Long Story Short: Someone Opened an Email from a known person. It required "an Older Version of Microsoft Word" to open. Nothing was there. Windows Defender started saying I Had a Torjan Nymaim.K tried deleting but it keeps appearing.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-11-2017 03
Ran by Gilbert-PC (administrator) on GILBERT (13-11-2017 19:53:27)
Running from C:\Users\Gilbert-PC\Downloads
Loaded Profiles: Gilbert-PC & (Available Profiles: Gilbert-PC)
Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
(Corsair Components, Inc.) C:\Program Files (x86)\CorsairLink4\CorsairLink4.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
() C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\vmms.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Corsair Components, Inc.) C:\Program Files (x86)\CorsairLink4\CorsairLink4.Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
() C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv.exe
() C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9068040 2016-11-09] (Realtek Semiconductor)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163640 2017-08-13] (IvoSoft)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [529480 2016-02-23] (Autodesk Inc.)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3792648 2015-10-21] (Intuit Inc. All rights reserved.)
HKU\S-1-5-21-3397947757-2202323943-316364792-1001\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110376 2017-01-28] (Siber Systems)
HKU\S-1-5-21-3397947757-2202323943-316364792-1001\...\Run: [Fences] => "C:\Program Files (x86)\Stardock\Fences\Fences.exe" /startup
HKU\S-1-5-21-3397947757-2202323943-316364792-1001\...\Run: [wedge-83] => C:\Users\Gilbert-PC\AppData\Local\wedge-22\wedge-02.exe [509952 2017-09-26] ()
HKU\S-1-5-21-3397947757-2202323943-316364792-1001\...\Policies\Explorer: []
HKU\S-1-5-21-3397947757-2202323943-316364792-1001\...\Winlogon: [Shell] C:\ProgramData\centroid-57\centroid-90.exe -a1,explorer.exe <==== ATTENTION
HKU\S-1-5-21-3397947757-2202323943-316364792-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11132017193757474\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110376 2017-01-28] (Siber Systems)
HKU\S-1-5-21-3397947757-2202323943-316364792-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11132017193757474\...\Run: [Fences] => "C:\Program Files (x86)\Stardock\Fences\Fences.exe" /startup
HKU\S-1-5-21-3397947757-2202323943-316364792-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11132017193757474\...\Run: [wedge-83] => C:\Users\Gilbert-PC\AppData\Local\wedge-22\wedge-02.exe [509952 2017-09-26] ()
HKU\S-1-5-21-3397947757-2202323943-316364792-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11132017193757474\...\Policies\Explorer: []
HKU\S-1-5-21-3397947757-2202323943-316364792-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11132017193757474\...\Winlogon: [Shell] C:\ProgramData\centroid-57\centroid-90.exe -a1,explorer.exe <==== ATTENTION
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2016-11-01]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2016-11-01]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2016-11-01]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2016\QBW32.EXE (Intuit Inc.)
Startup: C:\Users\Gilbert-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gsm900-7.lnk [2017-11-13]
ShortcutTarget: gsm900-7.lnk -> C:\Users\Gilbert-PC\AppData\Local\gsm900-1\gsm900-68.exe ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{60CC048A-F861-4750-8B18-93CBF3663661}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{E683A96B-3BBB-4D94-A770-107ECE9EFE12}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-3397947757-2202323943-316364792-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-3397947757-2202323943-316364792-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11132017193757474\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-11-07] (Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (IvoSoft)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2017-01-28] (Siber Systems Inc.)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-11-07] (Microsoft Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2017-08-13] (IvoSoft)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-10-20] (Microsoft Corporation)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2017-08-13] (IvoSoft)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2017-01-28] (Siber Systems Inc.)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-11-07] (Microsoft Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2017-08-13] (IvoSoft)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2017-01-28] (Siber Systems Inc.)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (IvoSoft)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2017-01-28] (Siber Systems Inc.)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2017-08-13] (IvoSoft)
DPF: HKLM-x32 {DB9DE2A8-D1BA-472A-B1F8-39697899DEF7} hxxp://50.184.27.98/HiDvrOcx.cab
Handler-x32: intu-help-qb9 - {C1252096-0E63-4C06-A38B-03DF9A16AA12} - C:\Program Files (x86)\Intuit\QuickBooks 2016\HelpAsyncPluggableProtocol.dll [2017-10-16] (Intuit, Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-11-07] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-11-07] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-11-07] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-11-07] (Microsoft Corporation)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
FireFox:
========
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-10-20] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-10-20] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
Chrome:
=======
CHR DefaultSearchKeyword: Default -> lp
CHR Profile: C:\Users\Gilbert-PC\AppData\Local\Google\Chrome\User Data\Default [2017-11-13]
CHR Extension: (Slides) - C:\Users\Gilbert-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-20]
CHR Extension: (Docs) - C:\Users\Gilbert-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-20]
CHR Extension: (Google Drive) - C:\Users\Gilbert-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-27]
CHR Extension: (YouTube) - C:\Users\Gilbert-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-27]
CHR Extension: (Adblock Plus) - C:\Users\Gilbert-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-10-02]
CHR Extension: (Adobe Acrobat) - C:\Users\Gilbert-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-13]
CHR Extension: (Sheets) - C:\Users\Gilbert-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-20]
CHR Extension: (Google Docs Offline) - C:\Users\Gilbert-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-01]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Gilbert-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-10-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Gilbert-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-25]
CHR Extension: (Gmail) - C:\Users\Gilbert-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-27]
CHR Extension: (Chrome Media Router) - C:\Users\Gilbert-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-10-27]
CHR HKU\S-1-5-21-3397947757-2202323943-316364792-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3397947757-2202323943-316364792-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11132017193757474\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [1145928 2016-02-23] (Autodesk Inc.)
R2 Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [31160 2015-02-05] (Autodesk, Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8063656 2017-10-31] (Microsoft Corporation)
R3 CLink4Service; C:\Program Files (x86)\CorsairLink4\CorsairLink4.Service.exe [32976 2017-10-17] (Corsair Components, Inc.)
