Tadas

No questions. Thanks again! # DelFix v1.013 - Logfile created 26/07/2017 at 22:28:11 # Updated 17/04/2016 by Xplode # Username : tpaegle - BL-UITS-ESLT036 # Operating System : Windows 10 Enterprise (64 bits) ~ Activating UAC ... OK ~ Removing disinfection tools ... Deleted : C:\FRST Deleted : C:\AdwCleaner Deleted : C:\Users\tpaegle\Downloads\FRST-OlderVersion Deleted : C:\Users\tpaegle\Desktop\AdwCleaner.exe Deleted : C:\Users\tpaegle\Desktop\JRT.exe Deleted : C:\Users\tpaegle\Desktop\JRT.txt Deleted : C:\Users\tpaegle\Desktop\Rkill.txt Deleted : C:\Users\tpaegle\Downloads\Addition.txt Deleted : C:\Users\tpaegle\Downloads\Fixlog.txt Deleted : C:\Users\tpaegle\Downloads\FRST.txt Deleted : C:\Users\tpaegle\Downloads\FRST64.exe Deleted : C:\Users\tpaegle\Downloads\rkill.exe ~ Creating registry backup ... OK ~ Cleaning system restore ... Deleted : RP #81 [Scheduled Checkpoint | 07/26/2017 20:20:52] Deleted : RP #82 [JRT Pre-Junkware Removal | 07/27/2017 00:50:08] New restore point created ! ~ Resetting system settings ... OK ########## - EOF - ##########

It seems to be working fine now. That was one infected machine. Thanks for the help, you guys are great!

Fix result of Farbar Recovery Scan Tool (x64) Version: 26-07-2017 Ran by tpaegle (26-07-2017 21:50:09) Run:10 Running from C:\Users\tpaegle\Downloads Loaded Profiles: tpaegle & DefaultAppPool (Available Profiles: tpaegle & tpaegleadmin & DefaultAppPool) Boot Mode: Normal ============================================== fixlist content: ***************** Zip: C:\FRST\Quarantine\C\WINDOWS\system32\tprdpw64.exe.xBAD;C:\FRST\Quarantine\C\WINDOWS\system32\drivers\ndistpr64.sys.xBAD;C:\FRST\Quarantine\C\Users\tpaegle\AppData\Local\ntuserlitelist\ntuserlitelist\svcvmx\svcvmx.exe;C:\FRST\Quarantine\C\Users\tpaegle\AppData\Local\ntuserlitelist\ntuserlitelist\svcvmx\vmxclient.exe;C:\FRST\Quarantine\C\Users\tpaegle\AppData\Local\ntuserlitelist\ntuserlitelist\dataup\dataup.exe; ***************** ================== Zip: =================== C:\FRST\Quarantine\C\WINDOWS\system32\tprdpw64.exe.xBAD -> copied successfully to C:\Users\tpaegle\Desktop\26.07.2017_21.50.09.zip C:\FRST\Quarantine\C\WINDOWS\system32\drivers\ndistpr64.sys.xBAD -> copied successfully to C:\Users\tpaegle\Desktop\26.07.2017_21.50.09.zip C:\FRST\Quarantine\C\Users\tpaegle\AppData\Local\ntuserlitelist\ntuserlitelist\svcvmx\svcvmx.exe -> copied successfully to C:\Users\tpaegle\Desktop\26.07.2017_21.50.09.zip C:\FRST\Quarantine\C\Users\tpaegle\AppData\Local\ntuserlitelist\ntuserlitelist\svcvmx\vmxclient.exe -> copied successfully to C:\Users\tpaegle\Desktop\26.07.2017_21.50.09.zip C:\FRST\Quarantine\C\Users\tpaegle\AppData\Local\ntuserlitelist\ntuserlitelist\dataup\dataup.exe -> copied successfully to C:\Users\tpaegle\Desktop\26.07.2017_21.50.09.zip "" -> not found =========== Zip: End =========== ==== End of Fixlog 21:50:11 ====

Fixlog.txt

Fix result of Farbar Recovery Scan Tool (x64) Version: 26-07-2017 Ran by tpaegle (26-07-2017 21:14:58) Run:8 Running from C:\Users\tpaegle\Downloads Loaded Profiles: tpaegle & DefaultAppPool (Available Profiles: tpaegle & tpaegleadmin & DefaultAppPool) Boot Mode: Normal ============================================== fixlist content: ***************** CMD: dir /a C:\FRST\Quarantine ***************** ========= dir /a C:\FRST\Quarantine ========= Volume in drive C is Windows 10 Enterprise Volume Serial Number is 4CD9-0364 Directory of C:\FRST\Quarantine 07/24/2017 05:28 PM <DIR> . 07/24/2017 05:28 PM <DIR> .. 07/24/2017 05:28 PM <DIR> C 0 File(s) 0 bytes 3 Dir(s) 144,159,166,464 bytes free ========= End of CMD: ========= ==== End of Fixlog 21:14:58 ==== Fixlog.txt

Fix result of Farbar Recovery Scan Tool (x64) Version: 26-07-2017 Ran by tpaegle (26-07-2017 21:11:33) Run:7 Running from C:\Users\tpaegle\Downloads Loaded Profiles: tpaegle & DefaultAppPool (Available Profiles: tpaegle & tpaegleadmin & DefaultAppPool) Boot Mode: Normal ============================================== fixlist content: ***************** FF SearchPlugin: C:\Users\tpaegle\AppData\Roaming\Mozilla\Firefox\Profiles\laa8769d.default\searchplugins\Search-shield powered by Bing.xml [2017-07-02] Task: {94E6A30D-F5E2-4DCE-ABF2-1E97BB5D355A} - System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA} HKU\S-1-5-21-1085031214-1292428093-527237240-359157\Software\Classes\regfile: regedit.exe "%1" <==== ATTENTION ***************** C:\Users\tpaegle\AppData\Roaming\Mozilla\Firefox\Profiles\laa8769d.default\searchplugins\Search-shield powered by Bing.xml => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{94E6A30D-F5E2-4DCE-ABF2-1E97BB5D355A} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{94E6A30D-F5E2-4DCE-ABF2-1E97BB5D355A} => key removed successfully C:\WINDOWS\System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA} => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA} => key removed successfully HKU\S-1-5-21-1085031214-1292428093-527237240-359157\Software\Classes\regfile => key removed successfully ==== End of Fixlog 21:11:33 ==== Fixlog.txt

432 MB

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-07-2017 Ran by tpaegle (administrator) on BL-UITS-ESLT036 (26-07-2017 20:57:51) Running from C:\Users\tpaegle\Downloads Loaded Profiles: tpaegle & DefaultAppPool (Available Profiles: tpaegle & tpaegleadmin & DefaultAppPool) Platform: Windows 10 Enterprise Version 1511 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Logitech, Inc.) C:\Program Files\Logitech\SolarApp\L4301_Solar.exe (Pulse Secure, LLC) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidMonitorSvc.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe () C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe (Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (Microsoft Corporation) C:\Windows\System32\vmms.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (Pulse Secure, LLC) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe (Microsoft Corporation) C:\Windows\CCM\CcmExec.exe (Microsoft Corporation) C:\Windows\CCM\RemCtrl\CmRcService.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [745288 2015-06-25] (Alps Electric Co., Ltd.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1795912 2015-07-23] (NVIDIA Corporation) HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCui.exe [1332224 2016-10-25] (Microsoft Corporation) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated) HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes) HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 2015\Acrobat\Acrotray.exe [1867856 2017-03-29] (Adobe Systems Inc.) HKLM-x32\...\Run: [PulseSecure] => C:\Program Files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe [2826584 2015-12-14] (Pulse Secure, LLC) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-05-20] (Oracle Corporation) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2406496 2017-06-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [164152 2016-07-26] (Apple Inc.) HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [526648 2016-09-05] (Citrix Systems, Inc.) HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [231736 2016-09-05] (Citrix Systems, Inc.) BootExecute: autocheck autochk * Partizan ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 8.8.8.8 8.8.4.4 Tcpip\..\Interfaces\{0d46561b-c223-433b-ae40-f313cc7dd019}: [DhcpNameServer] 192.168.1.1 8.8.8.8 8.8.4.4 Tcpip\..\Interfaces\{1dfd3438-9a66-4d4e-bc4c-7cf69f55a81c}: [DhcpNameServer] 10.79.1.1 10.234.220.20 10.79.1.2 Tcpip\..\Interfaces\{3f32b2f0-c6f8-4aa5-a64e-e297b553c28e}: [NameServer] 129.79.1.1,129.79.5.100 Tcpip\..\Interfaces\{489ac463-cc90-4a48-9046-0ff0b8419dff}: [DhcpNameServer] 192.168.1.1 8.8.8.8 8.8.4.4 Tcpip\..\Interfaces\{e8f5288b-bcd7-47bb-83c0-524b8eab0c1f}: [DhcpNameServer] 10.79.1.1 10.234.220.20 10.79.1.2 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKU\S-1-5-21-1085031214-1292428093-527237240-359157\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKU\S-1-5-21-1085031214-1292428093-527237240-359157\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2017-06-13] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-07-13] (Oracle Corporation) BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\x64\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2017-02-22] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-07-13] (Oracle Corporation) BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\x64\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation) BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated) BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2017-02-22] (Microsoft Corporation) BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated) Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\x64\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\AcroIEFavStub.dll [2015-12-18] (Adobe Systems Incorporated) DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2017-04-11] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2017-04-11] (Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2017-04-11] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2017-04-11] (Microsoft Corporation) Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.) Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.) FireFox: ======== FF DefaultProfile: laa8769d.default FF ProfilePath: C:\Users\tpaegle\AppData\Roaming\Mozilla\Firefox\Profiles\laa8769d.default [2017-07-24] FF NewTab: Mozilla\Firefox\Profiles\laa8769d.default -> FF DefaultSearchEngine: Mozilla\Firefox\Profiles\laa8769d.default -> Google FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\laa8769d.default -> Google FF SelectedSearchEngine: Mozilla\Firefox\Profiles\laa8769d.default -> FF Homepage: Mozilla\Firefox\Profiles\laa8769d.default -> about:blank FF Keyword.URL: Mozilla\Firefox\Profiles\laa8769d.default -> FF SearchPlugin: C:\Users\tpaegle\AppData\Roaming\Mozilla\Firefox\Profiles\laa8769d.default\searchplugins\Search-shield powered by Bing.xml [2017-07-02] FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-07-13] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-07-13] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-06-04] (Adobe Systems) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] () FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2016-09-05] (Citrix Systems, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-03-15] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 2015\Acrobat\Air\nppdf32.dll [2017-03-29] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-06-04] (Adobe Systems) FF Plugin HKU\S-1-5-21-1085031214-1292428093-527237240-359157: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\tpaegle\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-07-14] (Unity Technologies ApS) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-03-15] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2017-03-29] (Adobe Systems Inc.) Chrome: ======= CHR Profile: C:\Users\tpaegle\AppData\Local\Google\Chrome\User Data\Default [2017-07-26] CHR Extension: (Adobe Acrobat) - C:\Users\tpaegle\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-06-01] CHR Extension: (Chrome Web Store Payments) - C:\Users\tpaegle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-06-01] CHR Extension: (Chrome Media Router) - C:\Users\tpaegle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-13] CHR Profile: C:\Users\tpaegle\AppData\Local\Google\Chrome\User Data\System Profile [2017-07-24] CHR HKU\S-1-5-21-1085031214-1292428093-527237240-359157\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ngbhaomngilelhnemljngfjfjmbbcbhp] - hxxps://chrome.google.com/webstore/detail/ngbhaomngilelhnemljngfjfjmbbcbhp CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [814688 2017-06-04] (Adobe Systems Incorporated) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated) R2 ApHidMonitorService; C:\Program Files\DellTPad\HidMonitorSvc.exe [96120 2015-06-25] (Alps Electric Co., Ltd.) R2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [2255064 2015-07-17] (Broadcom Corporation.) R2 CcmExec; C:\WINDOWS\CCM\CcmExec.exe [1785528 2016-06-20] (Microsoft Corporation) R2 CmRcService; C:\WINDOWS\CCM\RemCtrl\CmRcService.exe [698552 2016-06-20] (Microsoft Corporation) S4 IdentityFinderEndpointService; C:\Program Files (x86)\Identity Finder 7\idfEndpoint.exe [10018304 2014-05-13] (Identity Finder, LLC) [File not signed] S4 IdentityFinderEndpointWatcher; C:\Program Files (x86)\Identity Finder 7\idfEndpointWatcher.exe [3209728 2014-05-13] (Identity Finder, LLC) [File not signed] S4 IdentityFinderServicesMonitor; C:\Program Files (x86)\Identity Finder 7\idfServicesMonitor.exe [4774400 2014-05-13] (Identity Finder, LLC) [File not signed] R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [328624 2016-03-01] (Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation) S3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed] R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed] R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [207648 2015-08-14] (Intel Corporation) R2 JuniperAccessService; C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe [162136 2015-12-14] (Pulse Secure, LLC) R2 L4301_Solar; C:\Program Files\Logitech\SolarApp\L4301_Solar.exe [405744 2013-01-30] (Logitech, Inc.) S3 lpasvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50352 2016-05-31] (Microsoft Corporation) S3 lppsvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50352 2016-05-31] (Microsoft Corporation) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes) S3 MySQL; C:\Users\tpaegle\mysql\bin\mysqld.exe [39695360 2016-03-28] () [File not signed] R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation) S3 smstsmgr; C:\WINDOWS\CCM\TSManager.exe [324792 2016-06-20] (Microsoft Corporation) S3 vmcompute; C:\WINDOWS\system32\vmcompute.exe [1142272 2017-03-28] (Microsoft Corporation) R2 vmms; C:\WINDOWS\system32\vmms.exe [14384640 2017-03-28] (Microsoft Corporation) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2016-10-25] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2017-06-17] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [170712 2015-07-17] (Broadcom Corporation.) R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [19440 2015-07-17] (OSR Open Systems Resources, Inc.) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.) R3 e1cexpress; C:\WINDOWS\system32\DRIVERS\e1c63x64.sys [468240 2013-02-20] (Intel Corporation) R1 jnprns; C:\WINDOWS\system32\DRIVERS\jnprns.sys [507192 2015-12-14] (Juniper Networks) S4 jnprTdi_817_61533; C:\WINDOWS\system32\Drivers\jnprTdi_817_61533.sys [108344 2015-12-14] (Pulse Secure, LLC) S3 jnprva; C:\WINDOWS\System32\drivers\jnprva.sys [30072 2015-12-14] (Juniper Networks, Inc.) R3 JnprVaMgr; C:\WINDOWS\System32\drivers\jnprvamgr.sys [45352 2015-12-14] (Juniper Networks, Inc.) S3 lunparser; C:\WINDOWS\System32\drivers\lunparser.sys [22528 2016-10-31] (Microsoft Corporation) R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [253856 2017-07-26] (Malwarebytes) S3 MbmUsbSerial; C:\WINDOWS\System32\Drivers\MbmUsbSerial.sys [81392 2015-07-18] (Ericsson AB) S3 MkBusFilter; C:\WINDOWS\System32\drivers\MbmDeviceFilter.sys [42208 2015-07-18] () R3 NETwNe64; C:\WINDOWS\System32\drivers\NETwew01.sys [3343872 2015-10-30] (Intel Corporation) U0 Partizan; C:\Windows\SysWOW64\drivers\Partizan.sys [40304 2017-07-22] (Greatis Software) S3 passthruparser; C:\WINDOWS\System32\drivers\passthruparser.sys [23552 2016-10-31] (Microsoft Corporation) S3 pcip; C:\WINDOWS\System32\drivers\pcip.sys [44544 2016-10-31] (Microsoft Corporation) S3 prepdrvr; C:\WINDOWS\system32\DRIVERS\prepdrv.sys [26984 2016-02-09] (Microsoft Corporation) S3 pvhdparser; C:\WINDOWS\System32\drivers\pvhdparser.sys [50176 2016-10-31] (Microsoft Corporation) S3 sparkocam; C:\WINDOWS\system32\DRIVERS\sparkocam.sys [37200 2016-09-01] (Sparkosoft) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.) R3 ST_Accel; C:\WINDOWS\System32\drivers\ST_Accel.sys [137784 2015-05-21] (STMicroelectronics) R3 Synth3dVsp; C:\WINDOWS\System32\drivers\synth3dvsp.sys [101888 2016-10-31] (Microsoft Corporation) S3 vhdparser; C:\WINDOWS\System32\drivers\vhdparser.sys [26624 2016-10-31] (Microsoft Corporation) R3 vmsmp; C:\WINDOWS\System32\drivers\vmswitch.sys [972800 2017-03-28] (Microsoft Corporation) R2 VMSP; C:\WINDOWS\System32\drivers\vmswitch.sys [972800 2017-03-28] (Microsoft Corporation) R0 vmsproxy; C:\WINDOWS\System32\drivers\vmsproxy.sys [22016 2016-10-31] (Microsoft Corporation) S3 VMSVSF; C:\WINDOWS\System32\drivers\vmswitch.sys [972800 2017-03-28] (Microsoft Corporation) S3 VMSVSP; C:\WINDOWS\System32\drivers\vmswitch.sys [972800 2017-03-28] (Microsoft Corporation) S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-07-26 20:57 - 2017-07-26 20:57 - 00000000 ____D C:\Users\tpaegle\Downloads\FRST-OlderVersion 2017-07-26 20:51 - 2017-07-26 20:51 - 00001255 _____ C:\Users\tpaegle\Desktop\JRT.txt 2017-07-26 20:48 - 2017-07-26 20:48 - 01790024 _____ (Malwarebytes) C:\Users\tpaegle\Desktop\JRT.exe 2017-07-26 20:41 - 2017-07-26 20:42 - 00000000 ____D C:\AdwCleaner 2017-07-26 20:39 - 2017-07-26 20:40 - 08162248 _____ (Malwarebytes) C:\Users\tpaegle\Desktop\AdwCleaner.exe 2017-07-26 20:18 - 2017-07-26 20:47 - 00000000 ___HD C:\Users\Public\Documents\AdobeGC 2017-07-26 20:17 - 2017-07-26 20:17 - 00000000 ____D C:\Users\tpaegle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TouchPad 2017-07-26 20:12 - 2017-07-26 20:12 - 00001317 _____ C:\Users\tpaegle\Downloads\fixlist.txt 2017-07-26 17:33 - 2017-07-26 17:33 - 00000000 ____D C:\Users\tpaegle\AppData\Local\Tempzxpsignf03da6481ad581c3 2017-07-26 17:33 - 2017-07-26 17:33 - 00000000 ____D C:\Users\tpaegle\AppData\Local\Tempzxpsigne754b95ec85545b0 2017-07-26 17:33 - 2017-07-26 17:33 - 00000000 ____D C:\Users\tpaegle\AppData\Local\Tempzxpsign75340b9c3e1b0fc1 2017-07-25 22:02 - 2017-07-25 22:02 - 00000000 ____D C:\Users\tpaegle\TurbulenceFD Caches 009 2017-07-25 20:44 - 2017-07-25 21:30 - 00000000 ____D C:\ESD 2017-07-25 20:41 - 2017-07-25 20:41 - 00000000 ___HD C:\$Windows.