Jump to content

nikoncamuser

Members
  • Posts

    9
  • Joined

  • Last visited

Everything posted by nikoncamuser

  1. Hi Kevin, Your explanation makes sense. Can you walk me through on how to the steps on how to do this process. I've never done this before. Also, yes I have a USB stick. Thank you.
  2. It didn't delete. Doing a search I found more instances of the LEGACY_SEGURAZOKD folder. See below. BTW sorry for the choppy response time. I've been busy with errands. Is there any other way to remove it? Segurazo is not popping up right now, but I just want to make sure that my computer is safe to use.
  3. I did another malwarebytes scan, and it didn't pick up anything. But I found this in the registry. Is this safe. Thanks for all the help.
  4. Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 8/2/19 Scan Time: 11:20 PM Log File: d118e3d0-b5b6-11e9-bac6-082e5f885e56.json -Software Information- Version: 3.8.3.2965 Components Version: 1.0.613 Update Package Version: 1.0.11838 License: Trial -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Lisa-HP\Lisa -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 316557 Threats Detected: 0 Threats Quarantined: 0 Time Elapsed: 38 min, 31 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.74, July 2019 (build 5.74.16130.3) Started On Sat Aug 3 00:14:35 2019 Engine: 1.1.16000.6 Signatures: 1.295.1362.0 MpGear: 1.1.15747.1 Run Mode: Interactive Graphical Mode Successfully Submitted Heartbeat Report Microsoft Windows Malicious Software Removal Tool Finished On Sat Aug 3 00:15:31 2019 Return code: 0 (0x0) 2.0 MpGear: 1.1.15747.1 Run Mode: Interactive Graphical Mode Successfully Submitted Heartbeat Report Microsoft Windows Malicious Software Removal Tool Finished On Sat Aug 3 00:15:01 2019 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.74, July 2019 (build 5.74.16130.3) Started On Sat Aug 3 00:16:01 2019 Engine: 1.1.16000.6 Signatures: 1.295.1362.0 MpGear: 1.1.15747.1 Run Mode: Interactive Graphical Mode Results Summary: ---------------- No infection found. Successfully Submitted Heartbeat Report Microsoft Windows Malicious Software Removal Tool Finished On Sat Aug 3 00:25:53 2019 Return code: 0 (0x0) Fixlog.txt
  5. Here are my FRST logs: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-07-2019 Ran by Lisa (01-08-2019 23:36:23) Running from C:\Users\Lisa\Desktop Windows 7 Home Premium Service Pack 1 (X64) (2014-10-19 08:13:48) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-44778635-258979257-1769342257-500 - Administrator - Disabled) Guest (S-1-5-21-44778635-258979257-1769342257-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-44778635-258979257-1769342257-1002 - Limited - Enabled) Lisa (S-1-5-21-44778635-258979257-1769342257-1000 - Administrator - Enabled) => C:\Users\Lisa ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF} AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189} AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.012.20035 - Adobe Systems Incorporated) Adobe Flash Player 32 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 32.0.0.223 - Adobe) Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.223 - Adobe) Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.1.629 - Adobe Systems, Inc.) AMD Catalyst Install Manager (HKLM\...\{3BF3599D-7F28-C60B-1C5D-82BFD4E5EF33}) (Version: 3.0.838.0 - Advanced Micro Devices, Inc.) Apple Application Support (32-bit) (HKLM-x32\...\{80B42CAA-28C0-4FBD-A46E-D61F45E2F9FC}) (Version: 7.2 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{466D00D0-E7DE-47C2-8FE5-54A8009F5850}) (Version: 7.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{5FA8C4BE-8C74-4B9C-9B49-EBF759230189}) (Version: 12.1.0.25 - Apple Inc.) Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.) AuthenTec TrueAPI (HKLM\...\{054EF02F-95D8-48F4-9EEB-2F9CE3072ED8}) (Version: 1.3.0.144 - AuthenTec, Inc.) Hidden AutoCAD 2014 - English (HKLM\...\{5783F2D7-D001-0000-0102-0060B0CE6BBA}) (Version: 19.1.18.0 - Autodesk) Hidden AutoCAD 2014 - English (HKLM\...\{5783F2D7-D001-0409-2102-0060B0CE6BBA}) (Version: 19.1.18.0 - Autodesk) Hidden AutoCAD 2014 Language Pack - English (HKLM\...\{5783F2D7-D001-0409-1102-0060B0CE6BBA}) (Version: 19.1.18.0 - Autodesk) Hidden Autodesk 360 (HKLM\...\{52B28CAD-F49D-47BA-9FFE-29C2E85F0D0B}) (Version: 4.0.27.1 - Autodesk) Autodesk App Manager (HKLM-x32\...\{C070121A-C8C5-4D52-9A7D-D240631BD433}) (Version: 1.1.0 - Autodesk) Autodesk AutoCAD 2014 - English (HKLM\...\AutoCAD 2014 - English) (Version: 19.1.18.0 - Autodesk) Autodesk Content Service (HKLM-x32\...\{62F029AB-85F2-0000-866A-9FC0DD99DDBC}) (Version: 3.1.3.0 - Autodesk) Hidden Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.1.3.0 - Autodesk) Autodesk Content Service Language Pack (HKLM-x32\...\{62F029AB-85F2-0001-866A-9FC0DD99DDBC}) (Version: 3.1.3.0 - Autodesk) Hidden Autodesk Featured Apps (HKLM-x32\...\{F732FEDA-7713-4428-934B-EF83B8DD65D0}) (Version: 1.1.0 - Autodesk) Autodesk Material Library 2014 (HKLM-x32\...\{644F9B19-A462-499C-BF4D-300ABC2A28B1}) (Version: 4.0.19.0 - Autodesk) Autodesk Material Library Base Resolution Image Library 2014 (HKLM-x32\...\{51BF3210-B825-4092-8E0D-66D689916E02}) (Version: 4.0.19.0 - Autodesk) Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.6.2383 - AVAST Software) Bejeweled 3 (HKLM-x32\...\WTA-61dbb20b-8864-4151-a181-26960025718c) (Version: 2.2.0.97 - WildTangent) Hidden Bentley DGN IFilter (HKLM\...\{2E873893-A883-4C06-8308-7B491D58F3D6}) (Version: 1.0.1.11 - Bentley Systems, Incorporated) Bentley DGN Index Service (HKLM-x32\...\{A753B088-3FCE-4F1C-BF92-8E6931DE261E}) (Version: 08.11.09030 - Bentley Systems, Incorporated) Bentley DGN Preview Handler (HKLM-x32\...\{264B522D-1B7F-4AAF-A32B-55A6BF5679F2}) (Version: 8.11.8004 - Bentley Systems, Incorporated) Bentley DGN Thumbnail Provider (HKLM\...\{74A8C1AF-75E5-4653-95AF-222725B7D877}) (Version: 8.11.7.411 - Bentley Systems, Incorporated) Bentley DgnDb i-model Importer 1.5 x64 (HKLM\...\{A4F99FF8-18AF-45B4-AFB4-9266863B6CEE}) (Version: 01.05.02007.0 - Bentley Systems, Incorporated) Bentley V8i (SELECTseries 3) - Autodesk® RealDWG™ 2014 (HKLM-x32\...\{23E55F00-CE7A-4860-AF2A-69F3A5F8E54A}) (Version: 08.11.09.578 - Bentley Systems, Incorporated) Better Nike Bot (HKLM-x32\...\{017F4C1E-0C27-4805-B708-7AC5D861CB6E}_is1) (Version: - BetterNikeBot) Bing Bar (HKLM-x32\...\{9FA13759-5C2B-4177-9DDC-0038F8B5BEFD}) (Version: 7.0.826.0 - Microsoft Corporation) Blackhawk Striker 2 (HKLM-x32\...\WTA-400eb1ac-a884-4f8b-a54e-458c131de0fb) (Version: 2.2.0.95 - WildTangent) Hidden Blio (HKLM-x32\...\{741006D1-7B2B-4E33-B2B0-831F282EEF64}) (Version: 2.2.8188 - K-NFB Reading Technology, Inc.) BNB All in One (HKLM-x32\...\{6F6087CC-91C0-45AD-82D6-40587EBDA884}_is1) (Version: - BetterNikeBot) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version: - ) Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.) Canon MX340 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX340_series) (Version: - Canon Inc.) CaptainCook 1.3 (HKU\S-1-5-21-44778635-258979257-1769342257-1000\...\953dce57fa77b402) (Version: 1.3.0.33 - CaptainCook 1.3) CaptainCook 1.4 (HKU\S-1-5-21-44778635-258979257-1769342257-1000\...\e652fe387c8f441b) (Version: 1.4.0.34 - CaptainCook 1.4) CaptainCook 1.4.1 (HKU\S-1-5-21-44778635-258979257-1769342257-1000\...\d129a43fd80dcd48) (Version: 1.4.1.35 - CaptainCook 1.4.1) CaptainCook 1.5 (HKU\S-1-5-21-44778635-258979257-1769342257-1000\...\37682e18fea6d434) (Version: 1.5.0.43 - CaptainCook 1.5) Chuzzle Deluxe (HKLM-x32\...\WTA-a0d9ab7f-de6f-4bfc-a022-81bed9254435) (Version: 2.2.0.95 - WildTangent) Hidden Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) Cradle of Rome 2 (HKLM-x32\...\WTA-e0a3b505-d19b-47c5-a192-4869bf1efa19) (Version: 2.2.0.98 - WildTangent) Hidden CyberAIO (HKLM\...\{AE27E5F5-4CA5-42E6-ABFF-F0D05579C6E4}) (Version: 3.0.4.1 - Cybersole) CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.3.3222 - CyberLink Corp.) CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.0.4528 - CyberLink Corp.) D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0002 - Microsoft Corporation) Dora's World Adventure (HKLM-x32\...\WTA-42e5adfb-20fd-4c81-a611-744a625d9c09) (Version: 2.2.0.95 - WildTangent) Hidden ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard) EveAIO version 6.01 (HKLM-x32\...\{304041F3-F417-4D61-B1B5-5CD71D2615F8}_is1) (Version: 6.01 - EVE_Robotics) Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.22 - Evernote Corp.) Farm Frenzy (HKLM-x32\...\WTA-b7b17d52-3023-4cf8-9168-a452ed75403b) (Version: 2.2.0.98 - WildTangent) Hidden Farmscapes (HKLM-x32\...\WTA-605d3c8f-4e74-48fb-a7fb-67642e0c6353) (Version: 2.2.0.98 - WildTangent) Hidden FARO LS 1.1.501.0 (64bit) (HKLM-x32\...\{8A470330-70B2-49AD-86AF-79885EF9898A}) (Version: 5.1.0.30630 - FARO Scanner Production) FATE (HKLM-x32\...\WTA-5efc9b37-664c-4108-812a-dd2ded3d9a98) (Version: 2.2.0.97 - WildTangent) Hidden Final Drive Fury (HKLM-x32\...\WTA-9fb14817-09b8-45c0-b08e-29ee1fdd8e8e) (Version: 2.2.0.95 - WildTangent) Hidden Fitbit Connect (HKLM-x32\...\{3EFA7006-AFA8-4A75-8FFA-5A43FC797A90}) (Version: 2.0.1.6782 - Fitbit Inc.) Fresco Logic USB3.0 Host Controller (HKLM\...\{104898A0-CA37-4BB4-AC27-46B6FE3280DD}) (Version: 3.3.44.0 - Fresco Logic Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 76.0.3809.87 - Google LLC) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden HDR Preview (HKLM\...\{9F7815C9-A323-4215-905C-73137D21BCC0}) (Version: 1.0.0.2 - Bentley Systems, Incorporated) Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden Hoyle Card Games (HKLM-x32\...\WTA-4cf50d80-8c39-4ece-a5c8-728e8c82f218) (Version: 2.2.0.95 - WildTangent) Hidden HP 3D DriveGuard (HKLM\...\{DFB497E0-CE3F-40FC-9596-FC7A48775DE4}) (Version: 4.1.16.1 - Hewlett-Packard Company) HP Application Assistant (HKLM\...\{0CE7EBAF-157D-4111-9146-057CB2A4023E}) (Version: 1.1.466.3970 - Hewlett-Packard) HP CoolSense (HKLM-x32\...\{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}) (Version: 2.10.51 - Hewlett-Packard Company) HP Documentation (HKLM-x32\...\{9BCA64E3-D180-4F13-8014-5E62947150C1}) (Version: 1.1.0.0 - Hewlett-Packard) HP Dropbox Plugin (HKLM-x32\...\{23617173-F935-4C17-A323-EB1207F3ED49}) (Version: 36.0.31.53050 - Hewlett-Packard Co.) HP ENVY 4520 series Basic Device Software (HKLM\...\{AA543771-C534-4954-831A-9862C626796F}) (Version: 36.0.72.54013 - Hewlett-Packard Co.) HP ENVY 4520 series Help (HKLM-x32\...\{201E58BD-2A1D-4C4D-BD6F-ADA7669FE3AE}) (Version: 36.0.0 - Hewlett Packard) HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent) HP Google Drive Plugin (HKLM-x32\...\{AFF80405-E56A-48E7-98FC-8E46E261949F}) (Version: 36.0.31.53050 - Hewlett-Packard Co.) HP Launch Box (HKLM\...\{BF1E75D0-E7AF-4BEA-9FBC-567F0C54BDF9}) (Version: 1.0.12 - Hewlett-Packard Company) HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.1.21091.0 - Hewlett-Packard Company) HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP) HP Power Manager (HKLM-x32\...\{7E799992-5DA0-4A1A-9443-B1836B063FEC}) (Version: 1.4.8 - Hewlett-Packard Company) HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company) HP QuickWeb (HKLM-x32\...\{BB4FC2AD-DF12-4EE1-8AA7-2C0A26B5E2FB}) (Version: 3.1.1.10197 - Hewlett-Packard Company) HP Security Assistant (HKLM\...\{0576788F-2993-455F-80CD-980114095103}) (Version: 1.0.11 - Hewlett-Packard) HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15076.3891 - Hewlett-Packard Company) HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.14901.3869 - Hewlett-Packard Company) HP SimplePass 2012 (HKLM-x32\...\{423FBEB8-21C6-4720-A8DA-B19B06FDB607}) (Version: 5.3.1.7 - Hewlett-Packard) HP Software Framework (HKLM-x32\...\{962CB079-85E6-405F-8704-1C62365AE46F}) (Version: 4.5.10.1 - Hewlett-Packard Company) HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.8.24.33 - Hewlett-Packard Company) HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.11.27.1 - Hewlett-Packard Company) HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.) IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6381.0 - IDT) i-model ODBC Driver for Windows 7 (HKLM-x32\...\{775616F7-2D4C-4D73-8773-A66C0BCECB38}) (Version: 01.01.00019 - Bentley Systems, Incorporated) i-model ODBC Driver for Windows 7 (x64) (HKLM\...\{454AD0FD-21D2-4E73-99E9-A40CAC75A636}) (Version: 01.01.00019 - Bentley Systems, Incorporated) Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3074 - Intel Corporation) Intel(R) Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation) iTools 4 (HKLM-x32\...\iTools4) (Version: 4.4.3.8 - ThinkSky Technology Co., Ltd) iTunes (HKLM\...\{A9921EE9-86E5-402C-A934-4A8DBAD99E24}) (Version: 12.9.2.6 - Apple Inc.) Jewel Match 3 (HKLM-x32\...\WTA-2d316535-4a51-463a-b5cd-db37b4b3ac7d) (Version: 2.2.0.98 - WildTangent) Hidden Jewel Quest Mysteries: The Seventh Gate Collector's Edition (HKLM-x32\...\WTA-6164c530-93ee-4c99-adc6-836dada4e7de) (Version: 2.2.0.98 - WildTangent) Hidden John Deere Drive Green (HKLM-x32\...\WTA-c42a7736-a9e3-4569-a67b-caa29d6e5106) (Version: 2.2.0.95 - WildTangent) Hidden Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Letters from Nowhere 2 (HKLM-x32\...\WTA-9d5869d9-db4e-40ab-ba12-ad2ee7b549ef) (Version: 2.2.0.97 - WildTangent) Hidden Luxor HD (HKLM-x32\...\WTA-65238e55-f612-401c-9c28-4cdfef664138) (Version: 2.2.0.98 - WildTangent) Hidden Mah Jong Medley (HKLM-x32\...\WTA-ce44369c-caf8-4753-8b12-2aaec58d19d2) (Version: 2.2.0.95 - WildTangent) Hidden Malwarebytes version 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes) Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation) Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-44778635-258979257-1769342257-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft SQL Server 2014 Express LocalDB (HKLM\...\{AB8DE9BA-19E1-446A-BCFA-6B3DA9751E21}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) MicroStation V8i (SELECTseries 3) 08.11.09.578 (HKLM-x32\...\{B234DC00-1003-47E7-8111-230AA9E6BF10}) (Version: 08.11.09.578 - Bentley Systems, Incorporated) Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Mozilla Firefox 33.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.0 (x86 en-US)) (Version: 33.0 - Mozilla) Mozilla Firefox 67.0.4 (x64 en-US) (HKU\S-1-5-21-44778635-258979257-1769342257-1000\...\Mozilla Firefox 67.0.4 (x64 en-US)) (Version: 67.0.4 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) opensource (HKLM-x32\...\{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}) (Version: 1.0.14960.3876 - Your Company Name) Hidden Penguins! (HKLM-x32\...\WTA-bdd37a7c-a404-4af8-abf3-d5d4a9b854f9) (Version: 2.2.0.98 - WildTangent) Hidden Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-12a142f3-b316-41d7-b34f-9ec4ce72bf4c) (Version: 2.2.0.98 - WildTangent) Hidden PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation) Poker Superstars III (HKLM-x32\...\WTA-761fe667-d0a2-4728-be69-992995a739f3) (Version: 2.2.0.95 - WildTangent) Hidden Polar Bowler (HKLM-x32\...\WTA-61d53e5c-4c50-4e5b-ba0a-9b3f45c1ac7b) (Version: 2.2.0.97 - WildTangent) Hidden Polar Golfer (HKLM-x32\...\WTA-0787d4fd-1035-42de-93c0-c5b2766c9f5d) (Version: 2.2.0.98 - WildTangent) Hidden Product Improvement Study for HP ENVY 4520 series (HKLM\...\{B722B235-7C2E-46B0-8DA8-69B01FE5E886}) (Version: 36.0.72.54013 - Hewlett-Packard Co.) PX Profile Update (HKLM-x32\...\{E635F3DC-E92B-6E68-A2E7-BF77298E8584}) (Version: 1.00.1. - AMD) Hidden Python 2.7.12 (HKLM-x32\...\{9DA28CE5-0AA5-429E-86D8-686ED898C665}) (Version: 2.7.12150 - Python Software Foundation) Python 3.6.4 (32-bit) (HKU\S-1-5-21-44778635-258979257-1769342257-1000\...\{9218130b-5ad0-4cf7-82be-6993cfd6cb84}) (Version: 3.6.4150.0 - Python Software Foundation) Python 3.6.4 (64-bit) (HKU\S-1-5-21-44778635-258979257-1769342257-1000\...\{035e803e-bcc1-4b95-ab44-d33a027f963d}) (Version: 3.6.4150.0 - Python Software Foundation) Python 3.6.4 Add to Path (64-bit) (HKLM\...\{2DCB9307-E939-4A96-B931-6162B19DB666}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden Python 3.6.4 Core Interpreter (32-bit) (HKLM-x32\...\{D188614B-E656-4EF1-9F5A-23559EBE8F5A}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden Python 3.6.4 Core Interpreter (64-bit) (HKLM\...\{B3411348-B653-4D70-9A09-28901FB91143}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden Python 3.6.4 Development Libraries (32-bit) (HKLM-x32\...\{C3797E33-967D-4687-8F1A-9DE771A00125}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden Python 3.6.4 Development Libraries (64-bit) (HKLM\...