I was notified last night that my computer was infected with the Torpig virus. They wanted 250 to get rid of it. Can someone help me clean my laptop up?
Thanks
Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!
I was notified last night that my computer was infected with the Torpig virus. They wanted 250 to get rid of it. Can someone help me clean my laptop up?
Thanks
Torpig is normally not ransomware that encrypts your data so see if you can get FRST to work:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-07-2017
Ran by Jerry (administrator) on JERRY-HP (15-07-2017 21:22:41)
Running from C:\Users\Jerry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\00XQXXBQ
Loaded Profiles: Jerry (Available Profiles: Jerry)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpCardEngine.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AMD) C:\Windows\System32\atieclxx.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Conexant) C:\Windows\System32\MicTray64.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\AvrcpService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe
(Conexant Systems, Inc) C:\Windows\CxSvc\CxMonSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(Conexant Systems, Inc.) C:\Windows\CxSvc\CxUtilSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HotkeyService.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\FAHWindow64.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\RtkBleServ.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
() C:\Program Files\WinZip Smart Monitor\WinZip Smart Monitor Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(HP) C:\Program Files (x86)\HP\HP Touchpoint Manager\Discover HP Touchpoint Manager\LHBeacon.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTServer.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
() C:\Program Files (x86)\Realtek\REALTEK Bluetooth\SkypePlugin.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\HP-NB-AIO\SmartAudio3.exe
(Corel Corporation) C:\Program Files\WinZip Smart Monitor\WinZipSmartMonitor.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_26_0_0_137_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(BitTorrent Inc.) C:\Users\Jerry\AppData\Roaming\uTorrent\uTorrent.exe
(BitTorrent Inc.) C:\Users\Jerry\AppData\Roaming\uTorrent\updates\3.5.0_43916\utorrentie.exe
(BitTorrent Inc.) C:\Users\Jerry\AppData\Roaming\uTorrent\updates\3.5.0_43916\utorrentie.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [229592 2015-07-09] (Realtek Semiconductor Corporation)
HKLM\...\Run: [PixelSharp] => C:\Program Files\Hewlett-Packard\HP Pixel Sharp\hpvstray.exe [500936 2015-06-05] (Hewlett Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3942568 2015-08-03] (Synaptics Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [WinZip UN] => C:\Program Files\WinZip\WZUpdateNotifier.exe [1878016 2017-04-19] (WinZip)
HKLM\...\Run: [WinZip PreLoader] => C:\Program Files\WinZip\WzPreloader.exe [124360 2017-04-19] (WinZip Computing, S.L.)
HKLM\...\Run: [WinZip FAH] => C:\Program Files\WinZip\FAHConsole.exe [436416 2017-04-19] (WinZip Computing, S.L.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [235048 2015-08-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [430120 2015-08-04] (Hewlett-Packard Company)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [127528 2015-07-08] (Hewlett-Packard Company)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [110008 2015-08-05] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [499640 2015-08-05] (CyberLink Corp.)
HKLM-x32\...\Run: [Discover HP Touchpoint Manager] => C:\Program Files (x86)\HP\HP Touchpoint Manager\Discover HP Touchpoint Manager\LHBeacon.exe [426208 2015-10-22] (HP)
HKLM-x32\...\Run: [YouCam Mirage] => "c:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
HKLM-x32\...\Run: [YouCam Tray] => c:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe [167352 2015-07-08] (CyberLink Corp.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1870928 2017-04-04] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
Winlogon\Notify\GoToAssist Express Customer: C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\1361\g2ax_winlogonx64.dll [X]
AppInit_DLLs: C:\windows\Jaksta\AC\x64\jaudcap.dll => C:\windows\Jaksta\AC\x64\jaudcap.dll [309168 2016-10-11] (Jaksta Technologies Pty Ltd)
AppInit_DLLs-x32: C:\windows\Jaksta\AC\x86\jaudcap.dll => C:\windows\Jaksta\AC\x86\jaudcap.dll [261552 2016-10-11] (Jaksta Technologies Pty Ltd)
Lsa: [Notification Packages] DPPassFilter scecli
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 192.168.0.1
Tcpip\..\Interfaces\{EA8FEFE0-D348-440B-B3B1-C665B1E45EC1}: [DhcpNameServer] 192.168.1.254 192.168.0.1
Tcpip\..\Interfaces\{F4E2DF2E-4FD2-4DDF-9EC0-8371E4E756C9}: [DhcpNameServer] 40.22.1.12
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-1770820168-160824308-3033925751-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-1770820168-160824308-3033925751-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2017-06-13] (Microsoft Corporation)
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> c:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-02-17] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office16\URLREDIR.DLL [2015-07-31] (Microsoft Corporation)
BHO: PixelSharp.BrowserHelper -> {cef38ace-a7af-43a9-a854-06c14cccc92c} -> C:\windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2017-02-22] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-02-17] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> c:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-02-17] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office16\URLREDIR.DLL [2015-07-31] (Microsoft Corporation)
BHO-x32: PixelSharp.BrowserHelper -> {cef38ace-a7af-43a9-a854-06c14cccc92c} -> C:\windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2017-02-22] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-02-17] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-02-17] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-02-17] (Adobe Systems Incorporated)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2017-04-11] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2017-04-11] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2017-04-11] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2017-04-11] (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [dpmaxz_ng@jetpack] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome
FF Extension: (HP Client Security Manager) - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome [2016-06-17] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat DC - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2017-04-12]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-01-23] (Adobe Systems)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-06-19] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-06-19] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-11-15] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-07-15] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-01-23] (Adobe Systems)
FF Plugin-x32: digitalpersona.com/ChromeDPAgent -> c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\components\npChromeDPAgent.dll [2015-07-22] (DigitalPersona, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-11-15] (Microsoft Corporation)
Chrome:
=======
CHR Profile: C:\Users\Jerry\AppData\Local\Google\Chrome\User Data\Default [2017-07-15]
CHR Extension: (Google Slides) - C:\Users\Jerry\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-07-15]
CHR Extension: (Google Docs) - C:\Users\Jerry\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-07-15]
CHR Extension: (Google Drive) - C:\Users\Jerry\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-07-15]
CHR Extension: (YouTube) - C:\Users\Jerry\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-07-15]
CHR Extension: (Adobe Acrobat) - C:\Users\Jerry\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-07-15]
CHR Extension: (Google Sheets) - C:\Users\Jerry\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-07-15]
CHR Extension: (Google Docs Offline) - C:\Users\Jerry\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-07-15]
CHR Extension: (HP Client Security Manager) - C:\Users\Jerry\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncffjdbbodifgldkcbhmiiljfcnbgjab [2017-07-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jerry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-07-15]
CHR Extension: (Gmail) - C:\Users\Jerry\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-07-15]
CHR Extension: (Chrome Media Router) - C:\Users\Jerry\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-15]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ncffjdbbodifgldkcbhmiiljfcnbgjab] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome.crx [2015-07-22]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
R2 AvrcpService; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe [41176 2015-03-02] (Realtek Semiconductor Corporation)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [127192 2015-11-19] ()
R2 CxMonSvc; C:\windows\CxSvc\CxMonSvc.exe [22648 2016-06-07] (Conexant Systems, Inc)
R2 CxUtilSvc; C:\windows\CxSvc\CxUtilSvc.exe [141432 2016-07-30] (Conexant Systems, Inc.)
R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [502232 2015-07-28] (DigitalPersona, Inc.)
R2 HP Hotkey Service; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HotkeyService.exe [850144 2015-08-04] (Hewlett-Packard Company)
R2 HPSupportSolutionsFrameworkService; c:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [321896 2017-07-06] (HP Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
R2 RtkBleServ; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe [51416 2015-01-04] (Realtek Semiconductor Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [237736 2015-08-03] (Synaptics Incorporated)
R2 tbaseprovisioning; C:\windows\SysWOW64\tbaseprovisioning.exe [51208 2017-01-10] (Advanced Micro Devices, Inc.)