~WS 2017-07-25 20:35 - 2017-07-25 20:37 - 00014211 _____ C:\WINDOWS\diagwrn.xml 2017-07-25 20:35 - 2017-07-25 20:37 - 00005718 _____ C:\WINDOWS\diagerr.xml 2017-07-25 20:35 - 2017-07-25 20:35 - 00000000 ____D C:\$WINDOWS.~BT 2017-07-25 20:33 - 2017-07-25 20:35 - 18357776 _____ (Microsoft Corporation) C:\Users\tpaegle\Downloads\MediaCreationTool.exe 2017-07-25 16:13 - 2017-07-25 16:13 - 875194187 _____ C:\WINDOWS\MEMORY.DMP 2017-07-25 16:13 - 2017-07-25 16:13 - 00353900 _____ C:\WINDOWS\Minidump\072517-15203-01.dmp 2017-07-25 15:59 - 2017-07-25 15:59 - 00000000 ____D C:\Users\tpaegle\TurbulenceFD Caches 008 2017-07-25 14:07 - 2017-07-25 14:07 - 00000000 ____D C:\Users\tpaegle\TurbulenceFD Caches 007 2017-07-25 13:23 - 2017-07-25 13:23 - 00000000 ____D C:\Users\tpaegle\TurbulenceFD Caches 006 2017-07-25 10:14 - 2017-07-25 10:14 - 00000000 ____D C:\Users\tpaegle\TurbulenceFD Caches 005 2017-07-24 20:41 - 2017-07-24 20:41 - 00000000 ____D C:\Users\tpaegleadmin\Documents\RegRun2 2017-07-24 20:40 - 2017-07-24 20:40 - 00000000 ____D C:\Users\tpaegleadmin\Tracing 2017-07-24 20:40 - 2017-07-24 20:40 - 00000000 ____D C:\Users\tpaegleadmin\AppData\Roaming\ICAClient 2017-07-24 20:40 - 2017-07-24 20:40 - 00000000 ____D C:\Users\tpaegleadmin\AppData\Local\Citrix 2017-07-24 20:40 - 2017-07-24 20:40 - 00000000 ____D C:\Users\tpaegleadmin\AppData\Local\CEF 2017-07-24 20:39 - 2017-07-24 20:39 - 00000000 ____D C:\Users\tpaegleadmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TouchPad 2017-07-24 20:06 - 2017-07-24 20:06 - 01376768 _____ C:\Users\tpaegle\Downloads\7z920-x64.msi 2017-07-24 17:28 - 2017-07-25 16:34 - 00000987 _____ C:\Users\tpaegle\Downloads\Fixlog.txt 2017-07-24 16:15 - 2017-07-24 16:15 - 00000000 ____D C:\Users\tpaegle\TurbulenceFD Caches 004 2017-07-23 20:50 - 2017-07-23 21:24 - 65033984 _____ (Malwarebytes ) C:\Users\tpaegle\Downloads\mb3-z.exe 2017-07-23 18:45 - 2017-07-26 20:24 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2017-07-23 18:42 - 2017-07-23 18:43 - 16564750 _____ (Malwarebytes Corp.) C:\Users\tpaegle\Downloads\mbar-1.09.4.1001 (1).exe 2017-07-23 18:42 - 2017-07-23 18:42 - 16564750 _____ (Malwarebytes Corp.) C:\Users\tpaegle\Downloads\mbar-1.09.4.1001.exe 2017-07-23 18:14 - 2017-07-23 18:14 - 00000000 ____D C:\Users\tpaegle\TurbulenceFD Caches 003 2017-07-23 16:24 - 2017-07-23 16:24 - 00000000 ____D C:\Users\tpaegle\TurbulenceFD Caches 002 2017-07-23 12:58 - 2017-07-23 12:58 - 00001471 _____ C:\Users\tpaegle\Downloads\rnr.rnr 2017-07-23 12:10 - 2017-07-23 22:13 - 00089035 _____ C:\Users\tpaegle\Downloads\Addition.txt 2017-07-23 12:09 - 2017-07-26 20:58 - 00025361 _____ C:\Users\tpaegle\Downloads\FRST.txt 2017-07-23 12:09 - 2017-07-26 20:57 - 00000000 ____D C:\FRST 2017-07-23 11:58 - 2017-07-26 20:57 - 02382848 _____ (Farbar) C:\Users\tpaegle\Downloads\FRST64.exe 2017-07-23 11:32 - 2017-07-23 11:35 - 05766464 _____ (Zemana Ltd. ) C:\Users\tpaegle\Downloads\eXplorer.exe 2017-07-23 11:26 - 2017-07-23 12:30 - 00006182 _____ C:\Users\tpaegle\Desktop\Rkill.txt 2017-07-23 11:18 - 2017-07-23 11:20 - 65033984 _____ (Malwarebytes ) C:\Users\tpaegle\Downloads\a.exe 2017-07-23 10:38 - 2017-07-23 10:38 - 00000000 ____D C:\Users\tpaegle\TurbulenceFD Caches 001 2017-07-23 09:39 - 2017-07-23 09:39 - 00805464 _____ C:\Users\tpaegle\Desktop\regrunlog.txt 2017-07-22 16:59 - 2017-07-22 16:59 - 18781709 _____ C:\Users\tpaegle\Downloads\unhackme.zip 2017-07-22 16:52 - 2017-07-22 16:53 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\tpaegle\Downloads\rkill.exe 2017-07-22 16:17 - 2017-07-22 16:17 - 02322896 _____ (Malwarebytes Corporation) C:\Users\tpaegle\Downloads\mb-check-3.1.5.1001.exe 2017-07-22 15:31 - 2017-07-22 15:31 - 16563352 _____ (Malwarebytes Corp.) C:\Users\tpaegle\Downloads\mbar-1.09.3.1001.exe 2017-07-22 15:03 - 2017-07-22 17:00 - 00001101 _____ C:\Users\tpaegle\Desktop\UnHackMe.lnk 2017-07-22 11:27 - 2017-07-07 05:16 - 00700880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll 2017-07-22 11:27 - 2017-07-07 05:09 - 02945648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2017-07-22 11:27 - 2017-07-07 05:09 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe 2017-07-22 11:27 - 2017-07-07 04:57 - 00295776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll 2017-07-22 11:27 - 2017-07-07 04:35 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys 2017-07-22 11:27 - 2017-07-07 03:33 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msinfo32.exe 2017-07-22 11:27 - 2017-07-07 03:27 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll 2017-07-22 11:27 - 2017-07-07 03:21 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll 2017-07-22 11:27 - 2017-07-07 03:08 - 00788992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2017-07-22 11:27 - 2017-07-07 03:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2017-07-22 11:27 - 2017-07-07 03:03 - 01586176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll 2017-07-22 11:27 - 2017-07-07 02:59 - 01309696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdc.dll 2017-07-22 11:27 - 2017-07-07 02:36 - 01501184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2017-07-22 11:27 - 2017-07-07 02:33 - 02878976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2017-07-22 11:27 - 2017-07-07 02:31 - 01557504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll 2017-07-22 11:27 - 2017-06-17 05:52 - 01862008 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll 2017-07-22 11:27 - 2017-06-17 03:19 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll 2017-07-22 11:27 - 2017-06-17 03:11 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll 2017-07-22 11:27 - 2017-06-17 02:54 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll 2017-07-22 11:27 - 2017-06-17 02:54 - 00256512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\unimdm.tsp 2017-07-22 11:27 - 2017-06-17 02:53 - 00205312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oemlicense.dll 2017-07-22 11:27 - 2017-06-17 02:44 - 00260096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll 2017-07-22 11:27 - 2017-06-17 02:42 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll 2017-07-22 11:27 - 2017-06-17 02:39 - 00541696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe 2017-07-22 11:27 - 2017-06-17 02:34 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2017-07-22 11:27 - 2017-06-17 02:30 - 00153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSSync.dll 2017-07-22 11:27 - 2017-06-17 02:23 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll 2017-07-22 11:27 - 2017-06-17 02:20 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll 2017-07-22 11:27 - 2017-06-17 02:19 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\licensingdiag.exe 2017-07-22 11:27 - 2017-06-17 01:30 - 02604032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll 2017-07-22 11:27 - 2017-06-17 01:27 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll 2017-07-22 11:27 - 2017-06-17 01:02 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll 2017-07-22 11:26 - 2017-07-07 06:04 - 00808280 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe 2017-07-22 11:26 - 2017-07-07 05:05 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe 2017-07-22 11:26 - 2017-07-07 03:49 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll 2017-07-22 11:26 - 2017-07-07 03:48 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys 2017-07-22 11:26 - 2017-07-07 03:17 - 02279936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2017-07-22 11:26 - 2017-07-07 03:07 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll 2017-07-22 11:26 - 2017-07-07 02:34 - 04412928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll 2017-07-22 11:26 - 2017-07-07 02:11 - 05326848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2017-07-22 11:26 - 2017-06-17 05:09 - 06536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe 2017-07-22 11:26 - 2017-06-17 02:20 - 03695104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll 2017-07-22 11:26 - 2017-06-17 02:15 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll 2017-07-22 11:26 - 2017-06-17 02:05 - 04078080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll 2017-07-22 11:26 - 2017-06-17 01:56 - 01984000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll 2017-07-22 11:26 - 2017-06-17 01:53 - 06296064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll 2017-07-22 11:26 - 2017-06-17 01:42 - 02911744 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll 2017-07-22 11:26 - 2017-06-17 01:41 - 02770432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll 2017-07-22 11:26 - 2017-06-17 01:35 - 04404736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll 2017-07-22 11:26 - 2017-06-17 01:16 - 03574272 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll 2017-07-22 11:26 - 2017-03-18 12:41 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll 2017-07-22 11:25 - 2017-07-07 07:07 - 00100184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys 2017-07-22 11:25 - 2017-07-07 06:51 - 00465248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys 2017-07-22 11:25 - 2017-07-07 06:11 - 00858992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll 2017-07-22 11:25 - 2017-07-07 06:00 - 22560744 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2017-07-22 11:25 - 2017-07-07 05:08 - 00057912 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe 2017-07-22 11:25 - 2017-07-07 04:28 - 00376320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msinfo32.exe 2017-07-22 11:25 - 2017-07-07 02:47 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL 2017-07-22 11:25 - 2017-06-17 04:04 - 00388896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll 2017-07-22 11:25 - 2017-06-17 03:58 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll 2017-07-22 11:25 - 2017-06-17 03:12 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll 2017-07-22 11:25 - 2017-06-17 03:07 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2017-07-22 11:25 - 2017-06-17 02:48 - 00865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll 2017-07-22 11:24 - 2017-07-07 07:06 - 07463264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2017-07-22 11:24 - 2017-07-07 07:04 - 02149216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2017-07-22 11:24 - 2017-07-07 07:04 - 00384864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys 2017-07-22 11:24 - 2017-07-07 06:03 - 03699280 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2017-07-22 11:24 - 2017-07-07 05:52 - 00360288 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll 2017-07-22 11:24 - 2017-07-07 05:21 - 00216416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys 2017-07-22 11:24 - 2017-07-07 05:08 - 01090400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys 2017-07-22 11:24 - 2017-07-07 04:15 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2017-07-22 11:24 - 2017-07-07 04:13 - 00352256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll 2017-07-22 11:24 - 2017-07-07 03:58 - 00967168 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2017-07-22 11:24 - 2017-07-07 03:57 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2017-07-22 11:24 - 2017-07-07 03:56 - 00601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2017-07-22 11:24 - 2017-07-07 03:51 - 01900544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll 2017-07-22 11:24 - 2017-07-07 03:50 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2017-07-22 11:24 - 2017-07-07 03:45 - 01424384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdc.dll 2017-07-22 11:24 - 2017-07-07 03:17 - 01729024 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2017-07-22 11:24 - 2017-07-07 03:13 - 03404800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2017-07-22 11:24 - 2017-07-07 03:10 - 02055680 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll 2017-07-22 11:24 - 2017-07-07 03:07 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2017-07-22 11:24 - 2017-07-07 03:02 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2017-07-22 11:24 - 2017-07-07 02:44 - 16985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2017-07-22 11:24 - 2017-07-07 02:41 - 04891136 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2017-07-22 11:24 - 2017-07-07 02:37 - 22376960 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2017-07-22 11:24 - 2017-07-07 02:27 - 24604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2017-07-22 11:24 - 2017-07-07 02:27 - 13394432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2017-07-22 11:24 - 2017-07-07 02:15 - 18675200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2017-07-22 11:24 - 2017-07-07 02:15 - 03661312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2017-07-22 11:24 - 2017-07-07 02:13 - 19345408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2017-07-22 11:24 - 2017-07-07 02:13 - 12139008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2017-07-22 11:24 - 2017-07-07 02:13 - 07848448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2017-07-22 11:24 - 2017-07-07 01:58 - 05666816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2017-07-22 11:24 - 2017-06-17 06:13 - 02656952 _____ C:\WINDOWS\system32\CoreUIComponents.dll 2017-07-22 11:24 - 2017-06-17 05:52 - 03449168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll 2017-07-22 11:24 - 2017-06-17 03:51 - 00824320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll 2017-07-22 11:24 - 2017-06-17 03:50 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll 2017-07-22 11:24 - 2017-06-17 03:32 - 00523264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll 2017-07-22 11:24 - 2017-06-17 03:31 - 00297472 _____ (Microsoft Corporation) C:\WINDOWS\system32\unimdm.tsp 2017-07-22 11:24 - 2017-06-17 03:20 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll 2017-07-22 11:24 - 2017-06-17 03:02 - 00183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSSync.dll 2017-07-22 11:24 - 2017-06-17 02:55 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll 2017-07-22 11:24 - 2017-06-17 02:52 - 00961536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll 2017-07-22 11:24 - 2017-06-17 02:29 - 05123072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll 2017-07-22 11:24 - 2017-06-17 02:12 - 07977984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll 2017-07-22 11:24 - 2017-06-17 01:34 - 06312448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll 2017-07-22 11:24 - 2017-06-11 11:10 - 00448629 _____ C:\WINDOWS\system32\ApnDatabase.xml 2017-07-22 11:23 - 2017-07-07 06:00 - 00566112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe 2017-07-22 11:23 - 2017-07-07 05:58 - 01540224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll 2017-07-22 11:23 - 2017-07-07 05:58 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll 2017-07-22 11:23 - 2017-07-07 04:37 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe 2017-07-22 11:23 - 2017-07-07 04:22 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll 2017-07-22 11:23 - 2017-07-07 04:19 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll 2017-07-22 11:23 - 2017-07-07 03:57 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll 2017-07-22 11:23 - 2017-07-07 03:54 - 01385472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2017-07-22 11:23 - 2017-07-07 03:29 - 03587584 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2017-07-22 11:23 - 2017-07-07 03:12 - 04827136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll 2017-07-22 11:23 - 2017-07-07 02:27 - 06977024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2017-07-22 11:23 - 2017-06-17 06:16 - 01030408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2017-07-22 11:23 - 2017-06-17 06:11 - 00754664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll 2017-07-22 11:23 - 2017-06-17 05:07 - 01128104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe 2017-07-22 11:23 - 2017-06-17 05:07 - 00625000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll 2017-07-22 11:23 - 2017-06-17 04:33 - 01035104 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2017-07-22 11:23 - 2017-06-17 04:33 - 00799072 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe 2017-07-22 11:23 - 2017-06-17 04:32 - 01126752 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2017-07-22 11:23 - 2017-06-17 03:50 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll 2017-07-22 11:23 - 2017-06-17 03:41 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll 2017-07-22 11:23 - 2017-06-17 03:30 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\oemlicense.dll 2017-07-22 11:23 - 2017-06-17 03:19 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll 2017-07-22 11:23 - 2017-06-17 03:17 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll 2017-07-22 11:23 - 2017-06-17 03:13 - 00715776 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe 2017-07-22 11:23 - 2017-06-17 03:03 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll 2017-07-22 11:23 - 2017-06-17 03:01 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll 2017-07-22 11:23 - 2017-06-17 02:49 - 04456448 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll 2017-07-22 11:23 - 2017-06-17 02:47 - 00236032 _____ (Microsoft Corporation) C:\WINDOWS\system32\licensingdiag.exe 2017-07-22 11:23 - 2017-06-17 02:11 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll 2017-07-22 11:23 - 2017-06-17 01:40 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll 2017-07-22 11:23 - 2017-06-17 01:11 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll 2017-07-22 09:49 - 2017-07-23 20:38 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job 2017-07-21 08:34 - 2017-07-21 08:38 - 00000000 ___HD C:\adobeTemp 2017-07-19 09:17 - 2017-07-19 09:17 - 00000000 ____D C:\Users\tpaegle\AppData\Roaming\Adobe 2017-07-19 08:28 - 2017-07-19 08:28 - 00000000 ____D C:\Users\tpaegle\AppData\Roaming\Adobe 2017-07-17 11:55 - 2017-07-17 11:55 - 00000000 ____D C:\Users\tpaegle\AppData\Roaming\Adobe 2017-07-11 09:56 - 2017-07-11 09:56 - 00000000 ____D C:\Users\tpaegle\AppData\Roaming\Adobe 2017-07-10 15:28 - 2017-07-10 15:28 - 00000000 ____D C:\Users\tpaegle\AppData\Roaming\Adobe 2017-07-06 11:49 - 2017-07-06 11:49 - 00000000 ____D C:\WINDOWS\keys 2017-07-06 11:48 - 2017-07-06 12:03 - 00000000 ____D C:\Users\tpaegle\houdini16.0 2017-07-06 11:47 - 2017-07-06 11:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Side Effects Software 2017-07-06 11:42 - 2017-07-06 11:42 - 00000000 ____D C:\Program Files\Side Effects Software 2017-07-05 18:27 - 2017-07-05 18:27 - 00000000 ____D C:\Users\tpaegle\AppData\Roaming\Adobe 2017-07-05 17:08 - 2017-07-05 17:23 - 00000000 ____D C:\Users\tpaegle\Documents\illum 2017-07-05 16:56 - 2017-07-05 16:56 - 00391751 _____ C:\Users\tpaegle\Documents\Untitled 4.c4d 2017-07-04 11:13 - 2017-07-04 11:13 - 00335356 _____ C:\Users\tpaegle\Documents\goomba'.c4d 2017-07-04 08:08 - 2017-07-04 08:08 - 00245705 _____ C:\Users\tpaegle\Documents\Untitled 3.c4d 2017-07-02 17:30 - 2017-07-02 17:30 - 00000000 ____D C:\Users\tpaegle\AppData\Roaming\Adobe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-07-26 20:50 - 2016-06-14 16:14 - 00000000 ____D C:\Users\tpaegle\AppData\Local\CrashDumps 2017-07-26 20:49 - 2016-02-11 16:25 - 01010812 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-07-26 20:49 - 2015-10-30 03:21 - 00000000 ____D C:\WINDOWS\INF 2017-07-26 20:47 - 2016-06-15 18:28 - 00000000 ___RD C:\Users\tpaegle\Creative Cloud Files 2017-07-26 20:47 - 2016-06-14 09:17 - 00000000 ____D C:\Users\tpaegle\AppData\Local\Adobe 2017-07-26 20:47 - 2016-02-18 11:13 - 00000599 _____ C:\WINDOWS\SMSCFG.INI 2017-07-26 20:46 - 2016-06-14 09:18 - 00000000 __SHD C:\Users\tpaegle\IntelGraphicsProfiles 2017-07-26 20:44 - 2017-06-15 19:23 - 00253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2017-07-26 20:44 - 2017-05-08 07:23 - 00000252 _____ C:\WINDOWS\SysWOW64\PARTIZAN.TXT 2017-07-26 20:44 - 2016-06-14 01:40 - 00000000 ____D C:\ProgramData\NVIDIA 2017-07-26 20:44 - 2016-02-11 16:16 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-07-26 20:44 - 2015-10-30 02:28 - 01310720 ___SH C:\WINDOWS\system32\config\BBI 2017-07-26 20:31 - 2017-05-04 18:16 - 00000000 ____D C:\Users\tpaegle\Documents\RegRun2 2017-07-26 20:30 - 2017-05-04 18:16 - 00000000 ____D C:\Users\Public\Documents\regruninfo 2017-07-26 20:28 - 2017-05-04 18:16 - 00000000 ____D C:\ProgramData\RegRun 2017-07-26 20:23 - 2016-06-14 09:19 - 00000000 ____D C:\Users\tpaegleadmin 2017-07-26 17:53 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\AppReadiness 2017-07-26 17:34 - 2016-06-14 09:17 - 00000000 ____D C:\Users\tpaegle 2017-07-26 17:33 - 2016-06-15 19:04 - 00000000 ____D C:\Users\tpaegle\Desktop\Lukas 2017-07-26 13:47 - 2017-04-01 09:37 - 00001456 _____ C:\Users\tpaegle\Desktop\ROBLOX Player.lnk 2017-07-26 13:47 - 2017-04-01 09:36 - 00001271 _____ C:\Users\tpaegle\Desktop\ROBLOX Studio.lnk 2017-07-26 13:47 - 2017-04-01 09:36 - 00000000 ____D C:\Users\tpaegle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox 2017-07-26 07:04 - 2016-06-13 17:45 - 00034328 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS 2017-07-25 21:30 - 2016-02-11 19:13 - 00000000 ____D C:\WINDOWS\Panther 2017-07-25 17:30 - 2016-02-15 00:57 - 00000000 ____D C:\Users\DefaultAppPool 2017-07-25 16:24 - 2015-10-30 03:24 - 00000000 ___HD C:\Program Files\WindowsApps 2017-07-25 16:13 - 2016-11-05 09:23 - 00000000 ____D C:\WINDOWS\Minidump 2017-07-25 07:40 - 2016-06-14 01:42 - 00002072 _____ C:\WINDOWS\system32\config\netlogon.ftl 2017-07-24 20:42 - 2016-06-15 17:05 - 00000000 ____D C:\Users\tpaegleadmin\AppData\Roaming\Skype 2017-07-24 20:40 - 2016-06-14 09:19 - 00000000 ____D C:\Users\tpaegleadmin\AppData\Roaming\Adobe 2017-07-24 20:40 - 2016-06-14 09:19 - 00000000 ____D C:\Users\tpaegleadmin\AppData\Local\Packages 2017-07-24 20:39 - 2016-06-15 17:05 - 00000000 __SHD C:\Users\tpaegleadmin\IntelGraphicsProfiles 2017-07-24 20:39 - 2016-02-11 16:37 - 00000000 __RHD C:\Users\Public\AccountPictures 2017-07-24 17:54 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\rescache 2017-07-24 17:28 - 2015-10-30 03:24 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy 2017-07-23 18:45 - 2017-06-15 19:22 - 00000000 ____D C:\ProgramData\Malwarebytes 2017-07-22 17:00 - 2017-05-04 18:16 - 00040304 _____ (Greatis Software) C:\WINDOWS\SysWOW64\Drivers\Partizan.sys 2017-07-22 17:00 - 2017-05-04 18:16 - 00003400 _____ C:\WINDOWS\System32\Tasks\UnHackMe Task Scheduler 2017-07-22 17:00 - 2017-05-04 18:16 - 00000002 RSHOT C:\WINDOWS\winstart.bat 2017-07-22 17:00 - 2017-05-04 18:16 - 00000002 RSHOT C:\WINDOWS\SysWOW64\CONFIG.NT 2017-07-22 17:00 - 2017-05-04 18:16 - 00000002 RSHOT C:\WINDOWS\SysWOW64\AUTOEXEC.NT 2017-07-22 17:00 - 2017-05-04 18:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe 2017-07-22 17:00 - 2017-05-04 18:16 - 00000000 ____D C:\Program Files (x86)\UnHackMe 2017-07-22 16:50 - 2016-06-13 17:52 - 00000000 ____D C:\Program Files (x86)\Adobe 2017-07-22 16:47 - 2017-04-20 16:45 - 00000000 ____D C:\Users\tpaegle\AppData\Roaming\SparkoCam 2017-07-22 16:47 - 2017-04-20 16:45 - 00000000 ____D C:\Program Files (x86)\SparkoCam 2017-07-22 15:16 - 2016-11-10 11:16 - 00000000 ____D C:\Users\tpaegle\AppData\Roaming\Zoom 2017-07-22 14:57 - 2016-06-14 14:01 - 00000000 ____D C:\Users\tpaegle\Desktop\ELS Desktop 2017-07-22 11:36 - 2016-02-11 19:13 - 05234376 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2017-07-22 11:35 - 2015-10-30 03:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2017-07-22 11:35 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files\Windows Photo Viewer 2017-07-22 11:35 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files\Windows Defender 2017-07-22 11:35 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2017-07-22 11:35 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2017-07-22 11:31 - 2015-10-30 03:11 - 00000000 ____D C:\WINDOWS\CbsTemp 2017-07-22 11:22 - 2016-02-11 17:09 - 00000000 ____D C:\WINDOWS\system32\MRT 2017-07-22 11:20 - 2016-02-11 17:09 - 135225752 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2017-07-21 08:28 - 2016-06-15 18:34 - 00000000 ____D C:\Program Files\Adobe 2017-07-21 08:26 - 2016-06-15 18:34 - 00000000 ____D C:\Program Files\Common Files\Adobe 2017-07-21 08:21 - 2016-06-14 09:17 - 00000000 ____D C:\Users\tpaegle\AppData\Roaming\Adobe 2017-07-12 02:29 - 2017-06-15 19:23 - 00077376 _____ C:\WINDOWS\system32\Drivers\mbae64.sys 2017-07-11 16:20 - 2016-09-24 17:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio 2017-07-11 14:58 - 2016-07-28 11:21 - 00000000 ____D C:\Users\tpaegle\Documents\Sound recordings 2017-07-11 12:00 - 2017-05-11 16:18 - 00000000 ____D C:\Users\tpaegle\AppData\Roaming\MAXON 2017-07-08 14:30 - 2017-02-08 18:38 - 00000000 ____D C:\Users\Public\Documents\My DAZ 3D Library 2017-07-07 10:01 - 2016-09-24 17:14 - 00000000 ____D C:\Users\tpaegle\AppData\Roaming\obs-studio 2017-07-06 11:47 - 2016-06-13 17:43 - 00000000 ____D C:\ProgramData\Package Cache 2017-07-06 08:01 - 2017-06-15 15:49 - 00000000 ____D C:\Users\tpaegle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blender 2017-07-05 19:05 - 2017-05-04 22:07 - 00000000 ____D C:\@RestoreQuarantine 2017-07-05 12:17 - 2016-11-28 19:03 - 00000000 ___RD C:\Users\tpaegle\tpaegle@iu.edu Creative Cloud Files 2017-07-05 09:45 - 2016-06-15 18:36 - 00000000 ____D C:\Users\tpaegle\Documents\Adobe 2017-07-03 09:40 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\NDF 2017-07-02 09:56 - 2017-06-23 09:39 - 00000000 ____D C:\ProgramData\digiCamControl 2017-06-30 15:46 - 2017-06-15 19:23 - 00093600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2017-06-30 09:43 - 2015-10-30 03:26 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2017-06-30 09:43 - 2015-10-30 03:26 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2017-06-27 14:12 - 2016-06-13 17:51 - 00002293 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk ==================== Files in the root of some directories ======= 2016-06-26 18:39 - 2016-06-26 18:39 - 0001181 _____ () C:\Users\tpaegle\AppData\Roaming\ACInitialize.log 2016-12-25 22:57 - 2016-12-25 22:57 - 0000055 _____ () C:\Users\tpaegle\AppData\Roaming\Camdata.ini 2016-12-25 22:57 - 2016-12-25 22:57 - 0000408 _____ () C:\Users\tpaegle\AppData\Roaming\CamLayout.ini 2016-12-25 22:57 - 2016-12-25 22:57 - 0000408 _____ () C:\Users\tpaegle\AppData\Roaming\CamShapes.ini 2016-12-23 14:45 - 2016-12-23 14:49 - 0004509 _____ () C:\Users\tpaegle\AppData\Roaming\CamStudio.cfg 2016-10-25 15:54 - 2016-10-26 17:22 - 0001456 _____ () C:\Users\tpaegle\AppData\Local\Adobe Save for Web 13.0 Prefs 2016-06-14 17:26 - 2016-11-16 18:46 - 0000600 _____ () C:\Users\tpaegle\AppData\Local\PUTTY.RND ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-07-20 22:54 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-07-2017 Ran by tpaegle (26-07-2017 20:58:37) Running from C:\Users\tpaegle\Downloads Windows 10 Enterprise Version 1511 (X64) (2016-06-13 22:39:58) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-652057862-1867703648-2141486114-500 - Administrator - Disabled) BackupAdmin (S-1-5-21-652057862-1867703648-2141486114-1004 - Administrator - Enabled) DefaultAccount (S-1-5-21-652057862-1867703648-2141486114-503 - Limited - Disabled) Guest (S-1-5-21-652057862-1867703648-2141486114-501 - Limited - Disabled) tpaegleadmin (S-1-5-21-652057862-1867703648-2141486114-1005 - Administrator - Enabled) => C:\Users\tpaegleadmin ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 3DCrafter (HKLM-x32\...\{4BF10327-1B41-4887-9E2D-D01344BD2050}) (Version: 9.3.0.1620 - Amabilis Software) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe Acrobat DC (2015) (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0E0F06755100}) (Version: 15.006.30306 - Adobe Systems Incorporated) Adobe After Effects CC 2017 (HKLM-x32\...\AEFT_14_0_1) (Version: 14.0.1 - Adobe Systems Incorporated) Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.1.1.202 - Adobe Systems Incorporated) Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_0) (Version: 18.0.0 - Adobe Systems Incorporated) Adobe Premiere Pro CC 2017 (HKLM-x32\...\PPRO_11_0_1) (Version: 11.0.1 - Adobe Systems Incorporated) Apple Application Support (32-bit) (HKLM-x32\...\{D4B07658-F443-4445-A261-E643996E139D}) (Version: 4.3.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{6F085FCD-4B6A-4F63-AF23-B74629C40797}) (Version: 9.3.0.15 - Apple Inc.) Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.) Aqua Data Studio 4.7 (HKLM-x32\...\{75D79813-84E9-42D4-B97A-08BF5376DAB9}) (Version: 4.70.0000 - AquaFold) ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach) Atom (HKU\S-1-5-21-1085031214-1292428093-527237240-359157\...\atom) (Version: 1.12.4 - GitHub Inc.) Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team) Blender (HKLM-x32\...\{C64E1B76-BBB5-4AF5-8AB6-09C6972553D4}) (Version: 2.78.3 - Blender Foundation) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Bonjour Print Services (HKLM\...\{0DA20600-6130-443B-9D4B-F30520315FA6}) (Version: 2.0.2.0 - Apple Inc.) CamStudio version 2.7 (HKLM-x32\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7 - CamStudio Open Source) Citrix Receiver 4.5 (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.5.0.10018 - Citrix Systems, Inc.) Configuration Manager Client (HKLM\...\{3604F63C-04E2-4F0C-8092-FEC078D08ACB}) (Version: 5.00.8412.1000 - Microsoft Corporation) Hidden D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden Dell System Detect (HKU\S-1-5-21-1085031214-1292428093-527237240-359157\...\58d94f3ce2c27db0) (Version: 7.6.0.4 - Dell) Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 10.1207.101.103 - ALPS ELECTRIC CO., LTD.) digiCamControl (HKLM-x32\...\{7365747f-9b2b-4687-8dea-8bbd17eb972a}) (Version: 2.0.72.0 - ) Hidden FL Studio 12 (HKLM-x32\...\FL Studio 12) (Version: - Image-Line) FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version: - Image-Line) Git version 2.9.0 (HKU\S-1-5-21-1085031214-1292428093-527237240-359157\...\Git_is1) (Version: 2.9.0 - The Git Development Community) GitHub (HKU\S-1-5-21-1085031214-1292428093-527237240-359157\...\5f7eb300e2ea4ebf) (Version: 3.1.1.4 - GitHub, Inc.) Google Chrome (HKLM-x32\...\{8985DEC8-2A80-314F-871E-0E332F4ED977}) (Version: 59.0.3071.115 - Google, Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden HandBrake 0.10.5 (HKLM-x32\...\HandBrake) (Version: 0.10.5 - ) Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden Houdini 16.0.633 (HKLM\...\Houdini 16.0.633) (Version: 16.0.633 - Side Effects Software) Icecream PDF Split and Merge version 3.33 (HKLM-x32\...\{95DC4DB4-99FB-4FB2-ADBD-97F194EDEB4D}_is1) (Version: 3.33 - Icecream Apps) Icecream Screen Recorder version 4.71 (HKLM-x32\...\{7ADEC622-3230-4C9A-9DCE-9BD462B74095}_is1) (Version: 4.71 - Icecream Apps) Identity Finder (HKLM-x32\...\{838D561A-3EF9-4B0C-A6F2-F948816D84D0}) (Version: 7.5.0.1 - Identity Finder, LLC) IL Download Manager (HKLM-x32\...\IL Download Manager) (Version: - Image-Line) Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{AA67D612-0BE5-44D6-9A91-592958F754A1}) (Version: 13.0.198 - Intel Corporation) Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1163 - Intel Corporation) Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 18.1 - Intel) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation) Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation) IntelliJ IDEA 2016.2 (HKLM-x32\...\IntelliJ IDEA 2016.2) (Version: 162.1121.32 - JetBrains s.r.o.) iTunes (HKLM\...\{6DBC2AD3-28FC-4691-8A96-9049420C1DEC}) (Version: 12.4.3.1 - Apple Inc.) IU Printer Finder (HKLM-x32\...\{60DF2B1C-CDD1-4A50-AA4B-AA1CC6105E92}) (Version: 6.0.40.0 - Indiana University) Java 8 Update 91 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418091F0}) (Version: 8.0.910.15 - Oracle Corporation) Java SE Development Kit 8 Update 91 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180910}) (Version: 8.0.910.15 - Oracle Corporation) Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Logitech Solar App 1.10 (HKLM\...\SolarApp) (Version: 1.10.3 - Logitech) Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes) Managed Windows Defender (HKLM\...\{E064FB53-FE8D-4B07-B991-2B025EF3EEF6}) (Version: 4.10.0209.0 - Microsoft Corporation) Hidden Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation) Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang) Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Mozilla Firefox 49.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 49.0.1 (x86 en-US)) (Version: 49.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.1.6109 - Mozilla) MySQL Installer - Community (HKLM-x32\...\{98EC0FB0-F10F-46B3-B56A-ACFCF3AA7C53}) (Version: 1.4.16.0 - Oracle Corporation) MySQL Server 5.7 (HKLM\...\{654D5AEF-3F39-4705-B234-C7E64F659534}) (Version: 5.7.12 - Oracle Corporation) MySQL Workbench 6.3 CE (HKLM\...\{0D901124-B910-4985-9D4F-AC5C2FEF7493}) (Version: 6.3.7 - Oracle Corporation) NKRemote (HKLM-x32\...\{18F7C517-4870-4b6a-93E0-09CB4AC4FFB7}) (Version: v2.4.1 - Breeze Systems Ltd) Node.js (HKLM\...\{E5DD2249-1D15-43FC-809E-9415B3533D8C}) (Version: 4.4.5 - Node.js Foundation) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9 - Notepad++ Team) NVIDIA 3D Vision Driver 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.54 - NVIDIA Corporation) NVIDIA Graphics Driver 376.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.54 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation) NVIDIA nView 148.03 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 148.03 - NVIDIA Corporation) Online Plug-in (HKLM-x32\...\{EADC2DA1-5566-4F3B-8AA3-A2EC15F22760}) (Version: 14.5.0.10018 - Citrix Systems, Inc.) Hidden Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM\...