carntsen Posted October 2, 2018 ID:1272967 Share Posted October 2, 2018 Hello, I am receiving the below from MB every time I open a new IE tab. Please assist. Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 10/2/18 Protection Event Time: 12:16 PM Log File: 849eb7de-c65e-11e8-badb-7446a0abc8fa.json -Software Information- Version: 3.6.1.2711 Components Version: 1.0.463 Update Package Version: 1.0.7139 License: Trial -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: System -Exploit Details- File: 0 (No malicious items detected) Exploit: 1 Malware.Exploit.Agent.Generic, , Blocked, [0], [392684],0.0.0 -Exploit Data- Affected Application: Internet Explorer (and add-ons) Protection Layer: Application Hardening Protection Technique: Attempt to execute VBScript blocked File Name: C:\Windows\system32\VBScript.dll URL: (end) Link to post Share on other sites More sharing options...
kevinf80 Posted October 2, 2018 ID:1273006 Share Posted October 2, 2018 Hello carntsen and welcome to Malwarebytes, Continue with the following: If you do not have Malwarebytes installed do the following: Download Malwarebytes version 3 from the following link:https://www.malwarebytes.com/mwb-download/thankyou/ Double click on the installer and follow the prompts. If necessary select the Blue Help tab for video instructions.... When the install completes or Malwarebytes is already installed do the following: Open Malwarebytes, select > "settings" > "protection tab" Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on.... Go back to "DashBoard" select the Blue "Scan Now" tab...... When the scan completes quarantine any found entries... To get the log from Malwarebytes do the following: Click on the Report tab > from main interface. Double click on the Scan log which shows the Date and time of the scan just performed. Click Export > From export you have two options:Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your replyText file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply… Next, Download AdwCleaner by Malwarebytes onto your Desktop. Or from this Mirror Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Accept the EULA (I accept), then click on Scan Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all the active processes Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply Next, Download Farbar Recovery Scan Tool and save it to your desktop. Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.htmlNote: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way... Be aware FRST must be run from an account with Administrator status... Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.) Make sure Addition.txt is checkmarked under "Optional scans" Press Scan button to run the tool.... It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The tool will also make a log named (Addition.txt) Please attach that log to your reply. Let me see those logs in your reply... Thank you, Kevin.... Link to post Share on other sites More sharing options...
carntsen Posted October 3, 2018 Author ID:1273177 Share Posted October 3, 2018 Here is log from MB Scan after rootkit enabled... Moving on to AdwCleaner step Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 10/3/18 Scan Time: 2:06 AM Log File: 7867c1ee-c6d2-11e8-9137-7446a0abc8fa.json -Software Information- Version: 3.6.1.2711 Components Version: 1.0.463 Update Package Version: 1.0.7149 License: Trial -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: System -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Scheduler Result: Completed Objects Scanned: 478869 Threats Detected: 0 Threats Quarantined: 0 Time Elapsed: 11 min, 34 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) Link to post Share on other sites More sharing options...
carntsen Posted October 3, 2018 Author ID:1273182 Share Posted October 3, 2018 AdwCleaner Log File..... # ------------------------------- # Malwarebytes AdwCleaner 7.2.4.0 # ------------------------------- # Build: 09-25-2018 # Database: 2018-10-01.2 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 10-03-2018 # Duration: 00:00:02 # OS: Windows 7 Professional # Cleaned: 3 # Failed: 2 ***** [ Services ] ***** No malicious services cleaned. ***** [ Folders ] ***** No malicious folders cleaned. ***** [ Files ] ***** No malicious files cleaned. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks cleaned. ***** [ Registry ] ***** Deleted HKCU\Software\AppDataLow\Software\adawarebp Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} Deleted HKCU\Software\Softonic ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries cleaned. ***** [ Chromium URLs ] ***** Not Deleted Ask Not Deleted AOL ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* AdwCleaner[S00].txt - [3306 octets] - [13/09/2018 18:24:53] AdwCleaner[C00].txt - [3050 octets] - [13/09/2018 18:25:06] AdwCleaner[S01].txt - [1652 octets] - [03/10/2018 16:06:45] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ########## Link to post Share on other sites More sharing options...
carntsen Posted October 3, 2018 Author ID:1273186 Share Posted October 3, 2018 FRST Log Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03.10.2018 01 Ran by CArntsen (administrator) on DT-CARNTSEN2 (03-10-2018 16:13:59) Running from C:\Users\arntsenc\Downloads Loaded Profiles: CArntsen (Available Profiles: jdsmith & CArntsen & Service & kasadmin & GFranklin & xbase1) Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe (AMD) C:\Windows\System32\atiesrxx.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Cisco Systems, Inc.) C:\Program Files\Cisco\AMP\6.0.5\sfc.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe (AMD) C:\Windows\System32\atieclxx.exe (International Business Machines Corporation) C:\Program Files\IBM\SQLLIB\BIN\db2mgmtsvc.exe (Juniper Networks) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (LabTech Software) C:\Windows\LTSvc\LTSVC.exe (LabTech Software) C:\Windows\LTSvc\LTSvcMon.exe (McAfee LLC.) C:\Program Files\McAfee\Agent\macmnsvc.exe (Seagull Scientific, Inc.) C:\Program Files (x86)\Seagull\BarTender Suite\Maestro.Service.exe (McAfee LLC.) C:\Program Files\McAfee\Agent\masvc.exe () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe (McAfee LLC.) C:\Program Files\McAfee\Agent\x86\macompatsvc.exe (McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe (Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Research in Motion\Tunnel Manager\mDNSResponder.exe () C:\Program Files (x86)\ScreenConnect Client (889927366ea076b3)\ScreenConnect.ClientService.exe (McAfee, LLC) C:\Windows\System32\mfevtps.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (McAfee LLC.) C:\Program Files\Common Files\McAfee\AVSolution\mcshield.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe (McAfee, LLC.) C:\Program Files\McAfee\Endpoint Security\Endpoint Security Platform\mfeesp.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (LabTech) C:\Windows\LTSvc\labvnc.exe (RealVNC Ltd) C:\Program Files\RealVNC\VNC Server\vncserver.exe (McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfehcs.exe (McAfee, LLC) C:\Windows\System32\mfevtps.exe (RealVNC Ltd) C:\Program Files\RealVNC\VNC Server\vncserver.exe (Research In Motion Limited) C:\Program Files (x86)\Common Files\Research in Motion\Tunnel Manager\tunmgr.exe (McAfee, LLC.) C:\Program Files\McAfee\Endpoint Security\Threat Prevention\mfetp.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (McAfee LLC.) C:\Program Files\McAfee\Agent\x86\mfemactl.exe (Research In Motion Limited) C:\Program Files (x86)\Common Files\Research in Motion\USB Drivers\BbDevMgr.exe (McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfecanary.exe (LabTech) C:\Windows\LTSvc\labvnc.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe (Cisco WebEx LLC) C:\Program Files (x86)\WebEx\Productivity Tools\ptim.exe (Cisco WebEx LLC) C:\Program Files (x86)\WebEx\Productivity Tools\ptsrv.exe (Dropbox, Inc.) C:\Users\arntsenc\AppData\Roaming\Dropbox\bin\Dropbox.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (ScreenConnect Software) C:\Program Files (x86)\ScreenConnect Client (889927366ea076b3)\ScreenConnect.WindowsClient.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Dropbox, Inc.) C:\Users\arntsenc\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) C:\Users\arntsenc\AppData\Roaming\Dropbox\bin\Dropbox.exe (Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Cisco Systems, Inc.) C:\Program Files\Cisco\AMP\6.0.5\iptray.