I am on a Dell Inspiron Windows 7 laptop. I have been experiencing adware for about a week that populates new tabs when I am on Amazon. The unwanted tabs have to do with "complete a survey" or some kind of product ad. I have run Kapersky scan, Malware Bytes, Zemana Antimalware, and Avast! Kapersky found 48 "threats" and cleaned them. Zemana found one virus and cleaned it. I ran both of those scans after they said the system was "clean" and they did not find anything. I was on Ebay today and got one of the dreaded unwanted tabs. Ran the two scans...nothing shown. I have now run RunScanner (and that site directed me to you), as well as your scan. Attached are the results. I don't see anything obvious. Hopefully you can help.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21.01.2018
Ran by Gary_Linda (administrator) on GARY_LINDA-PC (24-01-2018 16:33:41)
Running from C:\Users\Gary_Linda\Desktop
Loaded Profiles: Gary_Linda (Available Profiles: Gary_Linda)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Linksys, LLC) C:\Program Files (x86)\Linksys AE6000\WPS_Mon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
() C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel) C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(KeepSolid Inc.) C:\Program Files (x86)\VPN Unlimited\vpn-unlimited-daemon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\CCDashServer.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(KeepSolid Inc.) C:\Program Files (x86)\VPN Unlimited\vpn-unlimited.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Box, Inc.) C:\Users\Gary_Linda\AppData\Local\Box\Box Local Com Server\Box Local Com Service.exe
(Box, Inc.) C:\Users\Gary_Linda\AppData\Local\Box\Box Edit\Box Edit.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
() C:\Program Files (x86)\VPN Unlimited\QtWebEngineProcess.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Runscanner.net) C:\Users\Gary_Linda\Desktop\runscanner.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3759504 2012-07-20] (Dell Inc.)
HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [4756240 2012-03-29] (Intel® Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-09-05] (IDT, Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [178960 2012-03-15] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [IntelMyWiFiDashboard] => C:\Program Files\Intel\WiFi\bin\CCDashServer.exe [4966912 2012-03-29] (Intel® Corporation)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3567928 2018-01-08] (Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-3615104535-3221751416-1031096358-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8641240 2016-02-12] (Piriform Ltd)
HKU\S-1-5-21-3615104535-3221751416-1031096358-1001\...\Run: [VPN Unlimited] => C:\Program Files (x86)\VPN Unlimited\vpn-unlimited-launcher.exe [398168 2017-05-16] (KeepSolid Inc.)
HKU\S-1-5-21-3615104535-3221751416-1031096358-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832264 2017-10-06] (Skype Technologies S.A.)
HKU\S-1-5-21-3615104535-3221751416-1031096358-1001\...\Run: [Box Local Com Server] => C:\Users\Gary_Linda\AppData\Local\Box\Box Local Com Server\Box Local Com Service.exe [129616 2017-10-23] (Box, Inc.)
HKU\S-1-5-21-3615104535-3221751416-1031096358-1001\...\Run: [Box Edit] => C:\Users\Gary_Linda\AppData\Local\Box\Box Edit\Box Edit.exe [882256 2017-10-23] (Box, Inc.)
HKU\S-1-5-21-3615104535-3221751416-1031096358-1001\...\Run: [OpenDNS Updater] => C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe [839680 2010-06-16] ()
HKU\S-1-5-21-3615104535-3221751416-1031096358-1001\...\MountPoints2: {5ebcab6c-07d8-11e3-b927-6817296f8fb9} - E:\MotoCastSetup.exe -a
HKU\S-1-5-21-3615104535-3221751416-1031096358-1001\...\MountPoints2: {7404b54a-051a-11e3-a545-6817296f8fb9} - E:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-3615104535-3221751416-1031096358-1001\...\MountPoints2: {b463bb94-0e77-11e5-8893-6817296f8fb9} - E:\VZW_Software_upgrade_assistant.exe
Startup: C:\Users\Gary_Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2017-09-25]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 208.67.220.220 208.67.222.222 208.67.222.220 192.168.1.1
Tcpip\..\Interfaces\{2F8E629A-55AB-4FCF-89A5-2B560E87E04D}: [DhcpNameServer] 208.67.220.220 208.67.222.222 208.67.222.220 192.168.1.1
Tcpip\..\Interfaces\{7C4A53A0-1D31-4658-941D-59B24774CE8F}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{B9DA094D-0192-4F16-BB14-29D5838C5788}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D73D05E1-A608-47F6-B9D5-92D8E962BD0C}: [DhcpNameServer] 10.204.0.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKLM -> DefaultScope {6874A383-FB6D-4AAA-B1CB-C3E4BA38E365} URL =
SearchScopes: HKLM -> OldSearch URL =
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3615104535-3221751416-1031096358-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3615104535-3221751416-1031096358-1001 -> OldSearch URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3615104535-3221751416-1031096358-1001 -> {6874A383-FB6D-4AAA-B1CB-C3E4BA38E365} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2017-10-02] (LastPass)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-10-18] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2017-10-02] (LastPass)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-10-18] (Oracle Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2017-10-02] (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2017-10-02] (LastPass)
DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: HKLM-x32 {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} hxxp://nkba.2020.net/planner/Core/Player/2020PlayerAX_WEB_Win32.cab
FireFox:
========
FF ProfilePath: C:\Users\Gary_Linda\AppData\Roaming\Mozilla\Firefox\Profiles\bblby9lz.default-1448393382752 [2018-01-24]
FF Homepage: Mozilla\Firefox\Profiles\bblby9lz.default-1448393382752 -> hxxp://www.google.com/
FF Extension: (AdGuard AdBlocker) - C:\Users\Gary_Linda\AppData\Roaming\Mozilla\Firefox\Profiles\bblby9lz.default-1448393382752\Extensions\[email protected] [2018-01-20]
FF Extension: (Keepa - Amazon Price Tracker) - C:\Users\Gary_Linda\AppData\Roaming\Mozilla\Firefox\Profiles\bblby9lz.default-1448393382752\Extensions\[email protected] [2017-12-20]
FF Extension: (LastPass: Free Password Manager) - C:\Users\Gary_Linda\AppData\Roaming\Mozilla\Firefox\Profiles\bblby9lz.default-1448393382752\Extensions\[email protected] [2017-12-04]
FF Extension: (Entrality) - C:\Users\Gary_Linda\AppData\Roaming\Mozilla\Firefox\Profiles\bblby9lz.default-1448393382752\Extensions\{eb260b8d-f7d3-48d8-a29a-c2b07e1ed36e}.xpi [2017-12-26]
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2017-10-02] (LastPass)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-10-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-10-18] (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2017-10-02] (LastPass)
FF Plugin-x32: @logitech.com/HarmonyRemote,version=1.0.0 -> C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll [2012-09-28] (Logitech Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3615104535-3221751416-1031096358-1001: SkypePlugin -> C:\Users\Gary_Linda\AppData\Local\SkypePlugin\7.25.0.32\npGatewayNpapi.dll [2016-09-01] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-3615104535-3221751416-1031096358-1001: SkypePlugin64 -> C:\Users\Gary_Linda\AppData\Local\SkypePlugin\7.25.0.32\npGatewayNpapi-x64.dll [2016-09-01] (Skype Technologies S.A.)
Chrome:
=======
CHR DefaultSearchKeyword: Default -> lp
CHR Profile: C:\Users\Gary_Linda\AppData\Local\Google\Chrome\User Data\Default [2018-01-22]
CHR Extension: (Slides) - C:\Users\Gary_Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-25]
CHR Extension: (Docs) - C:\Users\Gary_Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-25]
CHR Extension: (Google Drive) - C:\Users\Gary_Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-28]
CHR Extension: (YouTube) - C:\Users\Gary_Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-28]
CHR Extension: (Sheets) - C:\Users\Gary_Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-25]
CHR Extension: (Google Docs Offline) - C:\Users\Gary_Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-29]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Gary_Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-12-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Gary_Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-10-25]
CHR Extension: (MyHarmony Chrome Plugin) - C:\Users\Gary_Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\omaonpoimgkmbllpdihbnmgphjoipdhf [2016-10-28]
CHR Extension: (Gmail) - C:\Users\Gary_Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-28]
CHR Extension: (Chrome Media Router) - C:\Users\Gary_Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-23]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [omaonpoimgkmbllpdihbnmgphjoipdhf] - C:\Program Files (x86)\Logitech\Harmony Remote Driver\harmony_chrome.crx [2013-12-14]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2015-10-07] (Adobe Systems) [File not signed]
S4 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-10-27] (Dropbox, Inc.)
S4 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-10-27] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51016 2018-01-08] (Dropbox, Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [232320 2017-11-21] (Dell Inc.)
S3 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] ()
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2464400 2012-09-07] (Realsil Microelectronics Inc.)
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193536 2012-03-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [163608 2012-03-06] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-03-29] ()
S2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [323072 2012-09-05] (IDT, Inc.) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [247400 2015-11-13] (Synaptics Incorporated)
R2 SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [117400 2016-06-08] ()
S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] ()
R2 VPNUnlimitedService; C:\Program Files (x86)\VPN Unlimited\vpn-unlimited-daemon.exe [62296 2017-05-16] (KeepSolid Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-03-29] (Intel® Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 adgnetworkwfpdrv; C:\Windows\System32\drivers\adgnetworkwfpdrv.sys [55800 2015-06-02] ()
S3 AE6000; C:\Windows\System32\DRIVERS\AE6000w764.sys [2238104 2015-06-25] (MediaTek Inc.)