\{90160000-001F-040C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden Pulse Secure (HKLM\...\{D7B2465E-7317-4F15-BD41-3E32D3F1EB28}) (Version: 5.1.61533 - Pulse Secure, LLC) Hidden Pulse Secure 5.1 (HKLM-x32\...\Pulse Secure 5.1) (Version: 5.1.61533 - Pulse Secure, LLC) Pulse Secure Setup Client (HKU\.DEFAULT\...\Juniper_Setup_Client) (Version: 8.1.7.61533 - Pulse Secure, LLC) Pulse Secure Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Pulse Secure, LLC) Pulse Secure Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Pulse Secure, LLC) PuTTY version 0.63 (HKLM-x32\...\PuTTY_is1) (Version: 0.63 - Simon Tatham) ROBLOX Player for tpaegle (HKU\S-1-5-21-1085031214-1292428093-527237240-359157\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation) Ruby 2.0.0-p648-x64 (HKU\S-1-5-21-1085031214-1292428093-527237240-359157\...\{B5BD4615-7C8A-4E50-9179-71B593CA6B67}_is1) (Version: 2.0.0-p648 - RubyInstaller Team) Ruby 2.3.1-p112 (HKU\S-1-5-21-1085031214-1292428093-527237240-359157\...\{FF67D821-E2CA-4B2A-871F-4624C567AAF7}_is1) (Version: 2.3.1-p112 - RubyInstaller Team) Self-service Plug-in (HKLM-x32\...\{6A23E16C-62CB-466F-BF8F-C5BC2BA930B2}) (Version: 4.5.0.14155 - Citrix Systems, Inc.) Hidden Skype™ 7.29 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.29.102 - Skype Technologies S.A.) SparkoCam (HKLM-x32\...\SparkoCam) (Version: 2.3.9 - Sparkosoft) System Center Endpoint Protection (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation) UnHackMe 9.0 (HKLM-x32\...\UnHackMe_is1) (Version: - Greatis Software, LLC.) Unity Web Player (HKU\S-1-5-21-1085031214-1292428093-527237240-359157\...\UnityWebPlayer) (Version: 5.3.6f1 - Unity Technologies ApS) Update for Skype for Business 2016 (KB3213548) 64-Bit Edition (HKLM\...\{90160000-0011-0000-1000-0000000FF1CE}_Office16.PROPLUS_{1C894A72-A611-4A19-B106-0218E3CAC377}) (Version: - Microsoft) Update for Skype for Business 2016 (KB3213548) 64-Bit Edition (HKLM\...\{90160000-012B-0409-1000-0000000FF1CE}_Office16.PROPLUS_{1C894A72-A611-4A19-B106-0218E3CAC377}) (Version: - Microsoft) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.2 - VideoLAN) WebM Project Directshow Filters (HKU\S-1-5-21-1085031214-1292428093-527237240-359157\...\webmdshow) (Version: 1.0.4.1 - WebM Project) Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17364 - Microsoft Corporation) Windows Firewall Configuration Provider (HKLM\...\{109A5A16-E09E-4B82-A784-D1780F1190D6}) (Version: 1.2.3412.0 - Microsoft Corporation) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH) WinSCP 5.9.1 (HKLM-x32\...\winscp3_is1) (Version: 5.9.1 - Martin Prikryl) Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1085031214-1292428093-527237240-359157_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation) ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\tpaegle\AppData\Local\MEGAsync\ShellExtX64.dll -> No File ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\tpaegle\AppData\Local\MEGAsync\ShellExtX64.dll -> No File ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\tpaegle\AppData\Local\MEGAsync\ShellExtX64.dll -> No File ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2017-05-26] () ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2017-05-26] () ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2017-05-26] () ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\tpaegle\AppData\Local\MEGAsync\ShellExtX32.dll -> No File ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\tpaegle\AppData\Local\MEGAsync\ShellExtX32.dll -> No File ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\tpaegle\AppData\Local\MEGAsync\ShellExtX32.dll -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\FileSyncShell.dll -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\FileSyncShell.dll -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\FileSyncShell.dll -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\FileSyncShell.dll -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\FileSyncShell.dll -> No File ContextMenuHandlers01: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) ContextMenuHandlers01: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2017-05-26] () ContextMenuHandlers01: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 2015\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems Inc.) ContextMenuHandlers01: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2016-02-21] () ContextMenuHandlers01: [IcecreamShellExtension] -> {A8B59160-93EA-4303-9192-AA3C64FDBE31} => C:\Program Files (x86)\Icecream PDF Split and Merge\x64\IcecreamShell64.dll [2016-12-29] (TODO: <Company name>) ContextMenuHandlers01: [Identity Finder] -> {A7906124-4DB9-48A5-B635-C944A4A4B24B} => C:\Program Files (x86)\Identity Finder 7\idfshext_x64.dll [2014-05-13] (Identity Finder, LLC) ContextMenuHandlers01: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\tpaegle\AppData\Local\MEGAsync\ShellExtX64.dll -> No File ContextMenuHandlers01: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal) ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File ContextMenuHandlers03: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes) ContextMenuHandlers03: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\tpaegle\AppData\Local\MEGAsync\ShellExtX64.dll -> No File ContextMenuHandlers04: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) ContextMenuHandlers04: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\Users\tpaegle\AppData\Local\MEGAsync\ShellExtX64.dll -> No File ContextMenuHandlers05: [00nView] -> {1E9B04FB-F9E5-4718-997B-B8DA88302A48} => C:\Program Files\NVIDIA Corporation\nview\nvshell.dll [2017-03-14] () ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers05: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-03-01] (Intel Corporation) ContextMenuHandlers05: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-12-29] (NVIDIA Corporation) ContextMenuHandlers06: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2017-05-26] () ContextMenuHandlers06: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 2015\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems Inc.) ContextMenuHandlers06: [Identity Finder] -> {A7906124-4DB9-48A5-B635-C944A4A4B24B} => C:\Program Files (x86)\Identity Finder 7\idfshext_x64.dll [2014-05-13] (Identity Finder, LLC) ContextMenuHandlers06: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes) ContextMenuHandlers06: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal) ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {06A646A8-F16B-475B-A675-865D0A325E6A} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Maintenance Task: {0CB00517-87B1-41D5-8F2D-11D0EA1CABA8} - System32\Tasks\MySQL\Installer\ManifestUpdate => C:\Program Files (x86)\MySQL\MySQL Installer for Windows\MySQLInstallerConsole.exe [2016-04-30] (Oracle Corporation) Task: {14DA2928-33BB-4946-B74E-7219C4EBDDBE} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Health Evaluation => C:\WINDOWS\CCM\ccmeval.exe [2016-06-20] (Microsoft Corporation) Task: {15200291-BC53-44B5-B5A9-9F934EBE726C} - System32\Tasks\Microsoft\Windows\GroupPolicy\{A7719E0F-10DB-4640-AD8C-490CC6AD5202} Task: {34D4E5AD-01F9-434D-8773-3CA668C264CE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated) Task: {37097774-CBFD-467C-84E9-47584B130890} - System32\Tasks\UnHackMe Task Scheduler => C:\Program Files (x86)\UnHackMe\hackmon.exe [2017-06-22] (Greatis Software) Task: {3A0A45F2-17E3-459D-9EBA-0709D9FC16DC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation) Task: {5DA76B26-0B77-4E06-9B4D-07AB3E956215} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-13] (Google Inc.) Task: {6EA54D7F-EAAB-4DA7-B71A-FE2C840A77A5} - System32\Tasks\IU_Scripts\Certificate Inventory => powershell.exe -f C:\Windows\Systools\Scripts\CertificateInventory\CertificateInventory.ps1 -certstore "My,TrustedPublisher,Remote Desktop" Task: {7389A283-89AA-425E-81A5-75BC8C0B1F13} - System32\Tasks\AdobeAAMUpdater-1.0-ADS-tpaegle => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated) Task: {740EBBCA-225F-413E-8520-8A0AFBE9CA74} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.) Task: {7EA609EF-7514-4BE5-8B0D-9AD13B2F8BF6} - System32\Tasks\Opera scheduled Autoupdate 1496323890 => C:\Users\tpaegle\AppData\Local\Programs\Opera\launcher.exe Task: {94E6A30D-F5E2-4DCE-ABF2-1E97BB5D355A} - System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA} Task: {B086629F-37F1-4D4F-89D9-24E151948FF8} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Passport for Work Certificate Enrollment Task => C:\WINDOWS\System32\Wbem\wmic.exe [2015-10-30] (Microsoft Corporation) Task: {CED37D0F-D38E-4C81-9EC9-B55FBD9A9030} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-13] (Google Inc.) Task: {D9FC88DD-2FC6-4B20-BD54-A88F8F80F876} - System32\Tasks\nWizard_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2017-03-14] () Task: {E3722A4F-2F72-4A58-8C26-91161A14CF96} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation) Task: {E48100B1-9F53-459D-B879-9A68A4332424} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Idle Detection Task: {F16A5AD0-855C-4DD6-B987-D596DF1D7FD8} - System32\Tasks\Opera scheduled suite Autoupdate 1496323894 => C:\Users\tpaegle\AppData\Local\Programs\Opera\launcher.exe Task: {F5C513AD-CBD7-49B3-8E36-7C2CEE434FD8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) Shortcut: C:\Users\tpaegle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ruby 2.0.0-p648-x64\Interactive Ruby.lnk -> C:\Users\tpaegle\Ruby200-x64\bin\irb.bat () Shortcut: C:\Users\tpaegle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DAZ 3D\DAZ Install Manager\DAZ Install Manager Read Me.lnk -> hxxp:docs.daz3d.com\doku.php\public\read_me\index\1481 ShortcutWithArgument: C:\Users\tpaegle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ruby 2.3.1-p112\Start Command Prompt with Ruby.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /E:ON /K C:\Users\tpaegle\Ruby23\bin\setrbvars.bat ShortcutWithArgument: C:\Users\tpaegle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ruby 2.0.0-p648-x64\Start Command Prompt with Ruby.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /E:ON /K C:\Users\tpaegle\Ruby200-x64\bin\setrbvars.bat ShortcutWithArgument: C:\Users\tpaegle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Remote Desktop.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp ShortcutWithArgument: C:\Users\tpaegle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Keep - notes and lists.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki ShortcutWithArgument: C:\Users\tpaegle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Play Music.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=fahmaaghhglfmonjliepjlchgpgfmobi ShortcutWithArgument: C:\Users\tpaegle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Invite All Facebook Friends Automatically.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=cjmhellgomfgjiogcglfnbkkmdieacki ==================== Loaded Modules (Whitelisted) ============== 2015-05-19 09:11 - 2015-05-19 09:11 - 00007680 _____ () C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe 2016-10-13 09:19 - 2016-10-31 17:12 - 00263168 _____ () C:\WINDOWS\system32\wc_storage.dll 2017-06-07 16:41 - 2017-03-04 01:31 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2017-07-22 11:24 - 2017-06-17 06:13 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2017-05-26 03:18 - 2017-05-26 03:18 - 00492112 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll 2017-02-22 23:56 - 2017-02-22 23:56 - 08911560 _____ () C:\Program Files\Microsoft Office\Office16\1033\GrooveIntlResource.dll 2016-02-21 17:38 - 2016-02-21 17:38 - 00230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll 2017-06-07 16:41 - 2017-03-03 23:19 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2017-06-07 16:40 - 2017-03-03 23:14 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2017-06-07 16:41 - 2017-04-27 19:46 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2017-07-22 11:24 - 2017-06-17 01:15 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2016-02-11 17:07 - 2015-12-07 00:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2016-08-12 03:04 - 2016-06-30 23:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2017-06-27 14:12 - 2017-06-22 23:21 - 03807064 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libglesv2.dll 2017-06-27 14:12 - 2017-06-22 23:21 - 00100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libegl.dll 2016-03-18 22:56 - 2016-03-18 22:56 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2016-07-05 15:23 - 2016-07-05 15:23 - 01041208 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2015-08-14 02:17 - 2015-08-14 02:17 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) HKU\S-1-5-21-1085031214-1292428093-527237240-359157\Software\Classes\regfile: regedit.exe "%1" <==== ATTENTION ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-1085031214-1292428093-527237240-359157\...\iu.edu -> hxxps://ls-sccm-cmac.ads.iu.edu ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-10-30 03:24 - 2017-07-25 08:44 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1085031214-1292428093-527237240-359157\Control Panel\Desktop\\Wallpaper -> C:\Users\tpaegle\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper DNS Servers: 192.168.1.1 - 8.8.8.8 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Prompt) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{86E10DCD-18C6-4C80-9BD7-0F81739C63D7}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe FirewallRules: [{886A5C62-88DA-4B57-966A-89D02F987E6C}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe FirewallRules: [{A986B4A9-E14C-48DF-8B9D-3B5965AE6128}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe FirewallRules: [{440001EB-8233-4909-8041-D2D64CB93ECC}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe FirewallRules: [{8144EF5C-B6F1-4B7F-B4E3-3FE7049D9E26}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{6865F13B-73EA-48E1-A76B-9EFEEB81F165}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{5E8C40EB-E585-4FA2-8CFE-65E91F559369}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{93435AB3-C54D-4B94-BD4F-6C77137E6A61}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{C0B9E327-527B-4C97-B475-89BDFFFD17BE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{BF56A168-1FF3-4CA2-8E16-0893BB29C2CB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{B70E790B-5B16-4E80-9C77-E23A743682FB}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [TCP Query User{2140828B-A74B-41B4-8637-B4D93EFF42F8}C:\program files (x86)\jetbrains\rubymine 2016.1.1\bin\rubymine.exe] => (Allow) C:\program files (x86)\jetbrains\rubymine 2016.1.1\bin\rubymine.exe FirewallRules: [UDP Query User{96343A8A-A58B-4381-953E-85249D896B1E}C:\program files (x86)\jetbrains\rubymine 2016.1.1\bin\rubymine.exe] => (Allow) C:\program files (x86)\jetbrains\rubymine 2016.1.1\bin\rubymine.exe FirewallRules: [TCP Query User{F34B4CD1-4211-465E-A401-D3CA338D8649}C:\program files (x86)\jetbrains\rubymine 2016.1.1\bin\rubymine.exe] => (Allow) C:\program files (x86)\jetbrains\rubymine 2016.1.1\bin\rubymine.exe FirewallRules: [UDP Query User{077EC9B7-74E8-4AD3-90BA-FDB06D2389DB}C:\program files (x86)\jetbrains\rubymine 2016.1.1\bin\rubymine.exe] => (Allow) C:\program files (x86)\jetbrains\rubymine 2016.1.1\bin\rubymine.exe FirewallRules: [TCP Query User{07E024BF-4019-4D93-9C61-0822CA386673}C:\users\tpaegle\appdata\roaming\jetbrains\rubymine 2016.1.1\bin\rubymine.exe] => (Allow) C:\users\tpaegle\appdata\roaming\jetbrains\rubymine 2016.1.1\bin\rubymine.exe FirewallRules: [UDP Query User{B4CD6B56-BD3D-4684-AB4E-8725D712FC98}C:\users\tpaegle\appdata\roaming\jetbrains\rubymine 2016.1.1\bin\rubymine.exe] => (Allow) C:\users\tpaegle\appdata\roaming\jetbrains\rubymine 2016.1.1\bin\rubymine.exe FirewallRules: [TCP Query User{B281FA6D-9B44-4F6D-A98A-BB5584BEE64C}C:\users\tpaegle\ruby200-x64\bin\ruby.exe] => (Allow) C:\users\tpaegle\ruby200-x64\bin\ruby.exe FirewallRules: [UDP Query User{1D2ECF8C-3AF1-4D13-B65C-48D7E6C4E830}C:\users\tpaegle\ruby200-x64\bin\ruby.exe] => (Allow) C:\users\tpaegle\ruby200-x64\bin\ruby.exe FirewallRules: [TCP Query User{32168C28-B4D4-45A3-8238-8DBA7E6968B5}C:\users\tpaegle\mysql\bin\mysqld.exe] => (Allow) C:\users\tpaegle\mysql\bin\mysqld.exe FirewallRules: [UDP Query User{670A8E10-6BFA-4917-8A5E-F0837AA4AE68}C:\users\tpaegle\mysql\bin\mysqld.exe] => (Allow) C:\users\tpaegle\mysql\bin\mysqld.exe FirewallRules: [TCP Query User{413E8D2E-C20D-4C25-B38D-2A62A1078C6B}C:\program files\mysql\mysql server 5.6\bin\mysqld.exe] => (Allow) C:\program files\mysql\mysql server 5.6\bin\mysqld.exe FirewallRules: [UDP Query User{F2FD5213-53D3-4BCF-ADFE-00A2F5CFA1CC}C:\program files\mysql\mysql server 5.6\bin\mysqld.exe] => (Allow) C:\program files\mysql\mysql server 5.6\bin\mysqld.exe FirewallRules: [{EAC00001-2CF9-4888-88E3-C32ED7CE01BC}] => (Allow) LPort=3306 FirewallRules: [{78EF8AD9-E445-4C7D-AF1F-066FCAFBD800}] => (Allow) LPort=3306 FirewallRules: [TCP Query User{39D98EDF-A322-4AFF-AEA7-88E13F977122}C:\users\tpaegle\ruby200-x64\bin\ruby.exe] => (Allow) C:\users\tpaegle\ruby200-x64\bin\ruby.exe FirewallRules: [UDP Query