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (McAfee LLC.) C:\Program Files\McAfee\Agent\x86\UpdaterUI.exe (McAfee LLC.) C:\Program Files\McAfee\Agent\x86\mctray.exe (LabTech Software) C:\Windows\LTSvc\LTTray.exe (RealVNC Ltd) C:\Program Files\RealVNC\VNC Server\vncserver.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Seagull Scientific, Inc.) C:\Program Files (x86)\Seagull\BarTender Suite\BtSystem.Service.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe () C:\Program Files (x86)\Seagull\BarTender Suite\CmdrSrv.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Ipswitch) C:\Program Files (x86)\Ipswitch\WS_FTP 12\WsftpCOMHelper.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6839952 2012-09-13] (Realtek Semiconductor) HKLM\...\Run: [Seagull Drivers] => ssdal_nc.exe startup HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133400 2012-02-21] (Intel Corporation) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [290688 2012-10-24] (Intel Corporation) HKLM-x32\...\Run: [googletalk] => C:\Program Files (x86)\Google\Google Talk\googletalk.exe [3739648 2007-01-01] (Google) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.) HKLM-x32\...\Run: [Immunet Protect] => C:\Program Files\Cisco\AMP\6.0.5\iptray.exe [3949760 2018-01-26] (Cisco Systems, Inc.) HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6788032 2018-04-20] (Safer-Networking Ltd.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation) HKLM-x32\...\Run: [McAfeeUpdaterUI] => C:\Program Files\McAfee\Agent\x86\UpdaterUI.exe [532184 2017-06-14] (McAfee LLC.) HKU\S-1-5-21-52592350-14834091-22564546-1052 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <==== ATTENTION HKU\S-1-5-21-52592350-14834091-22564546-1052 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <==== ATTENTION HKU\S-1-5-21-52592350-14834091-22564546-1052 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <==== ATTENTION HKU\S-1-5-21-52592350-14834091-22564546-1052 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <==== ATTENTION Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\DeviceNP: C:\Windows\SysWOW64\DeviceNP.dll [2012-09-04] (Hewlett-Packard Company) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKLM\...\Policies\Explorer: [HideSCAHealth] 1 HKU\S-1-5-21-52592350-14834091-22564546-1052\...\Run: [Lync] => C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe [23800400 2018-10-03] (Microsoft Corporation) HKU\S-1-5-21-52592350-14834091-22564546-1052\...\Run: [AirDroid 3] => C:\Program Files (x86)\AirDroid\AirDroid.exe /start HKU\S-1-5-21-52592350-14834091-22564546-1052\...\Run: [Dropbox Update] => C:\Users\arntsenc\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.) HKU\S-1-5-21-52592350-14834091-22564546-1052\...\Run: [PTIM.exe] => C:\Program Files (x86)\WebEx\Productivity Tools\PTIM.exe [999256 2017-03-21] (Cisco WebEx LLC) HKU\S-1-5-21-52592350-14834091-22564546-1052\...\Run: [Google Update] => C:\Users\arntsenc\AppData\Local\Google\Update\1.3.33.17\GoogleUpdateCore.exe [601680 2018-05-17] (Google Inc.) HKU\S-1-5-21-52592350-14834091-22564546-1052\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.) HKU\S-1-5-21-52592350-14834091-22564546-1052\...\RunOnce: [Uninstall C:\Users\arntsenc\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\arntsenc\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64" HKU\S-1-5-21-52592350-14834091-22564546-1052\...\Policies\Explorer: [NoWindowsUpdate] 0 HKU\S-1-5-21-52592350-14834091-22564546-1052\...\MountPoints2: {596b1d41-1bba-11e6-9ce2-025027971201} - D:\win\setup.exe -phs HKU\S-1-5-18\...\Policies\system: [SoftwareSASGeneration] 3 Lsa: [Notification Packages] DPPassFilter scecli Startup: C:\Users\arntsenc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2018-09-25] ShortcutTarget: Dropbox.lnk -> C:\Users\arntsenc\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\arntsenc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-09-11] ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation) BootExecute: autocheck autochk * sdnclean64.exe GroupPolicy: Restriction ? <==== ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.10.212 192.168.10.241 Tcpip\..\Interfaces\{47E12741-9CF4-4151-80C3-24A09C367A92}: [DhcpNameServer] 192.168.10.212 192.168.10.241 Internet Explorer: ================== HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://ca.yahoo.com/?fr=hp-avast&type=avastbcl HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-52592350-14834091-22564546-1052\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ca/ SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-52592350-14834091-22564546-1052 -> {29B0A42C-EC55-40A2-B2FC-0C66522F8AB9} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-10-03] (Microsoft Corporation) BHO: McAfee Endpoint Security ScriptScan -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\McAfee\Endpoint Security\Threat Prevention\mfeEpSS.Dll [2018-04-03] (McAfee, LLC.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2018-10-03] (Microsoft Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2018-09-10] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-12-04] (Oracle Corporation) BHO-x32: McAfee Endpoint Security ScriptScan -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\McAfee\Endpoint Security\Threat Prevention\mfeepss.dll [2018-04-03] (McAfee, LLC.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2018-10-03] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-12-04] (Oracle Corporation) Toolbar: HKU\S-1-5-21-52592350-14834091-22564546-1052 -> No Name - {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} - No File DPF: HKLM {5852F5ED-8BF4-11D4-A245-0080C6F74284} hxxp://javadl-esd.oracle.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab DPF: HKLM-x32 {5554DCB0-700B-498D-9B58-4E40E5814405} hxxp://sv-sql3/Reports/Reserved.ReportViewerWebControl.axd?ReportSession=vbjnnr45i0ootijrk21lilbh&Culture=1033&CultureOverrides=False&UICulture=9&UICultureOverrides=False&ReportStack=1&ControlID=417dce3a29804d59be2209a635547b42&OpType=PrintCab&Arch=X86 DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://accellos.endtoend.com/dana-cached/sc/JuniperSetupClient.cab Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-03] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-03] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-03] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-03] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\arntsenc\AppData\Roaming\Mozilla\Firefox\Profiles\thw5dh1a.default [2018-09-13] FF Homepage: Mozilla\Firefox\Profiles\thw5dh1a.default -> hxxps://www.google.ca/?gws_rd=ssl FF Extension: (PasswordBox) - C:\Users\arntsenc\AppData\Roaming\Mozilla\Firefox\Profiles\thw5dh1a.default\Extensions\firefox@passwordbox.com.xpi [2015-08-05] [Legacy] [not signed] FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt FF Extension: (DigitalPersona Extension) - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2013-08-15] [Legacy] [not signed] FF HKU\S-1-5-21-52592350-14834091-22564546-1052\...\Firefox\Extensions: [firefox@passwordbox.com] - C:\Program Files (x86)\PasswordBox\Firefox => not found FF HKU\S-1-5-21-52592350-14834091-22564546-1052\...\Firefox\Extensions: [ocplugin@webex.com] - C:\Program Files (x86)\WebEx\Productivity Tools FF Extension: (WebEx Productivity Tools) - C:\Program Files (x86)\WebEx\Productivity Tools [2017-03-21] [Legacy] [not signed] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_31_0_0_108.dll [2018-10-01] () FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_108.dll [2018-10-01] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-12-04] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-12-04] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-09-10] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-09-10] (Microsoft Corporation) FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2013-08-09] () FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.) FF Plugin-x32: @vmware.com/vmrc,version=5.1.0.00000 -> C:\Program Files (x86)\Common Files\VMware\VMware Remote Console Plug-in 5.1\Firefox\np-vmware-vmrc.dll [2013-12-06] (VMware, Inc.) FF Plugin-x32: @vmware.com/vmrc,version=5.5.0.00000 -> C:\Program Files (x86)\Common Files\VMware\VMware Remote Console Plug-in 5.5\Firefox\np-vmware-vmrc.dll [2015-08-28] (VMware, Inc.) FF Plugin-x32: @webex.com/npatgpc -> C:\ProgramData\WebEx\npatgpc.dll [2016-12-30] (Cisco WebEx LLC) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-05-10] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-52592350-14834091-22564546-1052: @talk.google.com/GoogleTalkPlugin -> C:\Users\arntsenc\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google) FF Plugin HKU\S-1-5-21-52592350-14834091-22564546-1052: @talk.google.com/O1DPlugin -> C:\Users\arntsenc\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google) FF Plugin HKU\S-1-5-21-52592350-14834091-22564546-1052: @tools.google.com/Google Update;version=3 -> C:\Users\arntsenc\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.) FF Plugin HKU\S-1-5-21-52592350-14834091-22564546-1052: @tools.google.com/Google Update;version=9 -> C:\Users\arntsenc\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.) FF Plugin HKU\S-1-5-21-52592350-14834091-22564546-1052: SkypeForBusinessPlugin-15.8 -> C:\Users\arntsenc\AppData\Local\Microsoft\SkypeForBusinessPlugin\15.8.20020.400\npGatewayNpapi.dll [2015-06-15] (Microsoft Corporation) FF Plugin HKU\S-1-5-21-52592350-14834091-22564546-1052: SkypeForBusinessPlugin64-15.8 -> C:\Users\arntsenc\AppData\Local\Microsoft\SkypeForBusinessPlugin\15.8.20020.400\npGatewayNpapi-x64.dll [2015-06-15] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Users\arntsenc\AppData\Roaming\mozilla\plugins\npatgpc.dll [2014-11-19] (Cisco WebEx LLC) FF Plugin ProgramFiles/Appdata: C:\Users\arntsenc\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google) FF Plugin ProgramFiles/Appdata: C:\Users\arntsenc\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google) FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\browser\defaults\preferences\disable-autoupdate.js [2014-02-19] Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\arntsenc\AppData\Local\Google\Chrome\User Data\Default [2018-10-03] CHR Extension: (Docs) - C:\Users\arntsenc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-26] CHR Extension: (Google Drive) - C:\Users\arntsenc\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-28] CHR Extension: (YouTube) - C:\Users\arntsenc\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-05] CHR Extension: (uBlock Origin) - C:\Users\arntsenc\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2018-10-03] CHR Extension: (Google Search) - C:\Users\arntsenc\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28] CHR Extension: (Boomerang - SOAP & REST Client) - C:\Users\arntsenc\AppData\Local\Google\Chrome\User Data\Default\Extensions\eipdnjedkpcnlmmdfdkgfpljanehloah [2017-10-26] CHR Extension: (Google Docs Offline) - C:\Users\arntsenc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-04] CHR Extension: (Cisco Webex Extension) - C:\Users\arntsenc\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2018-07-11] CHR Extension: (Chrome Web Store Payments) - C:\Users\arntsenc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-08] CHR Extension: (StartMeeting.com Scheduler) - C:\Users\arntsenc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnedppabchbjaplcbjpbkcjhpmfdhpin [2018-07-30] CHR Extension: (Gmail) - C:\Users\arntsenc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-07] CHR Extension: (Chrome Media Router) - C:\Users\arntsenc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-06] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 BarTender System Service; C:\Program Files (x86)\Seagull\BarTender Suite\BtSystem.Service.exe [36432 2014-11-08] (Seagull Scientific, Inc.) R3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [585728 2013-06-27] (Research In Motion Limited) [File not signed] R2 CiscoAMP_6.0.5; C:\Program Files\Cisco\AMP\6.0.5\sfc.exe [1250880 2018-01-26] (Cisco Systems, Inc.) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9680472 2018-09-26] (Microsoft Corporation) R2 Commander Service; C:\Program Files (x86)\Seagull\BarTender Suite\CmdrSrv.exe [1267280 2014-11-08] () R2 DB2MGMTSVC_DB2COPY1; C:\Program Files\IBM\SQLLIB\BIN\db2mgmtsvc.exe [45960 2012-05-25] (International Business Machines Corporation) R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [493904 2012-04-28] (DigitalPersona, Inc.) S3 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [477088 2012-09-04] (Hewlett-Packard Company) R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed] S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed] R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22744 2015-02-05] (Microsoft Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation) R2 LTService; C:\Windows\LTSvc\LTSVC.exe [2208184 2018-08-01] (LabTech Software) R2 LTSvcMon; C:\Windows\LTSvc\LTSvcMon.exe [187832 2018-09-04] (LabTech Software) R2 macmnsvc; C:\Program Files\McAfee\Agent\macmnsvc.exe [121648 2017-06-14] (McAfee LLC.) R2 Maestro; C:\Program Files (x86)\Seagull\BarTender Suite\Maestro.Service.exe [232528 2014-11-08] (Seagull Scientific, Inc.) R2 masvc; C:\Program Files\McAfee\Agent\masvc.exe [64384 2017-06-14] (McAfee LLC.) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes) R2 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1327104 2012-06-01] () [File not signed] R2 McAfeeFramework; C:\Program Files\McAfee\Agent\x86\macompatsvc.exe [223376 2017-06-14] (McAfee LLC.) S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [359888 2018-06-28] (McAfee, LLC) R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [512976 2018-06-28] (McAfee, LLC) R2 mfevtp; C:\Windows\system32\mfevtps.exe [473040 2018-06-28] (McAfee, LLC) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2015-10-30] (HP Inc.) [File not signed] R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2015-10-30] (HP Inc.) [File not signed] R2 RIM MDNS; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [389632 2013-08-15] (Apple Inc.) [File not signed] R2 RIM Tunnel Service; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe [1263616 2013-08-15] (Research In Motion Limited) [File not signed] R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201360 2012-08-31] (Realtek Semiconductor) R2 ScreenConnect Client (889927366ea076b3); C:\Program Files (x86)\ScreenConnect Client (889927366ea076b3)\ScreenConnect.ClientService.exe [89368 2018-05-03] () R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3892256 2018-04-20] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [3943664 2018-04-20] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233712 2018-02-06] (Safer-Networking Ltd.) R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-12-30] (DEVGURU Co., LTD.) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH) R2 tvnserver; C:\Windows\LTSvc\labvnc.exe [1640736 2017-07-26] (LabTech) R2 vncserver; C:\Program Files\RealVNC\VNC Server\vncserver.exe [4774208 2013-03-04] (RealVNC Ltd) S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 cpuz138; C:\Windows\TEMP\cpuz138\cpuz138_x64.sys [27320 2018-10-03] (CPUID) S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [64832 2012-09-04] (Hewlett-Packard Company) S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [152688 2018-09-11] (Malwarebytes) R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28216 2012-10-09] (Intel Corporation) S3 IFCoEMP; C:\Windows\system32\drivers\ifM60x64.sys [348944 2011-06-15] (Intel(R) Corporation) S3 IFCoEVB; C:\Windows\system32\drivers\ifP60X64.sys [70928 2011-06-15] (Intel(R) Corporation) R2 ImmunetNetworkMonitorDriver; C:\Windows\System32\Drivers\ImmunetNetworkMonitor.sys [119608 2018-01-26] (Cisco Systems, Inc.) R1 ImmunetProtectDriver; C:\Windows\System32\Drivers\immunetprotect.sys [113976 2018-01-26] (Cisco Systems, Inc.) R1 ImmunetSelfProtectDriver; C:\Windows\System32\Drivers\immunetselfprotect.sys [77624 2018-01-26] (Cisco Systems, Inc.) R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [200232 2018-09-27] (Malwarebytes) R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [118584 2018-10-03] (Malwarebytes) R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [58400 2018-10-03] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [260384 2018-10-03] (Malwarebytes) R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [100664 2018-10-03] (Malwarebytes) R3 mfeaack; C:\Windows\system32\drivers\mfeaack.sys [497568 2018-06-28] (McAfee, LLC) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [360352 2018-06-28] (McAfee, LLC) R0 MfeEpeOpal; C:\Windows\System32\Drivers\MfeEpeOpal.sys [90736 2012-06-01] (McAfee, Inc.) R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [158832 2012-06-01] (McAfee, Inc.) R3 mfeepmpk; C:\Windows\System32\drivers\mfeepmpk.sys [226616 2018-06-28] (McAfee, Inc.) S3 MfeEpNfcp; C:\Windows\System32\drivers\MfeEpNfcp.sys [90536 2017-11-08] (McAfee, Inc.) R3 mfefirek; C:\Windows\system32\drivers\mfefirek.sys [530336 2018-06-28] (McAfee, LLC) R3 mfehck; C:\Windows\system32\drivers\mfehck.sys [91040 2018-06-28] (McAfee, LLC) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [953248 2018-06-28] (McAfee, LLC) R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [543632 2018-03-14] (McAfee LLC.) S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [108432 2018-03-14] (McAfee LLC.) R1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [83872 2018-06-28] (McAfee, LLC) R3 mfeplk; C:\Windows\system32\drivers\mfeplk.sys [115616 2018-06-28] (McAfee, LLC) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [252832 2018-06-28] (McAfee, LLC) S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2013-08-15] () S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2013-06-27] (Research In Motion Limited) R3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [17920 2013-08-15] (Research in Motion Limited) R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd) S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.) S3 ss_conn_usb_driver; C:\Windows\System32\Drivers\ss_conn_usb_driver.sys [26392 2014-12-30] (DEVGURU Co., LTD.) U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2018-09-13] () R3 Trufos; C:\Windows\System32\Drivers\trufos.sys [442848 2018-01-26] (BitDefender S.R.L.) S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-08-15] (Microsoft Corporation) S3 LVPr2M64; system32\DRIVERS\LVPr2M64.sys [X] S3 mfeavfk01; \Device\mfeavfk01.sys [X] U4 warpview; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-10-03 16:13 - 2018-10-03 16:15 - 000035174 _____ C:\Users\arntsenc\Downloads\FRST.txt 2018-10-03 16:13 - 2018-10-03 16:13 - 000000000 ____D C:\FRST 2018-10-03 16:12 - 2018-10-03 16:12 - 002414080 _____ (Farbar) C:\Users\arntsenc\Downloads\FRST64.exe 2018-10-03 16:08 - 2018-10-03 16:08 - 000260384 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2018-10-03 16:08 - 2018-10-03 16:08 - 000118584 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2018-10-03 16:08 - 2018-10-03 16:08 - 000100664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2018-10-03 16:08 - 2018-10-03 16:08 - 000058400 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2018-10-03 16:04 - 2018-10-03 16:04 - 000000000 ___HD C:\OneDriveTemp 2018-10-03 15:56 - 2018-10-03 15:56 - 007592144 _____ (Malwarebytes) C:\Users\arntsenc\Downloads\adwcleaner_7.2.4.0.exe 2018-10-03 15:51 - 2018-10-03 15:51 - 000002423 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk 2018-10-03 15:51 - 2018-10-03 15:51 - 000002418 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk 2018-10-03 15:51 - 2018-10-03 15:51 - 000002417 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk 2018-10-03 15:51 - 2018-10-03 15:51 - 000002410 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visio.lnk 2018-10-03 15:51 - 2018-10-03 15:51 - 000002381 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk 2018-10-03 15:51 - 2018-10-03 15:51 - 000002380 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk 2018-10-03 15:51 - 2018-10-03 15:51 - 000002374 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk 2018-10-03 15:51 - 2018-10-03 15:51 - 000002368 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk 2018-10-03 15:51 - 2018-10-03 15:51 - 000002360 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk 2018-10-03 15:51 - 2018-10-03 15:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools 2018-10-03 03:01 - 2018-10-03 10:41 - 000003516 _____ C:\Windows\System32\Tasks\McAfee DAT Built in test 2018-10-01 23:37 - 2018-10-01 23:37 - 000003186 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-18 2018-10-01 23:21 - 2018-10-01 23:21 - 000000961 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk 2018-09-27 15:37 - 2018-09-27 15:37 - 000200232 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys 2018-09-27 15:37 - 2018-09-27 15:37 - 000000000 ____D C:\Users\arntsenc\AppData\Local\mbamtray 2018-09-27 15:37 - 2018-09-27 15:37 - 000000000 ____D C:\Users\arntsenc\AppData\Local\mbam 2018-09-27 15:36 - 2018-09-27 15:36 - 000001829 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2018-09-27 15:36 - 2018-09-27 15:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2018-09-27 15:36 - 2018-09-11 13:18 - 000152688 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys 2018-09-27 15:34 - 2018-09-27 15:34 - 080334792 ____N (Malwarebytes ) C:\Users\arntsenc\Desktop\mb3-setup-consumer-3.6.1.2711-1.0.463-1.0.6985.exe 2018-09-27 15:28 - 2018-09-27 15:29 - 000241168 _____ C:\TDSSKiller.3.1.0.17_27.09.2018_15.28.55_log.txt 2018-09-27 10:55 - 2018-09-27 10:55 - 000046326 _____ C:\Users\arntsenc\Downloads\Kitty Kat Kat a Kit Sep 26, 2018.pdf 2018-09-27 10:54 - 2018-09-27 10:54 - 000046320 _____ C:\Users\arntsenc\Downloads\Kitty Kat Kat a Kit Aug 27, 2018 (1).pdf 2018-09-25 13:44 - 2018-09-25 13:44 - 000000000 ____D C:\Users\arntsenc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2018-09-24 09:56 - 2018-09-24 09:56 - 007792496 _____ (Tim Kosse) C:\Users\arntsenc\Downloads\FileZilla_3.37.1_win64-setup.exe 2018-09-17 09:54 - 2018-09-17 09:54 - 000018985 _____ C:\Users\arntsenc\Downloads\3074669credit-efxcacdr.pdf 2018-09-14 07:33 - 2018-09-14 07:33 - 000000000 ____D C:\ProgramData\Dropbox 2018-09-13 19:02 - 2018-09-13 19:04 - 000000000 ____D C:\Program Files\CCleaner 2018-09-13 19:01 - 2018-09-13 19:01 - 016798624 _____ (Piriform Ltd) C:\Users\xbase1\Downloads\ccsetup546.exe 2018-09-13 19:01 - 2018-09-13 19:01 - 016798624 _____ (Piriform Ltd) C:\Users\xbase1\Downloads\ccsetup546 (1).exe 2018-09-13 18:56 - 2018-09-13 18:57 - 035452944 _____ (SUPERAntiSpyware) C:\Users\xbase1\Downloads\SUPERAntiSpyware.exe 2018-09-13 18:51 - 2016-01-13 05:36 - 000602296 _____ (HP) C:\Windows\SysWOW64\hpcdmc32.DLL 2018-09-13 18:51 - 2016-01-13 05:36 - 000448184 _____ (HP Inc.) C:\Windows\system32\hpcpn163.dll 2018-09-13 18:51 - 2016-01-13 05:35 - 000447160 _____ (HP Inc.) C:\Windows\SysWOW64\hpcc3163.dll 2018-09-13 18:39 - 2018-08-31 11:08 - 001311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll 2018-09-13 18:39 - 2018-08-31 11:08 - 000340480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll 2018-09-13 18:39 - 2018-08-29 21:47 - 001230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2018-09-13 18:39 - 2018-08-29 21:10 - 001424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2018-09-13 18:39 - 2018-08-28 01:50 - 000243200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys 2018-09-13 18:39 - 2018-08-24 15:47 - 000398424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2018-09-13 18:39 - 2018-08-24 14:47 - 000350296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2018-09-13 18:39 - 2018-08-23 19:05 - 025736704 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2018-09-13 18:39 - 2018-08-23 18:56 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2018-09-13 18:39 - 2018-08-23 18:56 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2018-09-13 18:39 - 2018-08-23 18:45 - 002902016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2018-09-13 18:39 - 2018-08-23 18:44 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2018-09-13 18:39 - 2018-08-23 18:43 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2018-09-13 18:39 - 2018-08-23 18:43 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2018-09-13 18:39 - 2018-08-23 18:43 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2018-09-13 18:39 - 2018-08-23 18:43 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2018-09-13 18:39 - 2018-08-23 18:37 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2018-09-13 18:39 - 2018-08-23 18:36 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2018-09-13 18:39 - 2018-08-23 18:34 - 005779456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2018-09-13 18:39 - 2018-08-23 18:34 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2018-09-13 18:39 - 2018-08-23 18:33 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2018-09-13 18:39 - 2018-08-23 18:33 - 000794624 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2018-09-13 18:39 - 2018-08-23 18:33 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2018-09-13 18:39 - 2018-08-23 18:33 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2018-09-13 18:39 - 2018-08-23 18:27 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2018-09-13 18:39 - 2018-08-23 18:24 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2018-09-13 18:39 - 2018-08-23 