R2 valWBFPolicyService; C:\windows\system32\valWBFPolicyService.exe [76296 2015-07-30] (Synaptics Incorporated)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-12-03] (Microsoft Corporation)
R2 WinZip Smart Monitor Service; C:\Program Files\WinZip Smart Monitor\WinZip Smart Monitor Service.exe [495616 2017-05-19] ()
S2 GoToAssist Remote Support Customer; "C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\1361\g2ax_service.exe" "Start=service" [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 amdkmcsp; C:\windows\System32\DRIVERS\amdkmcsp.sys [95112 2017-01-10] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\windows\System32\drivers\amdkmpfd.sys [65248 2015-04-24] (Advanced Micro Devices, Inc.)
R1 amdpsp; C:\windows\System32\DRIVERS\amdpsp.sys [254344 2017-01-10] (Advanced Micro Devices, Inc. )
R3 BthAudioHF; C:\windows\System32\drivers\RtkHfp.sys [103168 2015-09-03] (Realtek Semiconductor Corporation)
R1 CLVirtualDrive; C:\windows\System32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R1 ElRawDisk; C:\windows\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation)
S3 hidemi; C:\windows\system32\drivers\hidemi.sys [29024 2015-07-06] (Microchip)
R3 jakstaVA; C:\windows\System32\DRIVERS\jaksta_va.sys [103816 2014-12-08] (e2eSoft)
S3 mchpemi; C:\windows\system32\drivers\mchpemi.sys [37728 2015-07-06] (Microchip)
R0 MpFilter; C:\windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R1 MpKslb9c9831c; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D2433F02-9B27-4655-B988-E2E9523D0939}\MpKslb9c9831c.sys [44928 2017-07-15] (Microsoft Corporation)
R3 NisDrv; C:\windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
R0 PinFile; C:\windows\System32\DRIVERS\PinFile.sys [56864 2015-11-19] (WinMagic Inc.)
R3 RtkA2dp; C:\windows\System32\drivers\RtkA2dp.sys [184024 2015-03-18] (Realtek Semiconductor Corporation)
R3 RtkAvrcp; C:\windows\System32\DRIVERS\RtkAvrcp.sys [73712 2015-09-03] (Realtek Semiconductor Corporation)
R3 RtkBtFilter; C:\windows\System32\DRIVERS\RtkBtfilter.sys [617248 2015-10-13] (Realtek Semiconductor Corporation)
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [753368 2015-06-15] (Realsil Semiconductor Corporation)
S3 RTSUER; C:\windows\System32\Drivers\RtsUer.sys [402136 2015-05-27] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\windows\System32\DRIVERS\rtwlane.sys [4471000 2015-12-07] (Realtek Semiconductor Corporation )
R0 SDDisk2K; C:\windows\System32\DRIVERS\SDDisk2K.sys [232480 2015-11-19] (WinMagic Inc.)
R0 SDDToki; C:\windows\System32\DRIVERS\SDDToki.sys [138272 2015-11-19] (WinMagic Inc.)
S3 SmbDrv; C:\windows\system32\drivers\Smb_driver_AMDASF.sys [33448 2015-08-03] (Synaptics Incorporated)
S3 SmbDrvI; C:\windows\system32\drivers\Smb_driver_Intel.sys [33960 2015-08-03] (Synaptics Incorporated)
R3 SPUVCbv; C:\windows\System32\Drivers\SPUVCbv_x64.sys [710416 2015-08-04] (Sunplus)
S3 SynRMIHID; C:\windows\system32\drivers\SynRMIHID.sys [48296 2015-08-03] (Synaptics Incorporated)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-07-15 21:22 - 2017-07-15 21:22 - 00000000 ____D C:\FRST
2017-07-15 19:22 - 2017-07-15 21:18 - 01388448 _____ C:\Users\Public\VOIP.dat
2017-07-15 19:07 - 2017-07-15 19:07 - 00002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-07-15 19:07 - 2017-07-15 19:07 - 00002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-07-15 18:58 - 2017-07-15 19:07 - 00000000 ____D C:\Users\Jerry\AppData\Local\Google
2017-07-15 18:58 - 2017-07-15 19:07 - 00000000 ____D C:\Program Files (x86)\Google
2017-07-15 18:58 - 2017-07-15 18:58 - 00003330 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-07-15 18:58 - 2017-07-15 18:58 - 00003202 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-07-15 18:57 - 2017-07-15 18:58 - 00000000 ____D C:\Users\Jerry\AppData\Local\Deployment
2017-07-15 18:57 - 2017-07-15 18:57 - 00000000 ____D C:\Users\Jerry\AppData\Local\Apps\2.0
2017-07-15 16:00 - 2017-07-15 16:01 - 00154474 _____ C:\windows\ntbtlog.txt
2017-07-14 18:29 - 2017-07-15 16:58 - 00000000 ____D C:\Users\Jerry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citrix
2017-07-14 18:29 - 2017-07-14 18:29 - 00001590 _____ C:\Users\Jerry\Desktop\GoToAssist Customer.lnk
2017-07-14 18:28 - 2017-07-15 16:11 - 00000000 ____D C:\Program Files (x86)\Citrix
2017-07-14 18:28 - 2017-07-14 18:28 - 00000000 ____D C:\Users\Jerry\AppData\Local\GoToAssist Remote Support Customer
2017-07-14 18:28 - 2017-07-14 18:28 - 00000000 ____D C:\Users\Jerry\AppData\Local\GoTo Opener
2017-07-14 13:44 - 2017-07-14 13:44 - 00000000 ____D C:\Users\Jerry\Downloads\A.Dogs.Purpose.2017.HDRip.XViD-ETRG
2017-06-15 18:23 - 2017-06-02 04:28 - 02317824 _____ (Microsoft Corporation) C:\windows\system32\tquery.dll
2017-06-15 18:23 - 2017-06-02 04:28 - 02222080 _____ (Microsoft Corporation) C:\windows\system32\mssrch.dll
2017-06-15 18:23 - 2017-06-02 04:28 - 00778240 _____ (Microsoft Corporation) C:\windows\system32\mssvp.dll
2017-06-15 18:23 - 2017-06-02 04:28 - 00491520 _____ (Microsoft Corporation) C:\windows\system32\mssph.dll
2017-06-15 18:23 - 2017-06-02 04:28 - 00288256 _____ (Microsoft Corporation) C:\windows\system32\mssphtb.dll
2017-06-15 18:23 - 2017-06-02 04:28 - 00115200 _____ (Microsoft Corporation) C:\windows\system32\mssitlb.dll
2017-06-15 18:23 - 2017-06-02 04:28 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\mssprxy.dll
2017-06-15 18:23 - 2017-06-02 04:28 - 00075264 _____ (Microsoft Corporation) C:\windows\system32\msscntrs.dll
2017-06-15 18:23 - 2017-06-02 04:28 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\msshooks.dll
2017-06-15 18:23 - 2017-06-02 04:11 - 00591872 _____ (Microsoft Corporation) C:\windows\system32\SearchIndexer.exe
2017-06-15 18:23 - 2017-06-02 04:11 - 00249856 _____ (Microsoft Corporation) C:\windows\system32\SearchProtocolHost.exe
2017-06-15 18:23 - 2017-06-02 04:10 - 00733696 _____ (Microsoft Corporation) C:\windows\HelpPane.exe
2017-06-15 18:23 - 2017-06-02 04:10 - 00113664 _____ (Microsoft Corporation) C:\windows\system32\SearchFilterHost.exe
2017-06-15 18:23 - 2017-06-02 04:09 - 01549824 _____ (Microsoft Corporation) C:\windows\SysWOW64\tquery.dll
2017-06-15 18:23 - 2017-06-02 04:09 - 01400320 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssrch.dll
2017-06-15 18:23 - 2017-06-02 04:09 - 00666624 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssvp.dll
2017-06-15 18:23 - 2017-06-02 04:09 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssph.dll
2017-06-15 18:23 - 2017-06-02 04:09 - 00197120 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssphtb.dll
2017-06-15 18:23 - 2017-06-02 04:09 - 00104448 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssitlb.dll
2017-06-15 18:23 - 2017-06-02 04:09 - 00059392 _____ (Microsoft Corporation) C:\windows\SysWOW64\msscntrs.dll
2017-06-15 18:23 - 2017-06-02 04:09 - 00034816 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssprxy.dll
2017-06-15 18:23 - 2017-06-02 03:58 - 00427520 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchIndexer.exe
2017-06-15 18:23 - 2017-06-02 03:58 - 00164352 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchProtocolHost.exe
2017-06-15 18:23 - 2017-06-02 03:57 - 00086528 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchFilterHost.exe
2017-06-15 18:23 - 2017-06-02 03:57 - 00009728 _____ (Microsoft Corporation) C:\windows\SysWOW64\msshooks.dll
2017-06-15 18:23 - 2017-05-21 00:28 - 00154856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2017-06-15 18:23 - 2017-05-21 00:28 - 00095464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2017-06-15 18:23 - 2017-05-21 00:24 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2017-06-15 18:23 - 2017-05-21 00:24 - 01212928 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2017-06-15 18:23 - 2017-05-21 00:24 - 00730624 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2017-06-15 18:23 - 2017-05-21 00:24 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2017-06-15 18:23 - 2017-05-21 00:24 - 00463872 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2017-06-15 18:23 - 2017-05-21 00:24 - 00345600 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2017-06-15 18:23 - 2017-05-21 00:24 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2017-06-15 18:23 - 2017-05-21 00:24 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2017-06-15 18:23 - 2017-05-21 00:24 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2017-06-15 18:23 - 2017-05-21 00:24 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
2017-06-15 18:23 - 2017-05-21 00:24 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2017-06-15 18:23 - 2017-05-21 00:24 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2017-06-15 18:23 - 2017-05-21 00:24 - 00123904 _____ (Microsoft Corporation) C:\windows\system32\bcrypt.dll