\{910DACA6-6A2B-467F-94AE-2DA40A29C0A5}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden Python 3.6.4 Documentation (32-bit) (HKLM-x32\...\{E09874D3-E898-4AB6-B043-EE24DF786088}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden Python 3.6.4 Documentation (64-bit) (HKLM\...\{732F63FB-D1EA-4D7B-844D-69AB27FB6A1E}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden Python 3.6.4 Executables (32-bit) (HKLM-x32\...\{47A75DB9-F3F5-4697-9261-DBA5162DBB9E}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden Python 3.6.4 Executables (64-bit) (HKLM\...\{06C8E684-F68F-4AEF-B41E-768E2BDF5FA5}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden Python 3.6.4 pip Bootstrap (32-bit) (HKLM-x32\...\{54142B43-2FA5-4BBA-BF03-27C10EB50C1E}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden Python 3.6.4 pip Bootstrap (64-bit) (HKLM\...\{5DFE0CAA-8EE6-40F7-B940-7FF9E4FB812F}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden Python 3.6.4 Standard Library (32-bit) (HKLM-x32\...\{2832768E-9BCA-4421-950C-7186B3BDFC45}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden Python 3.6.4 Standard Library (64-bit) (HKLM\...\{C4D98953-C1E2-4273-929A-BC489AD42FAF}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden Python 3.6.4 Tcl/Tk Support (32-bit) (HKLM-x32\...\{20888FA1-8127-42E3-969F-9BF93245AC83}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden Python 3.6.4 Tcl/Tk Support (64-bit) (HKLM\...\{F8F7EF2B-246C-4085-B0DD-E3EBCD52D585}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden Python 3.6.4 Test Suite (32-bit) (HKLM-x32\...\{D14FB2FA-51B2-415C-93BF-5053102235EE}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden Python 3.6.4 Test Suite (64-bit) (HKLM\...\{7D68AD0E-805E-47EA-B3AF-AD449353EDC9}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden Python 3.6.4 Utility Scripts (32-bit) (HKLM-x32\...\{D0730E44-E519-4F39-B926-E2FC0449D67C}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden Python 3.6.4 Utility Scripts (64-bit) (HKLM\...\{871F9D05-4AF7-40E5-9DBD-1BD29D1ACA6D}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden Python Launcher (HKLM-x32\...\{B42FF40A-60D4-4096-AC47-C86153D72797}) (Version: 3.6.6196.0 - Python Software Foundation) QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.41.216.2011 - Realtek) Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.83 - Realtek Semiconductor Corp.) REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.11.0706 - REALTEK Semiconductor Corp.) RollerCoaster Tycoon 3: Platinum (HKLM-x32\...\WTA-1264d617-1352-47cb-81ab-79adb878b3b6) (Version: 2.2.0.98 - WildTangent) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) shopify-dashe (HKU\S-1-5-21-44778635-258979257-1769342257-1000\...\shopify-dashe) (Version: 2.6.1 - DasheIO, LLC) SketchUp Import for AutoCAD 2014 (HKLM-x32\...\{644E9589-F73A-49A4-AC61-A953B9DE5669}) (Version: 1.1.0 - Autodesk) Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.) swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated) System.Data.SQLite v1.0.105.2 (ReleaseNativeOnly) (HKLM\...\{02E43EC2-6B1C-45B5-9E48-941C3E1B204A}_is1) (Version: 1.0.105.2 - System.Data.SQLite Team) The Treasures of Mystery Island: The Ghost Ship (HKLM-x32\...\WTA-dea78cf6-b302-434d-ab88-f65c65c1f6bc) (Version: 2.2.0.98 - WildTangent) Hidden Torchlight (HKLM-x32\...\WTA-a53b75c1-ed95-486e-a679-cd3562fd640a) (Version: 2.2.0.98 - WildTangent) Hidden Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden Validity WBF DDK (HKLM\...\{79174AF2-6CB1-42F5-981E-66DCA49391D0}) (Version: 4.3.205.0 - Validity Sensors, Inc.) VIP Access SDK (1.0.1.2) (HKLM-x32\...\VIP Access SDK) (Version: 1.0.1.2 - Symantec Inc.) Virtual Villagers 4 - The Tree of Life (HKLM-x32\...\WTA-f6780050-e8c7-470d-8911-9df828cf28c4) (Version: 2.2.0.98 - WildTangent) Hidden Visualization Content (HKLM-x32\...\{0D41BCFC-B16D-479F-8347-4F68F6CD34CE}) (Version: 8.11.9.454 - Bentley Systems, Incorporated) WildTangent Games App (HP Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.5.32 - WildTangent) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) WinRAR 5.50 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH) WinRAR 5.70 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.70.0 - win.rar GmbH) XAMPP (HKLM-x32\...\xampp) (Version: 5.6.24-1 - Bitnami) Zuma's Revenge (HKLM-x32\...\WTA-83559221-960c-4ea0-9fbc-c4987918d937) (Version: 2.2.0.98 - WildTangent) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-44778635-258979257-1769342257-1000_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc -> Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-44778635-258979257-1769342257-1000_Classes\CLSID\{7DE1BE5C-CEBA-4F1D-ACBC-9CE11EE9A2A1}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc -> Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-44778635-258979257-1769342257-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Lisa\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-44778635-258979257-1769342257-1000_Classes\CLSID\{a799acc2-7db4-4459-a792-a8870c28f3be}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-44778635-258979257-1769342257-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Lisa\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-44778635-258979257-1769342257-1000_Classes\CLSID\{BD0DEB94-63DB-4392-9420-6EEE05094B1F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc -> Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-44778635-258979257-1769342257-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Lisa\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-44778635-258979257-1769342257-1000_Classes\CLSID\{D9AC5E73-BB10-467b-B884-AA1E475C51F5}\Shell\Open\Command -> C:\Program Files\Synaptics\SynTP\SynTPCpl.dll (Synaptics Incorporated -> Synaptics Incorporated) CustomCLSID: HKU\S-1-5-21-44778635-258979257-1769342257-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2014\en-US\acadficn.dll (Autodesk, Inc -> Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-44778635-258979257-1769342257-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Lisa\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-44778635-258979257-1769342257-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Lisa\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-07-20] (AVAST Software s.r.o. -> AVAST Software) ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2013-02-08] (Autodesk, Inc -> Autodesk, Inc.) ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2013-02-08] (Autodesk, Inc -> Autodesk) ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-07-20] (AVAST Software s.r.o. -> AVAST Software) ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2014-08-11] (Apple Inc. -> Apple Inc.) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRar\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRar\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-07-20] (AVAST Software s.r.o. -> AVAST Software) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRar\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRar\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2011-09-30] (Advanced Micro Devices, Inc.) [File not signed] ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2011-08-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2019-07-20] (AVAST Software s.r.o. -> AVAST Software) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRar\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRar\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\":: WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99] WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate] ShortcutWithArgument: C:\Users\Lisa\Desktop\DESKTOP FOLDERS\Lester\bots\Selenium\Bluesy - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 2" ShortcutWithArgument: C:\Users\Lisa\Desktop\DESKTOP FOLDERS\Lester\bots\Selenium\First user - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Default" ShortcutWithArgument: C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_mmfbcljfglbokpmkimbfghdkjmjhdgbg\Text.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=mmfbcljfglbokpmkimbfghdkjmjhdgbg ShortcutWithArgument: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome RDP for Google Cloud Platform.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=mpbbnannobiobpnfblimoapbephgifkm ShortcutWithArgument: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Postman.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=fhbjgbiflinjbdggehcddcbncdddomop ShortcutWithArgument: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Text.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=mmfbcljfglbokpmkimbfghdkjmjhdgbg ShortcutWithArgument: C:\Users\Lisa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Text.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=mmfbcljfglbokpmkimbfghdkjmjhdgbg ShortcutWithArgument: C:\Users\Lisa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Postman.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=fhbjgbiflinjbdggehcddcbncdddomop ShortcutWithArgument: C:\Users\Lisa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Text.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=mmfbcljfglbokpmkimbfghdkjmjhdgbg ShortcutWithArgument: C:\Users\Lisa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Bluesy - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 2" ShortcutWithArgument: C:\Users\Lisa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\48499db33039e897\Person 3 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 4" ShortcutWithArgument: C:\Users\Lisa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\225bb61db2f318c1\Person 2 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 3" ==================== Loaded Modules (Whitelisted) ============== 2009-01-20 14:51 - 2009-01-20 14:51 - 000007168 _____ ( ) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atixclib.dll 2011-09-02 11:49 - 2011-09-02 11:49 - 000016384 _____ () [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll 2011-09-30 23:07 - 2011-09-30 23:07 - 000369152 _____ () [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2014-12-11 18:40 - 2014-12-11 18:40 - 040622592 ____R () [File not signed] C:\Program Files (x86)\Fitbit Connect\libcef.dll 2012-03-02 22:02 - 2011-05-20 11:05 - 000059904 _____ () [File not signed] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll 2019-06-14 15:35 - 2019-06-14 15:35 - 000172544 _____ () [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\030d6c23f3503d2bec117e5c508d4d5d\IsdiInterop.ni.dll 2011-09-30 23:03 - 2011-09-30 23:03 - 000008704 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Actions.CCAA.Shared.dll 2011-09-30 23:04 - 2011-09-30 23:04 - 000006656 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.DPPE.Shared.dll 2011-09-30 23:03 - 2011-09-30 23:03 - 000005632 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.EEU.Shared.dll 2011-09-30 23:03 - 2011-09-30 23:03 - 000005632 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.GD.Shared.dll 2011-09-30 23:02 - 2011-09-30 23:02 - 000007168 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.Hotkeys.Shared.dll 2011-09-30 23:03 - 2011-09-30 23:03 - 000005632 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.REG.Shared.dll 2011-09-30 23:04 - 2011-09-30 23:04 - 000044032 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.Source.Kit.Server.dll 2011-09-30 23:03 - 2011-09-30 23:03 - 000006656 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.WinMessages.Shared.dll 2011-09-30 23:03 - 2011-09-30 23:03 - 000034816 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Server.dll 2011-09-30 23:03 - 2011-09-30 23:03 - 000006144 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\AEM.Server.Shared.dll 2011-09-30 23:02 - 2011-09-30 23:02 - 000024576 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\APM.Foundation.dll 2011-09-30 23:03 - 2011-09-30 23:03 - 000032768 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\ATICCCom.dll 2011-09-30 23:04 - 2011-09-30 23:04 - 000022016 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.Implementation.dll 2011-09-30 23:07 - 2011-09-30 23:07 - 000013824 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDHome.Graphics.Runtime.dll 2011-09-30 23:07 - 2011-09-30 23:07 - 000008192 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDHome.Graphics.shared.dll 2011-09-30 23:07 - 2011-09-30 23:07 - 000033280 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDOverDrive.Platform.Dashboard.dll 2011-09-30 23:07 - 2011-09-30 23:07 - 000015360 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDOverDrive.Platform.Runtime.dll 2011-09-30 23:07 - 2011-09-30 23:07 - 000012800 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDOverDrive.Platform.Shared.dll 2011-09-30 23:07 - 2011-09-30 23:07 - 000018944 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CPUOverDrive.Fuel.Shared.dll 2011-09-30 23:07 - 2011-09-30 23:07 - 000035840 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossFireX.Graphics.Dashboard.dll 2011-09-30 23:06 - 2011-09-30 23:06 - 000316416 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll 2011-09-30 23:04 - 2011-09-30 23:04 - 000032768 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll 2011-09-30 23:04 - 2011-09-30 23:04 - 000028672 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll 2011-09-30 23:04 - 2011-09-30 23:04 - 000020480 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DisplaysOptions.Graphics.shared.dll 2011-09-30 23:03 - 2011-09-30 23:03 - 000020480 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll 2011-09-30 23:03 - 2011-09-30 23:03 - 000020480 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll 2011-09-30 23:06 - 2011-09-30 23:06 - 000774144 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.MMVideo.Graphics.Dashboard.dll 2011-09-30 23:04 - 2011-09-30 23:04 - 000106496 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.MMVideo.Graphics.Runtime.dll 2011-09-30 23:03 - 2011-09-30 23:03 - 000081920 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.MMVideo.Graphics.Shared.dll 2011-09-30 23:04 - 2011-09-30 23:04 - 000050688 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.OverDrive5.Graphics.Shared.dll 2011-09-30 23:06 - 2011-09-30 23:06 - 000096768 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll 2011-09-30 23:04 - 2011-09-30 23:04 - 000035840 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll 2011-09-30 23:04 - 2011-09-30 23:04 - 000018432 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll 2011-09-30 23:04 - 2011-09-30 23:04 - 000077824 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.Radeon3D.Graphics.Runtime.dll 2011-09-30 23:04 - 2011-09-30 23:04 - 000065536 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.Radeon3D.Graphics.Shared.dll 2011-09-30 23:05 - 2011-09-30 23:05 - 000159744 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.TransCode.Graphics.Dashboard.dll 2011-09-30 23:05 - 2011-09-30 23:05 - 000013824 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.TransCode.Graphics.Runtime.dll 2011-09-30 23:04 - 2011-09-30 23:04 - 000045056 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.TransCode.Graphics.shared.dll 2011-09-30 23:07 - 2011-09-30 23:07 - 000019968 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.UpdateNotification.Graphics.Dashboard.dll 2011-09-30 23:07 - 2011-09-30 23:07 - 000033792 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.UpdateNotification.Graphics.Runtime.dll 2011-09-30 23:07 - 2011-09-30 23:07 - 000012288 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.UpdateNotification.Graphics.Shared.dll 2011-09-30 23:05 - 2011-09-30 23:05 - 000008704 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Fuel.Dashboard.dll 2011-09-30 23:05 - 2011-09-30 23:05 - 000019968 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Fuel.Runtime.dll 2011-09-30 23:05 - 2011-09-30 23:05 - 000010752 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Fuel.Shared.dll 2011-09-30 23:03 - 2011-09-30 23:03 - 000172032 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Dashboard.dll 2011-09-30 23:03 - 2011-09-30 23:03 - 001003520 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Dashboard.Shared.dll 2011-09-30 23:03 - 2011-09-30 23:03 - 000008704 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Runtime.Shared.Private.dll 2011-09-30 23:04 - 2011-09-30 23:04 - 000008192 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.HydraVision.Dashboard.dll 2011-09-30 23:04 - 2011-09-30 23:04 - 000011776 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.HydraVision.Runtime.dll 2011-09-30 23:04 - 2011-09-30 23:04 - 000008704 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.HydraVision.Shared.dll 2011-09-30 23:07 - 2011-09-30 23:07 - 000007680 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Platform.Dashboard.dll 2011-09-30 23:07 - 2011-09-30 23:07 - 000011264 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Platform.Runtime.dll 2011-09-30 23:07 - 2011-09-30 23:07 - 000008704 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Platform.Shared.dll 2011-09-30 23:07 - 2011-09-30 23:07 - 002041344 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Combined.Graphics.Aspects1.Dashboard.dll 2011-09-30 23:02 - 2011-09-30 23:02 - 000007680 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Client.Shared.dll 2011-09-30 23:06 - 2011-09-30 23:06 - 000061440 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Dashboard.ProfileManager2.dll 2011-09-30 23:02 - 2011-09-30 23:02 - 000032768 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Dashboard.Shared.dll 2011-09-30 23:03 - 2011-09-30 23:03 - 001284096 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Dashboard.Shared.Private.dll 2011-09-30 23:04 - 2011-09-30 23:04 - 000286720 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Eeu.dll 2011-09-30 23:03 - 2011-09-30 23:03 - 000007168 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Runtime.Extension.EEU.dll 2011-09-30 23:03 - 2011-09-30 23:03 - 000005632 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Runtime.Shared.dll 2011-09-30 23:03 - 2011-09-30 23:03 - 000037376 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Runtime.Shared.Private.dll 2011-09-30 23:03 - 2011-09-30 23:03 - 000262144 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.Client.dll 2011-09-30 23:02 - 2011-09-30 23:02 - 000061440 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.dll 2011-09-30 23:03 - 2011-09-30 23:03 - 000029184 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.Private.dll 2011-09-30 23:04 - 2011-09-30 23:04 - 000018432 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.XManifest.dll 2011-06-08 02:26 - 2011-06-08 02:26 - 000020992 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CoreAudioApi.dll 2011-09-30 23:03 - 2011-09-30 23:03 - 000006144 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.dll 2011-09-30 23:05 - 2011-09-30 23:05 - 000012800 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\Fuel.Foundation.dll 2011-09-30 23:02 - 2011-09-30 23:02 - 000021504 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.dll 2011-09-30 23:04 - 2011-09-30 23:04 - 000055808 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.Implementation.dll 2011-09-30 23:03 - 2011-09-30 23:03 - 000020480 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.Implementation.Private.dll 2011-09-30 23:02 - 2011-09-30 23:02 - 000024576 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.Private.dll 2010-08-23 17:11 - 2010-08-23 17:11 - 000299008 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe 2011-09-30 23:03 - 2011-09-30 23:03 - 000005632 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.Foundation.dll 2011-09-30 23:04 - 2011-09-30 23:04 - 000095744 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.Implementation.dll 2011-09-30 23:02 - 2011-09-30 23:02 - 000015360 _____ (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\NEWAEM.Foundation.dll 2011-06-23 11:51 - 2011-06-23 11:51 - 000094208 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\ADL.Foundation.dll 2011-09-30 23:03 - 2011-09-30 23:03 - 000065536 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\APM.Server.dll 2011-09-30 23:06 - 2011-09-30 23:06 - 000217088 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.PowerXpress.Graphics.Dashboard.dll 2011-09-30 23:04 - 2011-09-30 23:04 - 000046592 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.PowerXpress.Graphics.Runtime.dll 2011-09-30 23:04 - 2011-09-30 23:04 - 000026112 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.PowerXpress.Graphics.Shared.dll 2011-09-30 23:03 - 2011-09-30 23:03 - 000036352 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Client.Shared.Private.dll 2011-09-30 23:03 - 2011-09-30 23:03 - 000376832 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Dashboard.dll 2011-09-30 23:03 - 2011-09-30 23:03 - 000057344 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Runtime.dll 2009-04-22 13:13 - 2009-04-22 13:13 - 000016384 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0702.dll 2009-06-17 06:27 - 2009-06-17 06:27 - 000016384 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0709.dll 2007-10-29 15:56 - 2007-10-29 15:56 - 000016384 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0710.dll 2009-06-17 11:24 - 2009-06-17 11:24 - 000016384 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0712.dll 2008-04-03 17:29 - 2008-04-03 17:29 - 000020480 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0804.dll 2009-01-20 15:36 - 2009-01-20 15:36 - 000016384 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0901.dll 2009-06-17 11:24 - 2009-06-17 11:24 - 000016384 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0906.dll 2010-10-07 14:07 - 2010-10-07 14:07 - 000020480 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I1010.dll 2010-11-05 15:18 - 2010-11-05 15:18 - 000016384 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I1011.dll 2011-09-30 23:02 - 2011-09-30 23:02 - 000253952 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\Localization.Foundation.Implementation.default_Localization.dll 2011-09-30 23:02 - 2011-09-30 23:02 - 000373248 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\Localization.Foundation.Private.dll 2011-09-30 23:05 - 2011-09-30 23:05 - 000168960 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\ResourceManagement.Foundation.Implementation.dll 2011-09-30 23:03 - 2011-09-30 23:03 - 000008704 _____ (Advanced Micro Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\ResourceManagement.Foundation.Private.dll 2011-09-30 23:07 - 2011-09-30 23:07 - 000027648 _____ (Advanced Mirco Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDHome.Graphics.Dashboard.dll 2011-09-30 23:03 - 2011-09-30 23:03 - 000303104 _____ (Advanced Mirco Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Runtime.dll 2011-09-30 23:03 - 2011-09-30 23:03 - 000180224 _____ (Advanced Mirco Devices, Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Shared.dll 2012-03-02 22:03 - 2011-08-09 09:12 - 001892352 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\xerces-c_2_7.dll 2010-09-28 16:33 - 2010-09-28 16:33 - 000299008 _____ (ATI Technologies Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe 2010-03-04 01:27 - 2010-03-04 01:27 - 000016384 _____ (ATI Technologies Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Foundation.dll 2009-04-22 13:13 - 2009-04-22 13:13 - 000045056 _____ (ATI Technologies Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0601.dll 2012-12-13 17:37 - 2012-12-13 17:37 - 000012288 _____ (Autodesk, Inc.) [File not signed] C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe 2014-10-26 19:25 - 2010-08-23 09:09 - 000019456 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNSU_ENU.DLL 2014-10-26 19:24 - 2012-06-14 17:18 - 000359936 _____ (CANON INC.) [File not signed] C:\Windows\System32\CNMN6PPM.DLL 2016-08-12 17:19 - 2016-08-12 17:19 - 004596904 ____R (Fitbit, Inc. -> Fitbit, Inc.) [File not signed] C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe 2016-08-12 17:19 - 2016-08-12 17:19 - 005911720 ____R (Fitbit, Inc. -> Fitbit, Inc.) [File not signed] C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe 2019-06-14 15:35 - 2019-06-14 15:35 - 000014336 _____ (Intel Corp.) [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\1ee5bbe67e0d1b85eb1b125cf57cba91\IAStorCommon.ni.dll 2012-03-02 22:03 - 2011-08-09 09:08 - 000069632 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\StatusStrings.dll 2012-03-02 22:02 - 2011-05-20 11:05 - 000174592 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorUIHelper.dll 2012-03-02 22:02 - 2011-05-20 11:05 - 001318912 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IntelVisualDesign.dll 2012-03-02 22:02 - 2011-05-20 10:54 - 000278528 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\ISDI.dll 2019-06-14 15:35 - 2019-06-14 15:35 - 000225792 _____ (Intel Corporation) [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorDataMgr\88cdfc9d6ad7a6557b9e7a895a436ce7\IAStorDataMgr.ni.dll 2019-06-14 15:35 - 2019-06-14 15:35 - 000019968 _____ (Intel Corporation) [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorDataMgrSvc\afd7eda314e797c95f10e63fa0c8db68\IAStorDataMgrSvc.ni.exe 2019-06-14 15:35 - 2019-06-14 15:35 - 000491520 _____ (Intel Corporation) [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\2ae77882a9ed69252900c1ca517120b2\IAStorUtil.ni.dll 2018-03-26 12:58 - 2018-03-26 12:58 - 000112128 _____ (Microsoft Corporation) [File not signed] C:\Windows\Microsoft.Net\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll 2015-09-13 23:11 - 2015-09-13 23:11 - 001654784 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_8448b2bd328df189\MFC80U.DLL 2015-09-13 23:11 - 2015-09-13 23:11 - 000047104 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\amd64_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_bc20f59b0bdd1acd\MFC80ENU.DLL 2015-09-13 23:24 - 2015-09-13 23:24 - 000225280 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcm90.dll 2012-03-02 22:06 - 2011-06-28 18:12 - 002413056 _____ (Realsil Microelectronics Inc.) [File not signed] C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe 2012-03-02 22:06 - 2011-04-13 11:09 - 000161280 _____ (Realtek Semiconductor Corp.) [File not signed] C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RsCRLib.dll 2014-11-10 20:11 - 2014-11-10 20:11 - 009994752 ____R (The ICU Project) [File not signed] C:\Program Files (x86)\Fitbit Connect\icudt.dll 2016-08-11 20:52 - 2016-08-11 20:52 - 001427968 ____R (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Fitbit Connect\LIBEAY32.dll 2011-08-11 12:14 - 2011-08-11 12:14 - 000047616 _____ (Windows (R) Win 7 DDK provider) [File not signed] C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe 2016-08-12 17:17 - 2016-08-12 17:17 - 001500672 ____R (winsparkle.org) [File not signed] C:\Program Files (x86)\Fitbit Connect\WinSparkle.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) HKU\S-1-5-21-44778635-258979257-1769342257-1000\Software\Classes\.scr: AutoCADScriptFile => C:\Windows\system32\notepad.exe "%1" ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 19:34 - 2019-03-02 12:32 - 000001053 _____ C:\Windows\system32\drivers\etc\hosts 127.0.0.1 dev.adidas.com 127.0.0.1 sole.slamjamsocialism-drops.com 54.69.163.181 hcn.adidas.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\HP SimplePass 2012\x64;C:\Program Files (x86)\HP SimplePass 2012\;;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\12.0\DLLShared\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Intel\Services\IPT\;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Python27;C:\Python27\Scripts HKU\S-1-5-21-44778635-258979257-1769342257-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.254.254 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == If an entry is included in the fixlist, it will be removed. ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{58588614-3D34-4ACD-A188-EF6E27AD47FA}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe (Sonic Solutions -> Rovi Corporation) FirewallRules: [{F05B6A5A-0551-4BB8-9BAF-B27C3891136D}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe (Sonic Solutions -> Rovi Corporation) FirewallRules: [{DAA3EB62-96A2-44F8-82D7-30C39A8CB1A2}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\IndivDRM.exe (Sonic Solutions -> Roxio) FirewallRules: [{4C1E284E-185B-45CC-957D-780D429C49A0}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\IndivDRM.exe (Sonic Solutions -> Roxio) FirewallRules: [{FCB50265-FD6B-465B-ACE8-3CF3D7C44A73}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe (CyberLink -> CyberLink Corp.) FirewallRules: [{BC3D64C0-87CA-42ED-B305-814EC9877A0F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE (CyberLink -> CyberLink Corp.) FirewallRules: [{339C84C0-A859-4B40-8B42-A1368C063369}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{91010C2A-B2C0-4B89-B2C2-7553B2652E47}] => (Allow) LPort=50248 FirewallRules: [{8A5774DB-A2C4-4E08-83AF-ABCAF4D71CB6}] => (Allow) C:\Program Files (x86)\Common Files\Bentley Shared\Dgn Index Service\DgnIndexServer.exe (Bentley Systems Inc.) [File not signed] FirewallRules: [{7FC236AE-BD91-4C56-BAE1-B56AAD3EC874}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{19C15A4E-0D90-42A6-8A08-E02E04E941AB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{FFD1503A-89BA-4CB3-8D7D-332CA23C9B70}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{71B7F76A-845D-4A63-97FF-408F470CDE70}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{5B49AA8F-1C87-4A8E-B679-2E1D136D7A10}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe No File FirewallRules: [{336959FF-F952-4413-A808-57E308ADF08E}] => (Allow) C:\Users\Lisa\AppData\Local\Temp\7zS20F0\HP.EasyStart.exe No File FirewallRules: [{EC2EF4EF-3E37-4E05-B31C-916F3C6F0B01}] => (Allow) C:\Program Files\HP\HP ENVY 4520 series\Bin\DeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP) FirewallRules: [{D2550E2D-E814-455B-BB9B-BA38A593DD4A}] => (Allow) LPort=5357 FirewallRules: [{6F079DEC-CEF7-4B50-9B74-19B917C7A7D5}] => (Allow) C:\Program Files\HP\HP ENVY 4520 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP) FirewallRules: [{649B52C2-5055-47D2-A7C7-2B4E93B0A1F9}] => (Allow) C:\Users\Lisa\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{B529D07D-4BAC-4BA5-96BF-855E9FAFDAC7}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{D9347F3D-9847-40A0-8BA5-23698ED52742}] => (Allow) LPort=2869 FirewallRules: [{C3B0B765-C1CB-4209-8A12-147075B89A16}] => (Allow) LPort=1900 FirewallRules: [{2FA47F8D-8652-4469-9940-2F6EB18A3D65}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [TCP Query User{3548D7EC-E1CF-4489-928E-10BEEA3FEE5F}C:\xampp2\apache\bin\httpd.exe] => (Allow) C:\xampp2\apache\bin\httpd.exe (Apache Software Foundation) [File not signed] FirewallRules: [UDP Query User{E944C035-F35A-4AFA-8BEC-62984BC20452}C:\xampp2\apache\bin\httpd.exe] => (Allow) C:\xampp2\apache\bin\httpd.exe (Apache Software Foundation) [File not signed] FirewallRules: [TCP Query User{75AC2D07-888D-4F42-86A6-684FB95CC403}C:\xampp2\apache\bin\httpd.exe] => (Allow) C:\xampp2\apache\bin\httpd.exe (Apache Software Foundation) [File not signed] FirewallRules: [UDP Query User{9D051D1F-8E2F-461E-84D4-960B0ED9DC3D}C:\xampp2\apache\bin\httpd.exe] => (Allow) C:\xampp2\apache\bin\httpd.exe (Apache Software Foundation) [File not signed] FirewallRules: [TCP Query User{2657317A-514F-4039-9534-63DF006F2FB3}C:\program files (x86)\bnb all in one\bnb all in one.exe] => (Block) C:\program files (x86)\bnb all in one\bnb all in one.exe No File FirewallRules: [UDP Query User{B01771BF-0E79-492E-AE28-A6C90F73628A}C:\program files (x86)\bnb all in one\bnb all in one.exe] => (Block) C:\program files (x86)\bnb all in one\bnb all in one.exe No File FirewallRules: [TCP Query User{D8F6E785-3D26-4872-B851-6846968291FF}C:\program files (x86)\bnb all in one\bnb all in one.exe] => (Allow) C:\program files (x86)\bnb all in one\bnb all in one.exe No File FirewallRules: [UDP Query User{C0654056-C0A2-4A78-8DCA-A0F2DF08D5DE}C:\program files (x86)\bnb all in one\bnb all in one.exe] => (Allow) C:\program files (x86)\bnb all in one\bnb all in one.exe No File FirewallRules: [TCP Query User{33F24E5D-BB1B-4AA3-B74B-847AE8B5A3E5}C:\users\lisa\appdata\local\shopify-dashe\app-2.4.2\shopify dashe.exe] => (Allow) C:\users\lisa\appdata\local\shopify-dashe\app-2.4.2\shopify dashe.exe No File FirewallRules: [UDP Query User{E073D637-C7DA-482B-8A67-F82ACC8F2A6E}C:\users\lisa\appdata\local\shopify-dashe\app-2.4.2\shopify dashe.exe] => (Allow) C:\users\lisa\appdata\local\shopify-dashe\app-2.4.2\shopify dashe.exe No File FirewallRules: [TCP Query User{2E42447B-E7CF-4096-8E81-B83F829122D6}C:\users\lisa\appdata\local\shopify-dashe\app-2.4.2\shopify dashe.exe] => (Allow) C:\users\lisa\appdata\local\shopify-dashe\app-2.4.2\shopify dashe.exe No File FirewallRules: [UDP Query