User{969A1672-B3C1-482C-BB49-BB4226FCD2B5}C:\users\tpaegle\ruby200-x64\bin\ruby.exe] => (Allow) C:\users\tpaegle\ruby200-x64\bin\ruby.exe FirewallRules: [{83C901DF-70DC-4CD6-9525-4D14FFEDC768}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe FirewallRules: [{12BC6626-BD67-455D-8793-DBAEC16B667C}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe FirewallRules: [{BD51C2B0-1F5F-4CE9-A421-89018CF2BDAC}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe FirewallRules: [{9A8E601E-DFFA-40D3-9A76-79C8AE630D6D}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe FirewallRules: [TCP Query User{D05A6F4A-9344-45AA-AA1E-84578C5A6EC4}C:\program files (x86)\jetbrains\intellij idea 2016.2\bin\idea64.exe] => (Allow) C:\program files (x86)\jetbrains\intellij idea 2016.2\bin\idea64.exe FirewallRules: [UDP Query User{42C1DF93-D52C-4EDC-AC8E-319DDAC0FBCC}C:\program files (x86)\jetbrains\intellij idea 2016.2\bin\idea64.exe] => (Allow) C:\program files (x86)\jetbrains\intellij idea 2016.2\bin\idea64.exe FirewallRules: [TCP Query User{8B8B7D22-40B4-485F-A030-EB720DB4BE1C}C:\program files\java\jdk1.8.0_91\jre\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_91\jre\bin\java.exe FirewallRules: [UDP Query User{1FF1F1A3-5A4B-4528-BE80-70E1CCC56D29}C:\program files\java\jdk1.8.0_91\jre\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_91\jre\bin\java.exe FirewallRules: [TCP Query User{36146874-1144-4B69-A893-D72B3983C661}C:\program files (x86)\jetbrains\intellij idea 2016.2\bin\idea64.exe] => (Allow) C:\program files (x86)\jetbrains\intellij idea 2016.2\bin\idea64.exe FirewallRules: [UDP Query User{1A26F41B-9E4B-4D3C-AC6C-7A31D997E4CE}C:\program files (x86)\jetbrains\intellij idea 2016.2\bin\idea64.exe] => (Allow) C:\program files (x86)\jetbrains\intellij idea 2016.2\bin\idea64.exe FirewallRules: [TCP Query User{19D39A8F-C7EB-4377-B244-F94DB358A663}C:\program files\java\jdk1.8.0_91\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_91\bin\java.exe FirewallRules: [UDP Query User{37B5FC4D-566A-4FEE-8438-6C343ED32732}C:\program files\java\jdk1.8.0_91\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_91\bin\java.exe FirewallRules: [{24832FBE-3BF3-4B27-8F82-7EABB58F7BB9}] => (Block) C:\program files\java\jdk1.8.0_91\bin\java.exe FirewallRules: [{FDCDC913-A54A-41F7-9DCD-D16A0006B06A}] => (Block) C:\program files\java\jdk1.8.0_91\bin\java.exe FirewallRules: [TCP Query User{90C37C6A-93A5-4F88-874E-1795275FD66E}C:\program files\java\jdk1.8.0_91\jre\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_91\jre\bin\java.exe FirewallRules: [UDP Query User{5E050477-37BF-4758-8329-64116DA163EE}C:\program files\java\jdk1.8.0_91\jre\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_91\jre\bin\java.exe FirewallRules: [TCP Query User{5AAF18CB-3CE6-4BCA-9340-EFA20DCEFD88}C:\program files (x86)\jetbrains\intellij idea 2016.2\jre\jre\bin\java.exe] => (Allow) C:\program files (x86)\jetbrains\intellij idea 2016.2\jre\jre\bin\java.exe FirewallRules: [UDP Query User{B0D5641F-38B2-445F-BEBB-8FEF71A7C2AE}C:\program files (x86)\jetbrains\intellij idea 2016.2\jre\jre\bin\java.exe] => (Allow) C:\program files (x86)\jetbrains\intellij idea 2016.2\jre\jre\bin\java.exe FirewallRules: [TCP Query User{8EF476DC-9C73-4FCB-BD3D-0453C1E1424D}C:\program files (x86)\jetbrains\intellij idea 2016.2\bin\idea.exe] => (Allow) C:\program files (x86)\jetbrains\intellij idea 2016.2\bin\idea.exe FirewallRules: [UDP Query User{0810E026-FF18-4CA6-B6DE-9757ACBAFBBE}C:\program files (x86)\jetbrains\intellij idea 2016.2\bin\idea.exe] => (Allow) C:\program files (x86)\jetbrains\intellij idea 2016.2\bin\idea.exe FirewallRules: [{9EF2BA9D-EC3D-4391-B696-33CCAC93A2F5}] => (Allow) C:\WINDOWS\CCM\RemCtrl\CmRcService.exe FirewallRules: [{C3A47A54-EE61-478F-86AC-F55BFC91D5B1}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{2419FB81-78B6-47BA-BAAA-DB8A233BD5CE}] => (Allow) LPort=2869 FirewallRules: [{9FAB8059-BC97-4EA2-86B7-712337FC8956}] => (Allow) LPort=1900 FirewallRules: [TCP Query User{86622E6A-AB72-4A86-B392-2885CC5AFE4A}C:\program files (x86)\jetbrains\intellij idea 2016.2\bin\idea.exe] => (Allow) C:\program files (x86)\jetbrains\intellij idea 2016.2\bin\idea.exe FirewallRules: [UDP Query User{C6FE088C-A916-47C5-8547-0A705825FABD}C:\program files (x86)\jetbrains\intellij idea 2016.2\bin\idea.exe] => (Allow) C:\program files (x86)\jetbrains\intellij idea 2016.2\bin\idea.exe FirewallRules: [{4F17A0AB-07C0-4456-8D02-DEBA8E8A2E80}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe FirewallRules: [TCP Query User{B4FE495F-5E11-4963-800F-9458F09E4721}C:\windows\system32\runtimebroker.exe] => (Block) C:\windows\system32\runtimebroker.exe FirewallRules: [UDP Query User{029E8014-822C-400C-88CE-F490EB743980}C:\windows\system32\runtimebroker.exe] => (Block) C:\windows\system32\runtimebroker.exe FirewallRules: [TCP Query User{EF523101-56B3-436D-A905-771931E3E15D}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [UDP Query User{CC2FC4AF-71AF-43DA-989C-80F395A66161}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe FirewallRules: [TCP Query User{8D933778-8917-40D1-A491-50DBA549BCE5}C:\program files (x86)\jetbrains\intellij idea 2016.2\jre\jre\bin\java.exe] => (Allow) C:\program files (x86)\jetbrains\intellij idea 2016.2\jre\jre\bin\java.exe FirewallRules: [UDP Query User{2A23C82B-6E94-4A56-8D4F-72240499078B}C:\program files (x86)\jetbrains\intellij idea 2016.2\jre\jre\bin\java.exe] => (Allow) C:\program files (x86)\jetbrains\intellij idea 2016.2\jre\jre\bin\java.exe FirewallRules: [TCP Query User{1CD506F0-4596-40AA-829B-D7FF71425298}C:\users\tpaegle\ruby23\bin\ruby.exe] => (Allow) C:\users\tpaegle\ruby23\bin\ruby.exe FirewallRules: [UDP Query User{86766317-5056-43C1-9AB1-0F702211E0B6}C:\users\tpaegle\ruby23\bin\ruby.exe] => (Allow) C:\users\tpaegle\ruby23\bin\ruby.exe FirewallRules: [{26B431E2-5881-4FF8-8AE0-4AA9CA46BD5F}] => (Block) C:\users\tpaegle\ruby23\bin\ruby.exe FirewallRules: [{CC118944-F45A-4794-A34D-888FEBFAACAE}] => (Block) C:\users\tpaegle\ruby23\bin\ruby.exe FirewallRules: [TCP Query User{18D050A3-AC63-4D72-87D0-18241299A5A5}C:\users\tpaegle\cygwin\bin\ruby.exe] => (Allow) C:\users\tpaegle\cygwin\bin\ruby.exe FirewallRules: [UDP Query User{84182724-FAC8-403D-87C8-CFDE26844762}C:\users\tpaegle\cygwin\bin\ruby.exe] => (Allow) C:\users\tpaegle\cygwin\bin\ruby.exe FirewallRules: [TCP Query User{D18063CB-B867-4BEF-91E7-592C8D95B1B0}C:\users\tpaegle\.rvm\rubies\ruby-2.3.1\bin\ruby.exe] => (Allow) C:\users\tpaegle\.rvm\rubies\ruby-2.3.1\bin\ruby.exe FirewallRules: [UDP Query User{1879AA9D-CA38-4108-BE2C-634108F8CD08}C:\users\tpaegle\.rvm\rubies\ruby-2.3.1\bin\ruby.exe] => (Allow) C:\users\tpaegle\.rvm\rubies\ruby-2.3.1\bin\ruby.exe FirewallRules: [TCP Query User{7A4387A0-7173-42F9-A920-68E53D5A4FE4}C:\users\tpaegle\.rvm\rubies\ruby-2.3.1\bin\ruby.exe] => (Allow) C:\users\tpaegle\.rvm\rubies\ruby-2.3.1\bin\ruby.exe FirewallRules: [UDP Query User{1B68759C-FD42-416F-9E45-E0E5558BA061}C:\users\tpaegle\.rvm\rubies\ruby-2.3.1\bin\ruby.exe] => (Allow) C:\users\tpaegle\.rvm\rubies\ruby-2.3.1\bin\ruby.exe FirewallRules: [VIRT-MIGL-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe FirewallRules: [VIRT-REMOTEDESKTOP-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe FirewallRules: [TCP Query User{C23BAC39-DD17-45D8-B831-29B20D33920F}C:\program files (x86)\jetbrains\rubymine 2016.2.5\bin\rubymine64.exe] => (Allow) C:\program files (x86)\jetbrains\rubymine 2016.2.5\bin\rubymine64.exe FirewallRules: [UDP Query User{09F550CD-EEBA-491D-AD2E-96D4F6D2BFC7}C:\program files (x86)\jetbrains\rubymine 2016.2.5\bin\rubymine64.exe] => (Allow) C:\program files (x86)\jetbrains\rubymine 2016.2.5\bin\rubymine64.exe FirewallRules: [TCP Query User{7BDB4788-2F2A-4701-A7B8-36671E42604B}C:\program files (x86)\jetbrains\rubymine 2016.2.5\bin\rubymine.exe] => (Allow) C:\program files (x86)\jetbrains\rubymine 2016.2.5\bin\rubymine.exe FirewallRules: [UDP Query User{240669EB-4C43-43CE-A611-92BBF0C3C7C4}C:\program files (x86)\jetbrains\rubymine 2016.2.5\bin\rubymine.exe] => (Allow) C:\program files (x86)\jetbrains\rubymine 2016.2.5\bin\rubymine.exe FirewallRules: [{9C838F07-1CEA-412A-B0AF-EBC28A705719}] => (Block) C:\program files (x86)\jetbrains\rubymine 2016.2.5\bin\rubymine.exe FirewallRules: [{E3132D33-58DC-45C4-9499-5FDD7FFA5FFD}] => (Block) C:\program files (x86)\jetbrains\rubymine 2016.2.5\bin\rubymine.exe FirewallRules: [TCP Query User{0CC824A9-5E27-410A-9C57-F8EDD0CB9118}C:\program files (x86)\citrix\ica client\wfica32.exe] => (Allow) C:\program files (x86)\citrix\ica client\wfica32.exe FirewallRules: [UDP Query User{C592D6FE-58A4-486F-9B83-E14A164CBFA3}C:\program files (x86)\citrix\ica client\wfica32.exe] => (Allow) C:\program files (x86)\citrix\ica client\wfica32.exe FirewallRules: [{09EEC06C-3EE2-4672-83CF-F204956748AE}] => (Block) C:\program files (x86)\citrix\ica client\wfica32.exe FirewallRules: [{C81B0151-FAD3-442E-A0C5-C405AC756375}] => (Block) C:\program files (x86)\citrix\ica client\wfica32.exe FirewallRules: [TCP Query User{DA17C850-6610-4C23-8700-1FE30ADE0B78}C:\program files (x86)\jetbrains\rubymine 2016.2.5\bin\rubymine64.exe] => (Block) C:\program files (x86)\jetbrains\rubymine 2016.2.5\bin\rubymine64.exe FirewallRules: [UDP Query User{015AC954-D7D7-41F1-8AD8-6A8DF0A7AFFC}C:\program files (x86)\jetbrains\rubymine 2016.2.5\bin\rubymine64.exe] => (Block) C:\program files (x86)\jetbrains\rubymine 2016.2.5\bin\rubymine64.exe FirewallRules: [TCP Query User{6B0DE054-AE21-4A69-9198-0E61CE308278}C:\windows\system32\runtimebroker.exe] => (Block) C:\windows\system32\runtimebroker.exe FirewallRules: [UDP Query User{81A79B94-61B7-435E-8F74-7B2DDDBD2328}C:\windows\system32\runtimebroker.exe] => (Block) C:\windows\system32\runtimebroker.exe FirewallRules: [{CF7761BA-E3A1-4BF5-B2E8-F042798FC24B}] => (Allow) C:\Users\tpaegle\AppData\Local\Programs\Opera\45.0.2552.884\opera.exe FirewallRules: [{3B1DB678-0FD0-472D-8664-2A09BB0E129B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [TCP Query User{2CF3FB29-656B-406A-AB93-27DBE4C69358}C:\program files\side effects software\houdini 16.0.633\bin\houdinifx.exe] => (Allow) C:\program files\side effects software\houdini 16.0.633\bin\houdinifx.exe FirewallRules: [UDP Query User{23780445-E811-44D8-876A-33727582D163}C:\program files\side effects software\houdini 16.0.633\bin\houdinifx.exe] => (Allow) C:\program files\side effects software\houdini 16.0.633\bin\houdinifx.exe ==================== Restore Points ========================= 26-07-2017 16:20:52 Scheduled Checkpoint 26-07-2017 20:50:08 JRT Pre-Junkware Removal ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (07/26/2017 08:50:19 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Adobe CEF Helper.exe, version: 4.1.1.202, time stamp: 0x5934127c Faulting module name: libcef.dll, version: 3.2704.1434.0, time stamp: 0x5798eeba Exception code: 0xc0000005 Fault offset: 0x00be5ccd Faulting process id: 0x20c8 Faulting application start time: 0x01d30671e3c3d813 Faulting application path: C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe Faulting module path: C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll Report Id: 634104bb-da31-402e-98d6-5216f79bcf5f Faulting package full name: Faulting package-relative application ID: Error: (07/26/2017 08:50:09 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . Error: (07/26/2017 08:20:25 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: RuntimeBroker.exe, version: 10.0.10586.0, time stamp: 0x5632d7e0 Faulting module name: Windows.Internal.Shell.Broker.dll, version: 10.0.10586.839, time stamp: 0x58ba48b6 Exception code: 0xc0000005 Fault offset: 0x000000000003bc6a Faulting process id: 0x97c Faulting application start time: 0x01d3066dcc95a240 Faulting application path: C:\Windows\System32\RuntimeBroker.exe Faulting module path: C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll Report Id: 80398da4-5efe-48fd-bbac-d4836462a923 Faulting package full name: Faulting package-relative application ID: Error: (07/26/2017 04:20:53 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . Error: (07/26/2017 11:45:33 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: SearchUI.exe, version: 10.0.10586.916, time stamp: 0x590286a6 Faulting module name: twinapi.appcore.dll, version: 10.0.10586.839, time stamp: 0x58ba4020 Exception code: 0xc000027b Fault offset: 0x000000000004b1c9 Faulting process id: 0x150c Faulting application start time: 0x01d30582a4bdc572 Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe Faulting module path: C:\Windows\System32\twinapi.appcore.dll Report Id: 3e6ebb6c-3618-4937-a21b-61fed3e613a2 Faulting package full name: Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy Faulting package-relative application ID: CortanaUI Error: (07/25/2017 08:41:46 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: RuntimeBroker.exe, version: 10.0.10586.0, time stamp: 0x5632d7e0 Faulting module name: Windows.Internal.Shell.Broker.dll, version: 10.0.10586.839, time stamp: 0x58ba48b6 Exception code: 0xc0000005 Fault offset: 0x000000000003bc6a Faulting process id: 0x700 Faulting application start time: 0x01d30582a27579a7 Faulting application path: C:\Windows\System32\RuntimeBroker.exe Faulting module path: C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll Report Id: 4aac767d-9540-49a3-b62e-46bd35e8f8de Faulting package full name: Faulting package-relative application ID: Error: (07/25/2017 08:48:40 AM) (Source: Perflib) (EventID: 1008) (User: ) Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code. Error: (07/25/2017 08:07:48 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Windows.Media.BackgroundPlayback.exe, version: 10.0.10586.0, time stamp: 0x5632d879 Faulting module name: KERNELBASE.dll, version: 10.0.10586.916, time stamp: 0x59029143 Exception code: 0xc000010a Fault offset: 0x0000000000071f28 Faulting process id: 0x6608 Faulting application start time: 0x01d3053e9a5d3592 Faulting application path: C:\WINDOWS\System32\Windows.Media.BackgroundPlayback.exe Faulting module path: C:\WINDOWS\system32\KERNELBASE.dll Report Id: cdf06098-48f1-4a11-87b5-96123aa9d6d5 Faulting package full name: Microsoft.ZuneMusic_10.16102.10341.0_x64__8wekyb3d8bbwe Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1 Error: (07/25/2017 04:20:42 AM) (Source: Windows Search Service) (EventID: 3079) (User: ) Description: Notifications for the volume C:\ are not active. Context: Windows Application Details: Insufficient quota to complete the requested service. (HRESULT : 0x800705ad) (0x800705ad) Error: (07/25/2017 03:09:58 AM) (Source: AutoEnrollment) (EventID: 6) (User: ) Description: Automatic certificate enrollment for local system failed (0x800706ba) The RPC server is unavailable. . System errors: ============= Error: (07/26/2017 08:46:53 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: ADS) Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has successfully processed. If you do not see a success message for several hours, then contact your administrator. Error: (07/26/2017 08:45:28 PM) (Source: NETLOGON) (EventID: 5719) (User: ) Description: This computer was not able to set up a secure session with a domain controller in domain ADS due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain. Error: (07/26/2017 08:44:54 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY) Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has successfully processed. If you do not see a success message for several hours, then contact your administrator. Error: (07/26/2017 08:43:51 PM) (Source: DCOM) (EventID: 10010) (User: ADS) Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout. Error: (07/26/2017 08:43:50 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Sync Host_7d612 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (07/26/2017 08:43:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (07/26/2017 08:43:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Intel(R) Content Protection HECI Service service terminated unexpectedly. It has done this 1 time(s). Error: (07/26/2017 08:43:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The SMS Agent Host service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. Error: (07/26/2017 08:43:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Intel(R) Management and Security Application Local Management Service service terminated unexpectedly. It has done this 1 time(s). Error: (07/26/2017 08:43:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Intel(R) Dynamic Application Loader Host Interface Service service terminated unexpectedly. It has done this 1 time(s). CodeIntegrity: =================================== Date: 2017-07-26 20:57:35.500 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-07-26 20:57:35.492 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-07-26 20:49:03.242 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-07-26 20:49:03.229 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-07-26 20:43:54.267 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-07-26 20:43:54.258 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-07-24 17:41:31.214 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-07-23 18:43:13.660 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-07-23 18:43:13.650 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-07-23 17:13:08.277 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-3720QM CPU @ 2.60GHz Percentage of memory in use: 42% Total physical RAM: 8097 MB Available physical RAM: 4660.92 MB Total Virtual: 13473 MB Available Virtual: 10533.99 MB ==================== Drives ================================ Drive c: (Windows 10 Enterprise) (Fixed) (Total:476.6 GB) (Free:134.26 GB) NTFS Drive d: () (Removable) (Total:29.28 GB) (Free:16.16 GB) FAT32 Drive f: (ESD-USB) (Removable) (Total:29.79 GB) (Free:26.39 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 476.9 GB) (Disk ID: 5FC96DEB) Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=476.6 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 29.3 GB) (Disk ID: 00000000) Partition: GPT. ======================================================== Disk: 2 (MBR Code: Windows 7 or 8) (Size: 29.8 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt ============================ Addition.txt FRST.txt