R2 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] ()
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [333280 2016-12-14] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2017-10-16] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2015-10-21] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2015-10-21] (Intuit Inc.) [File not signed]
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [1050904 2013-12-11] () [File not signed]
R2 SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [117400 2016-06-08] ()
S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] ()
R2 vmms; C:\Windows\system32\vmms.exe [13814784 2017-08-15] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 cpuz139; C:\Windows\TEMP\cpuz139\cpuz139_x64.sys [43328 2017-10-27] (CPUID)
R3 cpuz143; C:\Windows\temp\cpuz143\cpuz143_x64.sys [48960 2017-11-13] (CPUID)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [564216 2017-04-25] (Intel Corporation)
S3 FTSER2K; C:\Windows\system32\drivers\ftser2k.sys [88752 2016-10-04] ()
S3 lunparser; C:\Windows\System32\drivers\lunparser.sys [19456 2016-11-11] (Microsoft Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [253888 2017-11-13] (Malwarebytes)
R1 MpKsl39fa6c96; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B408A034-2F6C-461C-AB3F-5F9A0541F615}\MpKsl39fa6c96.sys [58120 2017-11-13] (Microsoft Corporation)
S3 passthruparser; C:\Windows\System32\drivers\passthruparser.sys [22016 2016-11-11] (Microsoft Corporation)
S3 pvhdparser; C:\Windows\System32\drivers\pvhdparser.sys [28160 2017-01-12] (Microsoft Corporation)
R3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
R1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [132120 2016-10-18] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [206416 2016-10-18] (Oracle Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [138896 2016-10-18] (Oracle Corporation)
S3 vhdparser; C:\Windows\System32\drivers\vhdparser.sys [18944 2016-11-11] (Microsoft Corporation)
R3 VMSMP; C:\Windows\system32\DRIVERS\vmswitch.sys [689152 2017-03-31] (Microsoft Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-11-13 19:53 - 2017-11-13 19:53 - 000019074 _____ C:\Users\Gilbert-PC\Downloads\FRST.txt
2017-11-13 19:53 - 2017-11-13 19:53 - 000000000 ____D C:\FRST
2017-11-13 19:52 - 2017-11-13 19:52 - 002392576 _____ (Farbar) C:\Users\Gilbert-PC\Downloads\FRST64.exe
2017-11-13 19:36 - 2017-11-13 19:36 - 000001883 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-11-13 19:36 - 2017-11-13 19:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-11-13 19:36 - 2017-11-13 19:36 - 000000000 ____D C:\ProgramData\MB2Migration
2017-11-13 19:36 - 2017-11-13 19:36 - 000000000 ____D C:\Program Files\Malwarebytes
2017-11-13 19:36 - 2017-08-24 11:27 - 000077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-11-13 05:54 - 2017-11-13 05:54 - 000016970 _____ C:\Users\Gilbert-PC\Desktop\Daily planer Noviembre2017.xlsx
2017-11-13 05:50 - 2017-11-13 19:27 - 000000000 ____D C:\Users\Gilbert-PC\AppData\Roaming\api--1-0
2017-11-04 06:22 - 2017-11-04 06:22 - 000426202 _____ C:\Users\Gilbert-PC\Downloads\Sentinella Instructions 2 (1).pdf
2017-11-04 05:15 - 2017-11-04 05:15 - 000308602 _____ C:\Users\Gilbert-PC\Downloads\homes-direct-Golden Exclusive 441A.pdf
2017-11-04 05:10 - 2017-11-04 05:55 - 000000000 ____D C:\Users\Gilbert-PC\Desktop\Victor
2017-11-02 14:04 - 2017-11-02 14:04 - 000128361 _____ C:\Users\Gilbert-PC\Documents\CelLink- 24 led FBX24LL40-unv.pdf
2017-11-02 13:18 - 2017-11-02 13:18 - 000426202 _____ C:\Users\Gilbert-PC\Downloads\Sentinella Instructions 2.pdf
2017-11-02 12:17 - 2017-11-02 12:17 - 000182241 _____ C:\Users\Gilbert-PC\Documents\1000 CelLink-Single Line.pdf
2017-11-02 11:47 - 2017-11-02 11:47 - 000096801 _____ C:\Users\Gilbert-PC\Downloads\CLLNK A Panels (1).pptx
2017-11-02 11:46 - 2017-11-02 11:46 - 000096801 _____ C:\Users\Gilbert-PC\Downloads\CLLNK A Panels.pptx
2017-11-02 04:36 - 2017-11-02 04:36 - 000198298 _____ C:\Users\Gilbert-PC\Downloads\SCCK Copier17110113090 (1).pdf
2017-11-02 04:24 - 2017-11-02 04:24 - 000198298 _____ C:\Users\Gilbert-PC\Downloads\SCCK Copier17110113090.pdf
2017-11-01 04:56 - 2017-11-01 04:56 - 000917012 _____ C:\Users\Gilbert-PC\Downloads\divalite-lhb-specs.pdf
2017-10-31 12:25 - 2017-11-08 16:03 - 000016050 _____ C:\Users\Gilbert-PC\Documents\Daily planer Noviembre2017.xlsx
2017-10-31 10:06 - 2017-10-31 10:06 - 000205758 _____ C:\Users\Gilbert-PC\Downloads\M4381031X7K1-0000-1-M-QuickPrint_800AMP_PANEL_[E].pdf
2017-10-30 20:37 - 2017-10-30 20:37 - 000000162 _____ C:\Users\Gilbert-PC\Downloads\Unconfirmed 705958.crdownload
2017-10-30 14:52 - 2017-10-30 14:52 - 000825418 _____ C:\Users\Gilbert-PC\Downloads\reindependencesolaroutage.zip
2017-10-30 07:23 - 2017-10-30 07:23 - 000402618 _____ C:\Users\Gilbert-PC\Downloads\209044E-2IND (1).pdf
2017-10-27 13:52 - 2017-10-27 13:52 - 126925120 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2017-10-27 13:51 - 2017-10-04 23:17 - 000380248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2017-10-27 13:51 - 2017-09-14 15:52 - 000986968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2017-10-27 13:51 - 2017-09-14 11:30 - 007439704 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-10-27 13:51 - 2017-09-14 11:30 - 001737600 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-10-27 13:51 - 2017-09-14 11:29 - 001502000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-10-27 13:51 - 2017-09-13 17:18 - 001384216 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2017-10-27 13:51 - 2017-09-13 17:14 - 001124384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2017-10-27 13:51 - 2017-09-13 05:32 - 000445952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys
