Jump to content

System dragging


Recommended Posts

My system constantly hangs and performs poorly. I've run Malwarebytes and Microsoft Security Essentials, but something seems to lurk in the background clogging things up. Haven't been here in years, but hope you can help again.

Here are the requested logs...

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-11-2016
Ran by Byron (administrator) on BYRON-PC (14-11-2016 23:04:53)
Running from C:\Users\Byron\Downloads
Loaded Profiles: Byron (Available Profiles: Byron)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard) C:\Windows\System32\hpservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic\ioloGovernor64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Pandora.TV) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
(Sling Media Inc.) C:\Program Files (x86)\Sling Media\SlingAgent\SlingAgentService.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(PandoraTV) C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IARNJAE.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2174760 2010-06-03] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [489472 2010-09-08] (IDT, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1354712 2016-08-30] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-07-11] (Apple Inc.)
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2010-02-25] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2012-01-26] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [642664 2013-12-24] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863848 2013-12-24] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [714992 2016-07-05] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-4116406913-743611772-3940053389-1000\...\Run: [Chromium] => c:\users\byron\appdata\local\chromium\application\chrome.exe [1068544 2016-03-18] (The Chromium Authors)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-11-07] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ASUS USB-N10 WLAN Control Center.lnk [2016-10-04]
ShortcutTarget: ASUS USB-N10 WLAN Control Center.lnk -> C:\Program Files (x86)\ASUS\USB-N10 WLAN Card Utilities\Center.exe (ASUSTeK COMPUTER INC.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\System Mechanic.lnk [2016-11-13]
ShortcutTarget: System Mechanic.lnk -> C:\Program Files (x86)\iolo\System Mechanic\SystemMechanic.exe (iolo technologies, LLC)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{17903DA1-A556-4404-BE44-4F7AEBFAFFA6}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B2314C4F-AFF3-4B0D-90E6-08E859B49553}: [DhcpNameServer] 64.71.255.198 192.168.1.1
Tcpip\..\Interfaces\{CE1F4C92-EDB1-4E63-A574-E6AAA2FEB491}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-4116406913-743611772-3940053389-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4116406913-743611772-3940053389-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2015-09-16] (RealDownloader)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2015-09-16] (RealDownloader)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-09-26] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-09-26] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Byron\AppData\Roaming\Mozilla\Firefox\Profiles\5wp3t6nx.default-1448222080399 [2016-11-14]
FF NewTab: Mozilla\Firefox\Profiles\5wp3t6nx.default-1448222080399 -> about:newtab
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\5wp3t6nx.default-1448222080399 -> Yahoo! Powered
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\5wp3t6nx.default-1448222080399 -> Google
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\5wp3t6nx.default-1448222080399 -> Yahoo! Powered
FF Homepage: Mozilla\Firefox\Profiles\5wp3t6nx.default-1448222080399 -> hxxps://www.google.com/
FF Keyword.URL: Mozilla\Firefox\Profiles\5wp3t6nx.default-1448222080399 -> user_pref("keyword.URL", true);
FF Extension: (Adguard AdBlocker) - C:\Users\Byron\AppData\Roaming\Mozilla\Firefox\Profiles\5wp3t6nx.default-1448222080399\Extensions\adguardadblocker@adguard.com.xpi [2016-10-27]
FF Extension: (Firefox Hotfix) - C:\Users\Byron\AppData\Roaming\Mozilla\Firefox\Profiles\5wp3t6nx.default-1448222080399\Extensions\firefox-hotfix@mozilla.org.xpi [2016-08-30]
FF Extension: (Forecastfox (fix version)) - C:\Users\Byron\AppData\Roaming\Mozilla\Firefox\Profiles\5wp3t6nx.default-1448222080399\Extensions\forecastfox@s3_fix_version.xpi [2016-08-18]
FF Extension: (The Addon Bar (restored)) - C:\Users\Byron\AppData\Roaming\Mozilla\Firefox\Profiles\5wp3t6nx.default-1448222080399\Extensions\the-addon-bar@GeekInTraining-GiT.xpi [2016-05-03]
FF SearchPlugin: C:\Users\Byron\AppData\Roaming\Mozilla\Firefox\Profiles\5wp3t6nx.default-1448222080399\searchplugins\yahoo! powered.xml [2016-09-25]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-08] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-08] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-09-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-09-26] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @real.com/nppl3260;version=18.1.0.1236 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2015-10-19] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=18.1.0.1236 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2015-10-19] (RealTimes)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4116406913-743611772-3940053389-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Byron\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-03-08] (Citrix Online)