User{44E1993B-993F-43C2-B85E-5FEEA6B4B4C6}C:\users\lisa\appdata\local\shopify-dashe\app-2.4.2\shopify dashe.exe] => (Allow) C:\users\lisa\appdata\local\shopify-dashe\app-2.4.2\shopify dashe.exe No File FirewallRules: [TCP Query User{225D3D37-3C6A-4956-AEF4-4C2DE545E990}C:\users\lisa\appdata\local\shopify-dashe\app-2.4.3\shopify dashe.exe] => (Allow) C:\users\lisa\appdata\local\shopify-dashe\app-2.4.3\shopify dashe.exe No File FirewallRules: [UDP Query User{FF37E3D5-6C78-4463-8763-8BC090607D60}C:\users\lisa\appdata\local\shopify-dashe\app-2.4.3\shopify dashe.exe] => (Allow) C:\users\lisa\appdata\local\shopify-dashe\app-2.4.3\shopify dashe.exe No File FirewallRules: [TCP Query User{0A78EEEC-2693-4F59-BC1C-FADD2F1CB648}C:\users\lisa\appdata\local\shopify-dashe\app-2.4.4\shopify dashe.exe] => (Allow) C:\users\lisa\appdata\local\shopify-dashe\app-2.4.4\shopify dashe.exe No File FirewallRules: [UDP Query User{3120BFC8-4BAD-40E9-979C-734386956AAD}C:\users\lisa\appdata\local\shopify-dashe\app-2.4.4\shopify dashe.exe] => (Allow) C:\users\lisa\appdata\local\shopify-dashe\app-2.4.4\shopify dashe.exe No File FirewallRules: [TCP Query User{BB39A329-5EE4-4484-A648-97C1FD679133}C:\users\lisa\appdata\local\shopify-dashe\app-2.4.5\shopify dashe.exe] => (Allow) C:\users\lisa\appdata\local\shopify-dashe\app-2.4.5\shopify dashe.exe No File FirewallRules: [UDP Query User{29E40E80-6B9A-4202-B8AF-6B5F07FBDF75}C:\users\lisa\appdata\local\shopify-dashe\app-2.4.5\shopify dashe.exe] => (Allow) C:\users\lisa\appdata\local\shopify-dashe\app-2.4.5\shopify dashe.exe No File FirewallRules: [TCP Query User{CD5EABE9-B11B-40C2-8EE6-1F577558CFC1}C:\users\lisa\appdata\local\shopify-dashe\app-2.4.6\shopify dashe.exe] => (Allow) C:\users\lisa\appdata\local\shopify-dashe\app-2.4.6\shopify dashe.exe No File FirewallRules: [UDP Query User{B2225145-2849-467C-93C9-2D07109DA464}C:\users\lisa\appdata\local\shopify-dashe\app-2.4.6\shopify dashe.exe] => (Allow) C:\users\lisa\appdata\local\shopify-dashe\app-2.4.6\shopify dashe.exe No File FirewallRules: [TCP Query User{C89EC27C-057C-41C1-8DAD-3A80BAB3AAC2}C:\users\lisa\appdata\local\shopify-dashe\app-2.5.0\shopify dashe.exe] => (Allow) C:\users\lisa\appdata\local\shopify-dashe\app-2.5.0\shopify dashe.exe No File FirewallRules: [UDP Query User{18159ED0-3517-4D45-B46A-E41BAD5CD03F}C:\users\lisa\appdata\local\shopify-dashe\app-2.5.0\shopify dashe.exe] => (Allow) C:\users\lisa\appdata\local\shopify-dashe\app-2.5.0\shopify dashe.exe No File FirewallRules: [TCP Query User{AEB9368D-278F-49DD-BEAA-D3B7BD5F385E}C:\users\lisa\appdata\local\shopify-dashe\app-2.5.1\shopify dashe.exe] => (Allow) C:\users\lisa\appdata\local\shopify-dashe\app-2.5.1\shopify dashe.exe (DasheIO, LLC) [File not signed] FirewallRules: [UDP Query User{B4C54EE1-F07F-47CD-A091-1A23E7AB3755}C:\users\lisa\appdata\local\shopify-dashe\app-2.5.1\shopify dashe.exe] => (Allow) C:\users\lisa\appdata\local\shopify-dashe\app-2.5.1\shopify dashe.exe (DasheIO, LLC) [File not signed] FirewallRules: [TCP Query User{67F0AAB6-A11E-4554-BF9A-93218B38F747}C:\users\lisa\desktop\dashe-cracked.exe] => (Block) C:\users\lisa\desktop\dashe-cracked.exe No File FirewallRules: [UDP Query User{B57E3B33-EA84-42C6-B00F-AF820B570875}C:\users\lisa\desktop\dashe-cracked.exe] => (Block) C:\users\lisa\desktop\dashe-cracked.exe No File FirewallRules: [TCP Query User{867B63DE-6F36-46DC-9FF5-BA06A5C16186}C:\users\lisa\appdata\local\shopify-dashe\app-2.6.1\shopify dashe.exe] => (Allow) C:\users\lisa\appdata\local\shopify-dashe\app-2.6.1\shopify dashe.exe (DasheIO, LLC) [File not signed] FirewallRules: [UDP Query User{CB25700E-729F-4A0C-9FDB-D7E6B7C050F3}C:\users\lisa\appdata\local\shopify-dashe\app-2.6.1\shopify dashe.exe] => (Allow) C:\users\lisa\appdata\local\shopify-dashe\app-2.6.1\shopify dashe.exe (DasheIO, LLC) [File not signed] FirewallRules: [TCP Query User{5588DB6D-B37B-4C39-B4BB-FF89EA3CFE9D}C:\users\lisa\desktop\bots\1-dashe\dashecracked 2.6.1\dashe-cracked.exe] => (Allow) C:\users\lisa\desktop\bots\1-dashe\dashecracked 2.6.1\dashe-cracked.exe No File FirewallRules: [UDP Query User{A6BF6BB9-873C-4E50-9B89-AEA2BC5C264B}C:\users\lisa\desktop\bots\1-dashe\dashecracked 2.6.1\dashe-cracked.exe] => (Allow) C:\users\lisa\desktop\bots\1-dashe\dashecracked 2.6.1\dashe-cracked.exe No File FirewallRules: [{11B621E9-5D58-4AC7-8FAC-B9FD7B0CD835}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{372139F2-6D23-46F3-908C-0299D287E78F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{CC1552FF-6160-4D38-AABE-BE9803959537}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{961A7BA3-F8A4-413A-A302-D7075069D303}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{AD1A33C3-F307-4878-B6D0-5DF102642B92}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{96CC9CEE-9814-4F4E-A71D-805CEA7A54F1}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{1C57CD47-8402-46B6-8F7D-CD74F8CDE30A}] => (Allow) C:\Users\Lisa\AppData\Local\Chromium\Application\chrome.exe No File FirewallRules: [{98DCCBBB-1D38-4BD2-B764-8CBD10215D54}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) ==================== Restore Points ========================= 22-07-2019 08:59:25 Windows Update 26-07-2019 10:28:30 Windows Update 26-07-2019 20:23:46 Windows Update 30-07-2019 19:58:24 Windows Update ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (08/01/2019 11:19:08 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (08/01/2019 10:14:15 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: DNS Message from 192.168.254.14:61073 to 192.168.254.255:5353 length 4 too short Error: (08/01/2019 10:14:10 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: DNS Message from 192.168.254.14:63198 to 192.168.254.255:5353 length 4 too short Error: (08/01/2019 10:14:10 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: DNS Message from 192.168.254.14:63198 to 192.168.254.255:5353 length 4 too short Error: (08/01/2019 10:14:10 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: DNS Message from 192.168.254.14:63198 to 192.168.254.255:5353 length 4 too short Error: (08/01/2019 09:13:00 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: DNS Message from 192.168.254.47:56038 to 192.168.254.255:5353 length 4 too short Error: (08/01/2019 09:12:52 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: DNS Message from 192.168.254.47:64996 to 192.168.254.255:5353 length 4 too short Error: (08/01/2019 09:12:52 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: DNS Message from 192.168.254.47:64996 to 192.168.254.255:5353 length 4 too short System errors: ============= Error: (08/01/2019 11:13:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The TrueSuiteService service terminated unexpectedly. It has done this 1 time(s). Error: (08/01/2019 11:13:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The AMD External Events Utility service terminated unexpectedly. It has done this 1 time(s). Error: (08/01/2019 11:13:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Audio Service service terminated unexpectedly. It has done this 1 time(s). Error: (08/01/2019 11:13:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The HP Service service terminated unexpectedly. It has done this 1 time(s). Error: (08/01/2019 11:13:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s). Error: (08/01/2019 11:13:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Andrea ST Filters Service service terminated unexpectedly. It has done this 1 time(s). Error: (08/01/2019 11:13:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Apple Mobile Device Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (08/01/2019 11:13:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Fitbit Connect Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. Windows Defender: =================================== Date: 2017-01-27 16:25:16.654 Description: Windows Defender scan has been stopped before completion. Scan ID:{6811DBA8-59F2-4A7F-BE21-03EB8EDA317D} Scan Type:AntiSpyware Scan Parameters:Quick Scan ==================== Memory info =========================== BIOS: Hewlett-Packard F.1B 10/23/2012 Motherboard: Hewlett-Packard 17F9 Processor: Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz Percentage of memory in use: 58% Total physical RAM: 8139.6 MB Available physical RAM: 3378.48 MB Total Virtual: 16277.35 MB Available Virtual: 11370.56 MB ==================== Drives ================================ Drive 😄 () (Fixed) (Total:673.14 GB) (Free:469.92 GB) NTFS ==>[system with boot components (obtained from drive)] Drive d: (Recovery) (Fixed) (Total:21.33 GB) (Free:2.3 GB) NTFS ==>[system with boot components (obtained from drive)] Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.07 GB) FAT32 \\?\Volume{cf7c27f9-5764-11e4-bd2a-806e6f6e6963}\ (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 698.6 GB) (Disk ID: 4A73C3CB) Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=673.1 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=21.3 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=4 GB) - (Type=0C) ==================== End of Addition.txt ============================ Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-07-2019 Ran by Lisa (administrator) on LISA-HP (Hewlett-Packard HP Pavilion dv6 Notebook PC) (01-08-2019 23:27:14) Running from C:\Users\Lisa\Desktop Loaded Profiles: Lisa (Available Profiles: Lisa & DefaultAppPool) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Advanced Micro Devices Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (ATI Technologies Inc.) [File not signed] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (AuthenTec, Inc. -> HP) C:\Program Files (x86)\HP SimplePass 2012\BioMonitor.exe (AuthenTec, Inc. -> HP) C:\Program Files (x86)\HP SimplePass 2012\TouchControl.exe (AuthenTec, Inc. -> HP) C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe (Autodesk, Inc.) [File not signed] C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software s.r.o. -> AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CyberLink -> CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink -> cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe (CyberLink -> CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (Fitbit, Inc. -> Fitbit, Inc.) [File not signed] C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe (Fitbit, Inc. -> Fitbit, Inc.) [File not signed] C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 4520 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Company -> ) C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe (Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company -> Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe (Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation -> Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel® Identity Protection Technology Software -> Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation -> Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe (Microsoft Windows Hardware Compatibility Publisher -> Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Realsil Microelectronics Inc.) [File not signed] C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Windows (R) Win 7 DDK provider) [File not signed] C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated -> Synaptics Incorporated) HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [43320 2011-09-30] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2014-10-21] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation -> Microsoft Corporation) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [301880 2018-11-15] (Apple Inc. -> Apple Inc.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [269192 2019-07-20] (AVAST Software s.r.o. -> AVAST Software) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation -> Intel Corporation) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-10-01] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [FLxHCIm64] => C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe [47616 2011-08-11] (Windows (R) Win 7 DDK provider) [File not signed] HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [HPQuickWebProxy] => C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [169528 2011-10-07] (Hewlett-Packard Company -> Hewlett-Packard Company) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2011-03-30] (CyberLink -> CyberLink Corp.) HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2011-08-04] (CyberLink -> cyberlink) HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) [File not signed] HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Company -> Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [206240 2010-08-23] (Canon Inc. -> CANON INC.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard) HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4596904 2016-08-12] (Fitbit, Inc. -> Fitbit, Inc.) [File not signed] HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-21-44778635-258979257-1769342257-1000\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc -> Autodesk, Inc.) HKU\S-1-5-21-44778635-258979257-1769342257-1000\...\Run: [HP ENVY 4520 series (NET)] => C:\Program Files\HP\HP ENVY 4520 series\Bin\ScanToPCActivationApp.exe [3651080 2015-03-09] (Hewlett Packard -> Hewlett-Packard Development Company, LP) HKU\S-1-5-21-44778635-258979257-1769342257-1000\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4596904 2016-08-12] (Fitbit, Inc. -> Fitbit, Inc.) [File not signed] HKU\S-1-5-21-44778635-258979257-1769342257-1000\...\Run: [McAfeeSafeConnect] => C:\Program Files (x86)\McAfee Safe Connect\McAfee Safe Connect.exe HKU\S-1-5-21-44778635-258979257-1769342257-1000\...\Run: [Chromium] => "c:\users\lisa\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session HKU\S-1-5-21-44778635-258979257-1769342257-1000\...\Policies\Explorer: [] HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc -> Autodesk, Inc.) HKLM\Software\Microsoft\Active Setup\Installed Components: [{0CE7EBAF-157D-4111-9146-057CB2A4023E}] -> msiexec /fu {0CE7EBAF-157D-4111-9146-057CB2A4023E} /qn HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\76.0.3809.87\Installer\chrmstp.exe [2019-07-30] (Google LLC -> Google LLC) HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2019-05-02] (Adobe Inc. -> Adobe Systems, Inc.) HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}] -> msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2012-07-17] (Microsoft Corporation -> Microsoft Corp.) FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {141E2A97-22DF-439F-98A5-5C927CA241A2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-09-11] (Google Inc -> Google Inc.) Task: {2470CB26-2A3F-4184-BD62-8CBA6A1E3149} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506680 2019-06-14] (HP Inc. -> HP Inc.) Task: {294D37E7-28B8-4F57-BF76-28488A5105CD} - System32\Tasks\HPCustPartic.exe_{A0A730A9-872C-42C6-B350-5F96170F040F} => C:\Program Files\HP\HP ENVY 4520 series\Bin\HPCustPartic.exe [6105096 2015-03-09] (Hewlett Packard -> Hewlett-Packard Development Company, LP) Task: {4045FF7D-1E62-4E3F-823F-FFED96C981F2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. -> Apple Inc.) Task: {41F6C09B-B8BC-45E6-9CCC-DE025CFCC2D4} - System32\Tasks\HPCustParticipation HP ENVY 4520 series => C:\Program Files\HP\HP ENVY 4520 series\Bin\HPCustPartic.exe [6105096 2015-03-09] (Hewlett Packard -> Hewlett-Packard Development Company, LP) Task: {46A8E092-EFF4-4B8F-9F9E-119F7710032D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_TH59I29051 => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1083768 2019-07-12] (HP Inc. -> HP Inc.) Task: {4C2EBF7C-B691-49A6-99CC-C29B4492771D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Task: {52D355C9-E668-4201-8419-9C9C33A28AB0} - System32\Tasks\{74AD5DE0-0360-4BF5-A298-DB72D5F95705} => C:\HCN Client\HCN Client.exe [1776128 2018-03-17] () [File not signed] Task: {580B1557-C9A7-4258-ADE8-EEBB7ACBFE1D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1083768 2019-07-12] (HP Inc. -> HP Inc.) Task: {67FF6C9E-7594-4547-96AD-F88AFBE706D6} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488 2011-09-28] (CyberLink -> CyberLink) Task: {6A4B3B0B-3C29-4C96-B841-691A1C7EC0C0} - System32\Tasks\{6F385723-AFDB-4EA8-895B-4C5DE6523330} => C:\HCN Client\HCN Client.exe [1776128 2018-03-17] () [File not signed] Task: {8110E63D-B846-4EB1-81BA-7755FDA88C97} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2047368 2019-07-30] (AVAST Software s.r.o. -> AVAST Software) Task: {81D1EDBB-4DDE-4F29-A25A-93AE3827216D} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1} Task: {89275BD1-AF57-4D53-AA43-866AA2D996EC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [237432 2019-04-29] (HP Inc. -> HP Inc.) Task: {916B6ABE-89DA-482E-AA10-29067578C8E2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-09-11] (Google Inc -> Google Inc.) Task: {A8728EDF-6164-4A8A-91C4-86E8BF23D1BF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-07-10] (Adobe Inc. -> Adobe) Task: {BF8BB6EE-BEBA-47AC-8825-21DF4447D00C} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [410784 2016-11-14] (Microsoft Corporation -> Microsoft Corporation) Task: {C2977F8C-BADE-4C67-ADEA-5BAC7B0EE5F2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [654712 2019-06-05] (HP Inc. -> HP Inc.) Task: {D09E65B4-E35F-4B4C-8534-5864EB7A58E9} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [25128 2017-11-16] (HP Inc. -> ) Task: {D432E0B0-44D1-4906-AF61-70458551A442} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506680 2019-06-14] (HP Inc. -> HP Inc.) Task: {D9B1006F-52DF-453A-A2DF-262058AE5429} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [3940232 2019-07-20] (AVAST Software s.r.o. -> AVAST Software) Task: {E207E9AE-6F98-4C85-B9B9-48FE2704C207} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [136056 2019-01-02] (HP Inc. -> HP Inc.) Task: {E95074D1-AE3D-4D25-B68C-B6756D267CE4} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_223_pepper.exe [1453112 2019-07-10] (Adobe Inc. -> Adobe) Task: {EBC2B7DA-1AA6-4169-BEFD-19ABEE7B1692} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1083768 2019-07-12] (HP Inc. -> HP Inc.) Task: {FB1271AC-2A34-475C-88A7-455851C15633} - System32\Tasks\HPCeeScheduleForLisa => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [96568 2015-06-16] (Hewlett-Packard Company -> Hewlett-Packard) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\HPCeeScheduleForLisa.