2017-10-27 13:51 - 2017-09-13 05:31 - 000445952 _____ (Microsoft Corporation) C:\Windows\system32\wlansec.dll
2017-10-27 13:51 - 2017-09-13 05:27 - 000384000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlansec.dll
2017-10-27 13:51 - 2017-09-09 10:53 - 022361864 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-10-27 13:51 - 2017-09-09 09:55 - 019790760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-10-27 13:51 - 2017-09-09 09:38 - 000154112 _____ (Microsoft Corporation) C:\Windows\system32\TabSvc.dll
2017-10-27 13:51 - 2017-09-09 08:10 - 003631616 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-10-27 13:51 - 2017-09-09 07:49 - 002749952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-10-27 13:51 - 2017-09-09 07:47 - 014466560 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2017-10-27 13:51 - 2017-09-09 07:21 - 012879360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2017-10-27 13:51 - 2017-09-09 05:13 - 000640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswstr10.dll
2017-10-27 13:51 - 2017-09-09 05:13 - 000345088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2017-10-27 13:51 - 2017-09-09 05:13 - 000008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjint40.dll
2017-10-27 13:51 - 2017-09-08 19:50 - 002013016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-10-27 13:51 - 2017-09-08 19:50 - 001364552 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-10-27 13:51 - 2017-09-08 10:21 - 004168192 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-10-27 13:51 - 2017-09-08 10:15 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2017-10-27 13:51 - 2017-09-08 09:39 - 000113152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2017-10-27 13:51 - 2017-09-08 09:14 - 003084288 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2017-10-27 13:51 - 2017-09-08 08:57 - 001084928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-10-27 13:51 - 2017-09-08 08:50 - 002471424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2017-10-27 13:51 - 2017-09-07 19:31 - 000685440 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-10-27 13:51 - 2017-09-07 19:28 - 000507176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-10-27 13:51 - 2017-09-07 13:33 - 000686592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-10-27 13:51 - 2017-09-07 13:33 - 000415744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-10-27 13:51 - 2017-09-07 13:32 - 000285184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-10-27 13:51 - 2017-09-07 13:32 - 000243200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-10-27 13:51 - 2017-09-07 13:31 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\mgmtapi.dll
2017-10-27 13:51 - 2017-09-07 13:17 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-10-27 13:51 - 2017-09-07 13:17 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-10-27 13:51 - 2017-09-07 13:15 - 002902528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-10-27 13:51 - 2017-09-07 13:08 - 025729536 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-10-27 13:51 - 2017-09-07 13:00 - 000817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-10-27 13:51 - 2017-09-07 12:40 - 005982208 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-10-27 13:51 - 2017-09-07 12:32 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-10-27 13:51 - 2017-09-07 12:31 - 000145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2017-10-27 13:51 - 2017-09-07 12:29 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-10-27 13:51 - 2017-09-07 12:21 - 001033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-10-27 13:51 - 2017-09-07 12:13 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-10-27 13:51 - 2017-09-07 12:11 - 000380416 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-10-27 13:51 - 2017-09-07 12:10 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-10-27 13:51 - 2017-09-07 12:10 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-10-27 13:51 - 2017-09-07 12:08 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-10-27 13:51 - 2017-09-07 12:08 - 000656896 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2017-10-27 13:51 - 2017-09-07 11:54 - 000329216 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2017-10-27 13:51 - 2017-09-07 11:44 - 015262720 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-10-27 13:51 - 2017-09-07 11:40 - 003240960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-10-27 13:51 - 2017-09-07 11:27 - 001548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-10-27 13:51 - 2017-09-07 11:20 - 000018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mgmtapi.dll
2017-10-27 13:51 - 2017-09-07 11:17 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-10-27 13:51 - 2017-09-07 11:10 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-10-27 13:51 - 2017-09-07 11:09 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-10-27 13:51 - 2017-09-07 11:04 - 020267008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-10-27 13:51 - 2017-09-07 11:03 - 002292736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-10-27 13:51 - 2017-09-07 10:58 - 000663040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-10-27 13:51 - 2017-09-07 10:39 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-10-27 13:51 - 2017-09-07 10:38 - 000128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2017-10-27 13:51 - 2017-09-07 10:37 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-10-27 13:51 - 2017-09-07 10:33 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-10-27 13:51 - 2017-09-07 10:29 - 004547072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-10-27 13:51 - 2017-09-07 10:29 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-10-27 13:51 - 2017-09-07 10:27 - 000331776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-10-27 13:51 - 2017-09-07 10:26 - 000694784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-10-27 13:51 - 2017-09-07 10:25 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-10-27 13:51 - 2017-09-07 10:24 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2017-10-27 13:51 - 2017-09-07 10:17 - 013677568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-10-27 13:51 - 2017-09-07 10:01 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-10-27 13:51 - 2017-09-07 09:57 - 001316864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-10-27 13:51 - 2017-09-07 09:57 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-10-27 13:51 - 2017-09-07 09:20 - 000513456 _____ C:\Windows\SysWOW64\locale.nls