Chrome:
=======
CHR Profile: C:\Users\Byron\AppData\Local\Google\Chrome\User Data\Default [2016-11-13]
CHR Extension: (Google Slides) - C:\Users\Byron\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-13]
CHR Extension: (Google Docs) - C:\Users\Byron\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-13]
CHR Extension: (Google Drive) - C:\Users\Byron\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-13]
CHR Extension: (YouTube) - C:\Users\Byron\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-13]
CHR Extension: (Google Search) - C:\Users\Byron\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-13]
CHR Extension: (Google Sheets) - C:\Users\Byron\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-13]
CHR Extension: (Google Docs Offline) - C:\Users\Byron\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Byron\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-28]
CHR Extension: (Gmail) - C:\Users\Byron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-13]
CHR Extension: (Chrome Media Router) - C:\Users\Byron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-17]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
S3 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [42096 2016-11-07] (Dropbox, Inc.)
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-11] (Seiko Epson Corporation)
S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [107520 2016-09-15] (Freemake) [File not signed]
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2016-09-15] (Ellora Assets Corp.) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [120888 2016-08-30] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-08-30] (Microsoft Corporation)
R2 PanService; C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [625304 2016-03-17] (Pandora.TV)
S3 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [33088 2015-09-16] ()
R2 RealTimes Desktop Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1103656 2015-10-19] (RealNetworks, Inc.)
R2 SlingAgentService; C:\Program Files (x86)\Sling Media\SlingAgent\SlingAgentService.exe [94024 2010-11-03] (Sling Media Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 DGPNPSEV; E:\DriverGenius2012\DgService.exe [X]
S2 DTLService; E:\DriveTheLife\DTLService.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
S3 PcaSp60; C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys [45704 2011-01-10] (Printing Communications Assoc., Inc. (PCAUSA))
S3 rismcx64; C:\Windows\System32\DRIVERS\rismcx64.sys [59008 2009-07-20] (RICOH Company, Ltd.)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1803904 2010-06-03] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz135; \??\C:\Users\ADMINI~1\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 HWCore; \??\E:\DriveTheLife\hwcore.sys [X]
S1 MpKsl8dda75ca; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{25BC610C-9880-46A2-9AB6-11DE1FE905DA}\MpKsl8dda75ca.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-14 23:04 - 2016-11-14 23:05 - 00021301 _____ C:\Users\Byron\Downloads\FRST.txt
2016-11-14 23:03 - 2016-11-14 23:04 - 00000000 ____D C:\FRST
2016-11-14 23:03 - 2016-11-14 23:03 - 02411520 _____ (Farbar) C:\Users\Byron\Downloads\FRST64.exe
2016-11-14 17:37 - 2016-11-14 17:37 - 00239666 _____ C:\Users\Byron\Desktop\PI-039 700 900 ANTENNAMAST.PDF
2016-11-14 13:26 - 2016-11-14 13:26 - 00197730 _____ C:\Users\Byron\Downloads\F Holmes Allianz tfr form.pdf
2016-11-14 13:02 - 2016-11-14 13:02 - 00196811 _____ C:\Users\Byron\Downloads\USA-385(6).PDF
2016-11-14 12:41 - 2016-11-14 12:41 - 00231041 _____ C:\Users\Byron\Desktop\F Holmes JNL trf form II.pdf
2016-11-14 12:37 - 2016-11-14 12:37 - 00255411 _____ C:\Users\Byron\Downloads\ShowFormDocument(20).jsp
2016-11-14 12:37 - 2016-11-14 12:37 - 00255399 _____ C:\Users\Byron\Downloads\ShowFormDocument(21).jsp
2016-11-14 11:45 - 2016-11-14 11:45 - 12110179 _____ C:\Users\Byron\Downloads\plaindealer_20161114_East.pdf
2016-11-14 10:33 - 2016-11-14 10:33 - 00181493 _____ C:\Users\Byron\Desktop\A Myers RBC IRA w-d form 11-14-16.PDF
2016-11-14 09:41 - 2016-11-14 09:41 - 00014504 _____ C:\Users\Byron\Downloads\0000009R5Y52466.pdf
2016-11-13 08:00 - 2016-11-13 08:55 - 00003118 _____ C:\Windows\System32\Tasks\iolo Process Governor
2016-11-13 08:00 - 2016-11-13 08:00 - 00003960 _____ C:\Windows\System32\Tasks\ioloSmartUpdater
2016-11-13 08:00 - 2016-11-13 08:00 - 00003854 _____ C:\Windows\System32\Tasks\ioloToaster
2016-11-13 08:00 - 2016-11-13 08:00 - 00003752 _____ C:\Windows\System32\Tasks\ioloActiveCare
2016-11-13 08:00 - 2016-11-13 08:00 - 00002084 _____ C:\Users\Public\Desktop\System Mechanic.lnk
2016-11-13 08:00 - 2016-11-13 08:00 - 00000000 ____D C:\Users\Byron\AppData\Roaming\ioloGovernor
2016-11-13 08:00 - 2016-11-13 08:00 - 00000000 ____D C:\Users\Byron\AppData\Local\iolo
2016-11-13 08:00 - 2016-11-13 08:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Mechanic
2016-11-13 08:00 - 2016-11-13 08:00 - 00000000 ____D C:\ProgramData\ioloGovernor
2016-11-13 08:00 - 2016-11-13 08:00 - 00000000 ____D C:\Program Files\Common Files\iolo
2016-11-13 08:00 - 2016-11-13 08:00 - 00000000 ____D C:\Program Files (x86)\iolo
2016-11-13 07:57 - 2016-11-13 07:57 - 00074703 _____ C:\Windows\SysWOW64\mfc45.dat
2016-11-13 07:57 - 2016-11-13 07:57 - 00000000 ____D C:\Users\Byron\AppData\Local\Downloaded Installations
2016-11-13 07:56 - 2016-11-13 08:01 - 00000000 ____D C:\ProgramData\iolo
2016-11-13 07:56 - 2016-11-13 08:00 - 00000000 ____D C:\Users\Byron\AppData\Roaming\iolo
2016-11-13 07:56 - 2016-11-13 07:56 - 00426352 _____ C:\Users\Byron\Downloads\sm_dm.exe
2016-11-13 06:06 - 2016-11-13 06:07 - 57132689 _____ C:\Users\Byron\Downloads\20161113_pdffull_east_2.pdf
2016-11-13 06:06 - 2016-11-13 06:06 - 57768316 _____ C:\Users\Byron\Downloads\20161113_pdffull_east.pdf
2016-11-12 07:58 - 2016-11-12 07:58 - 36954716 _____ C:\Users\Byron\Downloads\plaindealer_20161112_East.pdf
2016-11-11 15:39 - 2016-11-11 15:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-11-11 11:48 - 2016-11-11 11:48 - 44250611 _____ C:\Users\Byron\Downloads\plaindealer_20161111_East.pdf
2016-11-11 09:51 - 2016-11-11 09:51 - 00637750 _____ C:\Users\Byron\Downloads\Nov 10.pdf
2016-11-10 12:04 - 2016-11-02 10:36 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-11-10 12:04 - 2016-11-02 10:32 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-11-10 12:04 - 2016-11-02 10:32 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-11-10 12:04 - 2016-11-02 10:32 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-11-10 12:04 - 2016-11-02 10:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-11-10 12:04 - 2016-11-02 10:22 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-11-10 12:04 - 2016-11-02 10:16 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-11-10 12:04 - 2016-11-02 10:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-11-10 12:04 - 2016-11-02 10:16 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-11-10 12:04 - 2016-11-02 09:53 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-11-10 12:04 - 2016-10-27 22:59 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-11-10 12:04 - 2016-10-27 22:14 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-11-10 12:04 - 2016-10-27 14:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-11-10 12:04 - 2016-10-27 14:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-11-10 12:04 - 2016-10-27 13:55 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-11-10 12:04 - 2016-10-27 13:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-11-10 12:04 - 2016-10-27 13:54 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-11-10 12:04 - 2016-10-27 13:53 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-11-10 12:04 - 2016-10-27 13:53 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-11-10 12:04 - 2016-10-27 13:51 - 02896384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-11-10 12:04 - 2016-10-27 13:44 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-11-10 12:04 - 2016-10-27 13:43 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-11-10 12:04 - 2016-10-27 13:38 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-11-10 12:04 - 2016-10-27 13:37 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-11-10 12:04 - 2016-10-27 13:37 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-11-10 12:04 - 2016-10-27 13:37 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-11-10 12:04 - 2016-10-27 13:37 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-11-10 12:04 - 2016-10-27 13:28 - 25763328 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-11-10 12:04 - 2016-10-27 13:28 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-11-10 12:04 - 2016-10-27 13:24 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-11-10 12:04 - 2016-10-27 13:19 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-11-10 12:04 - 2016-10-27 13:15 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-11-10 12:04 - 2016-10-27 13:13 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-11-10 12:04 - 2016-10-27 13:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-11-10 12:04 - 2016-10-27 13:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-11-10 12:04 - 2016-10-27 13:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-11-10 12:04 - 2016-10-27 13:02 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-11-10 12:04 - 2016-10-27 12:49 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-11-10 12:04 - 2016-10-27 12:46 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-11-10 12:04 - 