2017-06-15 18:23 - 2017-05-21 00:24 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2017-06-15 18:23 - 2017-05-21 00:24 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2017-06-15 18:23 - 2017-05-21 00:24 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2017-06-15 18:23 - 2017-05-21 00:24 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2017-06-15 18:23 - 2017-05-21 00:24 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2017-06-15 18:23 - 2017-05-21 00:24 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2017-06-15 18:23 - 2017-05-21 00:06 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2017-06-15 18:23 - 2017-05-21 00:06 - 00666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2017-06-15 18:23 - 2017-05-21 00:06 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2017-06-15 18:23 - 2017-05-21 00:06 - 00342528 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2017-06-15 18:23 - 2017-05-21 00:06 - 00261120 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2017-06-15 18:23 - 2017-05-21 00:06 - 00254464 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2017-06-15 18:23 - 2017-05-21 00:06 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2017-06-15 18:23 - 2017-05-21 00:06 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2017-06-15 18:23 - 2017-05-21 00:06 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2017-06-15 18:23 - 2017-05-21 00:06 - 00141312 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll
2017-06-15 18:23 - 2017-05-21 00:06 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2017-06-15 18:23 - 2017-05-21 00:06 - 00082944 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcrypt.dll
2017-06-15 18:23 - 2017-05-21 00:06 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2017-06-15 18:23 - 2017-05-21 00:06 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2017-06-15 18:23 - 2017-05-21 00:06 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2017-06-15 18:23 - 2017-05-21 00:06 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2017-06-15 18:23 - 2017-05-20 23:55 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2017-06-15 18:23 - 2017-05-20 23:48 - 00291328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2017-06-15 18:23 - 2017-05-20 23:48 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2017-06-15 18:23 - 2017-05-20 23:48 - 00129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2017-06-15 18:23 - 2017-05-20 23:47 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2017-06-15 18:23 - 2017-05-20 23:46 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2017-06-15 18:23 - 2017-05-20 23:42 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2017-06-15 18:23 - 2017-05-16 14:19 - 00394448 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2017-06-15 18:23 - 2017-05-16 13:35 - 00346320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2017-06-15 18:23 - 2017-05-14 16:46 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2017-06-15 18:23 - 2017-05-14 16:46 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2017-06-15 18:23 - 2017-05-14 16:28 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2017-06-15 18:23 - 2017-05-14 16:27 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2017-06-15 18:23 - 2017-05-14 16:27 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2017-06-15 18:23 - 2017-05-14 16:27 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2017-06-15 18:23 - 2017-05-14 16:26 - 00576512 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2017-06-15 18:23 - 2017-05-14 16:24 - 02899456 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2017-06-15 18:23 - 2017-05-14 16:19 - 25738752 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2017-06-15 18:23 - 2017-05-14 16:17 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2017-06-15 18:23 - 2017-05-14 16:16 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2017-06-15 18:23 - 2017-05-14 16:12 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2017-06-15 18:23 - 2017-05-14 16:10 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2017-06-15 18:23 - 2017-05-14 16:10 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2017-06-15 18:23 - 2017-05-14 16:10 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2017-06-15 18:23 - 2017-05-14 16:10 - 00116224 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2017-06-15 18:23 - 2017-05-14 16:01 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2017-06-15 18:23 - 2017-05-14 15:57 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2017-06-15 18:23 - 2017-05-14 15:55 - 05975040 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2017-06-15 18:23 - 2017-05-14 15:48 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2017-06-15 18:23 - 2017-05-14 15:47 - 00087552 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2017-06-15 18:23 - 2017-05-14 15:46 - 00107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2017-06-15 18:23 - 2017-05-14 15:42 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2017-06-15 18:23 - 2017-05-14 15:41 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2017-06-15 18:23 - 2017-05-14 15:38 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2017-06-15 18:23 - 2017-05-14 15:37 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2017-06-15 18:23 - 2017-05-14 15:36 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2017-06-15 18:23 - 2017-05-14 15:23 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2017-06-15 18:23 - 2017-05-14 15:23 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2017-06-15 18:23 - 2017-05-14 15:22 - 00499200 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2017-06-15 18:23 - 2017-05-14 15:22 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2017-06-15 18:23 - 2017-05-14 15:22 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2017-06-15 18:23 - 2017-05-14 15:21 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2017-06-15 18:23 - 2017-05-14 15:20 - 00725504 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2017-06-15 18:23 - 2017-05-14 15:19 - 00806912 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2017-06-15 18:23 - 2017-05-14 15:18 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2017-06-15 18:23 - 2017-05-14 15:17 - 02132992 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2017-06-15 18:23 - 2017-05-14 15:16 - 02290176 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2017-06-15 18:23 - 2017-05-14 15:15 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2017-06-15 18:23 - 2017-05-14 15:14 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2017-06-15 18:23 - 2017-05-14 15:12 - 00476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2017-06-15 18:23 - 2017-05-14 15:11 - 20274688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2017-06-15 18:23 - 2017-05-14 15:11 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2017-06-15 18:23 - 2017-05-14 15:10 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2017-06-15 18:23 - 2017-05-14 15:10 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2017-06-15 18:23 - 2017-05-14 15:02 - 00416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2017-06-15 18:23 - 2017-05-14 14:57 - 00073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2017-06-15 18:23 - 2017-05-14 14:57 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-06-15 18:23 - 2017-05-14 14:56 - 00091136 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2017-06-15 18:23 - 2017-05-14 14:54 - 15252992 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2017-06-15 18:23 - 2017-05-14 14:53 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2017-06-15 18:23 - 2017-05-14 14:52 - 03240960 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2017-06-15 18:23 - 2017-05-14 14:52 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2017-06-15 18:23 - 2017-05-14 14:50 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2017-06-15 18:23 - 2017-05-14 14:49 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2017-06-15 18:23 - 2017-05-14 14:44 - 04549120 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2017-06-15 18:23 - 2017-05-14 14:42 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2017-06-15 18:23 - 2017-05-14 14:40 - 00693248 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2017-06-15 18:23 - 2017-05-14 14:39 - 02057216 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2017-06-15 18:23 - 2017-05-14 14:38 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2017-06-15 18:23 - 2017-05-14 14:37 - 01544704 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2017-06-15 18:23 - 2017-05-14 14:30 - 13664768 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2017-06-15 18:23 - 2017-05-14 14:27 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2017-06-15 18:23 - 2017-05-14 14:15 - 02767872 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2017-06-15 18:23 - 2017-05-14 14:11 - 01314816 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2017-06-15 18:23 - 2017-05-14 14:11 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2017-06-15 18:23 - 2017-05-12 14:27 - 00631176 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2017-06-15 18:23 - 2017-05-12 14:26 - 05547752 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2017-06-15 18:23 - 2017-05-12 14:26 - 00706792 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2017-06-15 18:23 - 2017-05-12 14:26 - 00382696 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2017-06-15 18:23 - 2017-05-12 14:24 - 01732864 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2017-06-15 18:23 - 2017-05-12 14:22 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2017-06-15 18:23 - 2017-05-12 14:22 - 00880640 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2017-06-15 18:23 - 2017-05-12 14:22 - 00806912 _____ (Microsoft Corporation) C:\windows\system32\usp10.dll