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.254.254 Tcpip\..\Interfaces\{186F8FA1-15EA-4808-88D0-9EE77C544DEA}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{249DC121-3CB8-45D6-AF01-399D3A5C9053}: [DhcpNameServer] 172.20.10.1 Tcpip\..\Interfaces\{D8B70736-1E39-4CB0-AD81-5D071783D64C}: [DhcpNameServer] 192.168.254.254 HKLM\System\...\Parameters\PersistentRoutes: [169.254.0.0,255.255.0.0,192.168.1.12,1] Internet Explorer: ================== HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=132081170322429891&GUID=ECE4816C-BD19-4621-9CA4-61700D4042C4 SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKLM -> {00B8BCF6-56EE-466A-8ACC-9DF5F0DDBD5D} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> {00B8BCF6-56EE-466A-8ACC-9DF5F0DDBD5D} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms} SearchScopes: HKU\S-1-5-21-44778635-258979257-1769342257-1000 -> DefaultScope {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = SearchScopes: HKU\S-1-5-21-44778635-258979257-1769342257-1000 -> {00B8BCF6-56EE-466A-8ACC-9DF5F0DDBD5D} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-44778635-258979257-1769342257-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NS&chn=1007450&geo=US&ver=22&locale=en_US&gct=kwd&qsrc=2869 SearchScopes: HKU\S-1-5-21-44778635-258979257-1769342257-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF SearchScopes: HKU\S-1-5-21-44778635-258979257-1769342257-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKU\S-1-5-21-44778635-258979257-1769342257-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms} BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2012\x64\IEBHO.dll [2011-08-26] (AuthenTec, Inc. -> HP) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corporation -> Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (Hewlett-Packard Company -> HP Inc.) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2012\IEBHO.dll [2011-08-26] (AuthenTec, Inc. -> HP) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corporation -> Microsoft Corp.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-08-01] (Microsoft Corporation -> Microsoft Corporation.) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (Hewlett-Packard Company -> HP Inc.) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-08-01] (Microsoft Corporation -> Microsoft Corporation.) FireFox: ======== FF DefaultProfile: cor2nw5k.default-1413791578096 FF ProfilePath: C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\cor2nw5k.default-1413791578096 [2019-07-20] FF Extension: (Autofill Forms) - C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\cor2nw5k.default-1413791578096\Extensions\autofillForms@blueimp.net.xpi [2018-01-21] [Legacy] FF Extension: (Check4Change) - C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\cor2nw5k.default-1413791578096\Extensions\check4change-owner@mozdev.org.xpi [2018-11-17] FF Extension: (Selenium IDE: C# Formatters) - C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\cor2nw5k.default-1413791578096\Extensions\csharpformatters@seleniumhq.org.xpi [2015-05-27] [Legacy] [not signed] FF Extension: (Selenium IDE: Java Formatters) - C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\cor2nw5k.default-1413791578096\Extensions\javaformatters@seleniumhq.org.xpi [2015-05-27] [Legacy] [not signed] FF Extension: (Selenium IDE: Python Formatters) - C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\cor2nw5k.default-1413791578096\Extensions\pythonformatters@seleniumhq.org.xpi [2015-05-27] [Legacy] [not signed] FF Extension: (RightBar) - C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\cor2nw5k.default-1413791578096\Extensions\rightbar@realmtech.net.xpi [2016-12-21] [Legacy] FF Extension: (Selenium IDE: Ruby Formatters) - C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\cor2nw5k.default-1413791578096\Extensions\rubyformatters@seleniumhq.org.xpi [2015-05-27] [Legacy] [not signed] FF Extension: (Selenium Expert (Selenium IDE)) - C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\cor2nw5k.default-1413791578096\Extensions\selenium-expert_selenium-ide@Samit.Badle.xpi [2016-12-21] [Legacy] FF Extension: (Selenium IDE Button) - C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\cor2nw5k.default-1413791578096\Extensions\selenium_ide_buttons@egarracingteam.com.ar.xpi [2018-01-21] [Legacy] FF Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\cor2nw5k.default-1413791578096\Extensions\sp@avast.com.xpi [2019-07-06] FF Extension: (Avast Online Security) - C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\cor2nw5k.default-1413791578096\Extensions\wrc@avast.com.xpi [2019-01-28] FF Extension: (Selenium IDE) - C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\cor2nw5k.default-1413791578096\Extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f}.xpi [2015-05-27] [Legacy] [not signed] FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File] FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-14] (Google Inc -> Google LLC) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-14] (Google Inc -> Google LLC) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-07] (WildTangent Inc -> ) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-05-02] (Adobe Inc. -> Adobe Systems Inc.) Chrome: ======= CHR DefaultProfile: Profile 2 CHR Profile: C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default [2019-07-13] CHR Extension: (Easy Auto Refresh) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc [2019-07-10] CHR Extension: (Slides) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-05] CHR Extension: (Postman Interceptor) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aicmkgpgakddgnaphhhpliifpcfhicfo [2019-07-12] CHR Extension: (Docs) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-08] CHR Extension: (Google Drive) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-12] CHR Extension: (YouTube) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-12] CHR Extension: (ForceCop Supreme Bot) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgfjoaeimifdebhokjofbhmkbnlclfcc [2019-05-17] CHR Extension: (Rakuten Ebates: Get Cash Back For Shopping) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi [2019-07-10] CHR Extension: (Google Search) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-12] CHR Extension: (RSCATC) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnkegcfpgblnpjblojcbgomalnfgffhb [2016-11-29] CHR Extension: (King LosAngeles) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\eccpadpoggalooiafpdggjmibnjgnfnk [2015-12-19] CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2019-06-07] CHR Extension: (Sheets) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-05] CHR Extension: (Postman) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhbjgbiflinjbdggehcddcbncdddomop [2018-11-16] CHR Extension: (EditThisCookie) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2018-12-02] CHR Extension: (Google Docs Offline) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-04] CHR Extension: (Hola Free VPN Proxy Unblocker) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2019-07-10] CHR Extension: (Avast Online Security) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-05-17] CHR Extension: (Pay by Privacy.com) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmgpakheknboplhmlicfkkgjipfabmhp [2019-05-17] CHR Extension: (Auto Refresh) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifooldnmmcmlbdennkpdnlnbgbmfalko [2018-09-04] CHR Extension: (Notifier for Twitter) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikknnkomiokeodcdkknnhgjmncfiefmn [2018-09-04] CHR Extension: (Distill Web Monitor) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\inlikjemeeknofckkjolnjbpehgadgge [2019-06-07] CHR Extension: (AYINOPE Consortium Jig) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\jklaheofmknfnmiphplikndpnpafidbg [2018-03-22] CHR Extension: (GOLD MONITOR Plus) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdljmohbmaelbgjlbkimlnnekhglbnbb [2016-07-26] CHR Extension: (BNB Helper) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\mefppppbbpkdcdgcnflollfbhfljekce [2017-08-24] CHR Extension: (Text) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmfbcljfglbokpmkimbfghdkjmjhdgbg [2019-05-17] CHR Extension: (Easy Account Switcher for Google, Facebook.) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnannclpojfocmcjfhoicjbkjllajfhg [2017-07-27] CHR Extension: (Chrome RDP for Google Cloud Platform) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpbbnannobiobpnfblimoapbephgifkm [2017-06-23] CHR Extension: (All in One Dashboard by Heated Sneaks) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncicecjkfakbmelhamnagieonnkkjagg [2019-03-30] CHR Extension: (MetaMask) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn [2019-07-10] CHR Extension: (Chrome Web Store Payments) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-05] CHR Extension: (TunnelBear VPN) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\omdakjcmkglenbhjadbccaookpfjihpa [2019-03-30] CHR Extension: (Proxy SwitchyOmega) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\padekgcemlokbadohgkifijomclgjgif [2018-09-04] CHR Extension: (Gmail) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-17] CHR Extension: (Chrome Media Router) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-07-10] CHR Profile: C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Guest Profile [2018-12-12] CHR Profile: C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 2 [2019-08-01] CHR Extension: (Slides) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-16] CHR Extension: (Dot Supreme) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\achpfncabpjpimfecnfckiigfffgacml [2018-03-25] CHR Extension: (Docs) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-16] CHR Extension: (Google Drive) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22] CHR Extension: (YouTube) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-22] CHR Extension: (ForceCop Supreme Bot) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cgfjoaeimifdebhokjofbhmkbnlclfcc [2019-05-01] CHR Extension: (Google Search) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-30] CHR Extension: (Adobe Acrobat) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-06-13] CHR Extension: (Sheets) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-16] CHR Extension: (Google Docs Offline) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-04] CHR Extension: (Avast Online Security) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-07-17] CHR Extension: (Chrome Web Store Payments) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-19] CHR Extension: (Gmail) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-01] CHR Extension: (Chrome Media Router) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-08-01] CHR Profile: C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 4 [2019-07-20] CHR Extension: (Slides) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-24] CHR Extension: (Docs) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-24] CHR Extension: (Google Drive) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-11-24] CHR Extension: (YouTube) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-11-24] CHR Extension: (Website Logon) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\debkinhcgejcbfgjiaalomcmkedjmiaa [2017-11-24] CHR Extension: (Adobe Acrobat) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-06-16] CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2019-06-16] CHR Extension: (Sheets) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-24] CHR Extension: (EditThisCookie) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2019-06-16] CHR Extension: (Google Docs Offline) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-11-22] CHR Extension: (Avast Online Security) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\gomekmidlodglbbmalcneegieacbdmki [2019-07-19] CHR Extension: (Chrome Web Store Payments) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-19] CHR Extension: (Proxy SwitchyOmega) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\padekgcemlokbadohgkifijomclgjgif [2018-11-22] CHR Extension: (Gmail) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-06-16] CHR Extension: (Chrome Media Router) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-07-13] CHR Profile: C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\System Profile [2018-12-30] CHR Extension: (Google Slides) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-23] CHR Extension: (Google Docs) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-23] CHR Extension: (Google Drive) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-19] CHR Extension: (YouTube) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-23] CHR Extension: (Google Search) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-23] CHR Extension: (Google Sheets) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-23] CHR Extension: (Gmail) - C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-23] CHR HKLM-x32\...