 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\rescache

2016-12-15 19:04 - 2016-09-30 02:32 - 00346032 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2016-12-15 19:04 - 2016-07-22 17:02 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2016-12-15 19:03 - 2016-09-30 02:32 - 00524288 ___SH C:\WINDOWS\system32\config\DRIVERS{f5b135f1-4b48-11e6-80cb-e41d2d012050}.TMContainer00000000000000000001.regtrans-ms

2016-12-15 19:03 - 2016-09-30 02:32 - 00065536 ___SH C:\WINDOWS\system32\config\DRIVERS{f5b135f1-4b48-11e6-80cb-e41d2d012050}.TM.blf

2016-12-15 19:03 - 2016-08-24 11:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2016-12-15 19:03 - 2016-07-16 05:47 - 00000796 ___SH C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini

2016-12-15 19:03 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\SysWOW64\en-US

2016-12-15 19:03 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\en-US

2016-12-15 19:03 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\Boot

2016-12-15 19:03 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\ShellExperiences

2016-12-15 19:03 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\AppPatch

2016-12-15 19:03 - 2016-07-16 00:04 - 00000000 ____D C:\WINDOWS\SysWOW64

2016-12-15 19:03 - 2016-07-16 00:04 - 00000000 ____D C:\WINDOWS\system32\DriverStore

2016-12-15 19:02 - 2016-09-30 02:34 - 00524288 ___SH C:\Users\Zoe\NTUSER.DAT{c6ae7cd8-86f0-11e6-a274-e4f00bea1336}.TMContainer00000000000000000002.regtrans-ms

2016-12-15 19:02 - 2016-09-30 02:34 - 00065536 ___SH C:\Users\Zoe\NTUSER.DAT{c6ae7cd8-86f0-11e6-a274-e4f00bea1336}.TM.blf

2016-12-15 16:15 - 2016-07-16 05:36 - 00000000 ____D C:\WINDOWS\CbsTemp

2016-12-15 16:13 - 2016-07-19 20:45 - 00000000 ____D C:\WINDOWS\system32\MRT

2016-12-15 16:11 - 2016-07-19 20:45 - 135632432 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2016-12-15 00:40 - 2016-07-20 11:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2016-12-14 02:20 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed

2016-12-14 02:20 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\Macromed

2016-12-13 15:11 - 2016-10-26 09:32 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2016-12-11 17:56 - 2016-07-16 05:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

2016-12-11 17:56 - 2016-07-16 05:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

2016-12-10 00:04 - 2016-11-02 05:32 - 00000282 ___SH C:\Users\Zoe\Desktop\desktop.ini

2016-12-10 00:04 - 2016-09-30 07:16 - 00000174 ___SH C:\Users\Zoe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini

2016-12-10 00:04 - 2016-07-20 11:14 - 00000402 ___SH C:\Users\Zoe\Documents\desktop.ini

2016-12-10 00:04 - 2016-07-20 11:14 - 00000282 ___SH C:\Users\Zoe\Downloads\desktop.ini

2016-12-10 00:04 - 2016-07-20 11:14 - 00000174 ___SH C:\Users\Zoe\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini

2016-12-10 00:04 - 2016-07-20 11:14 - 00000000 __RHD C:\Users\Public\AccountPictures

2016-12-10 00:04 - 2016-07-20 11:14 - 00000000 ___RD C:\Users\Zoe\Videos

2016-12-10 00:04 - 2016-07-20 11:14 - 00000000 ___RD C:\Users\Zoe\Searches

2016-12-10 00:04 - 2016-07-20 11:14 - 00000000 ___RD C:\Users\Zoe\Saved Games

2016-12-10 00:04 - 2016-07-20 11:14 - 00000000 ___RD C:\Users\Zoe\Pictures

2016-12-10 00:04 - 2016-07-20 11:14 - 00000000 ___RD C:\Users\Zoe\Music

2016-12-10 00:04 - 2016-07-20 11:14 - 00000000 ___RD C:\Users\Zoe\Links

2016-12-10 00:04 - 2016-07-20 11:14 - 00000000 ___RD C:\Users\Zoe\Favorites

2016-12-10 00:04 - 2016-07-20 11:14 - 00000000 ___RD C:\Users\Zoe\Documents

2016-12-10 00:04 - 2016-07-20 11:14 - 00000000 ___RD C:\Users\Zoe\Contacts

2016-12-10 00:04 - 2016-07-20 11:14 - 00000000 ___RD C:\Users\Zoe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2016-12-10 00:04 - 2016-07-20 11:14 - 00000000 ___RD C:\Users\Zoe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

2016-12-10 00:04 - 2016-07-16 00:04 - 00262144 _____ C:\Users\Default\NTUSER.DAT

2016-12-10 00:03 - 2016-07-16 05:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel

2016-12-10 00:03 - 2016-07-16 05:47 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories

2016-12-10 00:03 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe

2016-12-10 00:03 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns

2016-12-10 00:03 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\wbem

2016-12-10 00:03 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\sr-Latn-CS

2016-12-10 00:03 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\oobe

2016-12-10 00:03 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\bcastdvr

2016-12-10 00:03 - 2016-07-16 05:47 - 00000000 ____D C:\Program Files\Internet Explorer

2016-12-10 00:03 - 2016-07-16 05:47 - 00000000 ____D C:\Program Files (x86)\Internet Explorer

2016-12-10 00:03 - 2016-07-16 00:04 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism

2016-12-10 00:03 - 2016-07-16 00:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep

2016-12-10 00:03 - 2016-07-16 00:04 - 00000000 ____D C:\WINDOWS\system32\Dism

2016-12-10 00:03 - 2016-07-16 00:04 - 00000000 ____D C:\WINDOWS\system32\CatRoot

2016-12-10 00:03 - 2016-07-16 00:04 - 00000000 ____D C:\WINDOWS\servicing

==================== Files in the root of some directories =======

2016-07-26 12:43 - 2016-07-26 12:46 - 0007596 _____ () C:\Users\Zoe\AppData\Local\resmon.resmoncfg

2016-09-30 02:33 - 2016-09-30 02:33 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:

====================

C:\Users\Zoe\AppData\Local\Temp\i4jdel0.exe

C:\Users\Zoe\AppData\Local\Temp\jre-8u111-windows-au.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed

C:\WINDOWS\system32\wininit.exe => File is digitally signed

C:\WINDOWS\explorer.exe => File is digitally signed

C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed

C:\WINDOWS\system32\svchost.exe => File is digitally signed

C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed

C:\WINDOWS\system32\services.exe => File is digitally signed

C:\WINDOWS\system32\User32.dll => File is digitally signed

C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed

C:\WINDOWS\system32\userinit.exe => File is digitally signed

C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed

C:\WINDOWS\system32\rpcss.dll => File is digitally signed

C:\WINDOWS\system32\dnsapi.dll => File is digitally signed

C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-02 09:44

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-01-2017

Ran by Zoe (09-01-2017 21:08:37)

Running from C:\Users\Zoe\Desktop

Windows 10 Home Version 1607 (X64) (2016-09-30 08:42:28)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3591470129-1721147500-3194162361-500 - Administrator - Disabled)

DefaultAccount (S-1-5-21-3591470129-1721147500-3194162361-503 - Limited - Disabled)

Guest (S-1-5-21-3591470129-1721147500-3194162361-501 - Limited - Disabled)

Zoe (S-1-5-21-3591470129-1721147500-3194162361-1001 - Administrator - Enabled) => C:\Users\Zoe

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Total Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Kaspersky Total Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Kaspersky Total Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)

Apple Application Support (32-bit) (HKLM-x32\...\{D079CAAD-0C31-47A2-9AF5-A82F9CD9B221}) (Version: 5.2 - Apple Inc.)

Apple Application Support (64-bit) (HKLM\...\{64E6007B-1DA9-42CD-BBE4-D5FA67A7C71D}) (Version: 5.2 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)

Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{0E4C791E-B78E-477D-BD5A-CDD0985BA6EC}) (Version: 7.0.20622.1 - Microsoft Corporation)

AutoHotkey 1.1.22.09 (HKLM\...\AutoHotkey) (Version: 1.1.22.09 - Lexikos)

Azure AD Authentication Connected Service (x32 Version: 14.0.25420 - Microsoft Corporation) Hidden

AzureTools.Notifications (x32 Version: 2.7.30611.1601 - Microsoft Corporation) Hidden

Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden

Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)

Color Search version 3.0 (HKLM-x32\...\{9531A0B6-7DDA-4ED7-8B49-9BC3C0ABAEEC}_is1) (Version: 3.0 - Loaded Dog Enterprises)

Dotfuscator and Analytics Community Edition 5.22.0 (x32 Version: 5.22.0.3788 - PreEmptive Solutions) Hidden

Dropbox (HKLM-x32\...\Dropbox) (Version: 16.4.30 - Dropbox, Inc.)

Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)

Google Chrome Canary (HKU\S-1-5-21-3591470129-1721147500-3194162361-1001\...\Google Chrome SxS) (Version: 57.0.2976.0 - Google Inc.)

Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden

gpedt.msc 1.0 (HKLM-x32\...\{10B9C608-BF7C-4CCF-A658-C01D969DCA21}_is1) (Version: - Richard)

Gtk# for .Net 2.12.26 (HKLM-x32\...\{BC25B808-A11C-4C9F-9C0A-6682E47AAB83}) (Version: 2.12.26 - Xamarin, Inc.)

iCloud (HKLM\...\{4BB313CE-D3D1-424C-8823-15CF85B00B05}) (Version: 6.1.0.30 - Apple Inc.)

Inquisit 4 Web Player (HKLM\...\{FBB69BDD-AE2D-4E69-BE47-704EBC5B3FC0}) (Version: 4.0.9.0 - Millisecond Software)

Inquisit 5 Player (HKLM\...\{79201F7C-2CDE-4309-BF6F-F831A82DCA31}) (Version: 5.0.6.0 - Millisecond Software)

Intel® Chipset Device Software (x32 Version: 10.1.1.9 - Intel® Corporation) Hidden

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4534 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.8.0.1042 - Intel Corporation)

iTunes (HKLM\...\{81C96689-EA5B-4B7D-A04F-16326EC51BC2}) (Version: 12.5.4.42 - Apple Inc.)

Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)

Kaspersky Password Manager (HKLM-x32\...\InstallWIX_{2C74A102-DC39-4158-A831-02BDE2EC7D5D}) (Version: 8.0.5.485 - Kaspersky Lab)

Kaspersky Password Manager (x32 Version: 8.0.5.485 - Kaspersky Lab) Hidden

Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab)

Kaspersky Secure Connection (x32 Version: 17.0.0.611 - Kaspersky Lab) Hidden

Kaspersky Total Security (HKLM-x32\...\InstallWIX_{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab)

Kaspersky Total Security (x32 Version: 17.0.0.611 - Kaspersky Lab) Hidden