18:19 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2018-09-13 18:39 - 2018-08-23 18:18 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2018-09-13 18:39 - 2018-08-23 18:17 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2018-09-13 18:39 - 2018-08-23 18:15 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2018-09-13 18:39 - 2018-08-23 18:15 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2018-09-13 18:39 - 2018-08-23 18:13 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2018-09-13 18:39 - 2018-08-23 18:12 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2018-09-13 18:39 - 2018-08-23 18:03 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2018-09-13 18:39 - 2018-08-23 18:01 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2018-09-13 18:39 - 2018-08-23 18:01 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2018-09-13 18:39 - 2018-08-23 18:00 - 015283712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2018-09-13 18:39 - 2018-08-23 17:59 - 002136064 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2018-09-13 18:39 - 2018-08-23 17:59 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2018-09-13 18:39 - 2018-08-23 17:52 - 004510720 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2018-09-13 18:39 - 2018-08-23 17:40 - 001555456 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2018-09-13 18:39 - 2018-08-23 17:28 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2018-09-13 18:39 - 2018-08-23 17:27 - 020279296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2018-09-13 18:39 - 2018-08-23 17:25 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2018-09-13 18:39 - 2018-08-23 17:15 - 000497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2018-09-13 18:39 - 2018-08-23 17:14 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2018-09-13 18:39 - 2018-08-23 17:14 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2018-09-13 18:39 - 2018-08-23 17:14 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2018-09-13 18:39 - 2018-08-23 17:13 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2018-09-13 18:39 - 2018-08-23 17:12 - 002295808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2018-09-13 18:39 - 2018-08-23 17:09 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2018-09-13 18:39 - 2018-08-23 17:09 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2018-09-13 18:39 - 2018-08-23 17:07 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2018-09-13 18:39 - 2018-08-23 17:06 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2018-09-13 18:39 - 2018-08-23 17:06 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2018-09-13 18:39 - 2018-08-23 17:06 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2018-09-13 18:39 - 2018-08-23 17:00 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2018-09-13 18:39 - 2018-08-23 16:56 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2018-09-13 18:39 - 2018-08-23 16:56 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2018-09-13 18:39 - 2018-08-23 16:55 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2018-09-13 18:39 - 2018-08-23 16:54 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2018-09-13 18:39 - 2018-08-23 16:53 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2018-09-13 18:39 - 2018-08-23 16:52 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2018-09-13 18:39 - 2018-08-23 16:51 - 004494848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2018-09-13 18:39 - 2018-08-23 16:51 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2018-09-13 18:39 - 2018-08-23 16:48 - 013679616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2018-09-13 18:39 - 2018-08-23 16:46 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2018-09-13 18:39 - 2018-08-23 16:44 - 002059776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2018-09-13 18:39 - 2018-08-23 16:44 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2018-09-13 18:39 - 2018-08-23 16:44 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2018-09-13 18:39 - 2018-08-23 16:30 - 004037632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2018-09-13 18:39 - 2018-08-23 16:27 - 001329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2018-09-13 18:39 - 2018-08-23 16:24 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2018-09-13 18:39 - 2018-08-13 11:54 - 014183936 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2018-09-13 18:39 - 2018-08-13 11:54 - 002004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2018-09-13 18:39 - 2018-08-13 11:54 - 001888768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2018-09-13 18:39 - 2018-08-13 11:54 - 000056832 _____ (Microsoft Corporation) C:\Windows\system32\mf3216.dll 2018-09-13 18:39 - 2018-08-13 11:54 - 000008192 _____ (Microsoft Corporation) C:\Windows\system32\msimg32.dll 2018-09-13 18:39 - 2018-08-13 11:54 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll 2018-09-13 18:39 - 2018-08-13 11:54 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2018-09-13 18:39 - 2018-08-13 11:53 - 001867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll 2018-09-13 18:39 - 2018-08-13 11:53 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2018-09-13 18:39 - 2018-08-13 11:41 - 000313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2018-09-13 18:39 - 2018-08-13 11:40 - 012880896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2018-09-13 18:39 - 2018-08-13 11:40 - 001499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll 2018-09-13 18:39 - 2018-08-13 11:40 - 001390080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2018-09-13 18:39 - 2018-08-13 11:40 - 001241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2018-09-13 18:39 - 2018-08-13 11:40 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf3216.dll 2018-09-13 18:39 - 2018-08-13 11:40 - 000004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimg32.dll 2018-09-13 18:39 - 2018-08-13 11:40 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll 2018-09-13 18:39 - 2018-08-13 11:40 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2018-09-13 18:39 - 2018-08-12 16:32 - 000378464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2018-09-13 18:39 - 2018-08-12 16:31 - 001894496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2018-09-13 18:39 - 2018-08-12 16:31 - 000289376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2018-09-13 18:39 - 2018-08-12 16:28 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll 2018-09-13 18:39 - 2018-08-12 16:14 - 000018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll 2018-09-13 18:39 - 2018-08-10 11:59 - 005552816 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2018-09-13 18:39 - 2018-08-10 11:59 - 000154800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2018-09-13 18:39 - 2018-08-10 11:58 - 000385120 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2018-09-13 18:39 - 2018-08-10 11:58 - 000263776 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll 2018-09-13 18:39 - 2018-08-10 11:58 - 000096864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2018-09-13 18:39 - 2018-08-10 11:57 - 000708272 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2018-09-13 18:39 - 2018-08-10 11:57 - 000631624 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2018-09-13 18:39 - 2018-08-10 11:56 - 001664296 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2018-09-13 18:39 - 2018-08-10 11:55 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2018-09-13 18:39 - 2018-08-10 11:55 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2018-09-13 18:39 - 2018-08-10 11:55 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2018-09-13 18:39 - 2018-08-10 11:55 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2018-09-13 18:39 - 2018-08-10 11:55 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2018-09-13 18:39 - 2018-08-10 11:55 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll 2018-09-13 18:39 - 2018-08-10 11:55 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2018-09-13 18:39 - 2018-08-10 11:55 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2018-09-13 18:39 - 2018-08-10 11:55 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2018-09-13 18:39 - 2018-08-10 11:55 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2018-09-13 18:39 - 2018-08-10 11:55 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\wfapigp.dll 2018-09-13 18:39 - 2018-08-10 11:55 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2018-09-13 18:39 - 2018-08-10 11:54 - 