S3 CSRBC; C:\Windows\System32\Drivers\rider64.sys [38400 2012-01-31] (CSR plc.)
R3 cykbfltrService; C:\Windows\System32\DRIVERS\cykbfltr.sys [19968 2013-09-13] (Cypress Semiconductor, Inc.)
S3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [32464 2015-09-11] (Dell Computer Corporation)
S3 DellProf; C:\Windows\System32\drivers\DellProf.sys [24240 2015-09-11] (Dell Computer Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77432 2017-11-29] ()
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [55232 2018-01-23] ()
R3 hswpan; C:\Windows\System32\DRIVERS\hswpan.sys [109056 2012-01-27] (Ozmo Inc)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [31712 2015-11-24] (Intel Corporation)
R3 irstrtdv; C:\Windows\System32\DRIVERS\irstrtdv.sys [26504 2012-03-28] (Intel Corporation)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [117912 2012-09-24] (Qualcomm Atheros Co., Ltd.)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193968 2018-01-23] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [110016 2018-01-23] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [46008 2018-01-23] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2018-01-23] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [84256 2018-01-24] (Malwarebytes)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [188992 2016-02-09] (Intel Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\NETwsw01.sys [11534096 2015-05-04] (Intel Corporation)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2017-12-14] (CACE Technologies, Inc.)
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
S3 SmbDrv; C:\Windows\System32\DRIVERS\Smb_driver.sys [21264 2012-03-15] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [42600 2015-11-13] (Synaptics Incorporated)
S3 STHDA; C:\Windows\System32\DRIVERS\stwrt64.sys [542208 2012-09-05] (IDT, Inc.) [File not signed]
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2018-01-23] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2018-01-23] (Zemana Ltd.)
U3 aswbdisk; no ImagePath
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 SWDUMon; system32\DRIVERS\SWDUMon.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-01-24 16:33 - 2018-01-24 16:34 - 000025161 _____ C:\Users\Gary_Linda\Desktop\FRST.txt
2018-01-24 16:33 - 2018-01-24 16:33 - 000000000 ____D C:\FRST
2018-01-24 16:32 - 2018-01-24 16:33 - 002393088 _____ (Farbar) C:\Users\Gary_Linda\Desktop\FRST64.exe
2018-01-24 16:26 - 2018-01-24 16:26 - 000272659 _____ C:\Users\Gary_Linda\Desktop\runscanner.run
2018-01-24 16:12 - 2018-01-24 16:12 - 002248504 _____ (Runscanner.net) C:\Users\Gary_Linda\Desktop\runscanner.exe
2018-01-24 16:12 - 2018-01-24 16:12 - 000000000 ____D C:\Users\Gary_Linda\AppData\Roaming\Runscanner.net
2018-01-23 21:12 - 2018-01-23 21:12 - 000147018 _____ C:\Users\Gary_Linda\Desktop\Payment 1.23.18.pdf
2018-01-23 17:23 - 2018-01-24 16:34 - 000683621 _____ C:\Windows\ZAM.krnl.trace
2018-01-23 17:23 - 2018-01-24 16:33 - 000090969 _____ C:\Windows\ZAM_Guard.krnl.trace
2018-01-23 17:18 - 2018-01-23 17:18 - 000203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2018-01-23 17:18 - 2018-01-23 17:18 - 000203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2018-01-23 17:18 - 2018-01-23 17:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2018-01-23 17:18 - 2018-01-23 17:18 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2018-01-23 17:17 - 2018-01-23 17:17 - 000000000 ____D C:\Users\Gary_Linda\AppData\Local\Zemana
2018-01-23 14:19 - 2018-01-23 14:19 - 000055232 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2018-01-23 14:16 - 2018-01-23 14:16 - 000001864 _____ C:\Windows\system32\.crusader
2018-01-23 14:01 - 2018-01-23 14:17 - 000000000 ____D C:\ProgramData\HitmanPro
2018-01-22 13:10 - 2018-01-23 17:25 - 000110016 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-01-22 12:13 - 2018-01-24 14:34 - 000084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-01-22 12:13 - 2018-01-23 17:25 - 000253880 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-01-22 12:13 - 2018-01-23 17:25 - 000046008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-01-22 12:13 - 2018-01-23 13:43 - 000193968 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-01-22 12:12 - 2018-01-22 12:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-01-22 12:12 - 2018-01-22 12:12 - 000000000 ____D C:\Program Files\Malwarebytes
2018-01-22 12:12 - 2017-11-29 09:11 - 000077432 _____ C:\Windows\system32\Drivers\mbae64.sys
2018-01-22 11:45 - 2018-01-22 11:48 - 000000000 ____D C:\AdwCleaner
2018-01-22 11:32 - 2018-01-22 11:32 - 000080374 _____ C:\Users\Gary_Linda\Desktop\golden_lighting_9903_12_specsheet_17.pdf
2018-01-19 11:48 - 2018-01-19 11:49 - 000005789 _____ C:\Users\Gary_Linda\Desktop\UPC Insurance Payment 1.19.18.pdf
2018-01-19 10:42 - 2018-01-19 10:42 - 000455349 _____ C:\Users\Gary_Linda\Desktop\LAZY SUNDAY SLOUCHY BEANIE JAN 2018.pdf
2018-01-18 10:47 - 2018-01-18 10:47 - 000296968 _____ C:\Users\Gary_Linda\Desktop\G Hayman ck date 010418.pdf
2018-01-13 07:52 - 2018-01-13 07:52 - 000000000 ____D C:\Program Files (x86)\Dell Update
2018-01-11 13:22 - 2018-01-11 13:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-01-10 14:18 - 2018-01-10 14:18 - 000013611 _____ C:\Users\Gary_Linda\Desktop\2017 1098-MORT MORTGAGE 6951 WellsFargo.pdf
2018-01-09 16:43 - 2018-01-09 16:43 - 015620007 _____ C:\Users\Gary_Linda\Downloads\Bottom-Up-Slouchy-Collection.pdf
2018-01-09 08:25 - 2018-01-09 08:25 - 000186159 _____ C:\Users\Gary_Linda\Downloads\legging+pattern+for+girls+18mths-12+years.pdf
2018-01-09 08:06 - 2018-01-09 08:06 - 000245463 _____ C:\Users\Gary_Linda\Downloads\c6G6J75crK2y899q956Z8eJ656J558I76762_98635168.PDF
2018-01-08 16:15 - 2018-01-08 16:15 - 000051016 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2018-01-08 16:15 - 2018-01-08 16:15 - 000045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2018-01-08 16:15 - 2018-01-08 16:15 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2018-01-08 16:15 - 2018-01-08 16:15 - 000045640 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2018-01-08 07:24 - 2018-01-08 07:24 - 000704382 _____ C:\Users\Gary_Linda\Downloads\N_02_08_LacyValentine.pdf
2018-01-05 11:20 - 2017-12-31 21:21 - 005581544 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-01-05 11:20 - 2017-12-31 21:21 - 001680616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2018-01-05 11:20 - 2017-12-31 21:21 - 000948968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2018-01-05 11:20 - 2017-12-31 21:21 - 000708328 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-01-05 11:20 - 2017-12-31 21:21 - 000288488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys
2018-01-05 11:20 - 2017-12-31 21:21 - 000262376 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2018-01-05 11:20 - 2017-12-31 21:21 - 000213736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdyboost.sys
2018-01-05 11:20 - 2017-12-31 21:21 - 000154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-01-05 11:20 - 2017-12-31 21:21 - 000114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2018-01-05 11:20 - 2017-12-31 21:21 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-01-05 11:20 - 2017-12-31 21:19 - 001665384 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 014183936 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 002066432 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 002004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 001942016 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 001867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 001741312 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 001460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 001212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 001110528 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 000977408 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 000961024 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 000863232 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2018-01-05 11:20 - 2017-12-31 21:18 - 000842752 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 000828928 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 000749568 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 000705024 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2018-01-05 11:20 - 2017-12-31 21:18 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 000512000 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 000473600 _____ (Microsoft Corporation) C:\Windows\system32\taskcomp.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 000444928 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 000439296 _____ (Microsoft Corporation) C:\Windows\system32\p2psvc.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 000366592 _____ (Microsoft Corporation) C:\Windows\system32\wcncsvc.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 000327168 _____ (Microsoft Corporation) C:\Windows\system32\pnrpsvc.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 000324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2018-01-05 11:20 - 2017-12-31 21:18 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 000303104 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 000264704 _____ (Microsoft Corporation) C:\Windows\system32\P2P.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 000120320 _____ (Microsoft Corporation) C:\Windows\system32\WcnApi.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 000108544 _____ (Microsoft Corporation) C:\Windows\system32\icfupgd.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 000101376 _____ (Microsoft Corporation) C:\Windows\system32\fdWCN.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 000095744 _____ (Microsoft Corporation) C:\Windows\system32\rascfg.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 000086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 000084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 000076288 _____ (Microsoft Corporation) C:\Windows\system32\rasdiag.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 000070656 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\ndptsp.tsp
2018-01-05 11:20 - 2017-12-31 21:18 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 000047104 _____ (Microsoft Corporation) C:\Windows\system32\kmddsp.tsp