\Chrome\Extension: [debkinhcgejcbfgjiaalomcmkedjmiaa] - C:\Program Files (x86)\HP SimplePass 2012\tschrome.crx [2011-08-25] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AESTFilters; C:\Program Files\IDT\WDM\AESTSr64.exe [89600 2014-10-21] (Microsoft Windows Hardware Compatibility Publisher -> Andrea Electronics Corporation) R2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [204288 2011-09-30] (Microsoft Windows Hardware Compatibility Publisher -> AMD) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [85304 2018-10-16] (Apple Inc. -> Apple Inc.) R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6797008 2019-07-20] (AVAST Software s.r.o. -> AVAST Software) R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.) [File not signed] R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [414976 2019-07-20] (AVAST Software s.r.o. -> AVAST Software) S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-02-24] (CyberLink -> CyberLink) S3 DgnIndexingService; C:\Program Files (x86)\Common Files\Bentley Shared\Dgn Index Service\DgnIndexServer.exe [137728 2012-04-13] (Bentley Systems Inc.) [File not signed] R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5911720 2016-08-12] (Fitbit, Inc. -> Fitbit, Inc.) [File not signed] R2 FPLService; C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe [260424 2011-08-26] (AuthenTec, Inc. -> HP) R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [357240 2019-07-05] (HP Inc. -> HP Inc.) R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-24] (HP Inc. -> HP Inc.) R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2413056 2011-06-28] (Realsil Microelectronics Inc.) [File not signed] R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation -> Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation -> Microsoft Corporation) R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [311808 2014-10-21] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Windows -> Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 Accelerometer; C:\Windows\System32\DRIVERS\Accelerometer.sys [43320 2011-05-27] (Hewlett-Packard Company -> Hewlett-Packard Company) S3 aftap0901; C:\Windows\System32\DRIVERS\aftap0901.sys [48624 2018-03-06] (AnchorFree Inc -> The OpenVPN Project) R3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [9981952 2011-10-01] (Microsoft Windows Hardware Compatibility Publisher -> ATI Technologies Inc.) R3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [310272 2011-09-30] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) R0 aswArDisk; C:\Windows\System32\drivers\aswArDisk.sys [37320 2019-07-20] (AVAST Software s.r.o. -> AVAST Software) R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [209256 2019-07-20] (AVAST Software s.r.o. -> AVAST Software) R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriver.sys [263224 2019-07-20] (AVAST Software s.r.o. -> AVAST Software) R0 aswbidsh; C:\Windows\System32\drivers\aswbidsh.sys [206056 2019-07-20] (AVAST Software s.r.o. -> AVAST Software) R0 aswbuniv; C:\Windows\System32\drivers\aswbuniv.sys [61688 2019-07-20] (AVAST Software s.r.o. -> AVAST Software) R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [279336 2019-07-20] (AVAST Software s.r.o. -> AVAST Software) R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [42504 2019-07-20] (AVAST Software s.r.o. -> AVAST Software) R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [168896 2019-07-31] (AVAST Software s.r.o. -> AVAST Software) R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [112520 2019-07-20] (AVAST Software s.r.o. -> AVAST Software) R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [88160 2019-07-20] (AVAST Software s.r.o. -> AVAST Software) R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1030784 2019-07-31] (AVAST Software s.r.o. -> AVAST Software) R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [477288 2019-07-20] (AVAST Software s.r.o. -> AVAST Software) R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [225816 2019-07-20] (AVAST Software s.r.o. -> AVAST Software) R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [387896 2019-07-26] (AVAST Software s.r.o. -> AVAST Software) R3 clwvd; C:\Windows\System32\DRIVERS\clwvd.sys [31088 2010-07-28] (CyberLink -> CyberLink Corporation) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes) R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [77992 2015-01-07] (Fresco Logic Inc -> Fresco Logic) R0 hpdskflt; C:\Windows\System32\DRIVERS\hpdskflt.sys [30008 2011-05-27] (Hewlett-Packard Company -> Hewlett-Packard Company) R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [199768 2019-07-20] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [224408 2019-08-01] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [73584 2019-08-01] (Malwarebytes Corporation -> Malwarebytes) R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [275232 2019-07-31] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [106344 2019-08-01] (Malwarebytes Corporation -> Malwarebytes) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation -> Microsoft Corporation) S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [23040 2014-08-15] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.) R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation -> Microsoft Corporation) S3 SrvHsfHDA; C:\Windows\System32\DRIVERS\VSTAZL6.SYS [292864 2009-06-10] (Microsoft Windows -> Conexant Systems, Inc.) S3 SrvHsfV92; C:\Windows\System32\DRIVERS\VSTDPV6.SYS [1485312 2009-06-10] (Microsoft Windows -> Conexant Systems, Inc.) S3 SrvHsfWinac; C:\Windows\System32\DRIVERS\VSTCNXT6.SYS [740864 2009-06-10] (Microsoft Windows -> Conexant Systems, Inc.) R3 STHDA; C:\Windows\System32\DRIVERS\stwrt64.sys [535552 2014-10-21] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.) S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-06-17] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.) S3 NAVENG; \??\C:\Program Files (x86)\Norton Security\NortonData\22.5.2.15\Definitions\SDSDefs\20161005.020\ENG64.SYS [X] S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security\NortonData\22.5.2.15\Definitions\SDSDefs\20161005.020\EX64.SYS [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-08-01 23:27 - 2019-08-01 23:33 - 000050788 _____ C:\Users\Lisa\Desktop\FRST.txt 2019-08-01 23:26 - 2019-08-01 23:27 - 000000000 ____D C:\FRST 2019-08-01 23:23 - 2019-08-01 23:23 - 000224408 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2019-08-01 23:21 - 2019-08-01 23:21 - 000073584 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2019-08-01 23:20 - 2019-08-01 23:20 - 000106344 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2019-08-01 23:09 - 2019-08-01 23:09 - 002096128 _____ (Farbar) C:\Users\Lisa\Downloads\FRST64 (5).exe 2019-08-01 23:09 - 2019-08-01 23:09 - 002096128 _____ (Farbar) C:\Users\Lisa\Downloads\FRST64 (4).exe 2019-08-01 23:09 - 2019-08-01 23:09 - 002096128 _____ (Farbar) C:\Users\Lisa\Downloads\FRST64 (3).exe 2019-08-01 23:09 - 2019-08-01 23:09 - 002096128 _____ (Farbar) C:\Users\Lisa\Downloads\FRST64 (2).exe 2019-08-01 23:09 - 2019-08-01 23:09 - 002096128 _____ (Farbar) C:\Users\Lisa\Downloads\FRST64 (1).exe 2019-08-01 23:09 - 2019-08-01 23:09 - 002096128 _____ (Farbar) C:\Users\Lisa\Desktop\FRST64.exe 2019-08-01 22:48 - 2019-08-01 23:13 - 000000000 ____D C:\AdwCleaner 2019-08-01 22:47 - 2019-08-01 22:48 - 007623880 _____ (Malwarebytes) C:\Users\Lisa\Downloads\Unconfirmed 176132.crdownload 2019-08-01 22:46 - 2019-08-01 23:09 - 064660208 _____ (Malwarebytes ) C:\Users\Lisa\Downloads\mb3-setup-consumer-3.8.3.2965-1.0.613-1.0.11804.exe 2019-08-01 22:46 - 2019-08-01 22:47 - 007623880 _____ (Malwarebytes) C:\Users\Lisa\Downloads\adwcleaner_7.4.exe 2019-07-29 19:55 - 2019-07-31 19:40 - 000000328 _____ C:\Windows\Tasks\HPCeeScheduleForLisa.job 2019-07-29 19:55 - 2019-07-29 19:55 - 000003180 _____ C:\Windows\System32\Tasks\HPCeeScheduleForLisa 2019-07-28 23:37 - 2019-07-28 23:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTools 4 2019-07-28 23:36 - 2019-07-28 23:36 - 000000000 ____D C:\Program Files (x86)\ThinkSky 2019-07-28 23:32 - 2019-07-28 23:33 - 078328880 _____ C:\Users\Lisa\Downloads\itoolssetup_4438 (1).exe 2019-07-26 21:14 - 2019-07-31 19:46 - 000275232 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2019-07-24 07:59 - 2019-07-13 01:14 - 000334848 _____ (Microsoft Corporation) C:\Windows\system32\sipnotify.exe 2019-07-21 23:30 - 2019-07-30 20:18 - 000000000 _____ C:\Windows\system32\last.dump 2019-07-21 23:25 - 2019-07-21 23:25 - 019476688 _____ (IObit ) C:\Users\Lisa\Downloads\iobituninstaller.exe 2019-07-21 23:25 - 2019-07-21 23:25 - 000000000 ____D C:\Users\Lisa\AppData\Roaming\IObit 2019-07-21 23:25 - 2019-07-21 23:25 - 000000000 ____D C:\ProgramData\IObit 2019-07-20 15:49 - 2019-07-31 19:52 - 000168896 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2019-07-20 15:49 - 2019-07-20 15:45 - 000225816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2019-07-20 15:49 - 2019-07-20 15:43 - 000363400 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2019-07-20 11:02 - 2019-07-20 11:02 - 000000000 ____D C:\Users\Lisa\AppData\Local\mbam 2019-07-20 11:01 - 2019-07-20 11:01 - 000199768 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys 2019-07-20 11:01 - 2019-07-20 11:01 - 000000000 ____D C:\Users\Lisa\AppData\Local\mbamtray 2019-07-20 11:00 - 2019-07-26 13:01 - 000002016 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2019-07-20 11:00 - 2019-07-20 11:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2019-07-20 11:00 - 2019-07-20 11:00 - 000000000 ____D C:\ProgramData\Malwarebytes 2019-07-20 11:00 - 2019-07-20 11:00 - 000000000 ____D C:\Program Files\Malwarebytes 2019-07-20 11:00 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys 2019-07-20 10:24 - 2019-07-20 10:24 - 000001042 _____ C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2019-07-20 10:22 - 2019-07-20 10:22 - 000002247 _____ C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium.lnk 2019-07-20 10:14 - 2019-07-20 10:14 - 000000000 ____D C:\Users\Lisa\Downloads\fxcf.CIS 2019-07-20 10:04 - 2019-07-20 10:04 - 000000000 ____D C:\Users\Lisa\Downloads\k7th.CIS 2019-07-20 10:03 - 2019-07-20 10:03 - 000000000 ____D C:\Users\Lisa\Downloads\516a.CIS 2019-07-20 09:59 - 2019-07-20 09:59 - 000000000 ____D C:\Users\Lisa\Downloads\xcve.CIS 2019-07-09 23:13 - 2019-07-10 00:13 - 004863032 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2019-07-09 10:46 - 2019-06-20 02:11 - 000396896 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2019-07-09 10:46 - 2019-06-20 01:15 - 000348976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2019-07-09 10:46 - 2019-06-17 21:21 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2019-07-09 10:46 - 2019-06-17 21:07 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2019-07-09 10:46 - 2019-06-17 20:56 - 020274688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2019-07-09 10:46 - 2019-06-17 20:56 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2019-07-09 10:46 - 2019-06-17 20:48 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2019-07-09 10:46 - 2019-06-17 20:39 - 000496128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2019-07-09 10:46 - 2019-06-17 20:39 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2019-07-09 10:46 - 2019-06-17 20:39 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2019-07-09 10:46 - 2019-06-17 20:37 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2019-07-09 10:46 - 2019-06-17 20:35 - 002297344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2019-07-09 10:46 - 2019-06-17 20:32 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2019-07-09 10:46 - 2019-06-17 20:32 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2019-07-09 10:46 - 2019-06-17 20:32 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2019-07-09 10:46 - 2019-06-17 20:30 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2019-07-09 10:46 - 2019-06-17 20:29 - 000663040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2019-07-09 10:46 - 2019-06-17 20:29 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2019-07-09 10:46 - 2019-06-17 20:21 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2019-07-09 10:46 - 2019-06-17 20:20 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2019-07-09 10:46 - 2019-06-17 20:20 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2019-07-09 10:46 - 2019-06-17 20:16 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2019-07-09 10:46 - 2019-06-17 20:16 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2019-07-09 10:46 - 2019-06-17 20:13 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2019-07-09 10:46 - 2019-06-17 20:11 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2019-07-09 10:46 - 2019-06-17 20:03 - 013706752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2019-07-09 10:46 - 2019-06-17 20:03 - 002060288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2019-07-09 10:46 - 2019-06-17 20:03 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2019-07-09 10:46 - 2019-06-17 19:55 - 001557504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2019-07-09 10:46 - 2019-06-17 19:41 - 001323008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2019-07-09 10:45 - 2019-06-27 22:24 - 000887808 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll 2019-07-09 10:45 - 2019-06-27 22:24 - 000448512 _____ (Microsoft Corporation) C:\Windows\system32\wlansec.dll 2019-07-09 10:45 - 2019-06-27 22:24 - 000414208 _____ (Microsoft Corporation) C:\Windows\system32\wlanmsm.dll 2019-07-09 10:45 - 2019-06-27 22:24 - 000118784 _____ (Microsoft Corporation) C:\Windows\system32\wlanhlp.dll 2019-07-09 10:45 - 2019-06-27 22:24 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\wlanapi.dll 2019-07-09 10:45 - 2019-06-27 22:23 - 000428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanmsm.dll 2019-07-09 10:45 - 2019-06-27 22:23 - 000392704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlansec.dll 2019-07-09 10:45 - 2019-06-27 22:23 - 000083968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanhlp.dll 2019-07-09 10:45 - 2019-06-27 22:23 - 000080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanapi.dll 2019-07-09 10:45 - 2019-06-20 20:09 - 000806400 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll 2019-07-09 10:45 - 2019-06-20 20:05 - 000628224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll 2019-07-09 10:45 - 2019-06-20 19:44 - 003229696 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2019-07-09 10:45 - 2019-06-20 18:41 - 001251840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2019-07-09 10:45 - 2019-06-18 20:06 - 006135296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2019-07-09 10:45 - 2019-06-18 18:52 - 007081984 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2019-07-09 10:45 - 2019-06-17 23:41 - 001649664 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2019-07-09 10:45 - 2019-06-17 21:34 - 025730560 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2019-07-09 10:45 - 2019-06-17 21:21 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2019-07-09 10:45 - 2019-06-17 21:09 - 002903552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2019-07-09 10:45 - 2019-06-17 21:08 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2019-07-09 10:45 - 2019-06-17 21:07 - 000578560 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2019-07-09 10:45 - 2019-06-17 21:07 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2019-07-09 10:45 - 2019-06-17 21:07 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2019-07-09 10:45 - 2019-06-17 21:00 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2019-07-09 10:45 - 2019-06-17 20:59 - 005775872 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2019-07-09 10:45 - 2019-06-17 20:59 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2019-07-09 10:45 - 2019-06-17 20:57 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2019-07-09 10:45 - 2019-06-17 20:56 - 000790528 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2019-07-09 10:45 - 2019-06-17 20:56 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2019-07-09 10:45 - 2019-06-17 20:55 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2019-07-09 10:45 - 2019-06-17 20:51 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2019-07-09 10:45 - 2019-06-17 20:45 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2019-07-09 10:45 - 2019-06-17 20:38 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2019-07-09 10:45 - 2019-06-17 20:38 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2019-07-09 10:45 - 2019-06-17 20:38 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2019-07-09 10:45 - 2019-06-17 20:38 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2019-07-09 10:45 - 2019-06-17 20:35 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2019-07-09 10:45 - 2019-06-17 20:34 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2019-07-09 10:45 - 2019-06-17 20:30 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2019-07-09 10:45 - 2019-06-17 20:29 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2019-07-09 10:45 - 2019-06-17 20:21 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2019-07-09 10:45 - 2019-06-17 20:19 - 015311872 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2019-07-09 10:45 - 2019-06-17 20:17 - 002136064 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2019-07-09 10:45 - 2019-06-17 20:17 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2019-07-09 10:45 - 2019-06-17 20:16 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2019-07-09 10:45 - 2019-06-17 20:13 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2019-07-09 10:45 - 2019-06-17 20:10 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2019-07-09 10:45 - 2019-06-17 20:07 - 004494336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2019-07-09 10:45 - 2019-06-17 20:06 - 004858880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2019-07-09 