2016-10-27 12:46 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-11-10 12:04 - 2016-10-27 12:44 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-11-10 12:04 - 2016-10-27 12:44 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-11-10 12:04 - 2016-10-27 12:17 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-11-10 12:04 - 2016-10-27 12:16 - 02920448 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-11-10 12:04 - 2016-10-27 12:03 - 01543680 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-11-10 12:04 - 2016-10-27 11:54 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-11-10 12:04 - 2016-10-27 10:05 - 20304896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-11-10 12:04 - 2016-10-25 10:02 - 03219456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-11-10 12:04 - 2016-10-22 12:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-11-10 12:04 - 2016-10-22 12:36 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-11-10 12:04 - 2016-10-22 12:36 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-11-10 12:04 - 2016-10-22 12:35 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-11-10 12:04 - 2016-10-22 12:35 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-11-10 12:04 - 2016-10-22 12:34 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-11-10 12:04 - 2016-10-22 12:27 - 02287616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-11-10 12:04 - 2016-10-22 12:27 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-11-10 12:04 - 2016-10-22 12:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-11-10 12:04 - 2016-10-22 12:22 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-11-10 12:04 - 2016-10-22 12:21 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-11-10 12:04 - 2016-10-22 12:21 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-11-10 12:04 - 2016-10-22 12:20 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-11-10 12:04 - 2016-10-22 12:09 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-11-10 12:04 - 2016-10-22 12:04 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-11-10 12:04 - 2016-10-22 12:03 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-11-10 12:04 - 2016-10-22 11:59 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-11-10 12:04 - 2016-10-22 11:58 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-11-10 12:04 - 2016-10-22 11:56 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-11-10 12:04 - 2016-10-22 11:54 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-11-10 12:04 - 2016-10-22 11:46 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-11-10 12:04 - 2016-10-22 11:45 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-11-10 12:04 - 2016-10-22 11:44 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-11-10 12:04 - 2016-10-22 11:43 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-11-10 12:04 - 2016-10-22 11:43 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-11-10 12:04 - 2016-10-22 11:30 - 13654016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-11-10 12:04 - 2016-10-22 11:12 - 02444800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-11-10 12:04 - 2016-10-22 11:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-11-10 12:04 - 2016-10-22 11:09 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-11-10 12:04 - 2016-10-15 10:31 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-11-10 12:04 - 2016-10-15 10:31 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-11-10 12:04 - 2016-10-15 10:13 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-11-10 12:04 - 2016-10-15 10:13 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2016-11-10 12:04 - 2016-10-11 10:37 - 00370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2016-11-10 12:04 - 2016-10-11 10:31 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10.IME
2016-11-10 12:04 - 2016-10-11 10:31 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2016-11-10 12:04 - 2016-10-11 10:31 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2016-11-10 12:04 - 2016-10-11 10:31 - 00457216 _____ (Microsoft Corporation) C:\Windows\system32\imkr80.ime
2016-11-10 12:04 - 2016-10-11 10:31 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\input.dll
2016-11-10 12:04 - 2016-10-11 10:31 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\tintlgnt.ime
2016-11-10 12:04 - 2016-10-11 10:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\quick.ime
2016-11-10 12:04 - 2016-10-11 10:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\qintlgnt.ime
2016-11-10 12:04 - 2016-10-11 10:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\phon.ime
2016-11-10 12:04 - 2016-10-11 10:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\cintlgnt.ime
2016-11-10 12:04 - 2016-10-11 10:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\chajei.ime
2016-11-10 12:04 - 2016-10-11 10:31 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\pintlgnt.ime
2016-11-10 12:04 - 2016-10-11 10:18 - 01027584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10.IME
2016-11-10 12:04 - 2016-10-11 10:18 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2016-11-10 12:04 - 2016-10-11 10:18 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2016-11-10 12:04 - 2016-10-11 10:18 - 00430080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imkr80.ime
2016-11-10 12:04 - 2016-10-11 10:18 - 00202240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\input.dll
2016-11-10 12:04 - 2016-10-11 10:18 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tintlgnt.ime
2016-11-10 12:04 - 2016-10-11 10:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quick.ime
2016-11-10 12:04 - 2016-10-11 10:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qintlgnt.ime
2016-11-10 12:04 - 2016-10-11 10:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\phon.ime
2016-11-10 12:04 - 2016-10-11 10:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cintlgnt.ime
2016-11-10 12:04 - 2016-10-11 10:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\chajei.ime
2016-11-10 12:04 - 2016-10-11 10:18 - 00090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pintlgnt.ime
2016-11-10 12:04 - 2016-10-11 08:33 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2016-11-10 12:04 - 2016-10-11 08:06 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2016-11-10 12:04 - 2016-10-10 10:38 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-11-10 12:04 - 2016-10-10 10:38 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-11-10 12:04 - 2016-10-10 10:34 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-11-10 12:04 - 2016-10-10 10:34 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-11-10 12:04 - 2016-10-10 10:34 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-11-10 12:04 - 2016-10-10 10:34 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-11-10 12:04 - 2016-10-10 10:33 - 01462272 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-11-10 12:04 - 2016-10-10 10:33 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-11-10 12:04 - 2016-10-10 10:33 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-11-10 12:04 - 2016-10-10 10:33 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-11-10 12:04 - 2016-10-10 10:33 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-11-10 12:04 - 2016-10-10 10:33 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-11-10 12:04 - 2016-10-10 10:33 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-11-10 12:04 - 2016-10-10 10:33 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-11-10 12:04 - 2016-10-10 10:33 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-11-10 12:04 - 2016-10-10 10:33 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-11-10 12:04 - 2016-10-10 10:33 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-11-10 12:04 - 2016-10-10 10:33 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-11-10 12:04 - 2016-10-10 10:33 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-11-10 12:04 - 2016-10-10 10:33 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-11-10 12:04 - 2016-10-10 10:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-11-10 12:04 - 2016-10-10 10:16 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-11-10 12:04 - 2016-10-10 10:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-11-10 12:04 - 2016-10-10 10:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-11-10 12:04 - 2016-10-10 10:16 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-11-10 12:04 - 2016-10-10 10:16 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-11-10 12:04 - 2016-10-10 10:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-11-10 12:04 - 2016-10-10 10:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-11-10 12:04 - 2016-10-10 10:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-11-10 12:04 - 2016-10-10 10:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-11-10 12:04 - 2016-10-10 10:16 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-11-10 12:04 - 2016-10-10 10:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-11-10 12:04 - 2016-10-10 10:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-11-10 12:04 - 2016-10-10 10:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-11-10 12:04 - 2016-10-10 10:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-11-10 12:04 - 2016-10-10 10:02 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-11-10 12:04 - 2016-10-10 09:56 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-11-10 12:04 - 2016-10-10 09:55 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-11-10 12:04 - 