2018-01-05 11:20 - 2017-12-31 21:18 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\rasmxs.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 000039424 _____ (Microsoft Corporation) C:\Windows\system32\traffic.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\rasser.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\WcnEapPeerProxy.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 000024064 _____ (Microsoft Corporation) C:\Windows\system32\WcnEapAuthProxy.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\wfapigp.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\wshqos.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wshnetbs.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-01-05 11:20 - 2017-12-31 21:18 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2018-01-05 11:20 - 2017-12-31 21:13 - 000631680 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2018-01-05 11:20 - 2017-12-31 21:04 - 000559616 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2018-01-05 11:20 - 2017-12-31 21:02 - 001314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-01-05 11:20 - 2017-12-31 21:00 - 012880384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2018-01-05 11:20 - 2017-12-31 21:00 - 001499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2018-01-05 11:20 - 2017-12-31 21:00 - 001417728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2018-01-05 11:20 - 2017-12-31 21:00 - 001390080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2018-01-05 11:20 - 2017-12-31 21:00 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2018-01-05 11:20 - 2017-12-31 21:00 - 000741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2018-01-05 11:20 - 2017-12-31 21:00 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2018-01-05 11:20 - 2017-12-31 21:00 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-01-05 11:20 - 2017-12-31 21:00 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2018-01-05 11:20 - 2017-12-31 21:00 - 000463360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2018-01-05 11:20 - 2017-12-31 21:00 - 000351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2018-01-05 11:20 - 2017-12-31 21:00 - 000304640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskcomp.dll
2018-01-05 11:20 - 2017-12-31 21:00 - 000276992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wcncsvc.dll
2018-01-05 11:20 - 2017-12-31 21:00 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-01-05 11:20 - 2017-12-31 21:00 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2018-01-05 11:20 - 2017-12-31 21:00 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-01-05 11:20 - 2017-12-31 21:00 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2018-01-05 11:20 - 2017-12-31 21:00 - 000217600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\P2P.dll
2018-01-05 11:20 - 2017-12-31 21:00 - 000216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2018-01-05 11:20 - 2017-12-31 21:00 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2018-01-05 11:20 - 2017-12-31 21:00 - 000162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2018-01-05 11:20 - 2017-12-31 21:00 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2018-01-05 11:20 - 2017-12-31 21:00 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2018-01-05 11:20 - 2017-12-31 21:00 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2018-01-05 11:20 - 2017-12-31 21:00 - 000084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2018-01-05 11:20 - 2017-12-31 21:00 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2018-01-05 11:20 - 2017-12-31 21:00 - 000081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdWCN.dll
2018-01-05 11:20 - 2017-12-31 21:00 - 000081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rascfg.dll
2018-01-05 11:20 - 2017-12-31 21:00 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-01-05 11:20 - 2017-12-31 21:00 - 000061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasdiag.dll
2018-01-05 11:20 - 2017-12-31 21:00 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2018-01-05 11:20 - 2017-12-31 21:00 - 000052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2018-01-05 11:20 - 2017-12-31 21:00 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ndptsp.tsp
2018-01-05 11:20 - 2017-12-31 21:00 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2018-01-05 11:20 - 2017-12-31 21:00 - 000033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\traffic.dll
2018-01-05 11:20 - 2017-12-31 21:00 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
2018-01-05 11:20 - 2017-12-31 21:00 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2018-01-05 11:20 - 2017-12-31 21:00 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-01-05 11:20 - 2017-12-31 21:00 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2018-01-05 11:20 - 2017-12-31 21:00 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2018-01-05 11:20 - 2017-12-31 20:59 - 001806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2018-01-05 11:20 - 2017-12-31 20:59 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2018-01-05 11:20 - 2017-12-31 20:59 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-01-05 11:20 - 2017-12-31 20:59 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-01-05 11:20 - 2017-12-31 20:59 - 000309760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2018-01-05 11:20 - 2017-12-31 20:59 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2018-01-05 11:20 - 2017-12-31 20:59 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2018-01-05 11:20 - 2017-12-31 20:59 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2018-01-05 11:20 - 2017-12-31 20:59 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-01-05 11:20 - 2017-12-31 20:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-01-05 11:20 - 2017-12-31 20:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-01-05 11:20 - 2017-12-31 20:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-01-05 11:20 - 2017-12-31 20:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-01-05 11:20 - 2017-12-31 20:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-01-05 11:20 - 2017-12-31 20:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-01-05 11:20 - 2017-12-31 20:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-01-05 11:20 - 2017-12-31 20:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-01-05 11:20 - 2017-12-31 20:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-01-05 11:20 - 2017-12-31 20:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-01-05 11:20 - 2017-12-31 20:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-01-05 11:20 - 2017-12-31 20:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2018-01-05 11:20 - 2017-12-31 20:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-01-05 11:20 - 2017-12-31 20:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-01-05 11:20 - 2017-12-31 20:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2018-01-05 11:20 - 2017-12-31 20:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-01-05 11:20 - 2017-12-31 20:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-01-05 11:20 - 2017-12-31 20:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-01-05 11:20 - 2017-12-31 20:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-01-05 11:20 - 2017-12-31 20:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-01-05 11:20 - 2017-12-31 20:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-01-05 11:20 - 2017-12-31 20:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2018-01-05 11:20 - 2017-12-31 20:55 - 000131584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pacer.sys
2018-01-05 11:20 - 2017-12-31 20:55 - 000088576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys
2018-01-05 11:20 - 2017-12-31 20:55 - 000058368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys
2018-01-05 11:20 - 2017-12-31 20:55 - 000045056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbios.sys
2018-01-05 11:20 - 2017-12-31 20:55 - 000024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndistapi.sys
2018-01-05 11:20 - 2017-12-31 20:54 - 004013800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2018-01-05 11:20 - 2017-12-31 20:54 - 003959016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2018-01-05 11:20 - 2017-12-31 20:54 - 000077312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2018-01-05 11:20 - 2017-12-31 20:50 - 000455680 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2018-01-05 11:20 - 2017-12-31 20:49 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-01-05 11:20 - 2017-12-31 20:49 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-01-05 11:20 - 2017-12-31 20:49 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-01-05 11:20 - 2017-12-31 20:49 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-01-05 11:20 - 2017-12-31 20:46 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2018-01-05 11:20 - 2017-12-31 20:45 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-01-05 11:20 - 2017-12-31 20:43 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcnApi.dll
2018-01-05 11:20 - 2017-12-31 20:43 - 000038912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kmddsp.tsp
2018-01-05 11:20 - 2017-12-31 20:43 - 000033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasmxs.dll
2018-01-05 11:20 - 2017-12-31 20:43 - 000022528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasser.dll
2018-01-05 11:20 - 2017-12-31 20:43 - 000020480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcnEapPeerProxy.dll
2018-01-05 11:20 - 2017-12-31 20:43 - 000019968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcnEapAuthProxy.dll
2018-01-05 11:20 - 2017-12-31 20:43 - 000018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wfapigp.dll
2018-01-05 11:20 - 2017-12-31 20:43 - 000013824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshqos.dll
2018-01-05 11:20 - 2017-12-31 20:42 - 000460288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2018-01-05 11:20 - 2017-12-31 20:42 - 000406016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2018-01-05 11:20 - 2017-12-31 20:42 - 000168448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2018-01-05 11:20 - 2017-12-31 20:42 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-01-05 11:20 - 2017-12-31 20:41 - 000754176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2018-01-05 11:20 - 2017-12-31 20:41 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-01-05 11:20 - 2017-12-31 20:41 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-01-05 11:20 - 2017-12-31 20:41 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-01-05 11:20 - 2017-12-31 20:41 - 000106496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2018-01-05 11:20 - 2017-12-31 20:41 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-01-05 11:20 - 2017-12-31 20:41 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