10:45 - 2019-06-17 20:04 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2019-07-09 10:45 - 2019-06-17 20:02 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2019-07-09 10:45 - 2019-06-17 19:44 - 004386304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2019-07-09 10:45 - 2019-06-17 19:43 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2019-07-09 10:45 - 2019-06-17 19:39 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2019-07-09 10:45 - 2019-06-12 20:25 - 000160488 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2019-07-09 10:45 - 2019-06-12 20:21 - 000732160 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2019-07-09 10:45 - 2019-06-12 08:23 - 004057320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2019-07-09 10:45 - 2019-06-12 08:23 - 003964136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2019-07-09 10:45 - 2019-06-12 08:22 - 001314104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2019-07-09 10:45 - 2019-06-12 08:21 - 012574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2019-07-09 10:45 - 2019-06-12 08:21 - 011411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2019-07-09 10:45 - 2019-06-12 08:21 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2019-07-09 10:45 - 2019-06-12 08:21 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2019-07-09 10:45 - 2019-06-12 08:21 - 000617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll 2019-07-09 10:45 - 2019-06-12 08:21 - 000275968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2019-07-09 10:45 - 2019-06-12 08:21 - 000179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2019-07-09 10:45 - 2019-06-12 08:21 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2019-07-09 10:45 - 2019-06-12 08:21 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2019-07-09 10:45 - 2019-06-12 08:21 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll 2019-07-09 10:45 - 2019-06-12 08:21 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2019-07-09 10:45 - 2019-06-12 08:20 - 003207168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2019-07-09 10:45 - 2019-06-12 08:20 - 001329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll 2019-07-09 10:45 - 2019-06-12 08:20 - 000988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll 2019-07-09 10:45 - 2019-06-12 08:20 - 000555520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2019-07-09 10:45 - 2019-06-12 08:20 - 000519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2019-07-09 10:45 - 2019-06-12 08:20 - 000504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll 2019-07-09 10:45 - 2019-06-12 08:20 - 000489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll 2019-07-09 10:45 - 2019-06-12 08:20 - 000442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2019-07-09 10:45 - 2019-06-12 08:20 - 000406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll 2019-07-09 10:45 - 2019-06-12 08:20 - 000354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll 2019-07-09 10:45 - 2019-06-12 08:20 - 000265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll 2019-07-09 10:45 - 2019-06-12 08:20 - 000261632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2019-07-09 10:45 - 2019-06-12 08:20 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2019-07-09 10:45 - 2019-06-12 08:20 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2019-07-09 10:45 - 2019-06-12 08:20 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2019-07-09 10:45 - 2019-06-12 08:20 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll 2019-07-09 10:45 - 2019-06-12 08:20 - 000103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll 2019-07-09 10:45 - 2019-06-12 08:20 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2019-07-09 10:45 - 2019-06-12 08:20 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2019-07-09 10:45 - 2019-06-12 08:20 - 000046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssign32.dll 2019-07-09 10:45 - 2019-06-12 08:20 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2019-07-09 10:45 - 2019-06-12 08:20 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2019-07-09 10:45 - 2019-06-12 08:20 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll 2019-07-09 10:45 - 2019-06-12 08:19 - 001177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2019-07-09 10:45 - 2019-06-12 08:19 - 001005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll 2019-07-09 10:45 - 2019-06-12 08:19 - 000744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll 2019-07-09 10:45 - 2019-06-12 08:19 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2019-07-09 10:45 - 2019-06-12 08:19 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2019-07-09 10:45 - 2019-06-12 08:19 - 000373248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2019-07-09 10:45 - 2019-06-12 08:19 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2019-07-09 10:45 - 2019-06-12 08:19 - 000195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2019-07-09 10:45 - 2019-06-12 08:19 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2019-07-09 10:45 - 2019-06-12 08:19 - 000106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2019-07-09 10:45 - 2019-06-12 08:19 - 000080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll 2019-07-09 10:45 - 2019-06-12 08:19 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2019-07-09 10:45 - 2019-06-12 08:19 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2019-07-09 10:45 - 2019-06-12 08:19 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2019-07-09 10:45 - 2019-06-12 08:19 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2019-07-09 10:45 - 2019-06-12 08:19 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2019-07-09 10:45 - 2019-06-12 08:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2019-07-09 10:45 - 2019-06-12 08:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2019-07-09 10:45 - 2019-06-12 08:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2019-07-09 10:45 - 2019-06-12 08:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2019-07-09 10:45 - 2019-06-12 08:19 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2019-07-09 10:45 - 2019-06-12 08:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2019-07-09 10:45 - 2019-06-12 08:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2019-07-09 10:45 - 2019-06-12 08:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2019-07-09 10:45 - 2019-06-12 08:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2019-07-09 10:45 - 2019-06-12 08:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2019-07-09 10:45 - 2019-06-12 08:19 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2019-07-09 10:45 - 2019-06-12 08:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2019-07-09 10:45 - 2019-06-12 08:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2019-07-09 10:45 - 2019-06-12 08:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2019-07-09 10:45 - 2019-06-12 08:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2019-07-09 10:45 - 2019-06-12 08:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2019-07-09 10:45 - 2019-06-12 08:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2019-07-09 10:45 - 2019-06-12 08:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2019-07-09 10:45 - 2019-06-12 08:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2019-07-09 10:45 - 2019-06-12 08:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2019-07-09 10:45 - 2019-06-12 08:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2019-07-09 10:45 - 2019-06-12 08:19 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2019-07-09 10:45 - 2019-06-12 08:15 - 000631680 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2019-07-09 10:45 - 2019-06-12 08:11 - 000708328 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2019-07-09 10:45 - 2019-06-12 08:11 - 000262376 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll 2019-07-09 10:45 - 2019-06-12 08:11 - 000153832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2019-07-09 10:45 - 2019-06-12 08:11 - 000094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys 2019-07-09 10:45 - 2019-06-12 08:10 - 005550824 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2019-07-09 10:45 - 2019-06-12 08:10 - 000095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2019-07-09 10:45 - 2019-06-12 08:09 - 001664352 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2019-07-09 10:45 - 2019-06-12 08:08 - 014637568 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2019-07-09 10:45 - 2019-06-12 08:08 - 012574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2019-07-09 10:45 - 2019-06-12 08:08 - 000782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll 2019-07-09 10:45 - 2019-06-12 08:08 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2019-07-09 10:45 - 2019-06-12 08:08 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2019-07-09 10:45 - 2019-06-12 08:08 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2019-07-09 10:45 - 2019-06-12 08:08 - 000236032 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll 2019-07-09 10:45 - 2019-06-12 08:08 - 000229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2019-07-09 10:45 - 2019-06-12 08:08 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2019-07-09 10:45 - 2019-06-12 08:08 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2019-07-09 10:45 - 2019-06-12 08:08 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2019-07-09 10:45 - 2019-06-12 08:08 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2019-07-09 10:45 - 2019-06-12 08:08 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2019-07-09 10:45 - 2019-06-12 08:08 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2019-07-09 10:45 - 2019-06-12 08:08 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2019-07-09 10:45 - 2019-06-12 08:08 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\sscore.dll 2019-07-09 10:45 - 2019-06-12 08:08 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx 2019-07-09 10:45 - 2019-06-12 08:08 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll 2019-07-09 10:45 - 2019-06-12 08:07 - 004120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2019-07-09 10:45 - 2019-06-12 08:07 - 001574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll 2019-07-09 10:45 - 2019-06-12 08:07 - 001484800 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2019-07-09 10:45 - 2019-06-12 08:07 - 001472512 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2019-07-09 10:45 - 2019-06-12 08:07 - 001211392 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2019-07-09 10:45 - 2019-06-12 08:07 - 001202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll 2019-07-09 10:45 - 2019-06-12 08:07 - 001162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2019-07-09 10:45 - 2019-06-12 08:07 - 001068544 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll 2019-07-09 10:45 - 2019-06-12 08:07 - 000733184 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2019-07-09 10:45 - 2019-06-12 08:07 - 000641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll 2019-07-09 10:45 - 2019-06-12 08:07 - 000632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll 2019-07-09 10:45 - 2019-06-12 08:07 - 000499712 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2019-07-09 10:45 - 2019-06-12 08:07 - 000497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll 2019-07-09 10:45 - 2019-06-12 08:07 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2019-07-09 10:45 - 2019-06-12 08:07 - 000433152 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll 2019-07-09 10:45 - 2019-06-12 08:07 - 000408576 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2019-07-09 10:45 - 2019-06-12 08:07 - 000371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2019-07-09 10:45 - 2019-06-12 08:07 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2019-07-09 10:45 - 2019-06-12 08:07 - 000325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll 2019-07-09 10:45 - 2019-06-12 08:07 - 000317440 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2019-07-09 10:45 - 2019-06-12 08:07 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2019-07-09 10:45 - 2019-06-12 08:07 - 000284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2019-07-09 10:45 - 2019-06-12 08:07 - 000206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2019-07-09 10:45 - 2019-06-12 08:07 - 000190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2019-07-09 10:45 - 2019-06-12 08:07 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll 2019-07-09 10:45 - 2019-06-12 08:07 - 000187904 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll 2019-07-09 10:45 - 2019-06-12 08:07 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2019-07-09 10:45 - 2019-06-12 08:07 - 000141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2019-07-09 10:45 - 2019-06-12 08:07 - 000081920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll 2019-07-09 10:45 - 2019-06-12 08:07 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2019-07-09 10:45 - 2019-06-12 08:07 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\mssign32.dll 2019-07-09 10:45 - 2019-06-12 08:07 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2019-07-09 10:45 - 2019-06-12 08:07 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2019-07-09 10:45 - 2019-06-12 08:07 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2019-07-09 10:45 - 2019-06-12 08:07 - 000037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll 2019-07-09 10:45 - 2019-06-12 08:07 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2019-07-09 10:45 - 2019-06-12 08:07 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2019-07-09 10:45 - 2019-06-12 08:07 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2019-07-09 10:45 - 2019-06-12 08:07 - 000011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll 2019-07-09 10:45 - 2019-06-12 08:07 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll 2019-07-09 10:45 - 2019-06-12 08:07 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll 2019-07-09 10:45 - 2019-06-12 08:07 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll 2019-07-09 10:45 - 2019-06-12 08:06 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2019-07-09 10:45 - 2019-06-12 08:06 - 000842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll 2019-07-09 10:45 - 2019-06-12 08:06 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2019-07-09 10:45 - 2019-06-12 08:06 - 000680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2019-07-09 10:45 - 2019-06-12 08:06 - 000438784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2019-07-09 10:45 - 2019-06-12 08:06 - 000295936 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2019-07-09 10:45 - 2019-06-12 08:06 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll 2019-07-09 10:45 - 2019-06-12 08:06 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2019-07-09 10:45 - 2019-06-12 08:06 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2019-07-09 10:45 - 2019-06-12 08:06 - 000008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll 2019-07-09 10:45 - 2019-06-12 08:06 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2019-07-09 10:45 - 2019-06-12 08:06 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2019-07-09 10:45 - 2019-06-12 08:06 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2019-07-09 10:45 - 2019-06-12 08:06 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2019-07-09 10:45 - 2019-06-12 08:06 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2019-07-09 10:45 - 2019-06-12 08:06 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2019-07-09 10:45 - 2019-06-12 08:06 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2019-07-09 10:45 - 2019-06-12 08:06 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2019-07-09 10:45 - 2019-06-12 08:06 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2019-07-09 10:45 - 2019-06-12 08:06 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx 2019-07-09 10:45 - 2019-06-12 08:06 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll 2019-07-09 10:45 - 2019-06-12 08:06 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2019-07-09 10:45 - 2019-06-12 08:06 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2019-07-09 10:45 - 2019-06-12 08:06 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2019-07-09 10:45 - 2019-06-12 08:06 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2019-07-09 10:45 - 2019-06-12 08:06 