2017-10-27 13:51 - 2017-09-07 09:20 - 000513456 _____ C:\Windows\system32\locale.nls
2017-10-27 13:51 - 2017-09-07 05:40 - 000995272 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-10-27 13:51 - 2017-09-07 05:40 - 000922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-10-27 13:51 - 2017-09-06 15:07 - 000158552 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2017-10-27 13:51 - 2017-09-06 13:17 - 000461144 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2017-10-27 13:51 - 2017-09-06 13:17 - 000443224 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2017-10-27 13:51 - 2017-09-06 06:14 - 000166400 _____ (Microsoft Corporation) C:\Windows\system32\regsvc.dll
2017-10-27 13:51 - 2017-08-10 17:39 - 002779136 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2017-10-27 13:51 - 2017-08-10 17:30 - 002464256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2017-10-27 13:49 - 2017-10-27 13:49 - 000003174 _____ C:\Windows\System32\Tasks\Start CorsairLink4
2017-10-27 13:49 - 2017-10-27 13:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corsair LINK 4
2017-10-27 13:49 - 2017-10-27 13:49 - 000000000 ____D C:\Program Files (x86)\CorsairLink4
2017-10-27 13:47 - 2017-10-27 13:47 - 779635176 _____ C:\Windows\MEMORY.DMP
2017-10-27 13:47 - 2017-10-27 13:47 - 000619568 _____ C:\Windows\Minidump\102717-3859-01.dmp
2017-10-27 13:47 - 2017-10-27 13:47 - 000000000 ____D C:\Windows\Minidump
2017-10-25 15:56 - 2017-10-25 15:56 - 001207296 _____ C:\Users\Gilbert-PC\Downloads\Environnment+Rating+Scales+-Holly (1).ppt
2017-10-25 15:38 - 2017-10-25 15:38 - 001209344 _____ C:\Users\Gilbert-PC\Downloads\Environnment+Rating+Scales+-Holly.ppt
2017-10-18 10:59 - 2017-10-18 10:59 - 000000000 ____D C:\Users\Gilbert-PC\Documents\AutoCAD Sheet Sets
2017-10-17 04:59 - 2017-10-17 04:59 - 000059212 _____ C:\Users\Gilbert-PC\Downloads\1622.5-TO CONSULTANT.PDF
2017-10-17 04:58 - 2017-10-17 04:58 - 000061588 _____ C:\Users\Gilbert-PC\Downloads\1622.4-TOCONSULT-FP (1).PDF
2017-10-17 04:55 - 2017-10-17 04:55 - 000299159 _____ C:\Users\Gilbert-PC\Downloads\1622.4-E-FP.dwg
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-11-13 19:51 - 2016-10-27 05:57 - 000000000 ____D C:\Users\Gilbert-PC\AppData\Local\ClassicShell
2017-11-13 19:41 - 2016-10-27 05:38 - 000003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3397947757-2202323943-316364792-1001
2017-11-13 19:39 - 2016-10-27 05:37 - 000865112 _____ C:\Windows\system32\PerfStringBackup.INI
2017-11-13 19:39 - 2013-08-22 05:36 - 000000000 ____D C:\Windows\Inf
2017-11-13 19:36 - 2017-04-05 15:06 - 000253888 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-11-13 19:36 - 2016-10-27 05:51 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-11-13 19:36 - 2016-10-27 05:51 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-11-13 19:34 - 2016-10-27 05:46 - 000000000 __SHD C:\Users\Gilbert-PC\IntelGraphicsProfiles
2017-11-13 19:33 - 2016-11-11 18:38 - 027715584 _____ C:\Windows\system32\vmguest.iso
2017-11-13 19:33 - 2013-08-22 06:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-11-13 19:31 - 2014-04-12 20:55 - 000000000 ____D C:\ProgramData\ti
2017-11-13 19:27 - 2013-08-22 05:25 - 000262144 ___SH C:\Windows\system32\config\BBI
2017-11-13 16:20 - 2016-10-27 05:47 - 000002215 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-11-13 16:15 - 2017-07-14 22:42 - 000000000 ____D C:\Users\Gilbert-PC\AppData\Local\gsm900-1
2017-11-13 16:00 - 2015-07-16 17:47 - 000000000 ____D C:\ProgramData\centroid-57
2017-11-13 14:51 - 2017-01-08 08:08 - 000000000 ____D C:\Users\Gilbert-PC\AppData\Local\wedge-22
2017-11-13 05:58 - 2013-08-22 07:36 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-11-13 05:57 - 2016-10-27 05:59 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-11-13 05:49 - 2016-11-01 13:35 - 000000090 _____ C:\Windows\QBChanUtil_Trigger.ini
2017-11-13 05:43 - 2016-10-27 05:32 - 000000000 ____D C:\Users\Gilbert-PC\AppData\Local\Packages
2017-11-10 14:20 - 2016-10-27 06:12 - 000000000 ____D C:\ProgramData\CLink4
2017-11-08 10:01 - 2016-10-27 06:10 - 000000000 ____D C:\ProgramData\KMSAutoS
2017-11-06 22:57 - 2017-07-26 17:25 - 000003180 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3397947757-2202323943-316364792-1001
2017-11-06 22:57 - 2016-11-01 08:58 - 000002313 _____ C:\Users\Gilbert-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2017-10-28 01:56 - 2013-08-22 07:36 - 000000000 ____D C:\Windows\rescache
2017-10-27 13:58 - 2013-08-22 06:44 - 000561824 _____ C:\Windows\system32\FNTCACHE.DAT
2017-10-27 13:57 - 2013-08-22 07:36 - 000000000 ___RD C:\Windows\ToastData
2017-10-27 13:56 - 2016-10-27 05:32 - 000000000 ____D C:\Users\Gilbert-PC
2017-10-27 13:54 - 2013-08-22 07:20 - 000000000 ____D C:\Windows\CbsTemp
2017-10-27 13:53 - 2016-10-26 15:25 - 000000000 ____D C:\Windows\system32\MRT