2016-10-10 09:55 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-11-10 12:04 - 2016-10-10 09:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-11-10 12:04 - 2016-10-10 09:54 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-11-10 12:04 - 2016-10-10 09:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-11-10 12:04 - 2016-10-07 10:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-11-10 12:04 - 2016-10-07 10:37 - 05547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-11-10 12:04 - 2016-10-07 10:37 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-11-10 12:04 - 2016-10-07 10:35 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-11-10 12:04 - 2016-10-07 10:32 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2016-11-10 12:04 - 2016-10-07 10:32 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-11-10 12:04 - 2016-10-07 10:32 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-11-10 12:04 - 2016-10-07 10:32 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-11-10 12:04 - 2016-10-07 10:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-11-10 12:04 - 2016-10-07 10:32 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-11-10 12:04 - 2016-10-07 10:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-11-10 12:04 - 2016-10-07 10:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-11-10 12:04 - 2016-10-07 10:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-11-10 12:04 - 2016-10-07 10:32 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-11-10 12:04 - 2016-10-07 10:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-11-10 12:04 - 2016-10-07 10:32 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-11-10 12:04 - 2016-10-07 10:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-11-10 12:04 - 2016-10-07 10:32 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-11-10 12:04 - 2016-10-07 10:32 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-11-10 12:04 - 2016-10-07 10:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-11-10 12:04 - 2016-10-07 10:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-11-10 12:04 - 2016-10-07 10:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-11-10 12:04 - 2016-10-07 10:32 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-11-10 12:04 - 2016-10-07 10:32 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-11-10 12:04 - 2016-10-07 10:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-11-10 12:04 - 2016-10-07 10:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-11-10 12:04 - 2016-10-07 10:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-11-10 12:04 - 2016-10-07 10:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-11-10 12:04 - 2016-10-07 10:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-11-10 12:04 - 2016-10-07 10:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-11-10 12:04 - 2016-10-07 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-11-10 12:04 - 2016-10-07 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-11-10 12:04 - 2016-10-07 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-11-10 12:04 - 2016-10-07 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-11-10 12:04 - 2016-10-07 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-11-10 12:04 - 2016-10-07 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-11-10 12:04 - 2016-10-07 10:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-11-10 12:04 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-11-10 12:04 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-11-10 12:04 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-11-10 12:04 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-11-10 12:04 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-11-10 12:04 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-11-10 12:04 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-11-10 12:04 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-11-10 12:04 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-11-10 12:04 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-11-10 12:04 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-11-10 12:04 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-11-10 12:04 - 2016-10-07 10:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-11-10 12:04 - 2016-10-07 10:18 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-11-10 12:04 - 2016-10-07 10:18 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-11-10 12:04 - 2016-10-07 10:15 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-11-10 12:04 - 2016-10-07 10:12 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2016-11-10 12:04 - 2016-10-07 10:12 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-11-10 12:04 - 2016-10-07 10:12 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-11-10 12:04 - 2016-10-07 10:12 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-11-10 12:04 - 2016-10-07 10:12 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-11-10 12:04 - 2016-10-07 10:12 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-11-10 12:04 - 2016-10-07 10:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-11-10 12:04 - 2016-10-07 10:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-11-10 12:04 - 2016-10-07 10:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-11-10 12:04 - 2016-10-07 10:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-11-10 12:04 - 2016-10-07 10:12 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-11-10 12:04 - 2016-10-07 10:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-11-10 12:04 - 2016-10-07 10:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-11-10 12:04 - 2016-10-07 10:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-11-10 12:04 - 2016-10-07 10:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-11-10 12:04 - 2016-10-07 10:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-11-10 12:04 - 2016-10-07 10:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-11-10 12:04 - 2016-10-07 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-11-10 12:04 - 2016-10-07 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-11-10 12:04 - 2016-10-07 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-11-10 12:04 - 2016-10-07 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-11-10 12:04 - 2016-10-07 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-11-10 12:04 - 2016-10-07 10:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-11-10 12:04 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-11-10 12:04 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-11-10 12:04 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-11-10 12:04 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-11-10 12:04 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-11-10 12:04 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-11-10 12:04 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-11-10 12:04 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-11-10 12:04 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-11-10 12:04 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-11-10 12:04 - 2016-10-07 10:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-11-10 12:04 - 2016-10-07 10:04 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-11-10 12:04 - 2016-10-07 10:04 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-11-10 12:04 - 2016-10-07 10:04 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-11-10 12:04 - 2016-10-07 10:01 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-11-10 12:04 - 2016-10-07 10:00 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-11-10 12:04 - 2016-10-07 09:56 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-11-10 12:04 - 2016-10-07 09:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-11-10 12:04 - 2016-10-07 09:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-11-10 12:04 - 2016-10-07 09:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-11-10 12:04 - 2016-10-07 09:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-11-10 12:04 - 2016-10-07 09:49 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-11-10 12:04 - 2016-10-07 09:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-11-10 12:04 - 2016-10-07 09:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-11-10 12:04 - 2016-10-07 09:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-11-10 12:04 - 2016-10-05 09:54 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2016-11-10 12:04 - 2016-09-15 09:56 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2016-11-10 12:04 - 2016-09-13 10:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-11-10 12:04 - 2016-09-13 10:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-11-10 12:04 - 2016-09-09 13:20 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-11-10 12:04 - 2016-09-09 13:00 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2016-11-10 12:04 - 2016-08-22 11:19 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2016-11-10 07:39 - 2016-11-10 07:39 - 17820256 _____ C:\Users\Byron\Downloads\plaindealer_20161110_East.pdf
2016-11-09 11:16 - 2016-11-09 11:16 - 00263688 _____ C:\Users\Byron\Downloads\Scan0102.pdf
2016-11-09 10:14 - 2016-11-09 10:15 - 55383912 _____ C:\Users\Byron\Downloads\plaindealer_20161109_East.pdf
2016-11-08 19:00 - 2016-11-08 19:03 - 00000000 ____D C:\Users\Byron\Desktop\Manuals
2016-11-08 18:58 - 2016-11-08 18:58 - 00001328 _____ C:\Users\Byron\Desktop\CopyTrans Control Center.lnk
2016-11-08 18:58 - 2016-11-08 18:58 - 00000000 ____D C:\Users\Byron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopyTrans Control Center