2017-06-15 18:23 - 2017-05-12 14:22 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2017-06-15 18:23 - 2017-05-12 14:22 - 00419840 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2017-06-15 18:23 - 2017-05-12 14:22 - 00405504 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2017-06-15 18:23 - 2017-05-12 14:22 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2017-06-15 18:23 - 2017-05-12 14:22 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2017-06-15 18:23 - 2017-05-12 14:22 - 00215552 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2017-06-15 18:23 - 2017-05-12 14:22 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2017-06-15 18:23 - 2017-05-12 14:22 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2017-06-15 18:23 - 2017-05-12 14:22 - 00059904 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2017-06-15 18:23 - 2017-05-12 14:22 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2017-06-15 18:23 - 2017-05-12 14:22 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2017-06-15 18:23 - 2017-05-12 14:22 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2017-06-15 18:23 - 2017-05-12 14:22 - 00041472 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2017-06-15 18:23 - 2017-05-12 14:22 - 00034816 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2017-06-15 18:23 - 2017-05-12 14:22 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2017-06-15 18:23 - 2017-05-12 14:22 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2017-06-15 18:23 - 2017-05-12 14:22 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2017-06-15 18:23 - 2017-05-12 14:22 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2017-06-15 18:23 - 2017-05-12 14:22 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-06-15 18:23 - 2017-05-12 14:22 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-06-15 18:23 - 2017-05-12 14:22 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-06-15 18:23 - 2017-05-12 14:22 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-06-15 18:23 - 2017-05-12 14:22 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-06-15 18:23 - 2017-05-12 14:22 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-06-15 18:23 - 2017-05-12 14:22 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-06-15 18:23 - 2017-05-12 14:22 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-06-15 18:23 - 2017-05-12 14:22 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-06-15 18:23 - 2017-05-12 14:22 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-06-15 18:23 - 2017-05-12 14:22 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-06-15 18:23 - 2017-05-12 14:22 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-06-15 18:23 - 2017-05-12 14:22 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-06-15 18:23 - 2017-05-12 14:22 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-06-15 18:23 - 2017-05-12 14:22 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-06-15 18:23 - 2017-05-12 14:22 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-06-15 18:23 - 2017-05-12 14:22 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-06-15 18:23 - 2017-05-12 14:22 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-06-15 18:23 - 2017-05-12 14:22 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-06-15 18:23 - 2017-05-12 14:22 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-06-15 18:23 - 2017-05-12 14:22 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-06-15 18:23 - 2017-05-12 14:22 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-06-15 18:23 - 2017-05-12 14:22 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-06-15 18:23 - 2017-05-12 14:22 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-06-15 18:23 - 2017-05-12 14:22 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-06-15 18:23 - 2017-05-12 14:22 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-06-15 18:23 - 2017-05-12 14:22 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-06-15 18:23 - 2017-05-12 14:22 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-06-15 18:23 - 2017-05-12 14:07 - 04001000 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2017-06-15 18:23 - 2017-05-12 14:07 - 03945704 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2017-06-15 18:23 - 2017-05-12 14:07 - 00308456 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2017-06-15 18:23 - 2017-05-12 14:04 - 01314112 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2017-06-15 18:23 - 2017-05-12 14:03 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2017-06-15 18:23 - 2017-05-12 14:03 - 00644096 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2017-06-15 18:23 - 2017-05-12 14:03 - 00629760 _____ (Microsoft Corporation) C:\windows\SysWOW64\usp10.dll
2017-06-15 18:23 - 2017-05-12 14:03 - 00313344 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2017-06-15 18:23 - 2017-05-12 14:03 - 00275456 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2017-06-15 18:23 - 2017-05-12 14:03 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2017-06-15 18:23 - 2017-05-12 14:03 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2017-06-15 18:23 - 2017-05-12 14:03 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2017-06-15 18:23 - 2017-05-12 14:03 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2017-06-15 18:23 - 2017-05-12 14:03 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2017-06-15 18:23 - 2017-05-12 14:03 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2017-06-15 18:23 - 2017-05-12 14:03 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-06-15 18:23 - 2017-05-12 14:03 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2017-06-15 18:23 - 2017-05-12 14:03 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-06-15 18:23 - 2017-05-12 14:03 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-06-15 18:23 - 2017-05-12 14:03 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-06-15 18:23 - 2017-05-12 14:03 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-06-15 18:23 - 2017-05-12 14:03 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-06-15 18:23 - 2017-05-12 14:03 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-06-15 18:23 - 2017-05-12 14:03 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-06-15 18:23 - 2017-05-12 14:03 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-06-15 18:23 - 2017-05-12 14:03 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-06-15 18:23 - 2017-05-12 14:03 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-06-15 18:23 - 2017-05-12 14:03 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-06-15 18:23 - 2017-05-12 14:03 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-06-15 18:23 - 2017-05-12 14:03 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-06-15 18:23 - 2017-05-12 14:03 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-06-15 18:23 - 2017-05-12 14:03 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-06-15 18:23 - 2017-05-12 14:03 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-06-15 18:23 - 2017-05-12 14:03 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-06-15 18:23 - 2017-05-12 14:03 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-06-15 18:23 - 2017-05-12 14:03 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-06-15 18:23 - 2017-05-12 14:03 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-06-15 18:23 - 2017-05-12 14:03 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-06-15 18:23 - 2017-05-12 14:03 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-06-15 18:23 - 2017-05-12 14:03 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-06-15 18:23 - 2017-05-12 13:55 - 00148480 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2017-06-15 18:23 - 2017-05-12 13:54 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2017-06-15 18:23 - 2017-05-12 13:54 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2017-06-15 18:23 - 2017-05-12 13:52 - 03222528 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2017-06-15 18:23 - 2017-05-12 13:51 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2017-06-15 18:23 - 2017-05-12 13:50 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2017-06-15 18:23 - 2017-05-12 13:46 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2017-06-15 18:23 - 2017-05-12 13:43 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2017-06-15 18:23 - 2017-05-12 13:41 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2017-06-15 18:23 - 2017-05-12 13:41 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2017-06-15 18:23 - 2017-05-12 13:41 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2017-06-15 18:23 - 2017-05-12 13:41 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2017-06-15 18:23 - 2017-05-12 13:40 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-06-15 18:23 - 2017-05-12 13:40 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-06-15 18:23 - 2017-05-12 13:40 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-06-15 18:23 - 2017-05-12 13:40 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-06-15 18:23 - 2017-05-12 12:25 - 01251328 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2017-06-15 18:23 - 2017-05-12 11:58 - 01648128 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2017-06-15 18:23 - 2017-05-12 11:58 - 01180160 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2017-06-15 18:23 - 2017-05-10 11:33 - 00091368 _____ (Microsoft Corporation) C:\windows\system32\MigAutoPlay.exe