2017-10-27 13:52 - 2016-10-26 15:25 - 126925120 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-10-27 13:49 - 2016-10-27 06:12 - 000000000 ____D C:\ProgramData\Package Cache
==================== Files in the root of some directories =======
2017-01-28 16:06 - 2017-01-28 16:06 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
2017-01-25 15:58 - 2017-05-31 07:03 - 000000028 _____ () C:\ProgramData\IpAndPort.fig
2016-11-01 09:38 - 2016-11-01 09:38 - 000000133 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
2017-01-25 15:58 - 2017-05-31 07:03 - 000000236 _____ () C:\ProgramData\RmUserCfg.ini
Some files in TEMP:
====================
2017-11-13 05:56 - 2017-11-13 05:56 - 001232896 _____ () C:\Users\Gilbert-PC\AppData\Local\Temp\1439947031.exe
2016-11-01 13:37 - 2012-01-05 11:43 - 000226672 _____ () C:\Users\Gilbert-PC\AppData\Local\Temp\Abspdf.exe
2016-11-01 09:39 - 2015-01-26 06:59 - 000060296 _____ (Autodesk, Inc.) C:\Users\Gilbert-PC\AppData\Local\Temp\AcDeltree.exe
2016-11-01 13:37 - 2012-01-05 11:43 - 000749715 _____ (AMYUNI Technologies
2016-11-01 13:37 - 2012-01-05 11:43 - 000947200 _____ (AMYUNI Technologies
2016-11-01 13:37 - 2012-01-05 11:43 - 000407269 _____ (AMYUNI Technologies
2016-11-01 13:37 - 2006-07-12 14:11 - 001093632 _____ (AMYUNI Technologies
2016-11-01 13:37 - 2012-01-05 11:43 - 000430592 _____ (AMYUNI Technologies
2016-11-01 13:37 - 2006-07-12 14:11 - 000346112 _____ (AMYUNI Technologies
2016-11-01 13:37 - 2012-01-05 11:43 - 004218880 _____ (Amyuni Technologies
2006-11-01 22:22 - 2006-11-01 22:22 - 000930272 _____ (Microsoft Corporation) C:\Users\Gilbert-PC\AppData\Local\Temp\DPInstx64.exe
2006-11-01 22:22 - 2006-11-01 22:22 - 000795104 _____ (Microsoft Corporation) C:\Users\Gilbert-PC\AppData\Local\Temp\DPInstx86.exe
2010-01-13 01:38 - 2010-01-13 01:38 - 000075600 _____ () C:\Users\Gilbert-PC\AppData\Local\Temp\DPInst_Monx64.exe
2010-01-13 01:39 - 2010-01-13 01:39 - 000075088 _____ () C:\Users\Gilbert-PC\AppData\Local\Temp\DPInst_Monx86.exe
2010-01-13 04:59 - 2010-01-13 04:59 - 000075080 _____ () C:\Users\Gilbert-PC\AppData\Local\Temp\OS_Detect.exe
2016-11-01 13:37 - 2011-07-20 08:18 - 000042264 _____ (Tri-Sector, Inc.) C:\Users\Gilbert-PC\AppData\Local\Temp\PDFPRT400.exe
2017-01-28 16:05 - 2017-05-07 20:32 - 021387040 _____ (Siber Systems) C:\Users\Gilbert-PC\AppData\Local\Temp\RoboForm-Setup.exe
2016-11-01 13:37 - 2012-01-05 11:43 - 000121856 _____ (Microsoft Corporation) C:\Users\Gilbert-PC\AppData\Local\Temp\xmllite.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-11-11 03:41
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-11-2017 03
Ran by Gilbert-PC (13-11-2017 19:53:55)
Running from C:\Users\Gilbert-PC\Downloads
Windows 8.1 Pro (Update) (X64) (2016-10-27 13:32:07)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3397947757-2202323943-316364792-500 - Administrator - Disabled)
Gilbert-PC (S-1-5-21-3397947757-2202323943-316364792-1001 - Administrator - Enabled) => C:\Users\Gilbert-PC
Guest (S-1-5-21-3397947757-2202323943-316364792-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
. . . (HKLM\...\{DB52A2D0-CAA1-4ED1-B122-29E7EDDE187F}) (Version: 2.1.28.3 - Intel) Hidden
. . . (HKLM-x32\...\{06DA421D-EE23-487D-878F-F0AF97EF69AD}) (Version: 2.6.1.4 - Intel) Hidden
ACA & MEP 2016 Object Enabler (HKLM\...\{5783F2D7-F004-0000-5102-0060B0CE6BBA}) (Version: 7.8.41.0 - Autodesk) Hidden
ACAD Private (HKLM\...\{5783F2D7-F001-0000-3102-0060B0CE6BBA}) (Version: 20.1.49.0 - Autodesk) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
AutoCAD 2016 - English (HKLM\...\{5783F2D7-F001-0409-2102-0060B0CE6BBA}) (Version: 20.1.49.0 - Autodesk) Hidden
AutoCAD 2016 (HKLM\...\{5783F2D7-F001-0000-0102-0060B0CE6BBA}) (Version: 20.1.49.0 - Autodesk) Hidden
AutoCAD 2016 Language Pack - English (HKLM\...\{5783F2D7-F001-0409-1102-0060B0CE6BBA}) (Version: 20.1.49.0 - Autodesk) Hidden
Autodesk Advanced Material Library Image Library 2016 (HKLM-x32\...\{94AD53E7-493B-4291-8714-7A3B761D2783}) (Version: 6.3.0.15 - Autodesk)
Autodesk App Manager 2016 (HKLM-x32\...\{4ECF9E00-2978-46AF-BD80-455EFEAB7A93}) (Version: 2.0.0 - Autodesk)
Autodesk Application Manager (HKLM-x32\...\Autodesk Application Manager) (Version: 5.0.142.14 - Autodesk)
Autodesk AutoCAD 2016 - English (HKLM\...\AutoCAD 2016 - English) (Version: 20.1.49.0 - Autodesk)
Autodesk AutoCAD Performance Feedback Tool 1.2.4 (HKLM-x32\...\{4E20873D-BC20-495C-AFD9-B18877B7F9BB}) (Version: 1.2.4.0 - Autodesk)
Autodesk BIM 360 Glue AutoCAD 2016 Add-in 64 bit (HKLM\...\{4BEE127E-95C4-434D-ABAC-65155192BB24}) (Version: 4.35.1742 - Autodesk)
Autodesk Content Service (HKLM\...\{A37CDB58-AAE8-0000-8C13-E0F7BACB0D5F}) (Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Content Service (HKLM\...\Autodesk Content Service) (Version: 3.2.0.0 - Autodesk)
Autodesk Content Service Language Pack (HKLM\...\{A37CDB58-AAE8-0001-8C13-E0F7BACB0D5F}) (Version: 3.2.0.0 - Autodesk) Hidden
Autodesk Featured Apps 2016 (HKLM-x32\...\{D42F37CD-9AF9-4435-A474-B387C5BB6B47}) (Version: 2.0.0 - Autodesk)
Autodesk Material Library 2016 (HKLM-x32\...\{29A7D6EC-63C2-42FD-8143-5812ABD2923F}) (Version: 6.3.0.15 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2016 (HKLM-x32\...\{6B4CFC6E-ECB0-47FE-95D3-65C680ED0687}) (Version: 6.3.0.15 - Autodesk)
Blue Iris 4 (HKLM-x32\...\{24DBFE51-243F-4538-BB28-2FD7EC8E7F16}) (Version: 4.4.9.0 - Perspective Software)
Classic Shell (HKLM\...\{CABCE573-0A86-42FA-A52A-C7EA61D5BE08}) (Version: 4.3.1 - IvoSoft)
Combined Community Codec Pack 64bit 2015-10-18 (HKLM\...\Combined Community Codec Pack 64bit_is1) (Version: 2015.10.19.0 - CCCP Project)
Corsair LINK 4 (HKLM-x32\...\{3f9cac6a-22c5-4169-aa67-3710a1ac6fe1}) (Version: 4.9.1.23 - Corsair Components, Inc.)