2018-01-05 11:20 - 2017-12-31 20:39 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2018-01-05 11:20 - 2017-12-31 20:36 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2018-01-05 11:20 - 2017-12-31 20:36 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2018-01-05 11:20 - 2017-12-31 20:36 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2018-01-05 11:20 - 2017-12-31 20:36 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2018-01-05 11:20 - 2017-12-31 20:35 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2018-01-05 11:20 - 2017-12-31 20:35 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2018-01-05 11:20 - 2017-12-31 20:35 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-01-05 11:20 - 2017-12-31 20:35 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-01-05 11:20 - 2017-12-31 20:35 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2018-01-05 11:20 - 2017-12-30 02:29 - 000395968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-01-05 11:20 - 2017-12-30 01:42 - 000347328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-01-05 11:20 - 2017-12-29 13:39 - 020274688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-01-05 11:20 - 2017-12-29 13:24 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2018-01-05 11:20 - 2017-12-29 13:13 - 000499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-01-05 11:20 - 2017-12-29 13:13 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2018-01-05 11:20 - 2017-12-29 13:12 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2018-01-05 11:20 - 2017-12-29 13:12 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2018-01-05 11:20 - 2017-12-29 13:11 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2018-01-05 11:20 - 2017-12-29 13:09 - 002294272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-01-05 11:20 - 2017-12-29 13:06 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2018-01-05 11:20 - 2017-12-29 13:06 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2018-01-05 11:20 - 2017-12-29 13:04 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2018-01-05 11:20 - 2017-12-29 13:03 - 000662528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-01-05 11:20 - 2017-12-29 13:03 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-01-05 11:20 - 2017-12-29 13:03 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2018-01-05 11:20 - 2017-12-29 12:55 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2018-01-05 11:20 - 2017-12-29 12:51 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2018-01-05 11:20 - 2017-12-29 12:50 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2018-01-05 11:20 - 2017-12-29 12:50 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2018-01-05 11:20 - 2017-12-29 12:47 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2018-01-05 11:20 - 2017-12-29 12:47 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2018-01-05 11:20 - 2017-12-29 12:46 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2018-01-05 11:20 - 2017-12-29 12:45 - 004508160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-01-05 11:20 - 2017-12-29 12:44 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2018-01-05 11:20 - 2017-12-29 12:39 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-01-05 11:20 - 2017-12-29 12:38 - 013680128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-01-05 11:20 - 2017-12-29 12:38 - 000694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-01-05 11:20 - 2017-12-29 12:37 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-01-05 11:20 - 2017-12-29 12:36 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2018-01-05 11:20 - 2017-12-29 12:19 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-01-05 11:20 - 2017-12-29 12:15 - 001313792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-01-05 11:20 - 2017-12-29 12:13 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-01-05 11:20 - 2017-12-29 04:15 - 025737728 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-01-05 11:20 - 2017-12-29 04:04 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2018-01-05 11:20 - 2017-12-29 04:04 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2018-01-05 11:20 - 2017-12-29 03:52 - 002900480 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-01-05 11:20 - 2017-12-29 03:51 - 005796352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-01-05 11:20 - 2017-12-29 03:51 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2018-01-05 11:20 - 2017-12-29 03:50 - 000577024 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-01-05 11:20 - 2017-12-29 03:50 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2018-01-05 11:20 - 2017-12-29 03:50 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2018-01-05 11:20 - 2017-12-29 03:50 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2018-01-05 11:20 - 2017-12-29 03:44 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2018-01-05 11:20 - 2017-12-29 03:43 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2018-01-05 11:20 - 2017-12-29 03:40 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2018-01-05 11:20 - 2017-12-29 03:39 - 000817152 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-01-05 11:20 - 2017-12-29 03:39 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-01-05 11:20 - 2017-12-29 03:39 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2018-01-05 11:20 - 2017-12-29 03:39 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2018-01-05 11:20 - 2017-12-29 03:32 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2018-01-05 11:20 - 2017-12-29 03:28 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2018-01-05 11:20 - 2017-12-29 03:22 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2018-01-05 11:20 - 2017-12-29 03:22 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2018-01-05 11:20 - 2017-12-29 03:21 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2018-01-05 11:20 - 2017-12-29 03:18 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2018-01-05 11:20 - 2017-12-29 03:18 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2018-01-05 11:20 - 2017-12-29 03:16 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2018-01-05 11:20 - 2017-12-29 03:14 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2018-01-05 11:20 - 2017-12-29 03:05 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2018-01-05 11:20 - 2017-12-29 03:04 - 015284224 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-01-05 11:20 - 2017-12-29 03:03 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-01-05 11:20 - 2017-12-29 03:03 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2018-01-05 11:20 - 2017-12-29 03:01 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2018-01-05 11:20 - 2017-12-29 03:01 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2018-01-05 11:20 - 2017-12-29 02:50 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-01-05 11:20 - 2017-12-29 02:39 - 001545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-01-05 11:20 - 2017-12-29 02:27 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-01-05 11:20 - 2017-12-21 01:27 - 000634312 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2018-01-05 11:20 - 2017-12-13 11:31 - 000383720 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2018-01-05 11:20 - 2017-12-13 11:27 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2018-01-05 11:20 - 2017-12-13 11:27 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2018-01-05 11:20 - 2017-12-13 11:27 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2018-01-05 11:20 - 2017-12-13 11:27 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2018-01-05 11:20 - 2017-12-13 11:15 - 000309480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2018-01-05 11:20 - 2017-12-13 11:11 - 000071168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2018-01-05 11:20 - 2017-12-13 11:11 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2018-01-05 11:20 - 2017-12-13 11:11 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2018-01-05 11:20 - 2017-12-13 10:50 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2018-01-05 11:20 - 2017-12-05 12:36 - 000625664 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2018-01-05 11:20 - 2017-12-05 12:36 - 000250880 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
2018-01-05 11:20 - 2017-12-05 12:36 - 000040960 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll
2018-01-05 11:20 - 2017-12-05 12:08 - 000481792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2018-01-05 11:20 - 2017-12-05 12:08 - 000215040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icm32.dll
2018-01-05 11:20 - 2017-12-05 10:59 - 003222528 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2018-01-05 11:20 - 2017-12-05 10:49 - 000032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcsPlugInService.dll
2018-01-05 09:00 - 2018-01-05 09:01 - 158690064 _____ (Microsoft Corporation) C:\Users\Gary_Linda\Downloads\msert.exe
2017-12-29 08:47 - 2018-01-24 14:34 - 000412906 _____ C:\Windows\ntbtlog.txt
2017-12-29 08:41 - 2017-12-29 08:42 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2017-12-29 08:41 - 2017-12-29 08:41 - 002376368 _____ (Kaspersky Lab) C:\Users\Gary_Linda\Downloads\kfa18.0.0.405aben_12579.exe
2017-12-29 07:48 - 2017-12-29 07:48 - 000030075 _____ C:\ProgramData\agent.uninstall.1514551694.bdinstall.bin
2017-12-28 16:22 - 2017-12-28 16:22 - 000000000 ____D C:\Program Files\Common Files\Avast Software
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-01-24 16:09 - 2016-11-17 16:57 - 000000000 ____D C:\Users\Gary_Linda\AppData\LocalLow\Mozilla
2018-01-24 15:58 - 2013-08-14 13:54 - 000000000 ____D C:\Users\Gary_Linda
2018-01-24 10:51 - 2009-07-13 23:45 - 000028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-01-24 10:51 - 2009-07-13 23:45 - 000028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-01-23 21:37 - 2015-10-19 07:20 - 000000000 ____D C:\Users\Gary_Linda\Desktop\Misc
2018-01-23 17:31 - 2013-08-18 02:02 - 000000000 ____D C:\Users\Gary_Linda\AppData\Roaming\Skype
2018-01-23 17:24 - 2017-08-28 10:52 - 000000000 ____D C:\Users\Gary_Linda\Desktop\Keto Recipes
2018-01-23 17:24 - 2013-08-06 14:10 - 000000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2018-01-23 17:24 - 2013-08-06 14:10 - 000000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2018-01-23 17:24 - 2013-08-06 13:56 - 000000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2018-01-23 17:24 - 2013-08-06 13:50 - 000003284 _____ C:\Windows\System32\Tasks\Intel® Rapid Start Technology Manager
2018-01-23 17:23 - 2015-08-31 10:53 - 000000482 _____ C:\Windows\Tasks\SDMsgUpdate (SD).job
2018-01-23 17:23 - 2015-04-02 18:31 - 000000000 ____D C:\ProgramData\AVAST Software
2018-01-23 17:23 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-01-23 17:07 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2018-01-23 17:06 - 2015-07-08 09:36 - 000000000 ____D C:\Program Files\Common Files\AV