2017-06-15 18:23 - 2017-05-10 11:29 - 14183936 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2017-06-15 18:23 - 2017-05-10 11:29 - 03165184 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2017-06-15 18:23 - 2017-05-10 11:29 - 01867776 _____ (Microsoft Corporation) C:\windows\system32\ExplorerFrame.dll
2017-06-15 18:23 - 2017-05-10 11:29 - 00192512 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2017-06-15 18:23 - 2017-05-10 11:29 - 00098816 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2017-06-15 18:23 - 2017-05-10 11:28 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2017-06-15 18:23 - 2017-05-10 11:16 - 00091368 _____ (Microsoft Corporation) C:\windows\SysWOW64\MigAutoPlay.exe
2017-06-15 18:23 - 2017-05-10 11:14 - 02651136 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2017-06-15 18:23 - 2017-05-10 11:13 - 00709120 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2017-06-15 18:23 - 2017-05-10 11:13 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2017-06-15 18:23 - 2017-05-10 11:13 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2017-06-15 18:23 - 2017-05-10 11:13 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2017-06-15 18:23 - 2017-05-10 11:13 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2017-06-15 18:23 - 2017-05-10 11:13 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2017-06-15 18:23 - 2017-05-10 11:12 - 12880896 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2017-06-15 18:23 - 2017-05-10 11:12 - 01499648 _____ (Microsoft Corporation) C:\windows\SysWOW64\ExplorerFrame.dll
2017-06-15 18:23 - 2017-05-10 11:12 - 00174080 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2017-06-15 18:23 - 2017-05-10 11:00 - 00573440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2017-06-15 18:23 - 2017-05-10 11:00 - 00093696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2017-06-15 18:23 - 2017-05-10 11:00 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2017-06-15 18:23 - 2017-05-10 11:00 - 00030208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2017-06-15 18:23 - 2017-05-10 10:52 - 00117248 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys
2017-06-15 18:23 - 2017-05-09 11:30 - 00757248 _____ (Microsoft Corporation) C:\windows\system32\win32spl.dll
2017-06-15 18:23 - 2017-05-09 11:29 - 00970240 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
2017-06-15 18:23 - 2017-05-09 11:15 - 00071680 _____ C:\windows\system32\PrintBrmUi.exe
2017-06-15 18:23 - 2017-05-09 11:11 - 00497664 _____ (Microsoft Corporation) C:\windows\SysWOW64\win32spl.dll
2017-06-15 18:23 - 2017-05-07 11:33 - 00094440 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys
2017-06-15 18:23 - 2017-05-07 11:29 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\msmmsp.dll
2017-06-15 18:23 - 2017-04-27 18:50 - 03550208 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_47.dll
2017-06-15 18:23 - 2017-04-12 09:05 - 04296704 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_47.dll
2017-06-15 18:23 - 2017-03-30 11:03 - 00046080 _____ (Microsoft Corporation) C:\windows\system32\rundll32.exe
2017-06-15 18:23 - 2017-03-30 10:58 - 00045056 _____ (Microsoft Corporation) C:\windows\SysWOW64\rundll32.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-07-15 21:23 - 2017-02-08 21:08 - 00000000 ____D C:\Users\Jerry\AppData\Roaming\uTorrent
2017-07-15 19:21 - 2017-02-08 22:32 - 00000000 ____D C:\Users\Jerry\AppData\LocalLow\uTorrent
2017-07-15 19:16 - 2009-07-13 23:20 - 00000000 ____D C:\windows\system32\NDF
2017-07-15 16:32 - 2017-02-08 18:13 - 00122448 _____ C:\Users\Jerry\AppData\Local\GDIPFONTCACHEV1.DAT
2017-07-15 16:27 - 2009-07-14 00:45 - 00031536 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-07-15 16:27 - 2009-07-14 00:45 - 00031536 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-07-15 16:24 - 2017-02-15 17:42 - 00000000 ____D C:\Users\Jerry\Documents\Outlook Files
2017-07-15 16:23 - 2017-02-08 18:12 - 00003926 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{2DB76673-1322-4C81-9669-A258979D2927}
2017-07-15 16:12 - 2016-06-17 14:59 - 00000000 ____D C:\ProgramData\Synaptics
2017-07-15 16:12 - 2009-07-14 01:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2017-07-14 17:34 - 2017-05-27 20:35 - 00000000 ____D C:\Users\Jerry\AppData\Local\ElevatedDiagnostics
2017-07-14 16:53 - 2017-02-23 22:38 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-07-14 16:26 - 2017-03-11 23:37 - 00002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2017-07-14 14:27 - 2017-03-22 16:24 - 00003186 _____ C:\windows\System32\Tasks\HPCeeScheduleForJerry
2017-07-14 14:27 - 2017-03-22 16:24 - 00000332 _____ C:\windows\Tasks\HPCeeScheduleForJerry.job
2017-07-14 13:15 - 2017-03-03 22:02 - 00803328 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2017-07-14 13:15 - 2017-03-03 22:02 - 00144896 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-07-14 13:15 - 2017-03-03 22:02 - 00004312 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2017-07-14 13:15 - 2017-03-03 22:02 - 00000000 ____D C:\windows\SysWOW64\Macromed
2017-07-14 13:15 - 2017-03-03 22:02 - 00000000 ____D C:\windows\system32\Macromed
2017-07-14 13:13 - 2017-05-15 13:22 - 00000000 ____D C:\windows\system32\MRT
2017-07-14 13:09 - 2017-05-15 13:21 - 135225752 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2017-07-11 15:22 - 2016-06-17 15:48 - 00065536 _____ C:\windows\system32\spu_storage.bin
2017-07-06 03:09 - 2017-02-11 18:06 - 00337408 _____ C:\Users\Jerry\Documents\Yard Business 2013.xls
2017-06-25 11:21 - 2009-07-14 01:13 - 00779284 _____ C:\windows\system32\PerfStringBackup.INI
2017-06-25 11:21 - 2009-07-13 23:20 - 00000000 ____D C:\windows\inf
2017-06-22 21:41 - 2009-07-13 22:34 - 00000545 _____ C:\windows\win.ini
2017-06-22 16:13 - 2009-07-13 23:20 - 00000000 ____D C:\windows\rescache
2017-06-20 14:09 - 2017-05-07 21:39 - 00014806 _____ C:\Users\Jerry\Documents\Profit per hour.xlsx
2017-06-16 21:25 - 2009-07-14 00:45 - 00454808 _____ C:\windows\system32\FNTCACHE.DAT
2017-06-16 21:23 - 2009-07-13 23:20 - 00000000 ____D C:\windows\SysWOW64\migwiz
2017-06-16 21:23 - 2009-07-13 23:20 - 00000000 ____D C:\windows\system32\migwiz
==================== Files in the root of some directories =======
2017-02-15 18:41 - 2017-02-15 18:41 - 0024619 _____ () C:\Users\Jerry\AppData\Roaming\Comma Separated Values.ADR
2017-02-08 18:11 - 2017-07-15 16:13 - 1145047 _____ () C:\Users\Jerry\AppData\Local\BTServer.log
2017-04-03 17:43 - 2017-04-03 17:43 - 0003584 _____ () C:\Users\Jerry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-06-17 15:36 - 2016-06-17 15:36 - 0181192 _____ () C:\ProgramData\DiscoverLHInstall.log
2016-03-18 11:33 - 2016-03-18 11:33 - 0267498 _____ () C:\ProgramData\Hotkey_61_setup.log
2016-03-18 11:32 - 2016-03-18 11:32 - 0705214 _____ () C:\ProgramData\HPCM_Install_Log.txt
2016-06-17 15:03 - 2016-06-17 15:10 - 9061532 _____ () C:\ProgramData\hpcsmmsilogs.log
2017-02-09 08:00 - 2017-02-23 20:16 - 0000469 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2016-06-17 15:25 - 2016-06-17 15:27 - 1571280 _____ () C:\ProgramData\SynFPRmsiLogs.log
Files to move or delete:
====================
C:\Users\Public\VOIP.dat
Some files in TEMP:
====================
2017-03-05 19:39 - 2017-03-05 19:39 - 0661736 _____ (NCH Software) C:\Users\Jerry\AppData\Local\Temp\invsetup.exe
2017-02-08 21:19 - 2017-02-08 21:45 - 32363232 _____ (Applian Technologies) C:\Users\Jerry\AppData\Local\Temp\_ir_sf_temp_0RCATSetup.exe
2017-02-08 22:09 - 2017-02-08 22:14 - 29918344 _____ (Applian Technologies) C:\Users\Jerry\AppData\Local\Temp\_ir_sf_temp_0RCSetup.exe
2017-02-08 21:29 - 2017-02-08 21:29 - 0165888 _____ () C:\Users\Jerry\AppData\Local\Temp\_ir_sf_temp_0RMSetup.exe
2017-02-08 21:58 - 2017-02-08 22:06 - 32804168 _____ (Applian Technologies Inc.) C:\Users\Jerry\AppData\Local\Temp\_ir_sf_temp_0RMSSetup.exe
2017-02-08 21:24 - 2017-02-08 21:52 - 12583936 _____ (Applian Technologies Inc.) C:\Users\Jerry\AppData\Local\Temp\_ir_sf_temp_0RVCSetup.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-07-14 17:26
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-07-2017
Ran by Jerry (15-07-2017 21:24:29)
Running from C:\Users\Jerry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\00XQXXBQ
Windows 7 Professional Service Pack 1 (X64) (2017-02-08 22:10:25)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1770820168-160824308-3033925751-500 - Administrator - Disabled)
Guest (S-1-5-21-1770820168-160824308-3033925751-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1770820168-160824308-3033925751-1002 - Limited - Enabled)
Jerry (S-1-5-21-1770820168-160824308-3033925751-1001 - Administrator - Enabled) => C:\Users\Jerry
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-1770820168-160824308-3033925751-1001\...\uTorrent) (Version: 3.5.0.43916 - BitTorrent Inc.)