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2019-07-09 10:45 - 2019-06-12 08:06 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2019-07-09 10:45 - 2019-06-12 08:06 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2019-07-09 10:45 - 2019-06-12 08:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2019-07-09 10:45 - 2019-06-12 08:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2019-07-09 10:45 - 2019-06-12 08:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2019-07-09 10:45 - 2019-06-12 08:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2019-07-09 10:45 - 2019-06-12 08:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2019-07-09 10:45 - 2019-06-12 08:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2019-07-09 10:45 - 2019-06-12 08:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2019-07-09 10:45 - 2019-06-12 08:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2019-07-09 10:45 - 2019-06-12 08:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2019-07-09 10:45 - 2019-06-12 08:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2019-07-09 10:45 - 2019-06-12 08:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2019-07-09 10:45 - 2019-06-12 08:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2019-07-09 10:45 - 2019-06-12 08:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2019-07-09 10:45 - 2019-06-12 08:05 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe 2019-07-09 10:45 - 2019-06-12 08:04 - 000023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe 2019-07-09 10:45 - 2019-06-12 08:01 - 000663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys 2019-07-09 10:45 - 2019-06-12 07:55 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll 2019-07-09 10:45 - 2019-06-12 07:54 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2019-07-09 10:45 - 2019-06-12 07:50 - 000055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe 2019-07-09 10:45 - 2019-06-12 07:49 - 000205312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Dism.exe 2019-07-09 10:45 - 2019-06-12 07:49 - 000125952 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe 2019-07-09 10:45 - 2019-06-12 07:49 - 000024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe 2019-07-09 10:45 - 2019-06-12 07:48 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2019-07-09 10:45 - 2019-06-12 07:48 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2019-07-09 10:45 - 2019-06-12 07:48 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2019-07-09 10:45 - 2019-06-12 07:48 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2019-07-09 10:45 - 2019-06-12 07:47 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2019-07-09 10:45 - 2019-06-12 07:46 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2019-07-09 10:45 - 2019-06-12 07:46 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2019-07-09 10:45 - 2019-06-12 07:46 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2019-07-09 10:45 - 2019-06-12 07:46 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2019-07-09 10:45 - 2019-06-12 07:42 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2019-07-09 10:45 - 2019-06-12 07:42 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2019-07-09 10:45 - 2019-06-12 07:42 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2019-07-09 10:45 - 2019-06-12 07:42 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2019-07-09 10:45 - 2019-06-12 07:39 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2019-07-09 10:45 - 2019-06-12 07:39 - 000129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys 2019-07-09 10:45 - 2019-06-12 07:38 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2019-07-09 10:45 - 2019-06-12 07:37 - 000274944 _____ (Microsoft Corporation) C:\Windows\system32\Dism.exe 2019-07-09 10:45 - 2019-06-12 07:37 - 000011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe 2019-07-09 10:45 - 2019-06-12 07:37 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe 2019-07-09 10:45 - 2019-06-12 07:36 - 000464384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys 2019-07-09 10:45 - 2019-06-12 07:36 - 000406016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys 2019-07-09 10:45 - 2019-06-12 07:36 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2019-07-09 10:45 - 2019-06-12 07:36 - 000169472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys 2019-07-09 10:45 - 2019-06-12 07:36 - 000160768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2019-07-09 10:45 - 2019-06-12 07:36 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2019-07-09 10:45 - 2019-06-12 07:35 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2019-07-09 10:45 - 2019-06-12 07:35 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys 2019-07-09 10:45 - 2019-06-12 07:35 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys 2019-07-09 10:45 - 2019-06-12 07:35 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys 2019-07-09 10:45 - 2019-06-12 07:35 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys 2019-07-09 10:45 - 2019-06-12 07:35 - 000044544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\npfs.sys 2019-07-09 10:45 - 2019-06-12 07:35 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2019-07-09 10:45 - 2019-06-10 19:59 - 002863104 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe 2019-07-09 10:45 - 2019-06-10 19:59 - 001712640 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2019-07-09 10:45 - 2019-06-10 19:59 - 000801792 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2019-07-09 10:45 - 2019-06-10 19:59 - 000634368 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2019-07-09 10:45 - 2019-06-10 19:59 - 000501760 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll 2019-07-09 10:45 - 2019-06-10 19:59 - 000456192 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2019-07-09 10:45 - 2019-06-10 19:59 - 000315904 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2019-07-09 10:45 - 2019-06-10 19:59 - 000257024 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2019-07-09 10:45 - 2019-06-07 08:18 - 001425920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll 2019-07-09 10:45 - 2019-06-07 08:18 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll 2019-07-09 10:45 - 2019-06-07 08:08 - 002072576 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll 2019-07-09 10:45 - 2019-06-07 08:08 - 000516096 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll 2019-07-09 10:45 - 2019-06-07 08:08 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll 2019-07-09 10:45 - 2019-06-07 08:07 - 000008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll 2019-07-09 10:45 - 2019-06-07 07:55 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll 2019-07-06 12:47 - 2019-07-19 17:18 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox ==================== One month (modified) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-08-01 23:30 - 2009-07-13 21:45 - 000032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2019-08-01 23:30 - 2009-07-13 21:45 - 000032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2019-08-01 23:18 - 2014-10-19 01:14 - 000000000 ____D C:\Users\Lisa\AppData\LocalLow\AuthenTec 2019-08-01 23:17 - 2009-07-13 22:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2019-08-01 21:13 - 2014-10-19 00:22 - 000003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{3C82FF63-D453-4542-88E6-A3FF32208A88} 2019-08-01 19:47 - 2017-03-04 08:47 - 000000000 ____D C:\Program Files (x86)\Feed Notifier 2019-07-31 19:52 - 2019-01-28 14:05 - 001030784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2019-07-31 19:48 - 2019-01-28 14:06 - 000004168 _____ C:\Windows\System32\Tasks\Avast Emergency Update 2019-07-31 19:39 - 2015-12-29 00:46 - 000000000 ____D C:\Users\DefaultAppPool 2019-07-30 20:08 - 2014-10-19 00:44 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2019-07-30 19:33 - 2016-09-15 22:30 - 000002310 ____H C:\Users\Lisa\Documents\Default.rdp 2019-07-29 19:50 - 2014-11-05 14:52 - 000000000 ____D C:\Users\Lisa\AppData\Local\CrashDumps 2019-07-28 10:16 - 2011-11-09 10:33 - 000000000 ____D C:\Windows\SysWOW64\Macromed 2019-07-26 10:30 - 2019-01-28 14:05 - 000387896 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys 2019-07-26 10:14 - 2009-07-13 21:57 - 000001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2019-07-22 21:54 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\rescache 2019-07-22 14:28 - 2009-07-13 22:13 - 000819210 _____ C:\Windows\system32\PerfStringBackup.INI 2019-07-22 14:28 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\inf 2019-07-22 14:20 - 2009-07-13 21:45 - 000420368 _____ C:\Windows\system32\FNTCACHE.DAT 2019-07-22 14:12 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\SysWOW64\Dism 2019-07-22 14:10 - 2014-12-12 10:13 - 000000000 ____D C:\Windows\system32\appraiser 2019-07-22 14:10 - 2014-10-19 03:20 - 000000000 ___SD C:\Windows\system32\CompatTel 2019-07-22 14:10 - 2009-07-13 20:20 - 000000000 ____D C:\Windows\system32\Dism 2019-07-22 09:17 - 2014-10-19 02:51 - 000811824 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2019-07-22 09:00 - 2014-10-19 01:12 - 136618864 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2019-07-22 09:00 - 2014-10-19 01:12 - 000000000 ____D C:\Windows\system32\MRT 2019-07-22 00:31 - 2019-01-28 14:10 - 000000000 ____D C:\Users\Lisa\AppData\Local\AVAST Software 2019-07-22 00:31 - 2019-01-28 14:04 - 000000000 ____D C:\ProgramData\AVAST Software 2019-07-20 15:45 - 2019-01-28 14:05 - 000477288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2019-07-20 15:45 - 2019-01-28 14:05 - 000088160 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2019-07-20 15:44 - 2019-02-20 00:50 - 000279336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys 2019-07-20 15:44 - 2019-01-28 14:05 - 000112520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2019-07-20 15:44 - 2019-01-28 14:05 - 000042504 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys 2019-07-20 15:40 - 2019-01-28 14:05 - 000209256 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys 2019-07-20 15:40 - 2019-01-28 14:05 - 000037320 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArDisk.sys 2019-07-20 15:38 - 2019-01-28 14:05 - 000263224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriver.sys 2019-07-20 15:38 - 2019-01-28 14:05 - 000206056 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsh.sys 2019-07-20 15:38 - 2019-01-28 14:05 - 000061688 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbuniv.sys 2019-07-20 10:24 - 2014-10-19 00:22 - 000001042 _____ C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2019-07-19 17:09 - 2017-08-05 09:26 - 000000000 ____D C:\Users\Lisa\AppData\LocalLow\Mozilla 2019-07-10 00:13 - 2019-01-28 17:38 - 000842296 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe 2019-07-10 00:13 - 2019-01-28 17:38 - 000004470 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier 2019-07-10 00:13 - 2019-01-28 17:38 - 000004324 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2019-07-10 00:13 - 2019-01-28 17:38 - 000000000 ____D C:\Windows\system32\MacromedAddition.txtFRST.txt 2019-07-10 00:13 - 2011-11-09 10:33 - 000175160 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2019-07-09 13:05 - 2010-11-20 20:27 - 000741432 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2019-07-06 12:47 - 2014-10-20 00:08 - 000000000 ____D C:\ProgramData\Mozilla ==================== SigCheck =============================== (There is no automatic fix for files that do not pass verification.) LastRegBack: 2019-08-01 10:12 ==================== End of FRST.txt ============================
  6. I used malwarebytes to attempt to remove segurazo antivirus about a week ago. It seemed to work - few scans later, it didn't detect any remnants of it after deleting the associated files. However just today, it detected it again. I followed the steps from this thread (https://forums.malwarebytes.com/topic/249548-pup-segurazo-antivirus-is-my-computer-clean-now/), but I think I need a fixlist.txt to complete the process. Below are my malwarebytes and adwcleaner logs. Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 8/1/19 Scan Time: 10:30 PM Log File: abf09722-b4e6-11e9-b930-082e5f885e56.json -Software Information- Version: 3.8.3.2965 Components Version: 1.0.613 Update Package Version: 1.0.11822 License: Trial -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Lisa-HP\Lisa -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 317958 Threats Detected: 9 Threats Quarantined: 8 Time Elapsed: 37 min, 50 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 4 PUP.Optional.Segurazo, C:\ProgramData\Segurazo\b\amd64, Quarantined, [1510], [709093],1.0.11822 PUP.Optional.Segurazo, C:\ProgramData\Segurazo\b\x86, Quarantined, [1510], [709093],1.0.11822 PUP.Optional.Segurazo, C:\ProgramData\Segurazo\b, Quarantined, [1510], [709093],1.0.11822 PUP.Optional.Segurazo, C:\PROGRAMDATA\SEGURAZO, Quarantined, [1510], [709093],1.0.11822 File: 5 PUP.Optional.Segurazo, C:\ProgramData\Segurazo\b\amd64\msdia140.dll, Quarantined, [1510], [709093],1.0.11822 PUP.Optional.Segurazo, C:\ProgramData\Segurazo\b\x86\msdia140.dll, Quarantined, [1510], [709093],1.0.11822 PUP.Optional.Segurazo, C:\ProgramData\Segurazo\b\Microsoft.Diagnostics.Tracing.TraceEvent.dll, Quarantined, [1510], [709093],1.0.11822 PUP.Optional.Segurazo, C:\ProgramData\Segurazo\b\System.Threading.dll, Quarantined, [1510], [709093],1.0.11822 MachineLearning/Anomalous.94%, C:\USERS\LISA\DESKTOP\DESKTOP FOLDERS\LESTER\BOTS\HCN LAUNCHER.EXE, No Action By User, [0], [392687],1.0.11822 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) # ------------------------------- # Malwarebytes AdwCleaner 7.4.0.0 # ------------------------------- # Build: 07-23-2019 # Database: 2019-07-22.1 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Scan # ------------------------------- # Start: 08-01-2019 # Duration: 00:00:53 # OS: Windows 7 Home Premium # Scanned: 35810 # Detected: 70 ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** PUP.Optional.Legacy C:\Program Files (x86)\Feed Notifier PUP.Optional.Legacy C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Feed Notifier ***** [ Files ] ***** PUP.Optional.Legacy C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Feed Notifier.lnk ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** No malicious tasks found. ***** [ Registry ] ***** PUP.Optional.InstallCore HKCU\Software\csastats PUP.Optional.Legacy HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{6091F327-2B13-4193-A6F1-4B2271613A74}_is1 ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries found. ***** [ Chromium URLs ] ***** No malicious Chromium URLs found. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries found. ***** [ Firefox URLs ] ***** No malicious Firefox URLs found. ***** [ Preinstalled Software ] ***** Preinstalled.CyberLinkService Preinstalled.HPCeement Preinstalled.HPClientServices Preinstalled.HPCoolSense Preinstalled.HPHealthCheck Preinstalled.HPLaunchBox Preinstalled.HPMediaSmart Preinstalled.HPSupportAssistant Preinstalled.HPTouchpointAnalyticsClient Preinstalled.LenovoPowerDVD Preinstalled.WildTangentGamesBundle ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ########## # ------------------------------- # Malwarebytes AdwCleaner 7.4.0.0 # ------------------------------- # Build: 07-23-2019 # Database: 2019-07-22.1 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 08-01-2019 # Duration: 00:00:08 # OS: Windows 7 Home Premium # Cleaned: 4 # Failed: 1 ***** [ Services ] ***** No malicious services cleaned. ***** [ Folders ] ***** Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Feed Notifier Not Deleted C:\Program Files (x86)\Feed Notifier ***** [ Files ] ***** Deleted C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Feed Notifier.lnk ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks cleaned. ***** [ Registry ] ***** Deleted HKCU\Software\csastats Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{6091F327-2B13-4193-A6F1-4B2271613A74}_is1 ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries cleaned. ***** [ Chromium URLs ] ***** No malicious Chromium URLs cleaned. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ***** [ Preinstalled Software ] ***** No Preinstalled Software cleaned. ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* AdwCleaner[S00].txt - [2093 octets] - [01/08/2019 23:11:42] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.