Corsair LINK 4 (HKLM-x32\...\{5F5A99B2-0273-41BF-876F-0F2B9D7BA200}) (Version: 4.9.1.23 - Corsair Components, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.94 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Intel® Network Connections 20.2.3001.0 (HKLM\...\PROSetDX) (Version: 20.2.3001.0 - Intel)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4565 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{fe2eebd3-ee15-4538-bb19-b627e3f2a911}) (Version: 2.6.1.4 - Intel)
KMSpico v9.1.3 (HKLM\...\KMSpico_is1) (Version: 9.1.3 - )
Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.8625.2121 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3397947757-2202323943-316364792-1001\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3397947757-2202323943-316364792-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11132017193757474\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Night Owl HD CMS version 1.1.72 (HKLM-x32\...\{DDC5185C-7C8A-420B-B831-BCE5AAB1F449}_is1) (Version: 1.1.72 - Night Owl SP,LLC)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8625.2121 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8625.2121 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8625.2121 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8326.2076 - Microsoft Corporation) Hidden
Oracle VM VirtualBox 5.1.8 (HKLM\...\{65402252-5DA1-4360-A144-E09BB16AC7A9}) (Version: 5.1.8 - Oracle Corporation)
QuickBooks (HKLM-x32\...\{2B0E1E07-2F3D-4E7D-AD0A-1C74A8881B9B}) (Version: 26.0.4012.2607 - Intuit Inc.) Hidden
QuickBooks Premier: Contractor Edition 2016 (HKLM-x32\...\{46D4E594-38FE-48F9-8C3A-02315281A4B5}) (Version: 26.0.4012.2607 - Intuit Inc.)
QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7982 - Realtek Semiconductor Corp.)
RoboForm 7-9-26-6 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-26-6 - Siber Systems)
Roland 2.5D DRIVER [EGX-30A] (HKLM-x32\...\{FCF6FB65-55C6-434B-8DE5-FE32033214CC}) (Version: 1.20.0000 - Roland DG Corporation)
SketchUp Import 2016 (HKLM-x32\...\{C769FB7C-1F55-4B31-9A2A-21CEC50F4F92}) (Version: 2.0.0 - Autodesk)
TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version: - Code Sector)
TriPoint 9.7 - Demo (HKLM-x32\...\ST4UNST #1) (Version: - )
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.)
Windows Driver Package - Corsair Components, Inc. (SIUSBXP) USB (07/14/2017 3.3) (HKLM\...\A2206C09905C467F30CB24DCBB49F056D7F0A290) (Version: 07/14/2017 3.3 - Corsair Components, Inc.)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3397947757-2202323943-316364792-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11132017193757474_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-3397947757-2202323943-316364792-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11132017193757474_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-3397947757-2202323943-316364792-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11132017193757474_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Gilbert-PC\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileCoAuthLib64.dll => No File
CustomCLSID: HKU\S-1-5-21-3397947757-2202323943-316364792-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11132017193757474_Classes\CLSID\{5370C727-1451-4700-A960-77630950AF6D}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-3397947757-2202323943-316364792-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11132017193757474_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2016\en-US\acadficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-3397947757-2202323943-316364792-1001_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-3397947757-2202323943-316364792-1001_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-3397947757-2202323943-316364792-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Gilbert-PC\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileCoAuthLib64.dll => No File
CustomCLSID: HKU\S-1-5-21-3397947757-2202323943-316364792-1001_Classes\CLSID\{5370C727-1451-4700-A960-77630950AF6D}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-3397947757-2202323943-316364792-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2016\en-US\acadficn.dll (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2015-02-05] (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (IvoSoft)
ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2015-02-05] (Autodesk)
ContextMenuHandlers1: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt64.dll [2012-01-20] ()
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers2: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt64.dll [2012-01-20] ()
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers4: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt64.dll [2012-01-20] ()
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2016-12-14] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\Windows\system32\StartMenuHelper64.dll [2017-08-13] (IvoSoft)
ContextMenuHandlers6: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt64.dll [2012-01-20] ()
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (Alexander Roshal)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {08164B2E-7179-4C3A-9917-FE7CA3A0BB57} - System32\Tasks\USER_ESRV_SVC_WILLAMETTE => "C:\Windows\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\task.vbs"
Task: {1A88ABE2-CF09-4E9E-A080-196BC9E02ED0} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2017-01-28] (Siber Systems)
Task: {2A027848-A0E6-4BA3-B5C2-E053C460DB20} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-10-31] (Microsoft Corporation)
Task: {30C5E2EB-861F-4AA6-A0B1-CBB449A64A5E} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
Task: {333FB949-E371-438D-B202-75D858C671EF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {45C2F912-46A1-43D3-8209-0C9411DF04F0} - System32\Tasks\Open URL by RoboForm => C:\Windows\system32\rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMOJLJJJJMKJOMJMIMCNGMKMIMLMCNLMMJOJNJCNNJLMPMNJCNGMHMOJKMMMJJIMLJKMPMIMPMJNJICMIMCNGMCNNMJMFMOMOMCNPMCNGMJMPMPMFMJMCNMMCNGMJMPMPMCNNMJNPICMOMFMEKMICNJJCKFMJMHMHMJNHICMOMNMKJPMOMJNBJCMILGJDJNJKJNILICNPKMLJNKJCMJNNICMJNDJCMKJBJ (the data entry has 55 more characters).
Task: {55D9623C-77E6-4944-847D-C4D86FB15244} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-08-25] ()
Task: {84CC91BC-C9AE-4A5E-9C3B-A19C1AF2ABC0} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-08-25] ()
Task: {8AE9831C-E519-4B31-9B9D-716E67B51729} - System32\Tasks\KMSAutoNet => C:\ProgramData\KMSAutoS\KMSAuto Net.exe [2015-08-10] (MSFree Inc.)
Task: {8D2F3711-8D01-42FD-B60F-A203EE3189FA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-11-07] (Microsoft Corporation)
Task: {8EB53C1D-9837-4BD3-BD7B-37A5281DB6F6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-27] (Google Inc.)