2018-01-22 12:12 - 2015-04-05 13:13 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-01-22 11:48 - 2017-12-14 15:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2018-01-22 11:48 - 2017-08-16 13:30 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-01-22 11:48 - 2015-12-07 11:42 - 000000000 ____D C:\Program Files (x86)\iolo
2018-01-19 10:33 - 2013-08-06 13:51 - 000000000 ___HD C:\Windows\system32\WLANProfiles
2018-01-19 09:17 - 2011-02-10 11:10 - 000776260 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2018-01-19 09:17 - 2009-07-14 00:13 - 000776260 _____ C:\Windows\system32\PerfStringBackup.INI
2018-01-17 10:31 - 2016-03-17 09:31 - 000000420 _____ C:\Windows\Tasks\DriverDR Scheduled Scan.job
2018-01-13 07:52 - 2013-08-06 13:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2018-01-11 13:22 - 2015-10-27 13:52 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-01-10 19:01 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\rescache
2018-01-10 14:09 - 2017-11-23 06:08 - 000000000 ____D C:\Users\Gary_Linda\Desktop\Alaska Trip
2018-01-10 08:44 - 2013-09-12 06:47 - 000000000 ____D C:\Windows\system32\MRT
2018-01-10 07:37 - 2017-10-11 06:03 - 129365736 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-01-10 07:37 - 2013-09-12 06:47 - 129365736 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-01-08 23:08 - 2016-10-28 20:46 - 000002197 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-01-06 19:24 - 2013-08-14 15:37 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-01-06 19:24 - 2009-07-13 23:45 - 000369136 _____ C:\Windows\system32\FNTCACHE.DAT
2018-01-05 08:28 - 2015-03-22 19:58 - 000000000 ____D C:\Users\Gary_Linda\Documents\LH Interiors
2018-01-01 08:50 - 2013-09-12 17:07 - 000000000 ____D C:\Users\Gary_Linda\AppData\Local\ElevatedDiagnostics
2017-12-29 08:26 - 2015-07-29 07:46 - 000000000 ____D C:\ProgramData\Apple
2017-12-29 08:17 - 2015-04-30 17:20 - 000000000 ____D C:\Users\Gary_Linda\AppData\Local\CrashDumps
2017-12-29 07:51 - 2013-08-06 13:38 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-12-29 07:51 - 2013-08-06 13:38 - 000000000 ____D C:\Windows\system32\Macromed
2017-12-29 07:49 - 2015-08-31 09:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartDraw CI
2017-12-29 05:36 - 2013-08-14 20:40 - 000000000 ____D C:\Users\Gary_Linda\Documents\Recordkeeping
2017-12-28 21:02 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\system32\NDF
2017-12-28 17:02 - 2016-11-16 07:59 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-12-28 16:42 - 2015-04-30 16:58 - 000000000 ____D C:\Users\Gary_Linda\AppData\Local\Avg
2017-12-28 16:37 - 2016-03-02 21:44 - 000004314 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-12-28 16:36 - 2013-08-06 13:58 - 000000000 ____D C:\ProgramData\Skype
2017-12-28 16:13 - 2015-04-30 16:57 - 000000000 ____D C:\ProgramData\AVG
2017-12-28 16:13 - 2013-11-18 13:01 - 000000000 ____D C:\Program Files (x86)\AVG
2017-12-28 16:12 - 2015-08-13 06:10 - 000000000 ____D C:\Users\Gary_Linda\AppData\Local\AvgSetupLog
2017-12-28 15:15 - 2013-08-14 20:42 - 001934624 _____ (FUHU, Inc.) C:\Users\Gary_Linda\Documents\urDrive.exe
==================== Files in the root of some directories =======
2015-11-25 09:46 - 2015-11-25 09:46 - 000000262 _____ () C:\ProgramData\fontcacheev1.dat
2013-08-14 15:33 - 2015-10-20 19:09 - 000003581 _____ () C:\Users\Gary_Linda\AppData\Roaming\AbsoluteReminder.xml
2015-10-14 16:15 - 2015-10-14 16:15 - 000194228 _____ () C:\Users\Gary_Linda\AppData\Local\ars.cache
2015-10-14 16:15 - 2015-10-14 16:15 - 000485034 _____ () C:\Users\Gary_Linda\AppData\Local\census.cache
2017-10-15 16:01 - 2017-10-15 16:01 - 000003584 _____ () C:\Users\Gary_Linda\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-10-14 15:48 - 2015-10-14 15:48 - 000000036 _____ () C:\Users\Gary_Linda\AppData\Local\housecall.guid.cache
2013-10-31 17:41 - 2016-07-29 12:04 - 000007606 _____ () C:\Users\Gary_Linda\AppData\Local\Resmon.ResmonCfg
2015-10-14 16:06 - 2015-10-14 16:06 - 000000010 _____ () C:\Users\Gary_Linda\AppData\Local\sponge.last.runtime.cache
2017-08-15 20:00 - 2017-08-15 20:01 - 000003136 _____ () C:\Users\Gary_Linda\AppData\Local\WiDiSetupLog.20170815.210031.txt
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-01-18 00:48
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21.01.2018
Ran by Gary_Linda (24-01-2018 16:34:30)
Running from C:\Users\Gary_Linda\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2013-08-14 18:54:29)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3615104535-3221751416-1031096358-500 - Administrator - Disabled)
Gary_Linda (S-1-5-21-3615104535-3221751416-1031096358-1001 - Administrator - Enabled) => C:\Users\Gary_Linda
Guest (S-1-5-21-3615104535-3221751416-1031096358-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3615104535-3221751416-1031096358-1002 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
. . . (HKLM\...\{DB52A2D0-CAA1-4ED1-B122-29E7EDDE187F}) (Version: 2.1.28.3 - Intel) Hidden
. . . (HKLM-x32\...\{06DA421D-EE23-487D-878F-F0AF97EF69AD}) (Version: 2.6.1.4 - Intel) Hidden
Absolute Reminder (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 2.0.0.19 - Absolute Software)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
AutoHotkey 1.1.23.01 (HKLM\...\AutoHotkey) (Version: 1.1.23.01 - Lexikos)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Box Tools (HKLM-x32\...\{3772CE68-55C8-46C9-8AFC-F5B888E7903E}) (Version: 3.5.3.383 - Box)
Bride Box (HKLM-x32\...\{79C58877-EE8D-4C64-BDA9-CAD3D7D4FD11}) (Version: 8.7.4546 - Digilabs)
Cardo Updater (HKLM-x32\...\Cardo Updater_is1) (Version: - Cardo Systems, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.15 - Piriform)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.67 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{1B706C33-57B3-411B-BB6E-C4A2CF38AF35}) (Version: 3.4.1002.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 2.0.6875.402 - Dell)
Dell System Detect (HKU\S-1-5-21-3615104535-3221751416-1031096358-1001\...\d24084d039586cae) (Version: 8.5.0.4 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 19.0.27.6 - Synaptics Incorporated)
Dell Update (HKLM-x32\...\{632610E3-5B12-403C-9C93-EF533ED1C113}) (Version: 1.10.5.0 - Dell Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 41.4.80 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.27.37 - Dropbox, Inc.) Hidden
eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
Edraw Max 7 (HKLM-x32\...\Edraw Max_is1) (Version: - EdrawSoft)
f.lux (HKU\S-1-5-21-3615104535-3221751416-1031096358-1001\...\Flux) (Version: - )
ffdshow [rev 2527] [2008-12-19] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.3 - Google Inc.) Hidden
Harmony Browser Plug-in (HKLM-x32\...\{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}) (Version: 2.0 - Logitech)
HP Officejet 6500 E710n-z Basic Device Software (HKLM\...\{D79A5962-7305-41B9-A39E-A98AB598F372}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6426.0 - IDT)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.4.1441 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2669 - Intel Corporation)
Intel® PROSet/Wireless for Bluetooth® + High Speed (HKLM\...\{37EC048A-81A2-452A-8D1F-3BE2018E767D}) (Version: 15.1.0.0096 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{3015F546-6C3E-4E6A-B564-BCDF88C0BA2A}) (Version: 2.1.1.0153 - Intel Corporation)
Intel® Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 1.0.0.1024 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.6.245 - Intel Corporation)
Intel® WiDi (HKLM\...\{4E4282C3-F66E-4852-837A-7675527178C2}) (Version: 3.1.26.0 - Intel Corporation)
Intel® Wireless Music device driver (HKLM\...\{4169B8AC-D144-4E38-A9CA-637EA44129ED}) (Version: 1.5.5323.0 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{fe2eebd3-ee15-4538-bb19-b627e3f2a911}) (Version: 2.6.1.4 - Intel)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{54EB8041-1115-4406-AA4B-44D236E84B3B}) (Version: 15.01.1000.0927 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
KMPlayer (HKLM-x32\...\The KMPlayer) (Version: 4.0.5.3 - PandoraTV)
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass)
Linksys AE6000 Driver (HKLM-x32\...\{1AAA5D39-9E81-4B3E-923B-9309B2B5A7E8}) (Version: 1.1.0.8 - Linksys, LLC)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 56.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 56.0 (x86 en-US)) (Version: 56.0 - Mozilla)
Mozilla Firefox 57.0.4 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0.4 (x64 en-US)) (Version: 57.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nik Collection (HKLM-x32\...\Nik Collection) (Version: 1.2.11 - Google)
OpenDNS Updater 2.2.1 (HKLM-x32\...\OpenDNS Updater) (Version: 2.2.1 - )
PDF reDirect (remove only) (HKLM-x32\...\PDF reDirect) (Version: v2.5.2 - EXP Systems LLC)
Qualcomm Atheros Ethernet Controller (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.12 - Qualcomm Atheros Inc.)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.003 - Dell Inc.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.2.8400.39034 - Realtek Semiconductor Corp.)
Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
Scrivener (HKLM-x32\...\Scrivener 1900) (Version: 1900 - Literature and Latte)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype Web Plugin (HKLM-x32\...\{D116C78B-2A53-4BF9-A089-5BE0E132C10C}) (Version: 7.25.0.32 - Skype Technologies S.A.)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.151 - Skype Technologies S.A.)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VPN Unlimited 4.1 (HKLM-x32\...\{DC24521E-872B-41AF-93EA-FE477902D6FB}_is1) (Version: 4.1 - KeepSolid Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WORDsearch 10 (HKLM-x32\...\{4420F521-D5EC-487D-9AAB-AD30AF903A52}) (Version: 10 - WORDsearch Corp) Hidden
WORDsearch 10 (HKLM-x32\...\WORDsearch 10) (Version: - LifeWay)
XMind 7 (Update 1) (v3.6.1) (HKLM-x32\...\XMind_is1) (Version: 3.6.1.201512240104 - XMind Ltd.)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3615104535-3221751416-1031096358-1001_Classes\CLSID\{1233A989-8A71-4FED-9712-C4F07707E209}\InprocServer32 -> C:\Users\Gary_Linda\AppData\Local\SkypePlugin\7.25.0.32\GatewayActiveX-x64.dll (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-3615104535-3221751416-1031096358-1001_Classes\CLSID\{13C484D6-AD2C-46D9-9581-1E03CBED164C}\localserver32 -> C:\Users\Gary_Linda\AppData\Local\SkypePlugin\7.25.0.32\GatewayVersion-x64.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-3615104535-3221751416-1031096358-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> "C:\Windows\system32\igfxEM.exe" => No File
CustomCLSID: HKU\S-1-5-21-3615104535-3221751416-1031096358-1001_Classes\CLSID\{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2}\localserver32 -> C:\Users\Gary_Linda\AppData\Local\SkypePlugin\7.25.0.32\EdgeCalling.exe (Skype Technologies S.A.)