2016-11-08 18:57 - 2016-11-08 18:57 - 07006376 _____ (WindSolutions) C:\Users\Byron\Downloads\Install_CopyTransControlCenter.exe
2016-11-08 15:09 - 2016-11-08 19:06 - 00000000 ____D C:\Users\Byron\AppData\Roaming\WindSolutions
2016-11-08 15:08 - 2016-11-08 19:05 - 00000000 ____D C:\ProgramData\WindSolutions
2016-11-08 15:07 - 2016-11-08 15:08 - 00000000 ____D C:\Users\Byron\Downloads\CopyTransManagerv1.114_DLC
2016-11-08 15:07 - 2016-11-08 15:07 - 14292261 _____ C:\Users\Byron\Downloads\CopyTransManagerv1.114_DLC.zip
2016-11-08 10:07 - 2016-11-08 10:07 - 07684833 _____ C:\Users\Byron\Downloads\C1yFhqui+ES.pdf
2016-11-08 08:42 - 2016-11-08 08:42 - 13349179 _____ C:\Users\Byron\Downloads\plaindealer_20161108_East.pdf
2016-11-07 17:49 - 2016-11-07 17:49 - 00075888 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2016-11-07 17:49 - 2016-11-07 17:49 - 00075888 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2016-11-07 17:49 - 2016-11-07 17:49 - 00075888 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2016-11-07 17:49 - 2016-11-07 17:49 - 00042096 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2016-11-07 11:57 - 2016-11-07 11:57 - 17752436 _____ C:\Users\Byron\Downloads\plaindealer_20161107_East.pdf
2016-11-06 20:16 - 2016-11-06 20:17 - 00753063 _____ C:\Users\Byron\Downloads\Specification Sheet - SB26 (English).pdf
2016-11-06 17:28 - 2016-11-06 17:29 - 63944428 _____ C:\Users\Byron\Downloads\20161106_pdffull_east_2.pdf
2016-11-06 17:28 - 2016-11-06 17:28 - 58843155 _____ C:\Users\Byron\Downloads\20161106_pdffull_east.pdf
2016-11-06 17:28 - 2016-11-06 17:28 - 48421127 _____ C:\Users\Byron\Downloads\20161106_pdffull_east_3.pdf
2016-11-05 10:23 - 2016-11-05 10:24 - 33720918 _____ C:\Users\Byron\Downloads\plaindealer_20161105_East.pdf
2016-11-05 10:03 - 2016-11-05 10:03 - 00862214 _____ C:\Users\Byron\Downloads\ShowFormDocument(19).jsp
2016-11-04 06:48 - 2016-11-04 06:48 - 30547241 _____ C:\Users\Byron\Downloads\plaindealer_20161104_East.pdf
2016-11-03 09:29 - 2016-11-03 09:30 - 00015131 _____ C:\Users\Byron\Downloads\0000009R5Y52416.pdf
2016-11-03 07:45 - 2016-11-03 07:45 - 24670138 _____ C:\Users\Byron\Downloads\plaindealer_20161103_East.pdf
2016-11-02 07:24 - 2016-11-02 07:24 - 53203061 _____ C:\Users\Byron\Downloads\plaindealer_20161102_East.pdf
2016-11-01 16:33 - 2016-11-01 16:33 - 00117588 _____ C:\Users\Byron\Downloads\962767886.pdf
2016-11-01 06:44 - 2016-11-01 06:44 - 12461460 _____ C:\Users\Byron\Downloads\plaindealer_20161101_East.pdf
2016-10-31 08:09 - 2016-10-31 08:09 - 34350697 _____ C:\Users\Byron\Downloads\plaindealer_20161031_East.pdf
2016-10-30 09:05 - 2016-10-30 09:05 - 08930508 _____ C:\Users\Byron\Downloads\20161030_pdffull_east_3.pdf
2016-10-30 09:04 - 2016-10-30 09:05 - 57956057 _____ C:\Users\Byron\Downloads\20161030_pdffull_east_2.pdf
2016-10-30 08:40 - 2016-10-30 08:41 - 57789214 _____ C:\Users\Byron\Downloads\20161030_pdffull_east.pdf
2016-10-29 11:32 - 2016-10-29 11:32 - 00027620 _____ C:\ComboFix.txt
2016-10-29 09:05 - 2016-10-29 09:05 - 52602913 _____ C:\Users\Byron\Downloads\plaindealer_20161029_East.pdf
2016-10-28 12:24 - 2016-10-28 12:24 - 00247607 _____ C:\Users\Byron\Downloads\Janis' lien payment receipt.pdf
2016-10-28 09:07 - 2016-10-28 09:07 - 00862197 _____ C:\Users\Byron\Downloads\ShowFormDocument(18).jsp
2016-10-28 07:22 - 2016-10-28 07:23 - 36967269 _____ C:\Users\Byron\Downloads\plaindealer_20161028_East.pdf
2016-10-27 16:03 - 2016-10-27 16:03 - 00029222 _____ C:\Users\Byron\Downloads\HALL.B.RATE.SHEET10.27.16.pdf
2016-10-27 09:22 - 2016-10-27 09:22 - 18374014 _____ C:\Users\Byron\Downloads\plaindealer_20161027_East.pdf
2016-10-26 07:35 - 2016-10-26 07:35 - 53248176 _____ C:\Users\Byron\Downloads\plaindealer_20161026_East.pdf
2016-10-25 08:06 - 2016-10-25 08:06 - 20833776 _____ C:\Users\Byron\Downloads\plaindealer_20161025_East.pdf
2016-10-24 07:33 - 2016-10-24 07:33 - 16304831 _____ C:\Users\Byron\Downloads\plaindealer_20161024_East.pdf
2016-10-23 10:09 - 2016-10-23 10:10 - 57505167 _____ C:\Users\Byron\Downloads\20161023_pdffull_east.pdf
2016-10-22 15:56 - 2016-10-22 15:56 - 34136763 _____ C:\Users\Byron\Downloads\plaindealer_20161019_East.pdf
2016-10-22 09:37 - 2016-10-22 09:37 - 18457616 _____ C:\Users\Byron\Downloads\plaindealer_20161020_East.pdf
2016-10-22 09:10 - 2016-10-22 09:11 - 45965120 _____ C:\Users\Byron\Downloads\plaindealer_20161022_East.pdf
2016-10-21 20:59 - 2016-10-21 20:59 - 41687191 _____ C:\Users\Byron\Downloads\plaindealer_20161021_East.pdf
2016-10-21 16:06 - 2016-10-21 16:06 - 04763938 _____ C:\Users\Byron\Downloads\Mason Audit CRD 10212016.pdf
2016-10-21 11:19 - 2016-10-21 11:19 - 00035347 _____ C:\Users\Byron\Downloads\961942478.pdf
2016-10-21 08:38 - 2016-10-26 07:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-10-20 14:50 - 2016-10-20 14:50 - 00111408 _____ C:\Users\Byron\Downloads\VA 1035 Exchange Review Form Updated 2-2016(3).pdf
2016-10-20 13:29 - 2016-10-20 13:29 - 00042780 _____ C:\Users\Byron\Downloads\Audit_Rep_Questionnaire 10062016.pdf
2016-10-20 08:39 - 2016-10-20 08:39 - 00816846 _____ C:\Users\Byron\Downloads\ShowFormDocument(17).jsp
2016-10-15 02:40 - 2016-10-15 02:42 - 58510402 _____ C:\Users\Byron\Downloads\plaindealer_20161015_East.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-14 23:01 - 2014-12-24 23:48 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-11-14 22:58 - 2015-12-13 12:36 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-14 22:24 - 2015-10-04 12:49 - 00000906 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-11-14 22:24 - 2015-10-04 12:49 - 00000902 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-11-14 22:11 - 2016-03-08 15:55 - 00000562 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-4116406913-743611772-3940053389-1000.job
2016-11-14 21:49 - 2016-03-08 15:55 - 00000658 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-4116406913-743611772-3940053389-1000.job
2016-11-14 21:41 - 2015-12-13 12:36 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-14 21:33 - 2015-12-13 12:39 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-14 21:33 - 2015-12-13 12:39 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-11-14 15:27 - 2013-12-08 23:29 - 00000000 ____D C:\Users\Byron\AppData\Roaming\Mozilla
2016-11-14 10:35 - 2009-07-14 00:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-14 10:35 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-11-14 09:39 - 2009-07-13 23:45 - 00031904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-14 09:39 - 2009-07-13 23:45 - 00031904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-13 09:18 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-13 08:50 - 2016-10-09 10:09 - 00000000 ____D C:\Windows\pss
2016-11-13 08:00 - 2012-11-21 16:27 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-11-12 13:59 - 2015-04-26 14:21 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-11-11 15:40 - 2015-10-04 12:52 - 00000000 ___RD C:\Users\Byron\Dropbox
2016-11-11 15:40 - 2015-10-04 12:49 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-11-11 13:47 - 2015-04-18 22:33 - 00000000 ____D C:\Users\Byron\Desktop\Business
2016-11-11 13:45 - 2009-07-13 23:45 - 00277624 _____ C:\Windows\system32\FNTCACHE.DAT
2016-11-10 15:39 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-11-10 09:48 - 2014-04-23 19:18 - 00000000 ____D C:\Users\Byron\AppData\Roaming\vlc
2016-11-09 22:19 - 2015-10-04 12:49 - 00003902 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA
2016-11-09 22:19 - 2015-10-04 12:49 - 00003650 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore
2016-11-09 13:30 - 2014-12-24 23:43 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-11-08 19:05 - 2016-05-25 14:21 - 00000000 ____D C:\Users\Byron\Desktop\J Lockhart
2016-11-08 12:01 - 2014-12-24 23:48 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-11-08 12:01 - 2013-12-08 23:58 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-11-08 12:01 - 2013-12-08 23:58 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-11-08 12:01 - 2013-12-08 23:58 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-11-08 12:01 - 2013-12-08 23:58 - 00000000 ____D C:\Windows\system32\Macromed
2016-11-07 12:48 - 2015-04-05 21:23 - 00000000 ____D C:\Users\Byron\AppData\Roaming\Epson
2016-11-07 12:48 - 2015-04-05 21:21 - 00000000 ____D C:\ProgramData\EPSON
2016-11-04 14:49 - 2016-03-08 15:55 - 00003684 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-4116406913-743611772-3940053389-1000
2016-11-04 14:49 - 2016-03-08 15:55 - 00003588 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-4116406913-743611772-3940053389-1000
2016-10-29 12:17 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\ModemLogs
2016-10-29 11:32 - 2015-05-06 16:05 - 00000000 ____D C:\Qoobox
2016-10-29 11:18 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini
2016-10-29 11:06 - 2015-05-06 15:58 - 05658651 ____R (Swearware) C:\Users\Byron\Downloads\ComboFix.exe
2016-10-29 10:17 - 2014-07-22 08:32 - 00000000 ____D C:\Users\Byron\Desktop\Facebook Stuff
2016-10-27 20:22 - 2010-11-20 22:27 - 00485032 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-10-26 07:30 - 2013-12-08 23:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-10-15 15:04 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-10-15 15:04 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\Dism
2016-10-15 00:36 - 2016-05-06 09:52 - 00000000 ____D C:\Users\Byron\AppData\Local\ElevatedDiagnostics