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 17.009.20058 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20058 - Adobe Systems Incorporated)
Adobe Flash Player 26 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 26.0.0.137 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{3E2079EC-9C14-EC10-822A-FDB1D4397076}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Any DVD Cloner Platinum 1.3.5 (HKLM-x32\...\Any DVD Cloner Platinum_is1) (Version: - dvdsmith.com)
Applian Director 3 (HKLM-x32\...\Applian Director3.01) (Version: 3.01 - Applian Technologies Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.204.1 - Conexant Systems)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.5605 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.4.5613 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.2.1.6708 - CyberLink Corp.)
Discover HP Touchpoint Manager (HKLM-x32\...\{480FA137-DB2E-4C1A-89EF-476E69E175ED}) (Version: 1.0.19.1 - HP)
Easy Computer Sync (HKLM-x32\...\Easy Computer Sync) (Version: 2.0 - Bravura Software LLC)
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Foxit PhantomPDF (HKLM-x32\...\{5CFE00C7-06D8-426A-8370-2962A40DAE1C}) (Version: 6.0.23.427 - Foxit Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
GoTo Opener (HKLM-x32\...\{C0A5FA19-686C-490A-91CF-513FE6832187}) (Version: 1.0.459 - LogMeIn, Inc.)
Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
HP 3D DriveGuard (HKLM-x32\...\{E8D0E2B8-B64B-44BC-8E01-00DDACBDF78A}) (Version: 6.0.28.1 - Hewlett-Packard Company)
HP Client Security Manager (HKLM\...\HPProtectTools) (Version: 8.3.15.2026 - Hewlett-Packard Company)
HP Connection Manager (HKLM-x32\...\{B6EEB281-A0F8-4C5B-A85E-7FC94D5A7B23}) (Version: 5.0.5.1 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{FC34BD4D-4FD6-4E43-9879-EB6CC2002A59}) (Version: 1.0.0.1 - Hewlett-Packard)
HP Drive Encryption (HKLM\...\HPDriveEncryption) (Version: 8.6.24.53 - HP)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{B9947FC1-4DC3-43CC-8106-8C9E43D6F349}) (Version: 3.3.1 - HP)
HP Hotkey Support (HKLM-x32\...\{F50E6249-63F5-4940-8E13-471A210D293E}) (Version: 6.2.5.1 - Hewlett-Packard Company)
HP Pixel Sharp (HKLM\...\{2516958F-BF94-1AA8-3D3E-B9B3F0CD2767}) (Version: 3.0.0.7 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15453.4066 - Hewlett-Packard Company)
HP SoftPaq Download Manager (HKLM-x32\...\{f41e84dd-bf67-4276-a972-df8f69ff28b6}) (Version: 4.0.0.0 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{83421C73-4679-40F0-B590-20846CB893E0}) (Version: 9.0.1 - HP)
HP Support Assistant (HKLM-x32\...\{61EB474B-67A6-47F4-B1B7-386851BAB3D0}) (Version: 8.4.19.3 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{D7D5F438-26EF-45AB-AB89-C476FBCF8584}) (Version: 12.7.27.15 - Hewlett-Packard Company)
HP System Default Settings (HKLM-x32\...\{FF94262A-A307-4D6A-AD8A-9D814A93E344}) (Version: 3.1.1 - HP)
HP Universal Camera Driver (HKLM-x32\...\{8B204728-0D90-48BE-97C0-BBEDDFDFA83C}) (Version: 3.5.8.5 - SunplusIT)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 English (HKLM-x32\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{99AC7F47-A4E0-4706-9C65-8948775C2652}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
MyInvoices & Estimates Deluxe (HKLM-x32\...\{976200DC-25F5-4BCD-BE35-853E84A8183A}) (Version: 10.0.0.1 - Avanquest North America Inc.)
OEM Application Profile (HKLM-x32\...\{B4B7FD8F-06FC-E277-4F29-8F75F8281D8F}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
opensource (HKLM-x32\...\{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}) (Version: 1.0.14960.3876 - Your Company Name) Hidden
Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM\...\{90160000-001F-040C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.48 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.370.95 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.94.723.2015 - Realtek)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.64 - REALTEK Semiconductor Corp.)
Remo Recover 4.0 (HKLM\...\{A573D759-F894-448D-A420-3A9C31879F88}_is1) (Version: 4.0.0.64 - Remo Software)
Replay Converter 5 (5.0.1.54) (HKLM-x32\...\Replay Converter 5) (Version: 5.0.1.54 - Applian Technologies)
Replay Media Catcher 6 (6.0.1.54) (HKLM-x32\...\Replay Media Catcher 6) (Version: 6.0.1.54 - Applian Technologies)
Replay Media Splitter 3.0.1702.1 (HKLM-x32\...\Replay_Media_Splitter_1.2) (Version: 3.0.1702.1 - Applian Technologies Inc.)
Replay Video Capture 8 (HKLM-x32\...\Replay Video Capture 8) (Version: 8.8.2.1 - Applian Technologies Inc.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.19.1 - Synaptics Incorporated)
Synaptics WBF Fingerprint Reader (HKLM\...\{608E0775-D27A-4C97-A8E4-67AC517F72F7}) (Version: 4.5.315.0 - Synaptics)
TurboTax 2016 (HKLM-x32\...\TurboTax 2016) (Version: 2016.0 - Intuit, Inc)
Update for Skype for Business 2016 (KB3213548) 64-Bit Edition (HKLM\...\{90160000-0011-0000-1000-0000000FF1CE}_Office16.PROPLUS_{1C894A72-A611-4A19-B106-0218E3CAC377}) (Version: - Microsoft)
Update for Skype for Business 2016 (KB3213548) 64-Bit Edition (HKLM\...\{90160000-012B-0409-1000-0000000FF1CE}_Office16.PROPLUS_{1C894A72-A611-4A19-B106-0218E3CAC377}) (Version: - Microsoft)
WinZip 21.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C2410F}) (Version: 21.5.12480 - WinZip Computing, S.L. )
Wondershare Data Recovery(Build 5.0.0.5) (HKLM-x32\...\{FEA3976F-D621-45F3-AFBD-E812A1F2F00D}_is1) (Version: 5.0.0.5 - Wondershare Software Co.,Ltd.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1770820168-160824308-3033925751-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Jerry\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1770820168-160824308-3033925751-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Jerry\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1770820168-160824308-3033925751-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Jerry\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1770820168-160824308-3033925751-1001_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.dll ()
ContextMenuHandlers01: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems Inc.)