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.1.4 (07.09.2017) Operating System: Windows 10 Enterprise x64 Ran by tpaegle (Administrator) on Wed 07/26/2017 at 20:50:08.05 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 3 Successfully deleted: C:\Users\tpaegle\AppData\Roaming\Mozilla\Firefox\Profiles\laa8769d.default\searchplugins\Yahoo powered search.xml (File) Successfully deleted: C:\Users\tpaegle\AppData\Roaming\nico mak computing (Folder) Successfully deleted: C:\WINDOWS\wininit.ini (File) Registry: 3 Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2211d4a5-48d0-47f5-a7cd-81e861470f7f} (Registry Key) Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key) Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Wed 07/26/2017 at 20:51:35.12 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner 7.0.0.0 - Logfile created on Thu Jul 27 00:43:47 2017 # Updated on 2017/17/07 by Malwarebytes # Running on Windows 10 Enterprise (X64) # Mode: clean # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services deleted. ***** [ Folders ] ***** Deleted: C:/ProgramData\a46f4090-c2b7-4bf6-b910-63b1ea11d0bd Deleted: \Downloaded Installers\{90160000-0011-0000-1000-0000000FF1CE}_Office16.PROPLUS_{7D0B6C92-CE62-492C-92DA-E7C85596BAF6} Deleted: \Installer\{90160000-0011-0000-1000-0000000FF1CE}_Office16.PROPLUS_{7D0B6C92-CE62-492C-92DA-E7C85596BAF6} ***** [ Files ] ***** No malicious files deleted. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks deleted. ***** [ Registry ] ***** Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\land.pckeeper.software Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\pckeeper.software Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\land.pckeeper.software Deleted: [Key] - HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\pckeeper.software Deleted: [Key] - HKLM\SOFTWARE\WebBar Deleted: [Key] - HKLM\SOFTWARE\GPCWValidatorService Deleted: [Key] - HKLM\SOFTWARE\ussc-pr Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{0757C9D8-D8A3-33F5-CEE2-11D09918BA8F} Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{E7BC34A0-BA86-11CF-84B1-CBC2DA68BF6C} Deleted: [Key] - HKLM\SOFTWARE\betterads Deleted: [Key] - HKLM\SOFTWARE\Microleaves Deleted: [Key] - HKLM\SOFTWARE\SavingsCool Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application Deleted: [Key] - HKLM\SOFTWARE\betterads Deleted: [Key] - HKU\S-1-5-21-1085031214-1292428093-527237240-359157\Software\DriverUpdaterPro Deleted: [Key] - HKCU\Software\DriverUpdaterPro Deleted: [Key] - HKLM\SOFTWARE\PCAcceleratePro Deleted: [Key] - HKLM\SOFTWARE\InstantSupport Deleted: [Key] - HKCU\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{90160000-0011-0000-1000-0000000FF1CE}_Office16.PROPLUS_{7D0B6C92-CE62-492C-92DA-E7C85596BAF6} ***** [ Firefox (and derivatives) ] ***** SearchProvider deleted: search-shield.com - Search-shield powered by Bing ***** [ Chromium (and derivatives) ] ***** SearchProvider deleted: AOL - aol.com SearchProvider deleted: Huffington Post - huffingtonpost.com SearchProvider deleted: Softonic EN - five-nights-at-freddys-2---demo.en.softonic.com SearchProvider deleted: Softonic EN - five-nights-at-freddys-2---demo.en.softonic.com SearchProvider deleted: Softonic EN - five-nights-at-freddys-2---demo.en.softonic.com SearchProvider deleted: Softonic EN - five-nights-at-freddys-2---demo.en.softonic.com SearchProvider deleted: goole.com - goole.com SearchProvider deleted: Ask - ask.com SearchProvider deleted: AVG Secure Search - isearch.avg.com_ SearchProvider deleted: AVG Secure Search - isearch.avg.com SearchProvider deleted: metrolyrics.com - metrolyrics.com ************************* ::Tracing keys deleted ::Winsock settings cleared ::Additional Actions: 0 ************************* C:/AdwCleaner/AdwCleaner[S0].txt - [4257 B] - [2017/7/27 0:42:29] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 7/26/17 Scan Time: 8:20 PM Log File: Administrator: Yes -Software Information- Version: 3.1.2.1733 Components Version: 1.0.160 Update Package Version: 1.0.2445 License: Free -System Information- OS: Windows 10 (Build 10586.1007) CPU: x64 File System: NTFS User: System -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 502570 Threats Detected: 38 Threats Quarantined: 38 Time Elapsed: 2 min, 42 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 10 PUP.Optional.InstantSupport, HKU\S-1-5-21-1085031214-1292428093-527237240-359157\SOFTWARE\INSTANTSUPPORT, Quarantined, [8197], [254395],1.0.2445 PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROLEAVES\Online Application, Quarantined, [532], [360190],1.0.2445 PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROLEAVES\Online.io Application, Quarantined, [532], [317312],1.0.2445 PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROLEAVES\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}, Quarantined, [532], [339688],1.0.2445 Trojan.Clicker, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Dataup, Quarantined, [21], [377136],1.0.2445 PUP.Optional.InstantSupport, HKU\S-1-5-21-1085031214-1292428093-527237240-359157\SOFTWARE\InSTab, Quarantined, [8197], [261449],1.0.2445 Adware.IStartSurf, HKLM\SOFTWARE\WOW6432NODE\MBS_INSTALL, Quarantined, [788], [401921],1.0.2445 Adware.BetterAds.PrxySvrRST, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\winsrcsrv_RASAPI32, Quarantined, [5714], [407460],1.0.2445 Adware.BetterAds.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, Quarantined, [5714], [-1],0.0.0 Adware.BetterAds.PrxySvrRST, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\winsrcsrv_RASMANCS, Quarantined, [5714], [407460],1.0.2445 Registry Value: 10 PUP.Optional.InstantSupport, HKU\S-1-5-21-1085031214-1292428093-527237240-359157\SOFTWARE\INSTANTSUPPORT|ASSISTENT, Quarantined, [8197], [254395],1.0.2445 Adware.IStartSurf, HKLM\SOFTWARE\WOW6432NODE\MBS_INSTALL|CHANNEL, Quarantined, [788], [401921],1.0.2445 Adware.BetterAds.PrxySvrRST, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [5714], [-1],0.0.0 Adware.BetterAds.PrxySvrRST, HKU\S-1-5-21-1085031214-1292428093-527237240-359157\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [5714], [-1],0.0.0 Adware.BetterAds.PrxySvrRST, HKU\S-1-5-21-652057862-1867703648-2141486114-1005\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [5714], [-1],0.0.0 Adware.BetterAds.PrxySvrRST, HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [5714], [-1],0.0.0 Adware.BetterAds.PrxySvrRST, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYSERVER, Quarantined, [5714], [-1],0.0.0 Adware.BetterAds.PrxySvrRST, HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYSERVER, Quarantined, [5714], [-1],0.0.0 Adware.BetterAds.PrxySvrRST, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [5714], [-1],0.0.0 Adware.BetterAds.PrxySvrRST, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYSERVER, Quarantined, [5714], [-1],0.0.0 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 6 Trojan.Clicker, C:\Windows\System32\config\systemprofile\AppData\Local\ntuserlitelist\regtool, Quarantined, [21], [383807],1.0.2445 Trojan.Clicker, C:\Windows\System32\config\systemprofile\AppData\Local\ntuserlitelist\dataup, Quarantined, [21], [383807],1.0.2445 Trojan.Clicker, C:\Windows\System32\config\systemprofile\AppData\Local\ntuserlitelist\svcvmx, Quarantined, [21], [383807],1.0.2445 Trojan.Clicker, C:\Windows\System32\config\systemprofile\AppData\Local\ntuserlitelist\winscr, Quarantined, [21], [383807],1.0.2445 Trojan.Clicker, C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\ntuserlitelist, Quarantined, [21], [383807],1.0.2445 PUP.Optional.OnlineIO, C:\WINDOWS\INSTALLER\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}, Quarantined, [532], [391425],1.0.2445 File: 12 Trojan.Clicker, C:\Windows\System32\config\systemprofile\AppData\Local\ntuserlitelist\dataup\dataup.exe, Quarantined, [21], [383807],1.0.2445 Trojan.Clicker, C:\Windows\System32\config\systemprofile\AppData\Local\ntuserlitelist\dataup\dataup.ini, Quarantined, [21], [383807],1.0.2445 Trojan.Clicker, C:\Windows\System32\config\systemprofile\AppData\Local\ntuserlitelist\dataup\help_dll.dll, Quarantined, [21], [383807],1.0.2445 Trojan.Clicker, C:\Windows\System32\config\systemprofile\AppData\Local\ntuserlitelist\dataup\NTSVC.ocx, Quarantined, [21], [383807],1.0.2445 PUP.Optional.OnlineIO, C:\Windows\Installer\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}\online.exe, Quarantined, [532], [391425],1.0.2445 PUP.Optional.OnlineIO, C:\Windows\Installer\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}\SystemFoldermsiexec.exe, Quarantined, [532], [391425],1.0.2445 Adware.Yelloader, C:\PROGRAMDATA\MALWAREBYTES' ANTI-MALWARE (PORTABLE)\DATAUP.EXE-(2)-R.MBAM, Quarantined, [1330], [377106],1.0.2445 Adware.Yelloader, C:\PROGRAMDATA\MALWAREBYTES' ANTI-MALWARE (PORTABLE)\DATAUP.EXE-K.MBAM, Quarantined, [1330], [377106],1.0.2445 Adware.Yelloader, C:\PROGRAMDATA\MALWAREBYTES' ANTI-MALWARE (PORTABLE)\DATAUP.EXE-(3)-R.MBAM, Quarantined, [1330], [377106],1.0.2445 Adware.Yelloader, C:\PROGRAMDATA\MALWAREBYTES' ANTI-MALWARE (PORTABLE)\DATAUP.EXE-U.MBAM, Quarantined, [1330], [377106],1.0.2445 Trojan.Clicker, C:\WINDOWS\TEMP\DATAUP.ZIP, Quarantined, [21], [377135],1.0.2445 PUP.Optional.OnlineIO, C:\WINDOWS\INSTALLER\SOURCEHASH{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}, Quarantined, [532], [391431],1.0.2445 Physical Sector: 0 (No malicious items detected) (end)

Malwarebytes is running!

Fix result of Farbar Recovery Scan Tool (x64) Version: 23-07-2017 Ran by SYSTEM (26-07-2017 20:16:13) Run:6 Running from e:\ Boot Mode: Recovery ============================================== fixlist content: ***************** HKLM-x32\...\Run: [cpx] => "C:\Users\tpaegle\AppData\Local\ntuserlitelist\cpx\cpx.exe" -starup <==== ATTENTION HKLM-x32\...\Run: [svcvmx] => C:\Users\tpaegle\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe [884224 2017-04-21] () HKLM Group Policy restriction on software: %UserProfile%\AppData\*.exe <==== ATTENTION HKLM Group Policy restriction on software: %UserProfile%\AppData\LocalLow\*.exe <==== ATTENTION HKLM Group Policy restriction on software: %UserProfile%\AppData\Local\*.exe <==== ATTENTION HKLM Group Policy restriction on software: %UserProfile%\AppData\Roaming\*.exe <==== ATTENTION S2 Dataup; C:\Users\tpaegle\AppData\Local\ntuserlitelist\dataup\dataup.exe [77824 2017-01-05] () <==== ATTENTION S2 windowsmanagementservice; C:\Users\tpaegle\AppData\Local\ctmbxpq\oqnooam\ct.exe [X] <==== ATTENTION S0 drmkpro64; C:\Windows\System32\drivers\ndistpr64.sys [80160 2013-09-03] () <==== ATTENTION C:\ProgramData\boost_interprocess C:\ProgramData\ntuser.pol C:\Users\tpaegle\Desktop\tprdpw64+ndistpr64 C:\Users\tpaegle\AppData\Local\ctmbxpq C:\Users\tpaegle\AppData\Local\llssoft C:\Users\tpaegle\AppData\Local\ntuserlitelist C:\Users\tpaegle\AppData\Roaming\jawset C:\Users\tpaegle\AppData\Roaming\winscp.rnd C:\Windows\System32\tprdpw64.exe C:\Windows\System32\drivers\ndistpr64.sys ***************** HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\cpx => value removed successfully HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\svcvmx => value removed successfully HKLM Group Policy restriction on software: %UserProfile%\AppData\*.exe <==== ATTENTION => restored successfully HKLM Group Policy restriction on software: %UserProfile%\AppData\LocalLow\*.exe <==== ATTENTION => restored successfully HKLM Group Policy restriction on software: %UserProfile%\AppData\Local\*.exe <==== ATTENTION => restored successfully HKLM Group Policy restriction on software: %UserProfile%\AppData\Roaming\*.exe <==== ATTENTION => restored successfully HKLM\System\ControlSet001\Services\Dataup => key removed successfully Dataup => service removed successfully HKLM\System\ControlSet001\Services\windowsmanagementservice => key removed successfully windowsmanagementservice => service removed successfully HKLM\System\ControlSet001\Services\drmkpro64 => key removed successfully drmkpro64 => service removed successfully C:\ProgramData\boost_interprocess => moved successfully C:\ProgramData\ntuser.pol => moved successfully C:\Users\tpaegle\Desktop\tprdpw64+ndistpr64 => moved successfully "C:\Users\tpaegle\AppData\Local\ctmbxpq" => not found. C:\Users\tpaegle\AppData\Local\llssoft => moved successfully C:\Users\tpaegle\AppData\Local\ntuserlitelist => moved successfully C:\Users\tpaegle\AppData\Roaming\jawset => moved successfully C:\Users\tpaegle\AppData\Roaming\winscp.rnd => moved successfully C:\Windows\System32\tprdpw64.exe => moved successfully C:\Windows\System32\drivers\ndistpr64.sys => moved successfully ==== End of Fixlog 20:16:15 ==== Fixlog.txt

I was able to find the bit-locker key Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-07-2017 Ran by SYSTEM on MININT-4IO9QAG (26-07-2017 19:46:45) Running from E:\ Platform: Windows 10 Enterprise Version 1511 (X64) Language: English (United States) Internet Explorer Version 11 Boot Mode: Recovery Default: ControlSet001 ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log. Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [745288 2015-06-24] (Alps Electric Co., Ltd.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1795912 2015-07-23] (NVIDIA Corporation) HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCui.exe [1332224 2016-10-24] (Microsoft Corporation) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated) HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes) HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 2015\Acrobat\Acrotray.exe [1867856 2017-03-29] (Adobe Systems Inc.) HKLM-x32\...\Run: [PulseSecure] => C:\Program Files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe [2826584 2015-12-14] (Pulse Secure, LLC) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-05-20] (Oracle Corporation) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2406496 2017-06-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [164152 2016-07-26] (Apple Inc.) HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [526648 2016-09-04] (Citrix Systems, Inc.) HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [231736 2016-09-04] (Citrix Systems, Inc.) HKLM-x32\...\Run: [cpx] => "C:\Users\tpaegle\AppData\Local\ntuserlitelist\cpx\cpx.exe" -starup <==== ATTENTION HKLM-x32\...