Task: {9566C91B-1012-44F8-BC34-AF3E5B670978} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-11-07] (Microsoft Corporation)
Task: {9EB8CB7F-1F32-431E-97CD-F0155CCF9059} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-27] (Google Inc.)
Task: {AC68994B-1639-4D9F-90C8-7BD91DD2903D} - System32\Tasks\Start CorsairLink4 => C:\Program Files (x86)\CorsairLink4\CorsairLink4.exe [2017-10-17] (Corsair Components, Inc.)
Task: {B1E20775-B57E-450C-A0F2-7E6489F37545} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-10-31] (Microsoft Corporation)
Task: {D018520A-A607-44FE-8A25-C73D7CC3DE3A} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2013-12-11] ()
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2017-08-22 02:17 - 2017-11-07 06:11 - 008931496 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-10-27 05:51 - 2012-01-20 13:55 - 000678400 _____ () C:\Program Files\TeraCopy\TeraCopyExt64.dll
2016-06-08 18:04 - 2016-06-08 18:04 - 000117400 _____ () C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
2016-11-09 11:32 - 2016-06-08 18:07 - 000458904 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv.exe
2016-11-09 11:32 - 2016-06-08 18:18 - 000709272 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_modeler.dll
2016-11-09 11:32 - 2016-06-08 18:17 - 000188568 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\foreground_window_input.dll
2016-11-09 11:32 - 2016-06-08 18:12 - 000416408 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe
2016-11-09 11:32 - 2016-06-08 18:15 - 000130712 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_process_input.dll
2016-11-09 11:32 - 2016-06-08 18:16 - 000025752 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_system_power_state_input.dll
2016-11-09 11:32 - 2016-06-08 18:16 - 000059544 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_quality_and_reliability_input.dll
2016-11-09 11:32 - 2016-06-08 18:16 - 000194712 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\acpi_battery_input.dll
2016-11-09 11:32 - 2016-06-08 18:17 - 000159896 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\sema_thermal_input.dll
2016-11-09 11:32 - 2016-06-08 18:17 - 000158360 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\wifi_input.dll
2016-11-09 11:32 - 2016-06-08 18:16 - 000050840 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\devices_use_input.dll
2016-11-09 11:32 - 2016-06-08 18:15 - 000032920 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_disktrace_input.dll
2017-11-13 16:20 - 2017-11-10 01:57 - 004135768 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\libglesv2.dll
2017-11-13 16:20 - 2017-11-10 01:57 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\libegl.dll
2016-11-01 09:39 - 2016-02-23 20:48 - 000062024 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\QtSolutions_Service-head.dll
2016-11-01 09:39 - 2016-02-23 20:47 - 000110664 _____ () C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\qjson0.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
HKU\S-1-5-21-3397947757-2202323943-316364792-1001\Software\Classes\.scr: AutoCADScriptFile => C:\Windows\system32\notepad.exe "%1"
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 05:25 - 2013-08-22 05:25 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3397947757-2202323943-316364792-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Gilbert-PC\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
HKU\S-1-5-21-3397947757-2202323943-316364792-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11132017193757474\Control Panel\Desktop\\Wallpaper -> C:\Users\Gilbert-PC\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{8645B7B2-36C9-4DBE-9673-0D749FCDC67C}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{FB9A886F-3EBA-4ADD-A635-D77659563A7D}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{87D0A89E-E5BF-4A4E-8020-D03C776DB6AD}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{BB353273-FF86-4A9C-A082-66D86DABEEA4}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{A61D83EB-7AA0-43A9-B571-8B65CB44DE21}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{EDBBC826-5AF2-4D45-B984-AEF2EB84D026}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{D6E8F01B-ADED-4A89-A1E8-647B880B8745}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{DE3B0DA1-1EAD-4CBD-BF7F-8BA627434D17}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{24EDF94E-FFB9-4743-8A11-7107F4AE304E}] => (Allow) C:\Users\Gilbert-PC\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{AAAED5A3-25D1-4D84-A3DC-92DB2236971B}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{D6654D45-5298-4049-B2C9-D517F69D3150}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{1ADCC700-8EB5-452C-B479-538917A45934}] => (Allow) LPort=50248
FirewallRules: [{4AD8E002-B853-4DDC-B239-920F7BE62360}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{A13BE620-8EE2-4511-9A94-D49605AE4114}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{CB32E7A1-9C77-47E6-95D9-1867E50E4B85}] => (Allow) LPort=1688
FirewallRules: [VIRT-MIGL-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe
FirewallRules: [VIRT-REMOTEDESKTOP-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe
FirewallRules: [TCP Query User{0A808AE3-6916-452E-A879-586E6B880800}C:\program files\blue iris 4\blueiris.exe] => (Allow) C:\program files\blue iris 4\blueiris.exe
FirewallRules: [UDP Query User{4E6ABDBC-409B-46D8-884F-6847C147E672}C:\program files\blue iris 4\blueiris.exe] => (Allow) C:\program files\blue iris 4\blueiris.exe
FirewallRules: [{35B2C0F6-AFA7-4BFA-935D-6E611EC3AD19}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{05E6D02A-6125-4F6B-AA15-133B874174F8}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [TCP Query User{AF280138-1772-4989-B0DD-4DF5B9313C5F}C:\program files (x86)\nightowl\night owl hd cms\night owl hd cms.exe] => (Allow) C:\program files (x86)\nightowl\night owl hd cms\night owl hd cms.exe
FirewallRules: [UDP Query User{79D9E665-DA59-4E29-8266-A4EA7FC64B6D}C:\program files (x86)\nightowl\night owl hd cms\night owl hd cms.exe] => (Allow) C:\program files (x86)\nightowl\night owl hd cms\night owl hd cms.exe
FirewallRules: [{4C89BF8D-69EB-4D11-9653-FB62B4332443}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{D0681BB8-3E64-473B-95BE-BE0917C4BA3A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
27-10-2017 13:49:14 Corsair LINK 4
04-11-2017 01:53:21 Scheduled Checkpoint
11-11-2017 03:42:24 Scheduled Checkpoint
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (11/13/2017 07:36:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.556, time stamp: 0x5988c3f1
Faulting module name: ScanControllerImpl.dll, version: 3.0.0.742, time stamp: 0x599eabe2
Exception code: 0xc0000005
Fault offset: 0x0000000000006704
Faulting process id: 0xae4
Faulting application start time: 0x01d35cf9c56145ec