ContextMenuHandlers01: [BtSendToMenuEx] -> {CF24E6B8-F148-4BCB-9108-ADF313966E80} => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\DevMenuExt.dll [2014-07-03] (Realtek Semiconductor Corporation)
ContextMenuHandlers01: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-08-05] (Cyberlink)
ContextMenuHandlers01: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers01: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2014-10-22] (Foxit Corporation)
ContextMenuHandlers01: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2017-04-19] (WinZip Computing, S.L.)
ContextMenuHandlers02: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2015-08-05] (Cyberlink)
ContextMenuHandlers02: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers04: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers04: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2017-04-19] (WinZip Computing, S.L.)
ContextMenuHandlers05: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-08-21] (Advanced Micro Devices, Inc.)
ContextMenuHandlers06: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems Inc.)
ContextMenuHandlers06: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2017-04-19] (WinZip Computing, S.L.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {07A780FD-B574-4A81-B607-F866D88A4FB1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {15E274BC-72F9-4302-B8D8-5DD379CC44F9} - System32\Tasks\WinZip Update Notifier => C:\Program Files\WinZip\WZUpdateNotifier.exe [2017-04-19] (WinZip)
Task: {2387C545-47E7-49DB-924B-CEEEAE31CEC0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {28D06DE1-D198-4162-9C3E-12FCEBA888B6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-05-25] (HP Inc.)
Task: {2A781FE4-A393-467E-9CD6-20EFF28A3A8E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {2D611311-7E9C-45BC-B98F-CB4690A1CDD1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {46A197FC-5C0B-4AF0-ABEC-F7FE0446A286} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {561D9AFB-4DF2-4532-BE75-0A854B3A6D0E} - System32\Tasks\Microsoft\Windows\Conexant\SA3 => C:\Program Files\CONEXANT\SA3\HP-NB-AIO\SACpl.exe [2016-10-06] (Conexant Systems, Inc.)
Task: {7F11FD56-3A37-497C-AD19-08A8B74E1A36} - System32\Tasks\Microsoft\Windows\Conexant\MicTray => C:\Windows\System32\MicTray64.exe [2017-05-14] (Conexant)
Task: {7FD9BDB7-A6FE-4112-9DBF-7C58DA7D82B2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {85297FFE-D763-4764-830F-F8180B7DE92B} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {8FB95E2D-92C2-4C9D-AE6C-D231F9583ECC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {93784EE0-CF5A-4E27-9941-2EFCEF69D84B} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation)
Task: {9C34ABAE-14D0-4E28-B2A4-CD6BE84518D2} - System32\Tasks\HPCeeScheduleForJerry => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {A423030E-CC48-4175-A4DF-C31436BAE90C} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-07-14] (Adobe Systems Incorporated)
Task: {CF58B6F0-1E8A-4F85-8FB0-021C87646881} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-07-15] (Google Inc.)
Task: {EB057306-EE2B-4492-B712-82C0E5934293} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {F473FB90-A1A3-4451-BEBC-95BFB65599DB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-07-15] (Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\windows\Tasks\HPCeeScheduleForJerry.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2014-05-28 12:14 - 2014-05-28 12:14 - 00336056 _____ () c:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\BIOSDomainPlugin.dll
2017-02-22 23:56 - 2017-02-22 23:56 - 08911560 _____ () C:\Program Files\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-06-17 15:30 - 2015-11-19 18:44 - 00127192 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
2017-05-19 08:51 - 2017-05-19 08:51 - 00495616 _____ () C:\Program Files\WinZip Smart Monitor\WinZip Smart Monitor Service.exe
2016-06-17 15:30 - 2014-07-03 12:22 - 00277720 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\SkypePlugin.exe
2017-05-22 18:58 - 2017-05-22 18:58 - 00349696 _____ () C:\Program Files\WinZip Smart Monitor\Plugins\7BC0E678-C2D8-43A4-B694-A458734AEF6D.2.1.0.10\7BC0E678-C2D8-43A4-B694-A458734AEF6D.2.1.0.10.dll
2016-06-17 15:35 - 2015-07-06 06:01 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2015-07-06 21:01 - 2015-07-06 21:01 - 00016856 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2017-02-22 23:56 - 2017-02-22 23:56 - 08911560 _____ () C:\Program Files (x86)\Microsoft Office\Office16\1033\GrooveIntlResource.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:C0789917 [171]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist Remote Support Customer => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 _____ C:\windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1770820168-160824308-3033925751-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Jerry\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254 - 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{81EE4843-2D5D-4C1C-99F8-38C5CCB7B0A5}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{BDB60440-5D11-40EF-B82D-E7F3CB1C8062}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F52E0E66-B5E6-4F88-A16B-129C0F74E360}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{613FA001-9E47-41BC-AAB8-7F9172F4793E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{AE9A6A44-2676-4687-8E80-E084ECD0760B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E107DE6A-D366-491B-9330-4BA397AB2EE8}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{71507A46-8C77-47E0-BCB5-8D27C1A18D76}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{867A11AF-7263-4474-8EBE-20A8C0765349}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{EFB2978A-DDC6-45DB-881D-A827B329D306}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{32EAF3B4-6CF6-4AE9-AC1E-96956F35F60A}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{3FC97AE1-49F9-4FA5-82AC-7FD2BBB61075}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{7FE8C6E7-407E-4C38-B38C-9AEE9B9167E2}] => (Allow) C:\Users\Jerry\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3FEC2455-F850-4C42-AA70-C6AECD914F43}] => (Allow) C:\Users\Jerry\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{973A9651-F9F2-48E0-921B-4765D088B853}] => (Allow) C:\Users\Jerry\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A05289DB-E57F-4E2A-9116-5B5E764BAA51}] => (Allow) C:\Users\Jerry\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1DD4DD19-30D4-4CA9-939A-94CF1FA9205D}] => (Allow) C:\Users\Jerry\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{52AAF37D-4AD9-43B0-A158-44DAF1E826CE}] => (Allow) C:\Users\Jerry\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{51721E7F-AF8F-4047-98A5-7660DE9B54A3}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Converter 5\jrcvp.exe
FirewallRules: [{A8552DE8-1E67-4574-B81B-36654ED7FC70}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Converter 5\jrcvp.exe
FirewallRules: [{F134F214-EFF8-40AF-A2B5-512F1168A16F}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Converter 5\ffmpeg.exe
FirewallRules: [{36C8D391-CB49-45A1-80B3-8DB4A6CB9C5E}] => (Allow) C:\Program Files (x86)\Applian Technologies\Replay Converter 5\ffmpeg.exe
FirewallRules: [{F6539A5E-C56D-4B02-84F3-D68D962605F6}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [{1405105C-B31B-41EE-8D75-16CA67803CC1}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [{9419182A-3D2E-4B8C-9208-4951AB9F9F4B}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{C13F116C-1E62-40C3-91DF-9EDCD8034824}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{BBE2F24B-3254-4AF0-8E82-E8A9B933732B}] => (Allow) C:\Program Files (x86)\123CopyDVDPlatinum 2013\helper.exe
FirewallRules: [{1112F628-795C-437D-AF63-27C9438C393E}] => (Allow) C:\Program Files (x86)\123CopyDVDPlatinum 2013\helper.exe
FirewallRules: [{47528DDE-A35F-47F9-BD31-FDE8AC926D7E}] => (Allow) C:\Program Files (x86)\123CopyDVDPlatinum 2013\123CopyDVDPlatinum.exe
FirewallRules: [{C004E641-809B-4E93-BB08-C0BE04A4A18D}] => (Allow) C:\Program Files (x86)\123CopyDVDPlatinum 2013\123CopyDVDPlatinum.exe
FirewallRules: [{5E9A8591-2AB5-4F3D-89C8-58CBA3A1A1D9}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{529D34FE-8026-42B7-AB0F-2AE735DB41C7}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{ABB9CC8F-973E-4EC4-81F0-A23A6A139E3A}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{CB9E3248-A291-4A36-9CD3-F4D51D7D419E}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{70B20422-FA59-4779-9853-3252AC985BBF}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{614F550B-09E5-44A5-901E-C2DF447EDD33}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{05C331C5-DA88-46B5-970D-3A3B75D010C0}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [{0E3AFA16-943A-41CA-B15E-0E568A13B626}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [{54153534-75CB-4B7A-8A21-BAA687513982}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{0A1031E4-B501-4508-B0AB-D67294F40C52}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{1AD85D33-31AE-4334-B053-A3D0D2517D8D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
16-06-2017 21:32:45 Windows Update
20-06-2017 14:22:44 Windows Update
20-06-2017 14:36:10 Windows Update
22-06-2017 21:40:19 Windows Update
23-06-2017 22:18:19 Windows Update
27-06-2017 21:00:10 Windows Update
27-06-2017 21:05:38 HPSF Applying updates
04-07-2017 01:37:58 Windows Update
08-07-2017 19:55:12 Windows Update
14-07-2017 13:08:49 Windows Update
15-07-2017 16:16:34 Windows Update
==================== Faulty Device Manager Devices =============
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (07/15/2017 04:31:16 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "C:\Program Files\WinZip\adxloader.dll.Manifest".Error in manifest or policy file "C:\Program Files\WinZip\adxloader.dll.Manifest" on line 2.