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2018-01-23] ()
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2018-01-08] (Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-02-27] (Intel Corporation)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2018-01-23] ()
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {093721C9-CB57-4DC9-855B-042A6AA7DF93} - System32\Tasks\Uafdsiuirecri => C:\ProgramData\Uafdsiuirecri\1.0.7.1\diemiimu.exe
Task: {1213541F-1274-4173-B3A7-A315AB3C9E91} - System32\Tasks\SDMsgUpdate (SD) => C:\PROGRA~2\SMARTD~1\Messages\SDNotify.exe
Task: {149D65EB-0831-464E-BC36-65413D41D362} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-26] (Google Inc.)
Task: {1DFE65CF-020D-48EE-B8BA-D2F02370969F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-02-12] (Piriform Ltd)
Task: {24C6951A-87A4-430C-A920-0B81153CD61B} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe
Task: {25C55FE6-8D47-4F92-AB09-ED585FEF03E5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
Task: {2D38E994-B273-4471-827C-CABAF0880F23} - System32\Tasks\IntelBootstrapCCDashServer => C:\Program Files\Intel\WiFi\bin\CCDashServer.exe [2012-03-29] (Intel® Corporation)
Task: {2FDEED3D-1B13-4993-AD9D-5D7E254D3A57} - System32\Tasks\{69579E4F-76AF-454A-995C-3CAA87488A86} => C:\Windows\system32\pcalua.exe -a C:\Users\Gary_Linda\Downloads\VerizonWindowsInstaller.exe -d C:\Users\Gary_Linda\Downloads
Task: {394FE171-C443-43F1-8E77-05E30D8A59DD} - System32\Tasks\{481DE801-0CAB-4D12-8D6F-4B6DEAE56310} => C:\Windows\system32\pcalua.exe -a C:\Users\Gary_Linda\Downloads\Install_PDFR_v224.exe -d C:\Users\Gary_Linda\Downloads
Task: {4032E8AB-E16D-4460-AE5D-BE200843FA0E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-26] (Google Inc.)
Task: {46007236-FCC7-46B1-98D0-76BC509641F3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: {54DD6625-D0E1-42B4-8D1F-3A5265B43EE5} - System32\Tasks\Intel® Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [2012-03-27] (Intel)
Task: {55C0197A-0AB0-4BC5-9638-701B7D611069} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
Task: {65295EC3-F7D8-4E63-A58F-C4CFC2D5CBF9} - System32\Tasks\{51FECAA6-2F1D-4AEF-8CBD-AEB06C57A4D7} => C:\Windows\system32\pcalua.exe -a C:\Users\Gary_Linda\Desktop\jxpiinstall(1).exe -d C:\Users\Gary_Linda\Desktop
Task: {6FFAA8C6-7E12-478B-85E3-0BD206783AEF} - System32\Tasks\SmartDraw Validation Service => C:\Program Files (x86)\SmartDraw CI\SmartDraw.exe
Task: {75F293C8-E54F-4E28-9C75-131EC4603E9F} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {91A309DE-FA9F-485E-A06E-1E012BC82AE0} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-10-27] (Dropbox, Inc.)
Task: {B191C22C-51CA-4D92-9BCB-E5AF3D219666} - System32\Tasks\Logon_Trigger_WPS_Mon_Task => C:\Program Files (x86)\Linksys AE6000\WPS_Mon.exe [2015-07-01] (Linksys, LLC)
Task: {C0D782D0-1CAA-4EB1-9166-F94AB9050B6E} - System32\Tasks\{DC01F332-3574-46B5-81D8-EE83EC4FC787} => C:\Windows\system32\pcalua.exe -a C:\Users\Gary_Linda\Documents\unInstaller.exe -d C:\Users\Gary_Linda\Documents
Task: {C4B21A0E-97D9-41C9-A56A-90922B5CA654} - System32\Tasks\DriverDR Scheduled Scan => C:\Program Files\DriverDR.com\DriverDR\DriverDR.exe
Task: {C730A888-8AFD-450D-B8D2-C68BEFFB264D} - System32\Tasks\0316avzUpdateInfo => C:\ProgramData\Avg_Update_0316avz\0316avz_AVG-Secure-Search-Update.exe
Task: {C968F419-885B-4292-A40C-A892759339B5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {DD69F097-B162-400B-BFEE-9412963CEFE4} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {E1970AAB-5582-421C-A9D8-BA351624AA10} - System32\Tasks\USER_ESRV_SVC_WILLAMETTE => "C:\Windows\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\task.vbs"
Task: {E8D4FEE5-108B-45EA-9DDA-6925DB237F73} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2017-05-29] (PC-Doctor, Inc.)
Task: {F419FE61-5AB3-4FD1-8183-8E3A497CC4D0} - System32\Tasks\{660F0201-43FA-42C5-B960-486AF309956E} => C:\Windows\system32\pcalua.exe -a C:\ProgramData\CrimeWatch\uninstall.exe
Task: {F60BF65B-0E71-4AFB-AB7A-92721282B5FB} - System32\Tasks\{E21FA52E-710A-4730-BE6D-BE35CDAB3617} => C:\Windows\system32\pcalua.exe -a C:\Users\Gary_Linda\Desktop\Audio_IDT_W74_A01_Setup-FKRT4_ZPE.exe -d C:\Users\Gary_Linda\Desktop
Task: {F833BC37-2FD8-4F89-82EF-E5E7208904CB} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-10-27] (Dropbox, Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\0316avzUpdateInfo.job => C:\ProgramData\Avg_Update_0316avz\0316avz_AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\DriverDR Scheduled Scan.job => C:\Program Files\DriverDR.com\DriverDR\DriverDR.exe--scan C:\Program Files\DriverDR.com
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\SDMsgUpdate (SD).job => C:\PROGRA~2\SMARTD~1\Messages\SDNotify.exe\-PSD -V22000000 -SSDU.ini -A -Mhxxp:/www.smartdraw.com/msgs/messagecheck.asp
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2010-06-06 09:20 - 2010-06-06 09:20 - 000065344 _____ () C:\Windows\System32\PDFreDirectMon64.dll
2016-06-08 17:04 - 2016-06-08 17:04 - 000117400 _____ () C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
2013-08-06 13:56 - 2012-01-26 21:49 - 002751808 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2018-01-22 12:12 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-01-22 12:12 - 2017-11-29 09:11 - 002358728 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2013-08-06 14:49 - 2012-02-28 02:07 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2017-05-16 15:54 - 2017-05-16 14:37 - 000013312 _____ () C:\Program Files (x86)\VPN Unlimited\QtWebEngineProcess.exe
2017-10-16 17:31 - 2012-11-27 14:12 - 001210256 ____N () C:\Program Files (x86)\Linksys AE6000\RaWLAPI.dll
2016-10-24 20:21 - 2017-05-16 18:25 - 000111448 _____ () C:\Program Files (x86)\VPN Unlimited\enc.dll
2016-10-24 20:21 - 2017-05-16 18:25 - 001097560 _____ () C:\Program Files (x86)\VPN Unlimited\rpc_lib.dll
2016-10-24 20:21 - 2017-05-16 18:25 - 000827224 _____ () C:\Program Files (x86)\VPN Unlimited\open_vpn_wrapper_lib.dll
2016-10-24 20:21 - 2017-05-16 18:25 - 000046424 _____ () C:\Program Files (x86)\VPN Unlimited\qtkeychain.dll
2017-09-22 14:28 - 2017-09-22 14:28 - 000140664 _____ () C:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2017-11-21 13:50 - 2017-11-21 13:50 - 000134016 _____ () C:\Program Files (x86)\Dell Update\ServiceTagPlusPlus.dll
2018-01-11 13:21 - 2018-01-08 16:15 - 000732480 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2018-01-11 13:21 - 2018-01-08 16:15 - 002061632 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2017-10-04 15:24 - 2018-01-08 16:15 - 000100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2017-10-04 15:24 - 2018-01-08 16:15 - 000018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2017-10-04 15:24 - 2018-01-08 16:16 - 000020800 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2017-10-04 15:24 - 2018-01-08 16:15 - 000035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2017-10-04 15:24 - 2018-01-08 16:15 - 000694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2018-01-11 13:21 - 2018-01-08 16:16 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-10-04 15:24 - 2018-01-08 16:15 - 000130512 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2018-01-11 13:21 - 2018-01-08 16:16 - 001856848 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2018-01-11 13:21 - 2018-01-08 16:16 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2018-01-11 13:21 - 2018-01-08 16:15 - 000145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2018-01-11 13:21 - 2018-01-08 16:15 - 000116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2017-10-04 15:24 - 2018-01-08 16:15 - 000105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2017-10-04 15:24 - 2018-01-08 16:16 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2018-01-11 13:21 - 2018-01-08 16:16 - 000063296 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-10-04 15:24 - 2018-01-08 16:15 - 000024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2018-01-11 13:21 - 2018-01-08 16:16 - 000040248 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2018-01-11 13:21 - 2018-01-08 16:15 - 000020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2017-10-04 15:24 - 2018-01-08 16:15 - 000124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2017-10-04 15:24 - 2018-01-08 16:15 - 000116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2018-01-11 13:21 - 2018-01-08 16:15 - 000392656 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-10-04 15:24 - 2018-01-08 16:16 - 000392512 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2017-10-04 15:24 - 2018-01-08 16:16 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-10-04 15:24 - 2018-01-08 16:15 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2017-10-04 15:24 - 2018-01-08 16:15 - 000175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2017-10-04 15:24 - 2018-01-08 16:15 - 000030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2017-10-04 15:24 - 2018-01-08 16:15 - 000043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2017-10-04 15:24 - 2018-01-08 16:15 - 000026056 _____ () C:\Program Files (x86)\Dropbox\Client\win32job.pyd
2017-10-04 15:24 - 2018-01-08 16:15 - 000048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2017-10-04 15:24 - 2018-01-08 16:15 - 000057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2018-01-11 13:21 - 2018-01-08 16:16 - 000021824 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-10-04 15:24 - 2018-01-08 16:17 - 000023368 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.pyd
2018-01-11 13:21 - 2018-01-08 16:16 - 000022856 _____ () C:\Program Files (x86)\Dropbox\Client\crashpad.compiled._Crashpad.pyd