\Run: [svcvmx] => C:\Users\tpaegle\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe [884224 2017-04-21] () HKLM Group Policy restriction on software: %UserProfile%\AppData\*.exe <==== ATTENTION HKLM Group Policy restriction on software: %UserProfile%\AppData\LocalLow\*.exe <==== ATTENTION HKLM Group Policy restriction on software: %UserProfile%\AppData\Local\*.exe <==== ATTENTION HKLM Group Policy restriction on software: %UserProfile%\AppData\Roaming\*.exe <==== ATTENTION BootExecute: autocheck autochk * Partizan ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [814688 2017-06-04] (Adobe Systems Incorporated) S2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated) S2 ApHidMonitorService; C:\Program Files\DellTPad\HidMonitorSvc.exe [96120 2015-06-24] (Alps Electric Co., Ltd.) S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2255064 2015-07-17] (Broadcom Corporation.) S2 CcmExec; C:\WINDOWS\CCM\CcmExec.exe [1785528 2016-06-20] (Microsoft Corporation) S2 CmRcService; C:\WINDOWS\CCM\RemCtrl\CmRcService.exe [698552 2016-06-20] (Microsoft Corporation) S2 Dataup; C:\Users\tpaegle\AppData\Local\ntuserlitelist\dataup\dataup.exe [77824 2017-01-05] () <==== ATTENTION S4 IdentityFinderEndpointService; C:\Program Files (x86)\Identity Finder 7\idfEndpoint.exe [10018304 2014-05-13] (Identity Finder, LLC) S4 IdentityFinderEndpointWatcher; C:\Program Files (x86)\Identity Finder 7\idfEndpointWatcher.exe [3209728 2014-05-13] (Identity Finder, LLC) S4 IdentityFinderServicesMonitor; C:\Program Files (x86)\Identity Finder 7\idfServicesMonitor.exe [4774400 2014-05-13] (Identity Finder, LLC) S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328624 2016-03-01] (Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-21] (Intel(R) Corporation) S3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [207648 2015-08-13] (Intel Corporation) S2 JuniperAccessService; C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe [162136 2015-12-14] (Pulse Secure, LLC) S2 L4301_Solar; C:\Program Files\Logitech\SolarApp\L4301_Solar.exe [405744 2013-01-30] (Logitech, Inc.) S3 lpasvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50352 2016-05-31] (Microsoft Corporation) S3 lppsvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50352 2016-05-31] (Microsoft Corporation) S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes) S3 MySQL; C:\Users\tpaegle\mysql\bin\mysqld.exe [39695360 2016-03-28] () S2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation) S3 smstsmgr; C:\WINDOWS\CCM\TSManager.exe [324792 2016-06-20] (Microsoft Corporation) S3 vmcompute; C:\Windows\system32\vmcompute.exe [1142272 2017-03-27] (Microsoft Corporation) S2 vmms; C:\Windows\system32\vmms.exe [14384640 2017-03-27] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2016-10-25] (Microsoft Corporation) S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2017-06-17] (Microsoft Corporation) S2 windowsmanagementservice; C:\Users\tpaegle\AppData\Local\ctmbxpq\oqnooam\ct.exe [X] <==== ATTENTION ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2015-07-17] (Broadcom Corporation.) S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [19440 2015-07-17] (OSR Open Systems Resources, Inc.) S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [129152 2016-04-24] (Samsung Electronics Co., Ltd.) S0 drmkpro64; C:\Windows\System32\drivers\ndistpr64.sys [80160 2013-09-03] () <==== ATTENTION S3 e1cexpress; C:\Windows\system32\DRIVERS\e1c63x64.sys [468240 2013-02-20] (Intel Corporation) S1 jnprns; C:\Windows\system32\DRIVERS\jnprns.sys [507192 2015-12-14] (Juniper Networks) S4 jnprTdi_817_61533; C:\WINDOWS\system32\Drivers\jnprTdi_817_61533.sys [108344 2015-12-14] (Pulse Secure, LLC) S3 jnprva; C:\Windows\System32\drivers\jnprva.sys [30072 2015-12-14] (Juniper Networks, Inc.) S3 JnprVaMgr; C:\Windows\System32\drivers\jnprvamgr.sys [45352 2015-12-14] (Juniper Networks, Inc.) S3 lunparser; C:\Windows\System32\drivers\lunparser.sys [22528 2016-10-31] (Microsoft Corporation) S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [194776 2017-07-23] (Malwarebytes) S3 MbmUsbSerial; C:\Windows\System32\Drivers\MbmUsbSerial.sys [81392 2015-07-18] (Ericsson AB) S3 MkBusFilter; C:\Windows\System32\drivers\MbmDeviceFilter.sys [42208 2015-07-18] () S3 NETwNe64; C:\Windows\System32\drivers\NETwew01.sys [3343872 2015-10-29] (Intel Corporation) S0 Partizan; C:\Windows\SysWOW64\drivers\Partizan.sys [40304 2017-07-22] (Greatis Software) S3 passthruparser; C:\Windows\System32\drivers\passthruparser.sys [23552 2016-10-31] (Microsoft Corporation) S3 pcip; C:\Windows\System32\drivers\pcip.sys [44544 2016-10-31] (Microsoft Corporation) S3 prepdrvr; C:\Windows\system32\DRIVERS\prepdrv.sys [26984 2016-02-08] (Microsoft Corporation) S3 pvhdparser; C:\Windows\System32\drivers\pvhdparser.sys [50176 2016-10-31] (Microsoft Corporation) S3 sparkocam; C:\Windows\system32\DRIVERS\sparkocam.sys [37200 2016-09-01] (Sparkosoft) S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [221824 2016-04-24] (Samsung Electronics Co., Ltd.) S3 ST_Accel; C:\Windows\System32\drivers\ST_Accel.sys [137784 2015-05-21] (STMicroelectronics) S3 Synth3dVsp; C:\Windows\System32\drivers\synth3dvsp.sys [101888 2016-10-31] (Microsoft Corporation) S3 vhdparser; C:\Windows\System32\drivers\vhdparser.sys [26624 2016-10-31] (Microsoft Corporation) S3 vmsmp; C:\Windows\System32\drivers\vmswitch.sys [972800 2017-03-27] (Microsoft Corporation) S2 VMSP; C:\Windows\System32\drivers\vmswitch.sys [972800 2017-03-27] (Microsoft Corporation) S0 vmsproxy; C:\Windows\System32\drivers\vmsproxy.sys [22016 2016-10-31] (Microsoft Corporation) S3 VMSVSF; C:\Windows\System32\drivers\vmswitch.sys [972800 2017-03-27] (Microsoft Corporation) S3 VMSVSP; C:\Windows\System32\drivers\vmswitch.sys [972800 2017-03-27] (Microsoft Corporation) S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-29] (Microsoft Corporation) S0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-29] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-29] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-07-26 13:33 - 2017-07-26 13:33 - 00000000 ____D C:\Users\tpaegle\AppData\Local\Tempzxpsignf03da6481ad581c3 2017-07-26 13:33 - 2017-07-26 13:33 - 00000000 ____D C:\Users\tpaegle\AppData\Local\Tempzxpsigne754b95ec85545b0 2017-07-26 13:33 - 2017-07-26 13:33 - 00000000 ____D C:\Users\tpaegle\AppData\Local\Tempzxpsign75340b9c3e1b0fc1 2017-07-26 08:44 - 2017-07-26 13:56 - 00000000 ____D C:\Users\tpaegle\AppData\Local\llssoft 2017-07-25 18:02 - 2017-07-25 18:02 - 00000000 ____D C:\Users\tpaegle\TurbulenceFD Caches 009 2017-07-25 16:44 - 2017-07-25 17:30 - 00000000 ____D C:\ESD 2017-07-25 16:41 - 2017-07-25 16:41 - 00000000 ___HD C:\$Windows.~WS 2017-07-25 16:35 - 2017-07-25 16:37 - 00014211 _____ C:\Windows\diagwrn.xml 2017-07-25 16:35 - 2017-07-25 16:37 - 00005718 _____ C:\Windows\diagerr.xml 2017-07-25 16:35 - 2017-07-25 16:35 - 00000000 ____D C:\$WINDOWS.~BT 2017-07-25 16:33 - 2017-07-25 16:35 - 18357776 _____ (Microsoft Corporation) C:\Users\tpaegle\Downloads\MediaCreationTool.exe 2017-07-25 12:13 - 2017-07-25 12:13 - 875194187 _____ C:\Windows\MEMORY.DMP 2017-07-25 12:13 - 2017-07-25 12:13 - 00353900 _____ C:\Windows\Minidump\072517-15203-01.dmp 2017-07-25 11:59 - 2017-07-25 11:59 - 00000000 ____D C:\Users\tpaegle\TurbulenceFD Caches 008 2017-07-25 10:07 - 2017-07-25 10:07 - 00000000 ____D C:\Users\tpaegle\TurbulenceFD Caches 007 2017-07-25 09:23 - 2017-07-25 09:23 - 00000000 ____D C:\Users\tpaegle\TurbulenceFD Caches 006 2017-07-25 06:14 - 2017-07-25 06:14 - 00000000 ____D C:\Users\tpaegle\TurbulenceFD Caches 005 2017-07-25 05:50 - 2017-07-25 05:50 - 00000000 ____D C:\Users\tpaegle\AppData\Roaming\jawset 2017-07-24 16:41 - 2017-07-24 16:41 - 00000000 ____D C:\Users\tpaegleadmin\Documents\RegRun2 2017-07-24 16:40 - 2017-07-24 16:40 - 00000000 ____D C:\Users\tpaegleadmin\Tracing 2017-07-24 16:40 - 2017-07-24 16:40 - 00000000 ____D C:\Users\tpaegleadmin\AppData\Roaming\ICAClient 2017-07-24 16:40 - 2017-07-24 16:40 - 00000000 ____D C:\Users\tpaegleadmin\AppData\Local\Citrix 2017-07-24 16:40 - 2017-07-24 16:40 - 00000000 ____D C:\Users\tpaegleadmin\AppData\Local\CEF 2017-07-24 16:10 - 2017-07-24 16:10 - 00000000 ____D C:\Users\tpaegle\Desktop\tprdpw64+ndistpr64 2017-07-24 16:06 - 2017-07-24 16:06 - 01376768 _____ C:\Users\tpaegle\Downloads\7z920-x64.msi 2017-07-24 15:15 - 2017-07-24 15:15 - 00070346 __RSH C:\ProgramData\ntuser.pol 2017-07-24 14:42 - 2017-07-25 17:11 - 00000000 ____D C:\Users\tpaegle\AppData\Local\ntuserlitelist 2017-07-24 13:28 - 2017-07-25 12:34 - 00000987 _____ C:\Users\tpaegle\Downloads\Fixlog.txt 2017-07-24 12:15 - 2017-07-24 12:15 - 00000000 ____D C:\Users\tpaegle\TurbulenceFD Caches 004 2017-07-23 16:50 - 2017-07-23 17:24 - 65033984 _____ (Malwarebytes ) C:\Users\tpaegle\Downloads\mb3-z.exe 2017-07-23 14:45 - 2017-07-23 18:31 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2017-07-23 14:42 - 2017-07-23 14:43 - 16564750 _____ (Malwarebytes Corp.) C:\Users\tpaegle\Downloads\mbar-1.09.4.1001 (1).exe 2017-07-23 14:42 - 2017-07-23 14:42 - 16564750 _____ (Malwarebytes Corp.) C:\Users\tpaegle\Downloads\mbar-1.09.4.1001.exe 2017-07-23 14:14 - 2017-07-23 14:14 - 00000000 ____D C:\Users\tpaegle\TurbulenceFD Caches 003 2017-07-23 12:24 - 2017-07-23 12:24 - 00000000 ____D C:\Users\tpaegle\TurbulenceFD Caches 002 2017-07-23 08:58 - 2017-07-23 08:58 - 00001471 _____ C:\Users\tpaegle\Downloads\rnr.rnr 2017-07-23 08:10 - 2017-07-23 18:13 - 00089035 _____ C:\Users\tpaegle\Downloads\Addition.txt 2017-07-23 08:09 - 2017-07-25 12:34 - 00000000 ____D C:\FRST 2017-07-23 08:09 - 2017-07-23 18:13 - 00064729 _____ C:\Users\tpaegle\Downloads\FRST.txt 2017-07-23 07:58 - 2017-07-23 08:09 - 02382336 _____ (Farbar) C:\Users\tpaegle\Downloads\FRST64.exe 2017-07-23 07:32 - 2017-07-23 07:35 - 05766464 _____ (Zemana Ltd. ) C:\Users\tpaegle\Downloads\eXplorer.exe 2017-07-23 07:26 - 2017-07-23 08:30 - 00006182 _____ C:\Users\tpaegle\Desktop\Rkill.txt 2017-07-23 07:18 - 2017-07-23 07:20 - 65033984 _____ (Malwarebytes ) C:\Users\tpaegle\Downloads\a.exe 2017-07-23 06:38 - 2017-07-23 06:38 - 00000000 ____D C:\Users\tpaegle\TurbulenceFD Caches 001 2017-07-23 05:39 - 2017-07-23 05:39 - 00805464 _____ C:\Users\tpaegle\Desktop\regrunlog.txt 2017-07-22 12:59 - 2017-07-22 12:59 - 18781709 _____ C:\Users\tpaegle\Downloads\unhackme.zip 2017-07-22 12:52 - 2017-07-22 12:53 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\tpaegle\Downloads\rkill.exe 2017-07-22 12:17 - 2017-07-22 12:17 - 02322896 _____ (Malwarebytes Corporation) C:\Users\tpaegle\Downloads\mb-check-3.1.5.1001.exe 2017-07-22 11:31 - 2017-07-22 11:31 - 16563352 _____ (Malwarebytes Corp.) C:\Users\tpaegle\Downloads\mbar-1.09.3.1001.exe 2017-07-22 11:03 - 2017-07-22 13:00 - 00001101 _____ C:\Users\tpaegle\Desktop\UnHackMe.lnk 2017-07-22 07:27 - 2017-07-07 01:16 - 00700880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetcore.dll 2017-07-22 07:27 - 2017-07-07 01:09 - 02945648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2017-07-22 07:27 - 2017-07-07 01:09 - 00703840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe 2017-07-22 07:27 - 2017-07-07 00:57 - 00295776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2017-07-22 07:27 - 2017-07-07 00:35 - 00129024 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\bthpan.sys 2017-07-22 07:27 - 2017-07-06 23:33 - 00337920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msinfo32.exe 2017-07-22 07:27 - 2017-07-06 23:27 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IdCtrls.dll 2017-07-22 07:27 - 2017-07-06 23:21 - 00320000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll 2017-07-22 07:27 - 2017-07-06 23:08 - 00788992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2017-07-22 07:27 - 2017-07-06 23:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2017-07-22 07:27 - 2017-07-06 23:03 - 01586176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2017-07-22 07:27 - 2017-07-06 22:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll 2017-07-22 07:27 - 2017-07-06 22:36 - 01501184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2017-07-22 07:27 - 2017-07-06 22:33 - 02878976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2017-07-22 07:27 - 2017-07-06 22:31 - 01557504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OpcServices.dll 2017-07-22 07:27 - 2017-06-17 01:52 - 01862008 _____ C:\Windows\SysWOW64\CoreUIComponents.dll 2017-07-22 07:27 - 2017-06-16 23:19 - 00089088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll 2017-07-22 07:27 - 2017-06-16 23:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbcconf.dll 2017-07-22 07:27 - 2017-06-16 22:54 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVP9DEC.dll 2017-07-22 07:27 - 2017-06-16 22:54 - 00256512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\unimdm.tsp 2017-07-22 07:27 - 2017-06-16 22:53 - 00205312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oemlicense.dll 2017-07-22 07:27 - 2017-06-16 22:44 - 00260096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apprepsync.dll 2017-07-22 07:27 - 2017-06-16 22:42 - 00190464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apprepapi.dll 2017-07-22 07:27 - 2017-06-16 22:39 - 00541696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GamePanel.exe 2017-07-22 07:27 - 2017-06-16 22:34 - 00250880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2017-07-22 07:27 - 2017-06-16 22:30 - 00153088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSSync.dll 2017-07-22 07:27 - 2017-06-16 22:23 - 00805888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll 2017-07-22 07:27 - 2017-06-16 22:20 - 00667648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AzureSettingSyncProvider.dll 2017-07-22 07:27 - 2017-06-16 22:19 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licensingdiag.exe 2017-07-22 07:27 - 2017-06-16 21:30 - 02604032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CertEnroll.dll 2017-07-22 07:27 - 2017-06-16 21:27 - 00339456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2017-07-22 07:27 - 2017-06-16 21:02 - 00461824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CoreMessaging.dll 2017-07-22 07:26 - 2017-07-07 02:04 - 00808280 _____ (Microsoft Corporation) C:\Windows\System32\WWAHost.exe 2017-07-22 07:26 - 2017-07-07 01:05 - 00465760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncHost.exe 2017-07-22 07:26 - 2017-07-06 23:49 - 00381952 _____ (Microsoft Corporation) C:\Windows\System32\wuuhext.dll 2017-07-22 07:26 - 2017-07-06 23:48 - 00286208 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys 2017-07-22 07:26 - 2017-07-06 23:17 - 02279936 _____ (Microsoft Corporation) C:\Windows\System32\wuaueng.dll 2017-07-22 07:26 - 2017-07-06 23:07 - 00400896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OneDriveSettingSyncProvider.dll 2017-07-22 07:26 - 2017-07-06 22:34 - 04412928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll 2017-07-22 07:26 - 2017-07-06 22:11 - 05326848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll 2017-07-22 07:26 - 2017-06-17 01:09 - 06536256 _____ (Microsoft Corporation) C:\Windows\System32\sppsvc.exe 2017-07-22 07:26 - 2017-06-16 22:20 - 03695104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll 2017-07-22 07:26 - 2017-06-16 22:15 - 02597888 _____ (Microsoft Corporation) C:\Windows\System32\mssrch.dll 2017-07-22 07:26 - 2017-06-16 22:05 - 04078080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll 2017-07-22 07:26 - 2017-06-16 21:56 - 01984000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll 2017-07-22 07:26 - 2017-06-16 21:53 - 06296064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mos.dll 2017-07-22 07:26 - 2017-06-16 21:42 - 02911744 _____ (Microsoft Corporation) C:\Windows\System32\CertEnroll.dll 2017-07-22 07:26 - 2017-06-16 21:41 - 02770432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll 2017-07-22 07:26 - 2017-06-16 21:35 - 04404736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Search.dll 2017-07-22 07:26 - 2017-06-16 21:16 - 03574272 _____ (Microsoft Corporation) C:\Windows\System32\tquery.dll 2017-07-22 07:26 - 2017-03-18 08:41 - 01799680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Logon.dll 2017-07-22 07:25 - 2017-07-07 03:07 - 00100184 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\pdc.sys 2017-07-22 07:25 - 2017-07-07 02:51 - 00465248 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys 2017-07-22 07:25 - 2017-07-07 02:11 - 00858992 _____ (Microsoft Corporation) C:\Windows\System32\mfnetcore.dll 2017-07-22 07:25 - 2017-07-07 02:00 - 22560744 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll 2017-07-22 07:25 - 2017-07-07 01:08 - 00057912 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe 2017-07-22 07:25 - 2017-07-07 00:28 - 00376320 _____ (Microsoft Corporation) C:\Windows\System32\msinfo32.exe 2017-07-22 07:25 - 2017-07-06 22:47 - 00957952 _____ (Microsoft Corporation) C:\Windows\System32\IKEEXT.DLL 2017-07-22 07:25 - 2017-06-17 00:04 - 00388896 _____ (Microsoft Corporation) C:\Windows\System32\wmpps.dll 2017-07-22 07:25 - 2017-06-16 23:58 - 00084480 _____ (Microsoft Corporation) C:\Windows\System32\rdpudd.dll 2017-07-22 07:25 - 2017-06-16 23:12 - 00572928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WpcWebFilter.dll 2017-07-22 07:25 - 2017-06-16 23:07 - 00330240 _____ (Microsoft Corporation) C:\Windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll 2017-07-22 07:25 - 2017-06-16 22:48 - 00865792 _____ (Microsoft Corporation) C:\Windows\System32\AzureSettingSyncProvider.dll 2017-07-22 07:24 - 2017-07-07 03:06 - 07463264 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2017-07-22 07:24 - 2017-07-07 03:04 - 02149216 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys 2017-07-22 07:24 - 2017-07-07 03:04 - 00384864 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\clfs.sys 2017-07-22 07:24 - 2017-07-07 02:03 - 03699280 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2017-07-22 07:24 - 2017-07-07 01:52 - 00360288 _____ (Microsoft Corporation) C:\Windows\System32\msv1_0.dll 2017-07-22 07:24 - 2017-07-07 01:21 - 00216416 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys 2017-07-22 07:24 - 2017-07-07 01:08 - 01090400 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\http.sys 2017-07-22 07:24 - 2017-07-07 00:15 - 00764928 _____ (Microsoft Corporation) C:\Windows\System32\Chakradiag.dll 2017-07-22 07:24 - 2017-07-07 00:13 - 00352256 _____ (Microsoft Corporation) C:\Windows\System32\Wldap32.dll 2017-07-22 07:24 - 2017-07-06 23:58 - 00967168 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll 2017-07-22 07:24 - 2017-07-06 23:57 - 00784384 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2017-07-22 07:24 - 2017-07-06 23:56 - 00601088 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2017-07-22 07:24 - 2017-07-06 23:51 - 01900544 _____ (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2017-07-22 07:24 - 2017-07-06 23:50 - 01752576 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll 2017-07-22 07:24 - 2017-07-06 23:45 - 01424384 _____ (Microsoft Corporation) C:\Windows\System32\wdc.dll 2017-07-22 07:24 - 2017-07-06 23:17 - 01729024 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2017-07-22 07:24 - 2017-07-06 23:13 - 03404800 