The manifest file root element must be assembly.
Error: (07/14/2017 01:20:22 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "C:\Program Files\WinZip\adxloader.dll.Manifest".Error in manifest or policy file "C:\Program Files\WinZip\adxloader.dll.Manifest" on line 2.
The manifest file root element must be assembly.
Error: (07/09/2017 05:06:53 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "C:\Program Files\WinZip\adxloader.dll.Manifest".Error in manifest or policy file "C:\Program Files\WinZip\adxloader.dll.Manifest" on line 2.
The manifest file root element must be assembly.
Error: (07/08/2017 07:45:35 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "C:\Program Files\WinZip\adxloader.dll.Manifest".Error in manifest or policy file "C:\Program Files\WinZip\adxloader.dll.Manifest" on line 2.
The manifest file root element must be assembly.
Error: (07/05/2017 10:33:44 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "C:\Program Files\WinZip\adxloader.dll.Manifest".Error in manifest or policy file "C:\Program Files\WinZip\adxloader.dll.Manifest" on line 2.
The manifest file root element must be assembly.
Error: (07/04/2017 01:31:58 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "C:\Program Files\WinZip\adxloader.dll.Manifest".Error in manifest or policy file "C:\Program Files\WinZip\adxloader.dll.Manifest" on line 2.
The manifest file root element must be assembly.
Error: (06/29/2017 08:08:10 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "C:\Program Files\WinZip\adxloader.dll.Manifest".Error in manifest or policy file "C:\Program Files\WinZip\adxloader.dll.Manifest" on line 2.
The manifest file root element must be assembly.
Error: (06/27/2017 08:57:48 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "C:\Program Files\WinZip\adxloader.dll.Manifest".Error in manifest or policy file "C:\Program Files\WinZip\adxloader.dll.Manifest" on line 2.
The manifest file root element must be assembly.
Error: (06/25/2017 11:25:17 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18698, time stamp: 0x59189c94
Faulting module name: MF.dll, version: 12.0.7601.23471, time stamp: 0x57602113
Exception code: 0xc0000005
Fault offset: 0x000b6427
Faulting process id: 0x1aa8
Faulting application start time: 0x01d2edc4e39306c6
Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Faulting module path: C:\windows\system32\MF.dll
Report Id: 7d5b9c10-59ba-11e7-aa12-40490f50b53e
Error: (06/25/2017 11:02:23 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "C:\Program Files\WinZip\adxloader.dll.Manifest".Error in manifest or policy file "C:\Program Files\WinZip\adxloader.dll.Manifest" on line 2.
The manifest file root element must be assembly.
System errors:
=============
Error: (07/15/2017 09:19:42 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
Error: (07/15/2017 09:19:30 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.
Error: (07/15/2017 04:14:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
Error: (07/15/2017 04:12:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The GoToAssist Remote Support Customer service failed to start due to the following error:
The system cannot find the file specified.
Error: (07/15/2017 04:11:31 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.247.718.0
Update Source: Microsoft Update Server
Update Stage: Search
Source Path: Default URL
Signature Type: AntiVirus
Update Type: Full
User: NT AUTHORITY\SYSTEM
Current Engine Version:
Previous Engine Version: 1.1.13903.0
Error code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Error: (07/15/2017 04:11:31 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}
Error: (07/15/2017 04:10:08 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.
Error: (07/15/2017 04:10:08 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.
Error: (07/15/2017 04:10:08 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.
Error: (07/15/2017 04:08:08 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.
==================== Memory info ===========================
Processor: AMD A8-7410 APU with AMD Radeon R5 Graphics
Percentage of memory in use: 71%
Total physical RAM: 3530.43 MB
Available physical RAM: 991.25 MB
Total Virtual: 7059.04 MB
Available Virtual: 3830.13 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:444.6 GB) (Free:290.34 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:18.16 GB) (Free:2 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.94 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: DE0BEE1C)
Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=444.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=18.2 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0B)
==================== End of Addition.txt ============================
How were you notified that you had the virus?
I suspect it was a hoax since I don't see any sign of malware but let's run the free ESET scan: (It will take several hours so you might want to let ti run while you sleep.)
A web page popped up and said to call this number.........or my computer would no longer be covered by Microsoft. It would not let me close out the page.
Thanks I will run that program tonight and post what you need tomorrow.
Most likely you hit an infected website but didn't really get infected. There are a lot of them out there. If it happens again you can right click on the clock and select Start Task Manager then Applications then click on your browser and End Task. That should kill it off without needing a reboot.
C:\Program Files (x86)\NCH Software\ExpressInvoice\expressinvoice.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\Users\Jerry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RW0MTLJI\winzip_en_64[1].msi a variant of Win32/Systweak.L potentially unwanted application,a variant of Win32/Systweak.N potentially unwanted application
C:\Users\Jerry\Desktop\Misc\NCH.Express.Invoice.v3.49-LAXiTY\eisetup_engl.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\Users\Jerry\Desktop\Old Firefox Data\conduitCommon\modules\3.10.0.1\SearchProtector.jsm Win32/Toolbar.Conduit.AT potentially unwanted application
C:\Users\Jerry\Desktop\Old Firefox Data\extensions\[email protected]\chrome\content\crossrider.js JS/Toolbar.Crossrider.AR potentially unwanted application
C:\Users\Jerry\Desktop\Old Firefox Data\ho1wugii.default-1361220106187\extensions\[email protected]\chrome\content\spigot.js JS/Adware.Spigot.A application
C:\Users\Jerry\Downloads\WinZip Pro v21.0 Build 12288 (x86.x64) - Full.rar a variant of Win32/Systweak.L potentially unwanted application,a variant of Win32/Systweak.N potentially unwanted application
C:\Users\Jerry\Downloads\NCH.Express.Invoice.v3.49-LAXiTY\eisetup_engl.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\Users\Jerry\Downloads\WinZip Pro 20.5 Build 12118 (x86x64) + Serial Key [SadeemPC]\winzip205.exe a variant of Win32/Systweak.L potentially unwanted application,a variant of Win32/Systweak.N potentially unwanted application
Do I let the program delete the infected files or not.........
Yes. Conduit stuff is always unwanted adware. Crossrider too. The Winzip stuff I'm not so sure of but it looks like it's a cracked version.
ok I will do that. So everything else looks fine?
Thanks for your help.
Yes the Torpig stuff was a hoax. We can cleanup now:
Thanks once again for all your help. I will go thru and do what you have suggested.
0 members, 0 guests, 0 anonymous users
Community Forum Software by IP.Board
Licensed to: Geeks to Go, Inc.