2017-10-04 15:24 - 2018-01-08 16:16 - 000066392 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2018-01-11 13:21 - 2018-01-08 16:16 - 001796920 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2017-10-04 15:24 - 2018-01-08 16:15 - 000084424 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2018-01-11 13:21 - 2018-01-08 16:16 - 001956152 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2018-01-11 13:21 - 2018-01-08 16:16 - 003859264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2018-01-11 13:21 - 2018-01-08 16:16 - 000155464 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2018-01-11 13:21 - 2018-01-08 16:16 - 000521024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2018-01-11 13:21 - 2018-01-08 16:16 - 000050496 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineCore.pyd
2018-01-11 13:21 - 2018-01-08 16:16 - 000042304 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2018-01-11 13:21 - 2018-01-08 16:16 - 000131384 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2018-01-11 13:21 - 2018-01-08 16:16 - 000218944 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2018-01-11 13:21 - 2018-01-08 16:16 - 000204096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-10-04 15:24 - 2018-01-08 16:17 - 000025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-10-04 15:24 - 2018-01-08 16:15 - 000060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-10-04 15:24 - 2018-01-08 16:17 - 000054608 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-10-04 15:24 - 2018-01-08 16:15 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-10-04 15:24 - 2018-01-08 16:17 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-10-04 15:24 - 2018-01-08 16:15 - 000028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-10-04 15:24 - 2018-01-08 16:16 - 000022360 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-10-04 15:24 - 2018-01-08 16:17 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-10-04 15:24 - 2018-01-08 16:17 - 000022360 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2018-01-11 13:21 - 2018-01-08 16:16 - 000027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-10-04 15:24 - 2018-01-08 16:15 - 000349128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-10-04 15:24 - 2018-01-08 16:17 - 000023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2018-01-11 13:21 - 2018-01-08 16:16 - 000025424 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2018-01-11 13:21 - 2018-01-08 16:15 - 000036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2018-01-11 13:21 - 2018-01-08 16:16 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.advapi32.compiled._winffi_advapi32.pyd
2018-01-11 13:21 - 2018-01-08 16:16 - 000181056 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-10-04 15:24 - 2018-01-08 16:16 - 000030536 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2018-01-11 13:21 - 2018-01-08 16:16 - 000024368 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.DLL
2018-01-11 13:21 - 2018-01-08 16:16 - 001638200 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-10-04 15:24 - 2018-01-08 16:17 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2018-01-11 13:21 - 2018-01-08 16:16 - 000545080 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2018-01-11 13:21 - 2018-01-08 16:16 - 000359224 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2018-01-11 13:21 - 2018-01-08 16:16 - 000038208 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngine.pyd
2013-08-06 13:44 - 2012-03-06 14:27 - 001198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Gary_Linda\Documents\urDrive.exe:BDU [1]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-3615104535-3221751416-1031096358-1001\...\dell.com -> dell.com
IE trusted site: HKU\S-1-5-21-3615104535-3221751416-1031096358-1001\...\localhost -> localhost
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:34 - 2017-07-13 18:25 - 000000826 _____ C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3615104535-3221751416-1031096358-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Gary_Linda\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 208.67.220.220 - 208.67.222.222
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Install LastPass IE RunOnce.lnk => C:\Windows\pss\Install LastPass IE RunOnce.lnk.CommonStartup
MSCONFIG\startupreg: BLEServicesCtrl => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
MSCONFIG\startupreg: Dropbox => "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
MSCONFIG\startupreg: IndexSearch => "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"
MSCONFIG\startupreg: IntelMyWiFiDashboard => C:\Program Files\Intel\WiFi\bin\CCDashServer.exe /startup
MSCONFIG\startupreg: PaperPort PTD => "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"
MSCONFIG\startupreg: PDF5 Registry Controller => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe
MSCONFIG\startupreg: PDFHook => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe
MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{0529942E-D761-4D07-A8B9-E7DD9D91159C}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [TCP Query User{4E2828C8-FDD0-4EF7-9868-3AD4200766CD}C:\program files (x86)\cardo updater\cardoupdater.exe] => (Allow) C:\program files (x86)\cardo updater\cardoupdater.exe
FirewallRules: [UDP Query User{8BE79BCA-7ABB-4787-896E-07C5DE875F23}C:\program files (x86)\cardo updater\cardoupdater.exe] => (Allow) C:\program files (x86)\cardo updater\cardoupdater.exe
FirewallRules: [{8E924227-C080-4054-B7BD-4E69CA0B9B6C}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\bin\FaxApplications.exe
FirewallRules: [{BD480D5B-68C2-4E15-B1EF-633B8E0BE2BC}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\bin\DigitalWizards.exe
FirewallRules: [{E67FD6A4-69C3-4981-A2B6-AEECD16E7F92}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\bin\SendAFax.exe
FirewallRules: [{1C38FF46-4FD2-4B1E-BC05-6D83204E80BA}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\DeviceSetup.exe
FirewallRules: [{B10CC8F9-EC28-4EB4-8BBE-1CE2BC10EF2D}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicator.exe
FirewallRules: [{5C5FD67A-DCFA-4AC5-9E54-6FD0C3650D4A}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{FC390786-D2FB-40CF-9289-289BDCAB9E1C}] => (Allow) C:\Program Files (x86)\Cardo Updater\CardoUpdater.exe
FirewallRules: [{A34FC8A4-AB4A-4226-9E44-B013A2E41761}] => (Allow) C:\Program Files (x86)\Cardo Updater\CardoUpdater.exe
FirewallRules: [TCP Query User{A91264C6-50AB-48CE-AC05-0589C38AC2A8}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{279BD11F-FD82-4B1A-BF79-16FC25214C8B}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{59F4B3B3-B088-481D-A011-53C6D33006ED}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C3D6D2D3-40E0-4660-8735-5CECB6C25507}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{90AD250C-7F3C-4CC8-BD8D-96B74C8C3EC2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6012AD1E-82ED-4D8A-9958-610E24AD7C94}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{03553176-C148-4815-A66C-54170CEF25DD}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{36F8FF72-EE4F-4005-A754-DC02008AD884}] => (Allow) LPort=2869
FirewallRules: [{9951B1E2-D228-4AE0-99CB-C4F13EEA6D12}] => (Allow) LPort=1900
FirewallRules: [{1825217E-7577-40BC-BC35-42791123C27F}] => (Allow) C:\Program Files (x86)\Nuance\PaperPort\PaprPort.exe
FirewallRules: [{CD2A7EAD-9194-495A-9997-9ADCB45BFA21}] => (Allow) C:\Program Files (x86)\Nuance\PaperPort\PaprPort.exe
FirewallRules: [{C1FE455A-9BDD-41F0-B541-D4DEBA6344CF}] => (Allow) C:\Program Files (x86)\Nuance\PaperPort\PaprPort.exe
FirewallRules: [{14C16908-3A83-4CF2-83CB-4BE4226D020B}] => (Allow) C:\Program Files (x86)\Nuance\PaperPort\PaprPort.exe
FirewallRules: [{DC1F3616-3C2B-4519-A1F7-7CB32C0A9A57}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\DriverTalent.exe
FirewallRules: [{89AB9BCE-09E7-4EE1-AA91-C473465B66A9}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\LDrvSvc.dll
FirewallRules: [{0F10D992-FF3D-447F-97F7-B0EBC4888324}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\download\MiniThunderPlatform.exe
FirewallRules: [{0307A579-8C72-4A2F-8B1F-138AFDDD30A5}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\DTLService.exe
FirewallRules: [TCP Query User{6D3F4E94-A150-48BD-A4AA-9CCCA69220CF}C:\users\gary_linda\appdata\local\skypeplugin\7.12.0.55\pluginhost.exe] => (Allow) C:\users\gary_linda\appdata\local\skypeplugin\7.12.0.55\pluginhost.exe
FirewallRules: [UDP Query User{2011DCA4-4719-428B-B08D-5DDA6F878478}C:\users\gary_linda\appdata\local\skypeplugin\7.12.0.55\pluginhost.exe] => (Allow) C:\users\gary_linda\appdata\local\skypeplugin\7.12.0.55\pluginhost.exe
FirewallRules: [{CBFDBCCC-3BB2-49FC-B25F-C0F5279C59C9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DDB4F118-58FF-4B53-B84B-8176BC8C1ECC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9755F55E-9BA9-417A-ABEB-1054D4166B29}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{51EC9722-224D-439C-8848-C8A91E2577FE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D27E93A4-EADA-4886-840D-D50BECD5F149}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{0F6FA5F4-7CF9-4218-9BCF-CC073475C105}C:\programdata\sling\sling.exe] => (Allow) C:\programdata\sling\sling.exe
FirewallRules: [UDP Query User{F21EB611-BBC5-48BA-9956-CB213B076C5F}C:\programdata\sling\sling.exe] => (Allow) C:\programdata\sling\sling.exe
FirewallRules: [{EE4B696B-1D06-4A15-A552-6E902484D045}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{88466FA1-CFB6-467D-BB8C-AE222F39BD3E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{0466DAB7-EE5B-406D-93D0-46EAD9744EB2}C:\users\gary_linda\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\gary_linda\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [UDP Query User{E2D32376-69E8-49F1-8284-14757A47DB87}C:\users\gary_linda\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\gary_linda\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [{0B2D5C77-D7D4-4955-8B13-84038E9882CE}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{49F2A83D-96F5-4E3A-BB71-855BD116EE4D}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{0892EEB7-341E-4FA2-B548-8E00DD2CE07B}] => (Allow) C:\Program Files (x86)\VPN Unlimited\openvpn.exe