==================== Files in the root of some directories =======

2013-12-08 23:16 - 2013-12-08 23:16 - 0000000 _____ () C:\Users\Byron\AppData\Local\AtStart.txt
2013-12-08 23:16 - 2013-12-08 23:16 - 0000000 _____ () C:\Users\Byron\AppData\Local\DSwitch.txt
2013-12-08 23:16 - 2013-12-08 23:16 - 0000000 _____ () C:\Users\Byron\AppData\Local\QSwitch.txt

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-24 00:45

==================== End of FRST.txt ============================

and the addition.txt file...

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-11-2016
Ran by Byron (14-11-2016 23:06:20)
Running from C:\Users\Byron\Downloads
Windows 7 Professional Service Pack 1 (X64) (2013-12-09 04:14:08)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4116406913-743611772-3940053389-500 - Administrator - Disabled)
Byron (S-1-5-21-4116406913-743611772-3940053389-1000 - Administrator - Enabled) => C:\Users\Byron
Guest (S-1-5-21-4116406913-743611772-3940053389-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4116406913-743611772-3940053389-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Disabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.32.18 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.18) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.18 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asus 802.11n Network Adapter (HKLM-x32\...\InstallShield_{22EA200E-F498-43DF-BCF7-21317D17F786}) (Version: 1.0.0.18 - ASUSTeK)
Asus 802.11n Network Adapter (x32 Version: 1.0.0.18 - ASUSTeK) Hidden
Asus USB-N10 Manuals (HKLM-x32\...\InstallShield_{0A48A469-CD39-4D14-BF0A-BD437A998F37}) (Version: 1.0.0.12 - ASUSTeK)
Asus USB-N10 Manuals (x32 Version: 1.0.0.12 - ASUSTeK) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Citrix Online Launcher (HKLM-x32\...\{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}) (Version: 1.0.408 - Citrix)
CopyTrans Control Center Uninstall Only (HKU\S-1-5-21-4116406913-743611772-3940053389-1000\...\CopyTrans Suite) (Version: 4.013 - WindSolutions)
DirectAccess Setup (HKLM-x32\...\{DCCA5B2A-F589-478C-BD67-553F081C8E2D}) (Version: 2.0.0 - RBC)
Dropbox (HKLM-x32\...\Dropbox) (Version: 14.4.19 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.57.1 - Dropbox, Inc.) Hidden
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.4.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{44F72193-F59C-4303-BAE8-E3E4BC1C122C}) (Version: 3.01.0003 - Seiko Epson Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.46.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON XP-800 Series Printer Uninstall (HKLM\...\EPSON XP-800 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
E-Z Contact Book version 3.2.7.62 (HKLM-x32\...\{1B758D8A-B999-45AD-B7AA-14D10FDC19D2}_is1) (Version: 3.2.7.62 - Dmitri Karshakevich)
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.8.0 - Ellora Assets Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
GoToMeeting 7.26.0.5808 (HKU\S-1-5-21-4116406913-743611772-3940053389-1000\...\GoToMeeting) (Version: 7.26.0.5808 - CitrixOnline)
HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.17.1 - Hewlett-Packard Company)
HP Webcam Driver (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.50009.6 - Sonix)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6300.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
iTunes (HKLM\...\{6CF1A7E2-8001-4870-9F18-3C6CDD6FE9E3}) (Version: 12.2.1.16 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.710 - Oracle)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Media Preview (HKLM\...\{52AFC3E1-0FAA-4C05-88FF-373911EA68F5}) (Version: 1.4.3.429 - BabelSoft)
Microsoft .NET Framework 4.6 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.205.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Mozilla Firefox 49.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 49.0.2 (x86 en-US)) (Version: 49.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.2.6136 - Mozilla)
NVIDIA Graphics Driver 296.67 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 296.67 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.12.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.12.0 - NVIDIA Corporation)
NVIDIA nView 136.28 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 136.28 - NVIDIA Corporation)
Pandora Service (HKLM-x32\...\4F6D5E84-5826-4394-9F40-3A9A19165651_is1) (Version:  - Pandora.TV) <==== ATTENTION
QLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) Hidden
RealDownloader (x32 Version: 18.1.0.1233 - RealNetworks, Inc.) Hidden
RealDownloader (x32 Version: 18.1.4.144 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealTimes (RealPlayer) (HKLM-x32\...\RealPlayer 18.1) (Version: 18.1.0 - RealNetworks)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
RICOH Media Driver (HKLM-x32\...\{F5CC2EF8-20A4-4366-A681-3FE849E65809}) (Version: 2.13.00.05 - RICOH)
Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.)
SlingPlayer (HKLM-x32\...\InstallShield_{3D08333C-C366-425D-8C2D-D05630D68A46}) (Version: 2.0.4522 - Sling Media)
SlingPlayer (x32 Version: 2.0.4522 - Sling Media) Hidden
Software Updater (HKLM-x32\...\{6DFBE8A2-CDBF-453E-B34C-32F202FCEE4C}) (Version: 4.2.1 - SEIKO EPSON CORPORATION)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.24.0 - Synaptics Incorporated)
System Mechanic (HKLM-x32\...\InstallShield_{49DCB5CB-235B-4A14-BD8E-1E9FC1B0311C}) (Version: 16.1.0.42 - iolo technologies, LLC)
System Mechanic (x32 Version: 16.1.0.42 - iolo technologies, LLC) Hidden
The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version:  - )
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
Validity WBF DDK (HKLM\...\{DA83578A-7DB2-4CF6-9453-CF24C7917AB8}) (Version: 4.3.301.0 - Validity Sensors, Inc.)
Video Downloader (x32 Version: 1.2.0 - RealNetworks) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4116406913-743611772-3940053389-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Byron\AppData\Local\Citrix\GoToMeeting\4431\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04481745-DDBE-4CAD-AF16-5EDB8B539AF0} - System32\Tasks\G2MUpdateTask-S-1-5-21-4116406913-743611772-3940053389-1000 => C:\Users\Byron\AppData\Local\Citrix\GoToMeeting\5808\g2mupdate.exe [2016-11-04] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {0ABC89E6-2A36-46BB-AE84-4AEA0ECA4A71} - System32\Tasks\ioloActiveCare => C:\Program Files (x86)\iolo\System Mechanic\SystemMechanic.exe [2016-09-16] (iolo technologies, LLC)
Task: {0ED61B0C-64ED-42C2-8C0F-789ED59C2010} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4116406913-743611772-3940053389-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2015-09-16] (RealNetworks, Inc.)
Task: {0F0FECC0-8132-4ACE-9086-625F29857E85} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-08] (Adobe Systems Incorporated)
Task: {181B7A8F-2AFB-430E-A8A6-7A72EFB433B7} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4116406913-743611772-3940053389-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2015-09-16] (RealNetworks, Inc.)
Task: {331376AA-5BB8-4030-942E-339FAE92527B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-13] (Google Inc.)
Task: {380B2422-D8E6-4003-A462-8C466F521C65} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-4116406913-743611772-3940053389-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2015-09-16] (RealNetworks, Inc.)
Task: {4462520B-D264-4D6A-9E50-10132F502382} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {4AD7D547-8CF7-4823-BB08-2AD1AEDDE4D1} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {6B025B96-0687-40F5-8473-C1296A6564ED} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-4116406913-743611772-3940053389-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2015-09-16] (RealNetworks, Inc.)