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll 2017-07-22 07:24 - 2017-07-06 23:10 - 02055680 _____ (Microsoft Corporation) C:\Windows\System32\OpcServices.dll 2017-07-22 07:24 - 2017-07-06 23:07 - 00687616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2017-07-22 07:24 - 2017-07-06 23:02 - 01526272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2017-07-22 07:24 - 2017-07-06 22:44 - 16985600 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.Xaml.dll 2017-07-22 07:24 - 2017-07-06 22:41 - 04891136 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2017-07-22 07:24 - 2017-07-06 22:37 - 22376960 _____ (Microsoft Corporation) C:\Windows\System32\edgehtml.dll 2017-07-22 07:24 - 2017-07-06 22:27 - 24604672 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2017-07-22 07:24 - 2017-07-06 22:27 - 13394432 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2017-07-22 07:24 - 2017-07-06 22:15 - 18675200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll 2017-07-22 07:24 - 2017-07-06 22:15 - 03661312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2017-07-22 07:24 - 2017-07-06 22:13 - 19345408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2017-07-22 07:24 - 2017-07-06 22:13 - 12139008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2017-07-22 07:24 - 2017-07-06 22:13 - 07848448 _____ (Microsoft Corporation) C:\Windows\System32\Chakra.dll 2017-07-22 07:24 - 2017-07-06 21:58 - 05666816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll 2017-07-22 07:24 - 2017-06-17 02:13 - 02656952 _____ C:\Windows\System32\CoreUIComponents.dll 2017-07-22 07:24 - 2017-06-17 01:52 - 03449168 _____ (Microsoft Corporation) C:\Windows\System32\WSService.dll 2017-07-22 07:24 - 2017-06-16 23:51 - 00824320 _____ (Microsoft Corporation) C:\Windows\System32\WpcWebFilter.dll 2017-07-22 07:24 - 2017-06-16 23:50 - 00031232 _____ (Microsoft Corporation) C:\Windows\System32\odbcconf.dll 2017-07-22 07:24 - 2017-06-16 23:32 - 00523264 _____ (Microsoft Corporation) C:\Windows\System32\MSVP9DEC.dll 2017-07-22 07:24 - 2017-06-16 23:31 - 00297472 _____ (Microsoft Corporation) C:\Windows\System32\unimdm.tsp 2017-07-22 07:24 - 2017-06-16 23:20 - 00200192 _____ (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll 2017-07-22 07:24 - 2017-06-16 23:02 - 00183808 _____ (Microsoft Corporation) C:\Windows\System32\WSSync.dll 2017-07-22 07:24 - 2017-06-16 22:55 - 00853504 _____ (Microsoft Corporation) C:\Windows\System32\aadtb.dll 2017-07-22 07:24 - 2017-06-16 22:52 - 00961536 _____ (Microsoft Corporation) C:\Windows\System32\WSShared.dll 2017-07-22 07:24 - 2017-06-16 22:29 - 05123072 _____ (Microsoft Corporation) C:\Windows\System32\dbgeng.dll 2017-07-22 07:24 - 2017-06-16 22:12 - 07977984 _____ (Microsoft Corporation) C:\Windows\System32\mos.dll 2017-07-22 07:24 - 2017-06-16 21:34 - 06312448 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.Search.dll 2017-07-22 07:24 - 2017-06-11 07:10 - 00448629 _____ C:\Windows\System32\ApnDatabase.xml 2017-07-22 07:23 - 2017-07-07 02:00 - 00566112 _____ (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe 2017-07-22 07:23 - 2017-07-07 01:58 - 01540224 _____ (Microsoft Corporation) C:\Windows\System32\sppobjs.dll 2017-07-22 07:23 - 2017-07-07 01:58 - 00692136 _____ (Microsoft Corporation) C:\Windows\System32\sppwinob.dll 2017-07-22 07:23 - 2017-07-07 00:37 - 00146432 _____ (Microsoft Corporation) C:\Windows\System32\omadmclient.exe 2017-07-22 07:23 - 2017-07-07 00:22 - 00110080 _____ (Microsoft Corporation) C:\Windows\System32\IdCtrls.dll 2017-07-22 07:23 - 2017-07-07 00:19 - 00198144 _____ (Microsoft Corporation) C:\Windows\System32\winsrv.dll 2017-07-22 07:23 - 2017-07-06 23:57 - 00515072 _____ (Microsoft Corporation) C:\Windows\System32\OneDriveSettingSyncProvider.dll 2017-07-22 07:23 - 2017-07-06 23:54 - 01385472 _____ (Microsoft Corporation) C:\Windows\System32\win32kbase.sys 2017-07-22 07:23 - 2017-07-06 23:29 - 03587584 _____ (Microsoft Corporation) C:\Windows\System32\win32kfull.sys 2017-07-22 07:23 - 2017-07-06 23:12 - 04827136 _____ (Microsoft Corporation) C:\Windows\System32\ExplorerFrame.dll 2017-07-22 07:23 - 2017-07-06 22:27 - 06977024 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Data.Pdf.dll 2017-07-22 07:23 - 2017-06-17 02:16 - 01030408 _____ (Microsoft Corporation) C:\Windows\System32\winresume.efi 2017-07-22 07:23 - 2017-06-17 02:11 - 00754664 _____ (Microsoft Corporation) C:\Windows\System32\CoreMessaging.dll 2017-07-22 07:23 - 2017-06-17 01:07 - 01128104 _____ (Microsoft Corporation) C:\Windows\System32\ClipUp.exe 2017-07-22 07:23 - 2017-06-17 01:07 - 00625000 _____ (Microsoft Corporation) C:\Windows\System32\ClipSVC.dll 2017-07-22 07:23 - 2017-06-17 00:33 - 01035104 _____ (Microsoft Corporation) C:\Windows\System32\hvax64.exe 2017-07-22 07:23 - 2017-06-17 00:33 - 00799072 _____ (Microsoft Corporation) C:\Windows\System32\hvloader.exe 2017-07-22 07:23 - 2017-06-17 00:32 - 01126752 _____ (Microsoft Corporation) C:\Windows\System32\hvix64.exe 2017-07-22 07:23 - 2017-06-16 23:50 - 00061952 _____ (Microsoft Corporation) C:\Windows\System32\vss_ps.dll 2017-07-22 07:23 - 2017-06-16 23:41 - 00584704 _____ (Microsoft Corporation) C:\Windows\System32\UIRibbonRes.dll 2017-07-22 07:23 - 2017-06-16 23:30 - 00285184 _____ (Microsoft Corporation) C:\Windows\System32\oemlicense.dll 2017-07-22 07:23 - 2017-06-16 23:19 - 00381952 _____ (Microsoft Corporation) C:\Windows\System32\apprepsync.dll 2017-07-22 07:23 - 2017-06-16 23:17 - 00287744 _____ (Microsoft Corporation) C:\Windows\System32\apprepapi.dll 2017-07-22 07:23 - 2017-06-16 23:13 - 00715776 _____ (Microsoft Corporation) C:\Windows\System32\GamePanel.exe 2017-07-22 07:23 - 2017-06-16 23:03 - 00584704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIRibbonRes.dll 2017-07-22 07:23 - 2017-06-16 23:01 - 02125312 _____ (Microsoft Corporation) C:\Windows\System32\SettingsHandlers_Bluetooth.dll 2017-07-22 07:23 - 2017-06-16 22:49 - 04456448 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_47.dll 2017-07-22 07:23 - 2017-06-16 22:47 - 00236032 _____ (Microsoft Corporation) C:\Windows\System32\licensingdiag.exe 2017-07-22 07:23 - 2017-06-16 22:11 - 02635776 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.Logon.dll 2017-07-22 07:23 - 2017-06-16 21:40 - 00459776 _____ (Microsoft Corporation) C:\Windows\System32\certcli.dll 2017-07-22 07:23 - 2017-06-16 21:11 - 01087488 _____ (Microsoft Corporation) C:\Windows\System32\reseteng.dll 2017-07-22 05:49 - 2017-07-23 16:38 - 00000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job 2017-07-21 04:34 - 2017-07-21 04:38 - 00000000 ___HD C:\adobeTemp 2017-07-19 05:17 - 2017-07-19 05:17 - 00000000 ____D C:\Users\tpaegle\AppData\Roaming\�Adobe 2017-07-19 04:28 - 2017-07-19 04:28 - 00000000 ____D C:\Users\tpaegle\AppData\Roaming\�Adobe 2017-07-17 07:55 - 2017-07-17 07:55 - 00000000 ____D C:\Users\tpaegle\AppData\Roaming\�Adobe 2017-07-11 05:56 - 2017-07-11 05:56 - 00000000 ____D C:\Users\tpaegle\AppData\Roaming\�Adobe 2017-07-10 11:28 - 2017-07-10 11:28 - 00000000 ____D C:\Users\tpaegle\AppData\Roaming\�Adobe 2017-07-06 07:49 - 2017-07-06 07:49 - 00000000 ____D C:\Windows\keys 2017-07-06 07:48 - 2017-07-06 08:03 - 00000000 ____D C:\Users\tpaegle\houdini16.0 2017-07-06 07:42 - 2017-07-06 07:42 - 00000000 ____D C:\Program Files\Side Effects Software 2017-07-05 14:27 - 2017-07-05 14:27 - 00000000 ____D C:\Users\tpaegle\AppData\Roaming\�Adobe 2017-07-05 13:08 - 2017-07-05 13:23 - 00000000 ____D C:\Users\tpaegle\Documents\illum 2017-07-05 12:56 - 2017-07-05 12:56 - 00391751 _____ C:\Users\tpaegle\Documents\Untitled 4.c4d 2017-07-04 07:13 - 2017-07-04 07:13 - 00335356 _____ C:\Users\tpaegle\Documents\goomba'.c4d 2017-07-04 04:08 - 2017-07-04 04:08 - 00245705 _____ C:\Users\tpaegle\Documents\Untitled 3.c4d 2017-07-02 13:30 - 2017-07-02 13:30 - 00000000 ____D C:\Users\tpaegle\AppData\Roaming\�Adobe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-07-26 15:43 - 2017-05-08 03:23 - 00000252 _____ C:\Windows\SysWOW64\PARTIZAN.TXT 2017-07-26 15:43 - 2016-06-13 21:40 - 00000000 ____D C:\ProgramData\NVIDIA 2017-07-26 15:43 - 2016-02-11 12:16 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-07-26 15:28 - 2016-02-11 12:25 - 01010812 _____ C:\Windows\System32\PerfStringBackup.INI 2017-07-26 15:28 - 2015-10-29 23:21 - 00000000 ____D C:\Windows\INF 2017-07-26 15:26 - 2016-02-18 07:13 - 00000599 _____ C:\Windows\SMSCFG.INI 2017-07-26 15:21 - 2015-10-29 22:28 - 01310720 ___SH C:\Windows\System32\config\BBI 2017-07-26 15:07 - 2017-05-04 14:16 - 00000000 ____D C:\Users\tpaegle\Documents\RegRun2 2017-07-26 13:53 - 2015-10-29 23:24 - 00000000 ____D C:\Windows\AppReadiness 2017-07-26 13:51 - 2016-06-15 14:28 - 00000000 ___RD C:\Users\tpaegle\Creative Cloud Files 2017-07-26 13:51 - 2016-06-14 05:18 - 00000000 __SHD C:\Users\tpaegle\IntelGraphicsProfiles 2017-07-26 13:51 - 2016-06-14 05:17 - 00000000 ____D C:\Users\tpaegle\AppData\Local\Adobe 2017-07-26 13:34 - 2016-06-14 05:17 - 00000000 ____D C:\users\tpaegle 2017-07-26 13:33 - 2016-06-15 15:04 - 00000000 ____D C:\Users\tpaegle\Desktop\Lukas 2017-07-26 11:04 - 2017-05-04 14:16 - 00000000 ____D C:\Users\Public\Documents\regruninfo 2017-07-26 09:47 - 2017-04-01 05:37 - 00001456 _____ C:\Users\tpaegle\Desktop\ROBLOX Player.lnk 2017-07-26 09:47 - 2017-04-01 05:36 - 00001271 _____ C:\Users\tpaegle\Desktop\ROBLOX Studio.lnk 2017-07-26 07:45 - 2016-06-14 12:14 - 00000000 ____D C:\Users\tpaegle\AppData\Local\CrashDumps 2017-07-26 03:04 - 2016-06-13 13:45 - 00034328 _____ (Sysinternals - www.sysinternals.com) C:\Windows\System32\Drivers\PROCEXP152.SYS 2017-07-25 17:30 - 2016-02-11 15:13 - 00000000 ____D C:\Windows\Panther 2017-07-25 13:30 - 2016-02-14 20:57 - 00000000 ____D C:\users\DefaultAppPool 2017-07-25 12:24 - 2015-10-29 23:24 - 00000000 ___HD C:\Program Files\WindowsApps 2017-07-25 12:13 - 2016-11-05 05:23 - 00000000 ____D C:\Windows\Minidump 2017-07-25 05:13 - 2016-06-13 13:54 - 00000000 ____D C:\ProgramData\boost_interprocess 2017-07-25 03:40 - 2016-06-13 21:42 - 00002072 _____ C:\Windows\System32\config\netlogon.ftl 2017-07-24 16:43 - 2016-06-14 05:19 - 00000000 ____D C:\users\tpaegleadmin 2017-07-24 16:42 - 2016-06-15 13:05 - 00000000 ____D C:\Users\tpaegleadmin\AppData\Roaming\Skype 2017-07-24 16:40 - 2016-06-14 05:19 - 00000000 ____D C:\Users\tpaegleadmin\AppData\Roaming\Adobe 2017-07-24 16:40 - 2016-06-14 05:19 - 00000000 ____D C:\Users\tpaegleadmin\AppData\Local\Packages 2017-07-24 16:39 - 2016-06-15 13:05 - 00000000 __SHD C:\Users\tpaegleadmin\IntelGraphicsProfiles 2017-07-24 16:39 - 2016-02-11 12:37 - 00000000 __RHD C:\Users\Public\AccountPictures 2017-07-24 13:54 - 2015-10-29 23:24 - 00000000 ____D C:\Windows\rescache 2017-07-24 13:28 - 2015-10-29 23:24 - 00000000 ___HD C:\Windows\System32\GroupPolicy 2017-07-23 18:05 - 2017-06-15 15:23 - 00194776 _____ (Malwarebytes) C:\Windows\System32\Drivers\MBAMSwissArmy.sys 2017-07-23 16:44 - 2017-05-04 14:16 - 00000000 ____D C:\ProgramData\RegRun 2017-07-23 14:45 - 2017-06-15 15:22 - 00000000 ____D C:\ProgramData\Malwarebytes 2017-07-22 13:00 - 2017-05-04 14:16 - 00040304 _____ (Greatis Software) C:\Windows\SysWOW64\Drivers\Partizan.sys 2017-07-22 13:00 - 2017-05-04 14:16 - 00003400 _____ C:\Windows\System32\Tasks\UnHackMe Task Scheduler 2017-07-22 13:00 - 2017-05-04 14:16 - 00000002 RSHOT C:\Windows\winstart.bat 2017-07-22 13:00 - 2017-05-04 14:16 - 00000002 RSHOT C:\Windows\SysWOW64\CONFIG.NT 2017-07-22 13:00 - 2017-05-04 14:16 - 00000002 RSHOT C:\Windows\SysWOW64\AUTOEXEC.NT 2017-07-22 13:00 - 2017-05-04 14:16 - 00000000 ____D C:\Program Files (x86)\UnHackMe 2017-07-22 12:50 - 2016-06-13 13:52 - 00000000 ____D C:\Program Files (x86)\Adobe 2017-07-22 12:47 - 2017-04-20 12:45 - 00000000 ____D C:\Users\tpaegle\AppData\Roaming\SparkoCam 2017-07-22 12:47 - 2017-04-20 12:45 - 00000000 ____D C:\Program Files (x86)\SparkoCam 2017-07-22 11:16 - 2016-11-10 07:16 - 00000000 ____D C:\Users\tpaegle\AppData\Roaming\Zoom 2017-07-22 10:57 - 2016-06-14 10:01 - 00000000 ____D C:\Users\tpaegle\Desktop\ELS Desktop 2017-07-22 07:36 - 2016-02-11 15:13 - 05234376 _____ C:\Windows\System32\FNTCACHE.DAT 2017-07-22 07:35 - 2015-10-29 23:24 - 00000000 ___RD C:\Windows\ImmersiveControlPanel 2017-07-22 07:35 - 2015-10-29 23:24 - 00000000 ____D C:\Program Files\Windows Photo Viewer 2017-07-22 07:35 - 2015-10-29 23:24 - 00000000 ____D C:\Program Files\Windows Defender 2017-07-22 07:35 - 2015-10-29 23:24 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2017-07-22 07:35 - 2015-10-29 23:24 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2017-07-22 07:31 - 2015-10-29 23:11 - 00000000 ____D C:\Windows\CbsTemp 2017-07-22 07:22 - 2016-02-11 13:09 - 00000000 ____D C:\Windows\System32\MRT 2017-07-22 07:20 - 2016-02-11 13:09 - 135225752 ____C (Microsoft Corporation) C:\Windows\System32\MRT.exe 2017-07-21 04:28 - 2016-06-15 14:34 - 00000000 ____D C:\Program Files\Adobe 2017-07-21 04:26 - 2016-06-15 14:34 - 00000000 ____D C:\Program Files\Common Files\Adobe 2017-07-21 04:21 - 2016-06-14 05:17 - 00000000 ____D C:\Users\tpaegle\AppData\Roaming\Adobe 2017-07-11 22:29 - 2017-06-15 15:23 - 00077376 _____ C:\Windows\System32\Drivers\mbae64.sys 2017-07-11 10:58 - 2016-07-28 07:21 - 00000000 ____D C:\Users\tpaegle\Documents\Sound recordings 2017-07-11 08:00 - 2017-05-11 12:18 - 00000000 ____D C:\Users\tpaegle\AppData\Roaming\MAXON 2017-07-08 10:30 - 2017-02-08 14:38 - 00000000 ____D C:\Users\Public\Documents\My DAZ 3D Library 2017-07-07 06:01 - 2016-09-24 13:14 - 00000000 ____D C:\Users\tpaegle\AppData\Roaming\obs-studio 2017-07-06 07:47 - 2016-06-13 13:43 - 00000000 ____D C:\ProgramData\Package Cache 2017-07-05 15:05 - 2017-05-04 18:07 - 00000000 ____D C:\@RestoreQuarantine 2017-07-05 08:17 - 2016-11-28 15:03 - 00000000 ___RD C:\Users\tpaegle\tpaegle@iu.edu Creative Cloud Files 2017-07-05 05:45 - 2016-06-15 14:36 - 00000000 ____D C:\Users\tpaegle\Documents\Adobe 2017-07-03 05:40 - 2015-10-29 23:24 - 00000000 ____D C:\Windows\System32\NDF 2017-07-02 05:56 - 2017-06-23 05:39 - 00000000 ____D C:\ProgramData\digiCamControl 2017-06-30 17:27 - 2016-06-15 07:32 - 00000600 _____ C:\Users\tpaegle\AppData\Roaming\winscp.rnd 2017-06-30 11:46 - 2017-06-15 15:23 - 00093600 _____ (Malwarebytes) C:\Windows\System32\Drivers\mwac.sys 2017-06-30 05:43 - 2015-10-29 23:26 - 00835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2017-06-30 05:43 - 2015-10-29 23:26 - 00177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl ==================== Known DLLs (Whitelisted) ========================= ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe [2017-06-07 12:40] - [2017-03-03 21:02] - 0585216 _____ (Microsoft Corporation) 046C8307CFB02D0D21CDDBCE5A3C4E3F C:\Windows\System32\wininit.exe [2016-06-13 14:34] - [2016-04-22 21:06] - 0291360 _____ (Microsoft Corporation) C1C81AAF533552B3C4D9F11A5FF97700 C:\Windows\explorer.exe [2017-06-07 12:40] - [2017-03-03 23:08] - 4516800 _____ (Microsoft Corporation) FBE9252AEC157F10485A88E3EF77F9C4 C:\Windows\SysWOW64\explorer.exe [2017-06-07 12:42] - [2017-03-03 22:29] - 4075184 _____ (Microsoft Corporation) 393A499D11E159E44C276D320B306990 C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll [2017-06-07 12:40] - [2016-11-22 02:02] - 1399216 _____ (Microsoft Corporation) EB29608D1405D016617EFEBD5B03C0F2 C:\Windows\SysWOW64\User32.dll [2017-06-07 12:42] - [2016-11-22 00:47] - 1337240 _____ (Microsoft Corporation) EC1C204E1798C1139BA2913618B99D5D C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll [2017-06-07 12:40] - [2017-04-27 17:28] - 0905728 _____ (Microsoft Corporation) 3B2AE6B885E09C2C8AB0D32B6EB4EA32 C:\Windows\System32\dnsapi.dll [2017-06-07 12:40] - [2017-03-04 00:04] - 0687496 _____ (Microsoft Corporation) 8427BC27A16470C163C050E094DA80AF C:\Windows\SysWOW64\dnsapi.dll [2017-06-07 12:42] - [2017-03-03 23:29] - 0535088 _____ (Microsoft Corporation) 7B120B1C8F4951E119E8FB453F9410DD C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== Association (Whitelisted) ============= ==================== Restore Points ========================= Restore point date: 2017-07-26 12:21 ==================== Memory info =========================== Percentage of memory in use: 10% Total physical RAM: 8097.02 MB Available physical RAM: 7246.33 MB Total Virtual: 8097.02 MB Available Virtual: 7272.55 MB ==================== Drives ================================ Drive c: (Windows 10 Enterprise) (Fixed) (Total:476.6 GB) (Free:134.38 GB) NTFS Drive d: () (Removable) (Total:29.28 GB) (Free:16.16 GB) FAT32 Drive e: (ESD-USB) (Removable) (Total:29.79 GB) (Free:26.39 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.49 GB) NTFS Drive y: (System Reserved (Primary)) (Fixed) (Total:0.34 GB) (Free:0.31 GB) NTFS ==>[system with boot components (obtained from drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 476.9 GB) (Disk ID: 5FC96DEB) Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=476.6 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 29.3 GB) (Disk ID: 00000000) Partition: GPT. ======================================================== Disk: 2 (MBR Code: Windows 7 or 8) (Size: 29.8 GB) (Disk ID: 00000000) Partition: GPT. LastRegBack: 2017-07-20 18:54 ==================== End of FRST.txt ============================ FRST.txt

yes it is