FirewallRules: [{E7CA4C03-DE20-4BB9-8034-49393B3F6072}] => (Allow) C:\Program Files (x86)\VPN Unlimited\openvpn.exe
FirewallRules: [{FB4B17C4-7ECA-44A5-BB2B-396C487B1B0F}] => (Allow) C:\Program Files (x86)\VPN Unlimited\vpn-unlimited.exe
FirewallRules: [{507DB912-6BEE-411D-B933-72A31B566BEC}] => (Allow) C:\Program Files (x86)\VPN Unlimited\vpn-unlimited.exe
FirewallRules: [{A895749C-C570-4C43-844C-CCEB360DA0B6}] => (Allow) C:\Program Files\Intel\WiFi\bin\CCDashServer.exe
FirewallRules: [{15112BA8-6A50-48EF-AE77-3AAA39845AD7}] => (Allow) C:\Program Files\Intel\WiFi\bin\CCDashServer.exe
FirewallRules: [{07A6BC2D-A16A-4245-895F-74783B013010}] => (Allow) C:\Program Files\Intel\WiFi\bin\CCDash.exe
FirewallRules: [{C1B63D25-F184-461A-8957-C4E73341FE17}] => (Allow) C:\Program Files\Intel\WiFi\bin\CCDash.exe
FirewallRules: [{35DCA1EE-D9C2-40A2-AEB7-027B01F90308}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{3532F7D7-9F86-4219-B70F-B7FE9090DF31}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{6C3F47DD-9EE1-4BAF-8030-5DCBCEE0A9FB}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [TCP Query User{F58BDE02-1F5C-46DD-8939-77921491F600}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [UDP Query User{BE77FB31-C8DD-4ABC-8EDE-19DD83AD0077}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [{07DC7E61-0F6B-40E9-B1D7-E9432E9432EE}] => (Block) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [{67FBD643-7A51-44AA-950C-FF7D0BAE43AE}] => (Block) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [{A0A1B318-F671-46DE-85A4-C09B62921317}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{C08DB047-1D43-4E24-8250-6ECC96C31D33}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
==================== Restore Points =========================
31-10-2017 01:47:31 Windows Update
03-11-2017 01:49:08 Windows Update
10-11-2017 02:47:32 Windows Update
14-11-2017 02:49:24 Windows Update
15-11-2017 06:25:14 Windows Update
21-11-2017 05:54:44 Windows Update
28-11-2017 03:31:39 Windows Update
29-11-2017 06:32:03 Windows Update
02-12-2017 14:15:47 Windows Update
07-12-2017 08:44:44 Removed Visual Studio 2012 x64 Redistributables
07-12-2017 08:45:46 Removed Visual Studio 2012 x64 Redistributables
07-12-2017 08:46:16 Removed Visual Studio 2012 x64 Redistributables
07-12-2017 08:47:49 Removed Visual Studio 2012 x86 Redistributables
08-12-2017 03:40:16 Windows Update
12-12-2017 03:40:14 Windows Update
13-12-2017 13:18:38 Windows Update
20-12-2017 06:39:06 Windows Update
26-12-2017 02:05:10 Windows Update
29-12-2017 07:59:46 Removed Apple Application Support (32-bit)
29-12-2017 08:21:11 Removed Apple Mobile Device Support
29-12-2017 08:22:16 Removed iTunes
29-12-2017 08:24:18 Removed Apple Application Support (64-bit)
29-12-2017 08:25:20 Removed Apple Application Support (32-bit)
01-01-2018 07:53:46 Windows Update
05-01-2018 05:52:58 Windows Update
05-01-2018 22:54:45 Windows Update
09-01-2018 02:06:34 Windows Update
10-01-2018 07:19:19 Windows Update
16-01-2018 03:22:59 Windows Update
19-01-2018 09:12:56 Windows Update
23-01-2018 05:27:30 Windows Update
23-01-2018 14:14:02 Checkpoint by HitmanPro
23-01-2018 14:16:40 Checkpoint by HitmanPro
23-01-2018 17:49:22 Zemana AntiMalware 1/23/2018 5:48:56 PM
==================== Faulty Device Manager Devices =============
Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/23/2018 05:24:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (01/23/2018 05:23:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: STacSV64.exe, version: 1.0.6426.0, time stamp: 0x50484283
Faulting module name: STacSV64.exe, version: 1.0.6426.0, time stamp: 0x50484283
Exception code: 0xc0000005
Fault offset: 0x0000000000023580
Faulting process id: 0x280
Faulting application start time: 0x01d39498d31ea3ae
Faulting application path: C:\Program Files\IDT\WDM\STacSV64.exe
Faulting module path: C:\Program Files\IDT\WDM\STacSV64.exe
Report Id: 1a850ded-008c-11e8-920e-6817296f8fb9
Error: (01/23/2018 02:20:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (01/23/2018 02:19:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: STacSV64.exe, version: 1.0.6426.0, time stamp: 0x50484283
Faulting module name: STacSV64.exe, version: 1.0.6426.0, time stamp: 0x50484283
Exception code: 0xc0000005
Fault offset: 0x0000000000023580
Faulting process id: 0x460
Faulting application start time: 0x01d3947f07dba385
Faulting application path: C:\Program Files\IDT\WDM\STacSV64.exe
Faulting module path: C:\Program Files\IDT\WDM\STacSV64.exe
Report Id: 4f78153b-0072-11e8-a6b1-6817296f8fb9
Error: (01/23/2018 02:17:18 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x0000019c,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,0000000002D1F200.72). hr = 0x80070005, Access is denied.
.
Error: (01/23/2018 02:17:18 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000880,(null),0,REG_BINARY,000000000325E370.72). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
Writer Name: WMI Writer
Writer Instance ID: {7d992d77-84da-4173-add4-934c40a0911f}
Error: (01/23/2018 02:17:18 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000880,(null),0,REG_BINARY,000000000325E370.72). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
Writer Name: WMI Writer
Writer Instance ID: {7d992d77-84da-4173-add4-934c40a0911f}
Error: (01/23/2018 02:17:18 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000002e0,(null),0,REG_BINARY,0000000000ECE510.72). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {3e4e3317-7b5d-4c88-99da-f0a6c23ed12e}
Error: (01/23/2018 02:17:18 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000be0,(null),0,REG_BINARY,000000000774DF80.72). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
Writer Name: MSSearch Service Writer
Writer Instance ID: {343e4b1c-6015-4b5b-ae98-1c5d7c194e18}
Error: (01/23/2018 02:17:18 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001cc,(null),0,REG_BINARY,000000000274ED80.72). hr = 0x80070005, Access is denied.
.
Operation:
BackupShutdown Event
Context:
Execution Context: Writer
Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}
Writer Name: COM+ REGDB Writer
Writer Instance ID: {f76076bd-a5b1-4410-9bc9-ff2464cb5813}
System errors:
=============
Error: (01/23/2018 05:30:11 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.
Error: (01/23/2018 05:22:14 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Group Policy Client service did not shut down properly after receiving a preshutdown control.
Error: (01/23/2018 05:21:33 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.
Error: (01/23/2018 05:01:25 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.
Error: (01/23/2018 02:19:10 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HitmanPro 3.8 Crusader (Boot) service terminated with service-specific error The operation completed successfully.
.
Error: (01/23/2018 01:59:15 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {4E209D06-EBC0-4A6A-8526-F1C8AAD7CD6C} did not register with DCOM within the required timeout.
Error: (01/23/2018 01:58:23 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Intel® PROSet/Wireless Zero Configuration Service service terminated with the following error:
%%-2147196306
Error: (01/23/2018 01:44:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.
Error: (01/23/2018 01:44:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.
Error: (01/23/2018 01:44:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.
CodeIntegrity:
===================================
Date: 2016-03-09 11:22:23.925
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\btmhsf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-03-09 11:22:23.863
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\btmhsf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-03-09 11:17:31.956
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\btmhsf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-03-09 11:17:31.738
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\btmhsf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-03-09 11:11:02.448
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\btmhsf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-03-09 11:11:02.334
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\btmhsf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-03-09 11:11:00.018
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\btmhsf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-03-09 11:10:59.879
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\btmhsf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-03-09 11:02:57.132
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\btmhsf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-03-09 11:02:57.077
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\btmhsf.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Intel® Core i5-3317U CPU @ 1.70GHz
Percentage of memory in use: 68%
Total physical RAM: 6010.46 MB
Available physical RAM: 1895.84 MB
Total Virtual: 12019.08 MB
Available Virtual: 6565.6 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:438.05 GB) (Free:160.11 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: ED1FD6CC)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=27.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=438.1 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 8 GB) (Disk ID: ED1FCA62)
Partition 1: (Not Active) - (Size=8 GB) - (Type=84)
==================== End of Addition.txt ============================