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ScanControllerImpl.dll
Report Id: 0484230e-c8ed-11e7-8276-704d7b26d933
Faulting package full name:
Faulting package-relative application ID:
Error: (11/13/2017 05:39:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 62.0.3202.89, time stamp: 0x59fe811c
Faulting module name: KERNELBASE.dll, version: 6.3.9600.18821, time stamp: 0x59ba86db
Exception code: 0xc0000135
Fault offset: 0x00000000000ece70
Faulting process id: 0xc30
Faulting application start time: 0x01d35ce95dd9a2d0
Faulting application path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Faulting module path: KERNELBASE.dll
Report Id: 9b862ebe-c8dc-11e7-8273-704d7b26d933
Faulting package full name:
Faulting package-relative application ID:
Error: (11/13/2017 04:48:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 62.0.3202.89, time stamp: 0x59fe811c
Faulting module name: KERNELBASE.dll, version: 6.3.9600.18821, time stamp: 0x59ba86db
Exception code: 0xc0000135
Fault offset: 0x00000000000ece70
Faulting process id: 0xec4
Faulting application start time: 0x01d35ce24c612910
Faulting application path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Faulting module path: KERNELBASE.dll
Report Id: 8a14dbf3-c8d5-11e7-8273-704d7b26d933
Faulting package full name:
Faulting package-relative application ID:
Error: (11/13/2017 02:31:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: efm8load.exe, version: 0.0.0.0, time stamp: 0x00000000
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0391fffc
Faulting process id: 0x1408
Faulting application start time: 0x01d35ccf1cb2b879
Faulting application path: C:\Program Files (x86)\CorsairLink4\efm8load.exe
Faulting module path: unknown
Report Id: 5a6ff4be-c8c2-11e7-8273-704d7b26d933
Faulting package full name:
Faulting package-relative application ID:
Error: (11/13/2017 02:31:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ImagingDevices.exe, version: 6.3.9600.17415, time stamp: 0x54504432
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0391fffc
Faulting process id: 0xe98
Faulting application start time: 0x01d35ccf18ccdceb
Faulting application path: C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe
Faulting module path: unknown
Report Id: 568a194b-c8c2-11e7-8273-704d7b26d933
Faulting package full name:
Faulting package-relative application ID:
Error: (11/13/2017 02:31:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wmplayer.exe, version: 12.0.9600.17415, time stamp: 0x545046f0
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0391fffc
Faulting process id: 0x9c8
Faulting application start time: 0x01d35ccf1524a371
Faulting application path: C:\Program Files (x86)\Windows Media Player\wmplayer.exe
Faulting module path: unknown
Report Id: 52e1dfc2-c8c2-11e7-8273-704d7b26d933
Faulting package full name:
Faulting package-relative application ID:
Error: (11/13/2017 02:30:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wmpshare.exe, version: 12.0.9600.17415, time stamp: 0x545047f3
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0391fffc
Faulting process id: 0x19b4
Faulting application start time: 0x01d35ccf117f5f71
Faulting application path: C:\Program Files (x86)\Windows Media Player\wmpshare.exe
Faulting module path: unknown
Report Id: 4f3c9bc4-c8c2-11e7-8273-704d7b26d933
Faulting package full name:
Faulting package-relative application ID:
Error: (11/13/2017 02:30:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wabmig.exe, version: 6.3.9600.17415, time stamp: 0x545040c0
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0391fffc
Faulting process id: 0x136c
Faulting application start time: 0x01d35ccf0dd7f047
Faulting application path: C:\Program Files (x86)\Windows Mail\wabmig.exe
Faulting module path: unknown
Report Id: 4b93e941-c8c2-11e7-8273-704d7b26d933
Faulting package full name:
Faulting package-relative application ID:
Error: (11/13/2017 02:30:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wmprph.exe, version: 12.0.9600.17415, time stamp: 0x54504530
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0391fffc
Faulting process id: 0xc14
Faulting application start time: 0x01d35ccf0a32bbd9
Faulting application path: C:\Program Files (x86)\Windows Media Player\wmprph.exe
Faulting module path: unknown
Report Id: 47eff83e-c8c2-11e7-8273-704d7b26d933
Faulting package full name:
Faulting package-relative application ID:
Error: (11/13/2017 02:30:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wab.exe, version: 6.3.9600.17415, time stamp: 0x54504361
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0391fffc
Faulting process id: 0x1164
Faulting application start time: 0x01d35ccf068c9144
Faulting application path: C:\Program Files (x86)\Windows Mail\wab.exe
Faulting module path: unknown
Report Id: 444a2e6e-c8c2-11e7-8273-704d7b26d933
Faulting package full name:
Faulting package-relative application ID:
System errors:
=============
Error: (11/13/2017 07:36:42 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Malwarebytes Service service, but this action failed with the following error:
An instance of the service is already running.
Error: (11/13/2017 07:36:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Malwarebytes Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
Error: (11/13/2017 07:34:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Service KMSELDI service terminated unexpectedly. It has done this 1 time(s).
Error: (11/13/2017 07:33:27 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ESRV_SVC_WILLAMETTE service.
Error: (11/13/2017 07:30:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Service KMSELDI service terminated unexpectedly. It has done this 1 time(s).
Error: (11/13/2017 07:28:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Service KMSELDI service terminated unexpectedly. It has done this 1 time(s).
Error: (11/13/2017 05:57:29 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Service KMSELDI service terminated unexpectedly. It has done this 1 time(s).
Error: (11/13/2017 03:47:21 AM) (Source: DCOM) (EventID: 10010) (User: Gilbert)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.
Error: (11/13/2017 03:46:51 AM) (Source: DCOM) (EventID: 10010) (User: Gilbert)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.
Error: (11/12/2017 04:06:06 AM) (Source: DCOM) (EventID: 10010) (User: Gilbert)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.
==================== Memory info ===========================
Processor: Intel® Core i7-6700K CPU @ 4.00GHz
Percentage of memory in use: 26%
Total physical RAM: 16267.8 MB
Available physical RAM: 11907.83 MB
Total Virtual: 32651.8 MB
Available Virtual: 28148.36 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:232.37 GB) (Free:144.91 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt ============================