Task: {84EA4519-9397-4DD9-A8DB-8E2053C60E1A} - System32\Tasks\iolo Process Governor => C:\Program Files (x86)\iolo\System Mechanic\iologovernor64.exe [2016-09-16] (iolo technologies, LLC)
Task: {871254CB-B51B-42B5-9E21-8884EBF869DA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-13] (Google Inc.)
Task: {AFA901A3-6D40-44CD-AFF8-A4F96D16EB49} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-4116406913-743611772-3940053389-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2015-09-16] (RealNetworks, Inc.)
Task: {BE8906A6-6E88-4D02-97E0-C9DC7198B1A9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {C045A1D8-949D-4FA6-B272-80FDF4723695} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-08-30] (Microsoft Corporation)
Task: {C39055FC-1C82-42AF-A236-985BE09027FB} - System32\Tasks\G2MUploadTask-S-1-5-21-4116406913-743611772-3940053389-1000 => C:\Users\Byron\AppData\Local\Citrix\GoToMeeting\5808\g2mupload.exe [2016-11-04] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {D5D2CD2E-12F9-4837-9D0B-358DCA02F94A} - System32\Tasks\ioloSmartUpdater => C:\Program Files (x86)\iolo\System Mechanic\ioloSmartUpdater.exe [2016-09-16] (iolo technologies, LLC)
Task: {EAE73190-3C06-428D-94CC-755A7C5B728D} - System32\Tasks\ioloToaster => C:\Program Files (x86)\iolo\System Mechanic\ioloToaster.exe [2016-09-16] (iolo technologies, LLC)
Task: {EB255F1E-7E2F-441F-BD33-B6EB39C18C9F} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [2016-07-05] ()
Task: {F88D65A6-1906-4806-8D0A-01932AA75561} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-08-30] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-4116406913-743611772-3940053389-1000.job => C:\Users\Byron\AppData\Local\Citrix\GoToMeeting\5808\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-4116406913-743611772-3940053389-1000.job => C:\Users\Byron\AppData\Local\Citrix\GoToMeeting\5808\g2mupload.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-05-15 15:26 - 2015-05-15 15:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 15:26 - 2015-05-15 15:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-07-05 17:18 - 2016-07-05 17:18 - 00714992 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
2015-05-03 05:21 - 2016-03-17 18:37 - 01277952 _____ () C:\Program Files (x86)\PANDORA.TV\PanService\avformat-53.dll
2015-05-03 05:21 - 2012-07-09 16:57 - 02090496 _____ () C:\Program Files (x86)\PANDORA.TV\PanService\avcodec-53.dll
2015-05-03 05:21 - 2011-12-06 15:19 - 00133632 _____ () C:\Program Files (x86)\PANDORA.TV\PanService\avutil-51.dll
2015-05-03 05:21 - 2012-03-23 09:07 - 00224768 _____ () C:\Program Files (x86)\PANDORA.TV\PanService\libupnp.dll
2015-10-19 13:53 - 2015-10-19 13:53 - 00022312 _____ () C:\Program Files (x86)\Real\RealPlayer\RPDS\Tools\ffmpeg\mediautil.dll
2015-10-19 13:53 - 2015-10-19 13:53 - 01520936 _____ () C:\Program Files (x86)\Real\RealPlayer\RPDS\Tools\ffmpeg\avformat-55.dll
2015-10-19 13:53 - 2015-10-19 13:53 - 04274984 _____ () C:\Program Files (x86)\Real\RealPlayer\RPDS\Tools\ffmpeg\avcodec-55.dll
2015-10-19 13:53 - 2015-10-19 13:53 - 00322856 _____ () C:\Program Files (x86)\Real\RealPlayer\RPDS\Tools\ffmpeg\avutil-52.dll
2012-09-23 23:43 - 2012-09-23 23:43 - 00313992 _____ () C:\Program Files (x86)\Adobe\Reader 11.0\Reader\sqlite.dll
2013-09-05 09:04 - 2013-09-05 09:04 - 14588632 _____ () C:\Program Files (x86)\Adobe\Reader 11.0\Reader\NPSWF32.dll
2016-07-05 17:13 - 2016-07-05 17:13 - 01382048 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\cpprest100_1_2.dll
2015-10-19 13:53 - 2015-10-19 13:53 - 00653096 _____ () C:\Program Files (x86)\Real\RealPlayer\RPDS\Lib\r1api.dll
2016-07-05 17:18 - 2016-07-05 17:18 - 00077552 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\dtvhooks.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Byron\Desktop\Get Started with Dropbox.pdf:com.dropbox.attributes [168]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2016-09-28 23:06 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4116406913-743611772-3940053389-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Byron\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AESTFilters => 2
MSCONFIG\Services: AgereModemAudio => 2
MSCONFIG\Services: dbupdate => 2
MSCONFIG\Services: PanService => 2
MSCONFIG\Services: RealPlayerUpdateSvc => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: SpeedupService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RealTimes.lnk => C:\Windows\pss\RealTimes.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Byron^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^zSpeedup.lnk => C:\Windows\pss\zSpeedup.lnk.Startup
MSCONFIG\startupreg: Avira System Speedup User Starter => "C:\Program Files (x86)\Avira\AviraSpeedup\Avira.SystemSpeedup.Core.Common.Starter.exe"
MSCONFIG\startupreg: Dropbox => "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
MSCONFIG\startupreg: IMSS => "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
MSCONFIG\startupreg: nwiz => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
MSCONFIG\startupreg: ProductUpdater => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{E05ED506-0DC5-47B9-9FE6-F39B6BB83E19}E:\drivethelife\drivethelife.exe] => (Allow) E:\drivethelife\drivethelife.exe
FirewallRules: [UDP Query User{9B224E3A-0DFE-4C7F-907B-096E8B52131D}E:\drivethelife\drivethelife.exe] => (Allow) E:\drivethelife\drivethelife.exe
FirewallRules: [{8345E178-C83C-48F3-A0CC-94BF64048F21}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4C8E3529-DC48-48FC-8B61-E8E06D358646}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{80A6F309-422E-4387-AAE7-B9C0DCF286D9}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{ED6BD638-1647-4C78-96D8-5685E9A4462C}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{C0430ECF-0541-4AC1-B8BB-61886AA96B94}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{C913FD10-DD7D-4FD2-BE54-C8C9055068FD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8C60CDE4-4598-4411-98A6-ED868879182B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2DA5B0F7-703A-47C5-A423-8B304445EB25}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A3885C91-C2C0-4C84-B5A8-3AE529DEB1ED}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BC06794B-DDFF-47C8-81F1-65A0CC5BF032}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{A0E4BFE1-A7E5-4D5C-A698-BDC2A7073CFB}] => (Allow) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [{674BCE82-2D2F-4EC8-81C4-8D096BE0B6A8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7AB3DB2D-F101-49D4-8137-E9660A51D55F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{441C762D-0E97-407F-AF14-7E898A1F36BC}] => (Allow) C:\Users\Byron\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{3FB37932-1FC1-47A7-B429-1FA13967A509}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe
FirewallRules: [{4E37001B-904A-4A5B-B947-03D44B4BB50C}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe
FirewallRules: [{068731F6-6CEA-4FF2-870C-3B28A3DC8A58}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
FirewallRules: [{50479842-EACE-4028-8FF4-9D6584C8325F}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
FirewallRules: [{25F98D3B-8773-4C1D-9F48-FBEA3690A9C3}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{F6D9359C-1C40-4E99-8EA4-4A6D942EBF25}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe
FirewallRules: [{B0004842-B5BD-47D3-BDD8-C5958D67B86C}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe
FirewallRules: [{16F35331-4C5B-4314-9DA6-444E3F214CA5}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
FirewallRules: [{4646B9CF-876E-4872-9366-64B32A6B7C30}] => (Allow) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
FirewallRules: [{91B4A6B4-906B-4692-BA2F-CD77884975A8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

13-11-2016 07:59:54 Installed System Mechanic

==================== Faulty Device Manager Devices =============

Name: MpKsl8dda75ca
Description: MpKsl8dda75ca
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: MpKsl8dda75ca
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/14/2016 09:31:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13799006

Error: (11/14/2016 09:31:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13799006

Error: (11/14/2016 09:31:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/14/2016 05:41:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1077

Error: (11/14/2016 05:41:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1077

Error: (11/14/2016 05:41:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/14/2016 10:35:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: downloader2.exe, version: 18.1.4.144, time stamp: 0x577c5c60
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x1104
Faulting application start time: 0x01d23e5ff24db805
Faulting application path: C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
Faulting module path: unknown
Report Id: 0395fd47-aa80-11e6-aa81-705ab6aeb034

Error: (11/14/2016 05:15:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12122

Error: (11/14/2016 05:15:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12122

Error: (11/14/2016 05:15:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (11/14/2016 09:35:51 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR3.

Error: (11/13/2016 10:49:51 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {96D1EED3-701E-4FE5-B996-A543A8465897} did not register with DCOM within the required timeout.

Error: (11/13/2016 09:19:59 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
 and APPID
{344ED43D-D086-4961-86A6-1106F4ACAD9B}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Error: (11/13/2016 09:19:41 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Freemake Improver service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/13/2016 09:19:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Ricoh xD-Picture Card Driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (11/13/2016 09:19:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The rimsptsk service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (11/13/2016 09:19:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The rimmptsk service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (11/13/2016 09:18:59 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DTLService service failed to start due to the following error:
The system cannot find the file specified.

Error: (11/13/2016 09:18:59 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DriverGenius PNP Service service failed to start due to the following error:
The system cannot find the file specified.

Error: (11/11/2016 01:46:48 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.


CodeIntegrity:
===================================
  Date: 2016-09-29 00:00:13.786
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-09-29 00:00:13.729
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-09-29 00:00:13.672
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-09-29 00:00:13.618
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-02-07 09:07:58.631
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-02-07 09:07:58.592
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-02-07 09:07:58.553
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-02-07 09:07:58.512
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-11-22 00:02:20.078
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-11-22 00:02:20.042
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5 CPU M 540 @ 2.53GHz
Percentage of memory in use: 51%
Total physical RAM: 3889.82 MB
Available physical RAM: 1875.74 MB
Total Virtual: 7777.82 MB
Available Virtual: 5115.21 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.75 GB) (Free:144.83 GB) NTFS
Drive d: (Asus WLAN N10) (CDROM) (Total:0.24 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 81D9D3A7)
Partition 1: (Active) - (Size=142 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

 

Link to post
Share on other sites

  • Staff

Hello and :welcome:

 

Check Disk

  • Press the WindowsKey.png on your keyboard. Type cmd and right click >> Run as Administrator.
  • Copy/Enter the command below and press Enter:
  • chkdsk C: /r
  • You should get a message to schedule Check Disk at next system restart. Please type Y and press Enter.
  • All you should do now is to restart your PC and let the Check Disk process finish uninterrupted.

Check Disk report:
  • Press the WindowsKey.png + R on your keyboard at the same time. Type eventvwr and click OK.
  • In the left panel, expand Windows Logs and then click on Application.
  • Now, on the right side, click on Filter Current Log.
  • Under Event Sources, check only Wininit and click OK.
  • Now you'll be presented with one or multiple Wininit logs.
  • Click on an entry corresponding to the date and time of the disk check.
  • On the top main menu, click Action > Copy > Copy Details as Text.
  • Paste the contents into your next reply.
Edited by TwinHeadedEagle
Link to post
Share on other sites

Thank you for your help.

Here is the requested log...

Log Name:      Application
Source:        Microsoft-Windows-Wininit
Date:          11/16/2016 9:00:48 AM
Event ID:      1001
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      Byron-PC
Description:


Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.                         

CHKDSK is verifying files (stage 1 of 5)...
Cleaning up instance tags for file 0xfdfd.
  206848 file records processed.                                         

File verification completed.
  967 large file records processed.                                   

  0 bad file records processed.                                     

  2 EA records processed.                                           

  43 reparse records processed.                                      

CHKDSK is verifying indexes (stage 2 of 5)...
  277452 index entries processed.                                        

Index verification completed.
  0 unindexed files scanned.                                        

  0 unindexed files recovered.                                      

CHKDSK is verifying security descriptors (stage 3 of 5)...
  206848 file SDs/SIDs processed.                                        

Cleaning up 980 unused index entries from index $SII of file 0x9.
Cleaning up 980 unused index entries from index $SDH of file 0x9.
Cleaning up 980 unused security descriptors.
Security descriptor verification completed.
  35303 data files processed.                                           

CHKDSK is verifying Usn Journal...
  37225816 USN bytes processed.                                            

Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
  206832 files processed.                                                

File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
  40239728 free clusters processed.                                        

Free space verification is complete.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
Windows has made corrections to the file system.

 244051964 KB total disk space.
  82677332 KB in 143561 files.
     97184 KB in 35304 indexes.
         0 KB in bad sectors.
    318536 KB in use by the system.
     65536 KB occupied by the log file.
 160958912 KB available on disk.

      4096 bytes in each allocation unit.
  61012991 total allocation units on disk.
  40239728 allocation units available on disk.

Internal Info:
00 28 03 00 bc ba 02 00 b2 2c 05 00 00 00 00 00  .(.......,......
6f 0c 00 00 2b 00 00 00 00 00 00 00 00 00 00 00  o...+...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

Windows has finished checking your disk.
Please wait while your computer restarts.

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
    <EventID Qualifiers="16384">1001</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2016-11-16T14:00:48.000000000Z" />
    <EventRecordID>211714</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>Byron-PC</Computer>
    <Security />
  </System>
  <EventData>
    <Data>

Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.                         

CHKDSK is verifying files (stage 1 of 5)...
Cleaning up instance tags for file 0xfdfd.
  206848 file records processed.                                         

File verification completed.
  967 large file records processed.                                   

  0 bad file records processed.                                     

  2 EA records processed.                                           

  43 reparse records processed.                                      

CHKDSK is verifying indexes (stage 2 of 5)...
  277452 index entries processed.                                        

Index verification completed.
  0 unindexed files scanned.                                        

  0 unindexed files recovered.                                      

CHKDSK is verifying security descriptors (stage 3 of 5)...
  206848 file SDs/SIDs processed.                                        

Cleaning up 980 unused index entries from index $SII of file 0x9.
Cleaning up 980 unused index entries from index $SDH of file 0x9.
Cleaning up 980 unused security descriptors.
Security descriptor verification completed.
  35303 data files processed.                                           

CHKDSK is verifying Usn Journal...
  37225816 USN bytes processed.                                            

Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
  206832 files processed.                                                

File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
  40239728 free clusters processed.                                        

Free space verification is complete.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
Windows has made corrections to the file system.

 244051964 KB total disk space.
  82677332 KB in 143561 files.
     97184 KB in 35304 indexes.
         0 KB in bad sectors.
    318536 KB in use by the system.
     65536 KB occupied by the log file.
 160958912 KB available on disk.

      4096 bytes in each allocation unit.
  61012991 total allocation units on disk.
  40239728 allocation units available on disk.

Internal Info:
00 28 03 00 bc ba 02 00 b2 2c 05 00 00 00 00 00  .(.......,......
6f 0c 00 00 2b 00 00 00 00 00 00 00 00 00 00 00  o...+...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

Windows has finished checking your disk.
Please wait while your computer restarts.
</Data>
  </EventData>
</Event>

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.