001461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2018-09-13 18:39 - 2018-08-10 11:54 - 001211904 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2018-09-13 18:39 - 2018-08-10 11:54 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2018-09-13 18:39 - 2018-08-10 11:54 - 000828928 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll 2018-09-13 18:39 - 2018-08-10 11:54 - 000749568 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll 2018-09-13 18:39 - 2018-08-10 11:54 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2018-09-13 18:39 - 2018-08-10 11:54 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2018-09-13 18:39 - 2018-08-10 11:54 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2018-09-13 18:39 - 2018-08-10 11:54 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2018-09-13 18:39 - 2018-08-10 11:54 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2018-09-13 18:39 - 2018-08-10 11:54 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll 2018-09-13 18:39 - 2018-08-10 11:54 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2018-09-13 18:39 - 2018-08-10 11:54 - 000108544 _____ (Microsoft Corporation) C:\Windows\system32\icfupgd.dll 2018-09-13 18:39 - 2018-08-10 11:54 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2018-09-13 18:39 - 2018-08-10 11:54 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2018-09-13 18:39 - 2018-08-10 11:54 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2018-09-13 18:39 - 2018-08-10 11:54 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2018-09-13 18:39 - 2018-08-10 11:54 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2018-09-13 18:39 - 2018-08-10 11:54 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2018-09-13 18:39 - 2018-08-10 11:53 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2018-09-13 18:39 - 2018-08-10 11:53 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2018-09-13 18:39 - 2018-08-10 11:53 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2018-09-13 18:39 - 2018-08-10 11:53 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll 2018-09-13 18:39 - 2018-08-10 11:53 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2018-09-13 18:39 - 2018-08-10 11:53 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2018-09-13 18:39 - 2018-08-10 11:53 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2018-09-13 18:39 - 2018-08-10 11:53 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2018-09-13 18:39 - 2018-08-10 11:53 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2018-09-13 18:39 - 2018-08-10 11:53 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2018-09-13 18:39 - 2018-08-10 11:53 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2018-09-13 18:39 - 2018-08-10 11:53 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2018-09-13 18:39 - 2018-08-10 11:53 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2018-09-13 18:39 - 2018-08-10 11:53 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2018-09-13 18:39 - 2018-08-10 11:53 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2018-09-13 18:39 - 2018-08-10 11:53 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2018-09-13 18:39 - 2018-08-10 11:53 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2018-09-13 18:39 - 2018-08-10 11:53 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2018-09-13 18:39 - 2018-08-10 11:53 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2018-09-13 18:39 - 2018-08-10 11:53 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2018-09-13 18:39 - 2018-08-10 11:53 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2018-09-13 18:39 - 2018-08-10 11:53 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2018-09-13 18:39 - 2018-08-10 11:53 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2018-09-13 18:39 - 2018-08-10 11:53 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2018-09-13 18:39 - 2018-08-10 11:53 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2018-09-13 18:39 - 2018-08-10 11:53 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2018-09-13 18:39 - 2018-08-10 11:53 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2018-09-13 18:39 - 2018-08-10 11:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2018-09-13 18:39 - 2018-08-10 11:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2018-09-13 18:39 - 2018-08-10 11:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2018-09-13 18:39 - 2018-08-10 11:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2018-09-13 18:39 - 2018-08-10 11:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2018-09-13 18:39 - 2018-08-10 11:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2018-09-13 18:39 - 2018-08-10 11:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2018-09-13 18:39 - 2018-08-10 11:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2018-09-13 18:39 - 2018-08-10 11:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2018-09-13 18:39 - 2018-08-10 11:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2018-09-13 18:39 - 2018-08-10 11:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2018-09-13 18:39 - 2018-08-10 11:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2018-09-13 18:39 - 2018-08-10 11:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2018-09-13 18:39 - 2018-08-10 11:45 - 004054192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2018-09-13 18:39 - 2018-08-10 11:45 - 000309424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2018-09-13 18:39 - 2018-08-10 11:44 - 003961440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2018-09-13 18:39 - 2018-08-10 11:42 - 001315512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2018-09-13 18:39 - 2018-08-10 11:41 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2018-09-13 18:39 - 2018-08-10 11:41 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2018-09-13 18:39 - 2018-08-10 11:41 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2018-09-13 18:39 - 2018-08-10 11:41 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2018-09-13 18:39 - 2018-08-10 11:41 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2018-09-13 18:39 - 2018-08-10 11:41 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2018-09-13 18:39 - 2018-08-10 11:41 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2018-09-13 18:39 - 2018-08-10 11:41 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2018-09-13 18:39 - 2018-08-10 11:41 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll 2018-09-13 18:39 - 2018-08-10 11:41 - 000111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll 2018-09-13 18:39 - 2018-08-10 11:41 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2018-09-13 18:39 - 2018-08-10 11:41 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll 2018-09-13 18:39 - 2018-08-10 11:41 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2018-09-13 18:39 - 2018-08-10 11:41 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2018-09-13 18:39 - 2018-08-10 11:41 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2018-09-13 18:39 - 2018-08-10 11:41 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2018-09-13 18:39 - 2018-08-10 11:41 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2018-09-13 18:39 - 2018-08-10 11:41 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2018-09-13 18:39 - 2018-08-10 11:40 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2018-09-13 18:39 - 2018-08-10 11:40 - 000463360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll 2018-09-13 18:39 - 2018-08-10 11:40 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2018-09-13 18:39 - 2018-08-10 11:40 - 000071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2018-09-13 18:39 - 2018-08-10 11:40 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2018-09-13 18:39 - 2018-08-10 11:40 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2018-09-13 18:39 - 2018-08-10 11:40 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2018-09-13 18:39 - 2018-08-10 11:40 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2018-09-13 18:39 - 2018-08-10 11:40 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2018-09-13 18:39 - 2018-08-10 11:40 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2018-09-13 18:39 - 2018-08-10 11:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2018-09-13 18:39 - 2018-08-10 11:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2018-09-13 18:39 - 2018-08-10 11:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2018-09-13 18:39 - 2018-08-10 11:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2018-09-13 18:39 - 2018-08-10 11:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2018-09-13 18:39 - 2018-08-10 11:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2018-09-13 18:39 - 2018-08-10 11:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2018-09-13 18:39 - 2018-08-10 11:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2018-09-13 18:39 - 2018-08-10 11:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2018-09-13 18:39 - 2018-08-10 11:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2018-09-13 18:39 - 2018-08-10 11:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2018-09-13 18:39 - 2018-08-10 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2018-09-13 18:39 - 2018-08-10 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2018-09-13 18:39 - 2018-08-10 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2018-09-13 18:39 - 2018-08-10 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2018-09-13 18:39 - 2018-08-10 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2018-09-13 18:39 - 2018-08-10 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2018-09-13 18:39 - 2018-08-10 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2018-09-13 18:39 - 2018-08-10 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2018-09-13 18:39 - 2018-08-10 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2018-09-13 18:39 - 2018-08-10 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2018-09-13 18:39 - 2018-08-10 11:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2018-09-13 18:39 - 2018-08-10 11:39 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2018-09-13 18:39 - 2018-08-10 11:39 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2018-09-13 18:39 - 2018-08-10 11:27 - 000077312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys 2018-09-13 18:39 - 2018-08-10 11:22 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2018-09-13 18:39 - 2018-08-10 11:22 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2018-09-13 18:39 - 2018-08-10 11:22 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2018-09-13 18:39 - 2018-08-10 11:21 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2018-09-13 18:39 - 2018-08-10 11:20 - 000018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wfapigp.dll 2018-09-13 18:39 - 2018-08-10 11:17 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2018-09-13 18:39 - 2018-08-10 11:17 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2018-09-13 18:39 - 2018-08-10 11:17 - 000129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys 2018-09-13 18:39 - 2018-08-10 11:15 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2018-09-13 18:39 - 2018-08-10 11:13 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2018-09-13 18:39 - 2018-08-10 11:13 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2018-09-13 18:39 - 2018-08-10 11:13 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2018-09-13 18:39 - 2018-08-10 11:13 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2018-09-13 18:39 - 2018-08-10 11:12 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2018-09-13 18:39 - 2018-08-10 11:12 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys 2018-09-13 18:39 - 2018-08-10 11:12 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys 2018-09-13 18:39 - 2018-08-10 11:12 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys 2018-09-13 18:39 - 2018-08-10 11:12 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys 2018-09-13 18:39 - 2018-08-10 11:12 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2018-09-13 18:39 - 2018-08-10 11:10 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2018-09-13 18:39 - 2018-08-10 11:10 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2018-09-13 18:39 - 2018-08-10 11:10 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2018-09-13 18:39 - 2018-08-10 11:10 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2018-09-13 18:39 - 2018-08-10 11:09 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2018-09-13 18:39 - 2018-08-10 11:09 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2018-09-13 18:39 - 2018-08-10 11:09 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2018-09-13 18:39 - 2018-08-10 11:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2018-09-13 18:39 - 2018-08-10 11:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2018-09-13 18:39 - 2018-08-03 11:55 - 000109568 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll 2018-09-13 18:39 - 2018-08-03 11:39 - 000084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll 2018-09-13 18:39 - 2018-07-29 11:55 - 001110528 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll 2018-09-13 18:39 - 2018-07-18 11:18 - 000090112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys 2018-09-13 18:39 - 2018-07-07 11:24 - 003226112 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2018-09-13 18:39 - 2018-07-06 12:09 - 000947904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys 2018-09-13 18:39 - 2018-06-29 11:55 - 000695808 _____ (Microsoft Corporation) C:\Windows\system32\cscsvc.dll 2018-09-13 18:39 - 2018-06-29 11:55 - 000137728 _____ (Microsoft Corporation) C:\Windows\system32\CscMig.dll 2018-09-13 18:39 - 2018-06-29 11:55 - 000045568 _____ (Microsoft Corporation) C:\Windows\system32\cscapi.dll 2018-09-13 18:39 - 2018-06-29 11:55 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\cscdll.dll 2018-09-13 18:39 - 2018-06-29 11:40 - 000023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscdll.dll 2018-09-13 18:39 - 2018-06-29 11:14 - 000516096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\csc.sys 2018-09-13 18:39 - 2018-06-29 11:09 - 000034304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscapi.dll 2018-09-13 18:39 - 2018-06-27 12:01 - 000114368 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2018-09-13 18:39 - 2018-06-27 11:55 - 003246592 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2018-09-13 18:39 - 2018-06-27 11:55 - 000504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2018-09-13 18:39 - 2018-06-27 11:55 - 000484864 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll 2018-09-13 18:39 - 2018-06-27 11:55 - 000025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll 2018-09-13 18:39 - 2018-06-27 11:54 - 001942016 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2018-09-13 18:39 - 2018-06-27 11:54 - 000070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll 2018-09-13 18:39 - 2018-06-27 11:43 - 000363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll 2018-09-13 18:39 - 2018-06-27 11:42 - 002366464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2018-09-13 18:39 - 2018-06-27 11:42 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll 2018-09-13 18:39 - 2018-06-27 11:42 - 000025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll 2018-09-13 18:39 - 2018-06-27 11:41 - 001806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2018-09-13 18:39 - 2018-06-27 11:21 - 000128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe 2018-09-13 18:39 - 2018-06-27 11:16 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe 2018-09-13 18:39 - 2018-06-27 09:20 - 000419648 _____ C:\Windows\SysWOW64\locale.nls 2018-09-13 18:39 - 2018-06-27 09:19 - 000419648 _____ C:\Windows\system32\locale.nls 2018-09-13 18:39 - 2018-06-20 23:33 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2018-09-13 18:39 - 2018-06-20 23:09 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2018-09-13 18:24 - 2018-09-13 18:25 - 000000000 ____D C:\AdwCleaner 2018-09-13 18:08 - 2018-09-13 18:08 - 000000000 ____D C:\Users\xbase1\AppData\Local\mbam 2018-09-13 18:06 - 2018-09-13 18:06 - 000028272 _____ C:\Windows\system32\Drivers\TrueSight.sys 2018-09-13 18:06 - 2018-09-13 18:06 - 000000000 ____D C:\ProgramData\RogueKiller 2018-09-13 17:40 - 2018-09-13 17:40 - 000000000 ____D C:\Users\xbase1\AppData\Roaming\Sun 2018-09-13 17:40 - 2018-09-13 17:40 - 000000000 ____D C:\Users\xbase1\AppData\LocalLow\Sun 2018-09-13 17:35 - 2018-09-13 19:05 - 000000000 ____D C:\Program Files\SUPERAntiSpyware 2018-09-13 17:35 - 2018-09-13 18:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware 2018-09-13 17:08 - 2018-09-13 18:06 - 000000000 ____D C:\ProgramData\UVK 2018-09-13 17:07 - 2018-09-13 17:07 - 015757832 _____ (Carifred) C:\Users\xbase1\Downloads\UVKInstaller.exe 2018-09-13 17:07 - 2018-09-13 17:07 - 015693320 _____ (Carifred) C:\Users\xbase1\Downloads\UVKPortable.exe 2018-09-10 14:17 - 2018-09-10 14:17 - 000000000 ____D C:\Program Files (x86)\ScreenConnect Client (889927366ea076b3) 2018-09-05 09:52 - 2018-09-05 09:52 - 000046320 _____ C:\Users\arntsenc\Downloads\Kitty Kat Kat a Kit Aug 27, 2018.pdf ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-10-03 16:14 - 2014-04-15 08:57 - 000000556 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-52592350-14834091-22564546-1052.job 2018-10-03 16:08 - 2018-06-20 15:25 - 000000000 ___RD C:\Users\arntsenc\OneDrive - JD Smith Limited 2018-10-03 16:08 - 2017-07-26 09:27 - 000000000 ____D C:\Windows\LTSvc 2018-10-03 16:08 - 2017-06-07 10:35 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 2018-10-03 16:08 - 2013-08-23 14:46 - 000000000 ____D C:\temp 2018-10-03 16:07 - 2013-08-23 13:41 - 000000120 _____ C:\Windows\system32\config\netlogon.ftl 2018-10-03 16:07 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2018-10-03 16:07 - 2009-07-14 00:45 - 000027568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2018-10-03 16:07 - 2009-07-14 00:45 - 000027568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2018-10-03 15:59 - 2015-06-30 07:13 - 000000930 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-52592350-14834091-22564546-1052UA.job 2018-10-03 15:54 - 2015-01-30 21:49 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2018-10-03 15:50 - 2014-04-15 14:44 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2018-10-03 15:50 - 2009-07-14 01:13 - 000792712 _____ C:\Windows\system32\PerfStringBackup.INI 2018-10-03 15:50 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf 2018-10-03 15:41 - 2016-02-08 16:13 - 000000000 ____D C:\Users\arntsenc\Documents\SQL Server Management Studio 2018-10-02 19:58 - 2015-06-30 07:13 - 000000878 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-52592350-14834091-22564546-1052Core.job 2018-10-01 22:58 - 2014-04-15 07:04 - 000002226 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-10-01 22:58 - 2014-04-15 07:04 - 000002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2018-10-01 22:42 - 2018-06-01 21:32 - 000004466 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier 2018-10-01 22:42 - 2014-02-19 23:55 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2018-10-01 22:42 - 2013-08-23 14:36 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2018-10-01 22:42 - 2013-08-23 14:36 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2018-10-01 22:42 - 2013-08-15 12:33 - 000000000 ____D C:\Windows\SysWOW64\Macromed 2018-10-01 22:42 - 2013-08-15 12:33 - 000000000 ____D C:\Windows\system32\Macromed 2018-10-01 22:07 - 2015-04-10 13:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client 2018-10-01 22:07 - 2015-04-10 13:08 - 000000000 ____D C:\Program Files\FileZilla FTP Client 2018-10-01 18:14 - 2017-07-07 20:17 - 000000000 ____D C:\Users\arntsenc\AppData\Local\GoToMeeting 2018-09-30 11:47 - 2015-05-30 19:16 - 000003682 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-52592350-14834091-22564546-1052 2018-09-30 11:47 - 2015-05-30 19:16 - 000000652 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-52592350-14834091-22564546-1052.job 2018-09-30 11:47 - 2014-04-15 08:57 - 000003586 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-52592350-14834091-22564546-1052 2018-09-30 11:47 - 2013-08-23 14:08 - 000000000 ____D C:\Users\arntsenc 2018-09-28 19:21 - 2009-07-14 01:32 - 000000000 ____D C:\Windows\system32\FxsTmp 2018-09-28 10:16 - 2016-11-08 15:11 - 000000000 ____D C:\~junk 2018-09-28 09:03 - 2017-11-16 15:55 - 000000034 ____H C:\Windows\sys643 2018-09-28 09:03 - 2017-11-16 15:55 - 000000034 ____H C:\Windows\stmp1585 2018-09-28 09:03 - 2017-11-16 15:55 - 000000034 ____H C:\Windows\kds516 2018-09-28 09:03 - 2017-11-16 15:55 - 000000034 ____H C:\Windows\drvr401 2018-09-27 22:18 - 2018-01-05 10:45 - 000000000 ____D C:\!ISData 2018-09-27 15:36 - 2014-03-04 14:24 - 000000000 ____D C:\ProgramData\Malwarebytes 2018-09-26 09:17 - 2015-04-10 13:08 - 000000000 ____D C:\Users\arntsenc\AppData\Roaming\FileZilla 2018-09-25 13:43 - 2015-03-09 13:11 - 000000000 ____D C:\Users\arntsenc\AppData\Roaming\Dropbox 2018-09-24 15:08 - 2014-09-08 08:35 - 000000000 ____D C:\Users\arntsenc\Documents\My Received Files 2018-09-21 19:53 - 2015-06-30 07:13 - 000003906 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-52592350-14834091-22564546-1052UA 2018-09-21 19:53 - 2015-06-30 07:13 - 000003510 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-52592350-14834091-22564546-1052Core 2018-09-21 08:06 - 2016-05-04 12:43 - 000000000 ____D C:\Quarantine 2018-09-20 08:02 - 2013-08-23 14:08 - 000010994 __RSH C:\Users\arntsenc\ntuser.pol 2018-09-19 08:43 - 2018-06-20 15:23 - 000003176 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-52592350-14834091-22564546-1052 2018-09-19 08:43 - 2018-06-20 15:23 - 000002165 _____ C:\Users\arntsenc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk 2018-09-13 20:42 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\rescache 2018-09-13 19:03 - 2011-02-11 16:13 - 000000000 ____D C:\Windows\Panther 2018-09-13 18:53 - 2014-08-25 10:10 - 000000000 ____D C:\ProgramData\ZXPS3 2018-09-13 18:53 - 2009-07-14 00:45 - 000489512 _____ C:\Windows\system32\FNTCACHE.DAT 2018-09-13 18:45 - 2011-02-11 16:29 - 000784834 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2018-09-13 18:35 - 2014-03-04 19:55 - 000003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{B921E646-8BD6-4C0A-B75E-C4E5385F6B03} 2018-09-13 18:30 - 2013-08-23 14:39 - 000001065 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2018-09-13 18:30 - 2013-08-23 14:39 - 000001065 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2018-09-13 17:03 - 2017-01-19 11:10 - 000000000 ____D C:\Users\xbase1\AppData\Roaming\Ipswitch 2018-09-13 17:02 - 2014-03-04 19:56 - 000130856 _____ C:\Users\xbase1\AppData\Local\GDIPFONTCACHEV1.DAT 2018-09-13 17:02 - 2014-03-04 19:55 - 000009054 __RSH C:\Users\xbase1\ntuser.pol 2018-09-13 17:02 - 2014-03-04 19:55 - 000000000 ____D C:\Users\xbase1 2018-09-12 20:05 - 2013-08-23 13:54 - 000000000 ____D C:\Windows\system32\MRT 2018-09-12 20:01 - 2013-08-23 13:54 - 139184408 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2018-09-12 14:06 - 2013-08-23 15:26 - 000002280 ____H C:\Users\arntsenc\Documents\Default.rdp 2018-09-12 09:18 - 2013-08-23 14:06 - 000004336 __RSH C:\ProgramData\ntuser.pol 2018-09-10 11:22 - 2018-01-10 15:27 - 000004194 _____ C:\Users\arntsenc\export.xlsx 2018-09-07 12:24 - 2013-08-23 16:14 - 000000000 ____D C:\Users\arntsenc\AppData\Roaming\VMware 2018-09-04 21:36 - 2015-07-22 20:45 - 000000000 ____D C:\ProgramData\ScreenConnect Client (889927366ea076b3) Some files in TEMP: ==================== 2018-09-13 18:06 - 2018-06-08 12:22 - 001665344 _____ (Microsoft Corporation) C:\Users\xbase1\AppData\Local\Temp\dllnt_dump.dll 2018-09-13 18:30 - 2018-09-09 09:11 - 003030024 _____ (Carifred.com) C:\Users\xbase1\AppData\Local\Temp\UVKUninst.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2018-09-25 00:15 ==================== End of FRST.txt ============================ Link to post Share on other sites More sharing options...
carntsen Posted October 3, 2018 Author ID:1273189 Share Posted October 3, 2018 Addition.txt LOG Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03.10.2018 01 Ran by CArntsen (03-10-2018 16:15:39) Running from C:\Users\arntsenc\Downloads Windows 7 Professional Service Pack 1 (X64) (2013-08-23 16:33:27) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= $BarTender_Security$ (S-1-5-21-3403037359-995728337-1599391912-1004 - Limited - Enabled) $Printer_Maestro$ (S-1-5-21-3403037359-995728337-1599391912-1005 - Limited - Enabled) Administrator (S-1-5-21-3403037359-995728337-1599391912-500 - Administrator - Disabled) Guest (S-1-5-21-3403037359-995728337-1599391912-501 - Limited - Disabled) jdsmith (S-1-5-21-3403037359-995728337-1599391912-1001 - Administrator - Enabled) => C:\Users\jdsmith ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Cisco AMP for Endpoints (Enabled - Up to date) {05A27767-0425-EB45-C06B-DA28DB7FCD38} AV: McAfee Endpoint Security (anti-virus) (Enabled - Up to date) {1006DC03-1FB1-9E52-7C81-F2FAB48962E3} AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AS: Spybot - Search and Destroy (Enabled - Out of date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75} AS: McAfee Endpoint Security (anti-spyware) (Enabled - Up to date) {AB673DE7-398B-91DC-4631-C988CF0E285E} AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Cisco AMP for Endpoints (Enabled - Up to date) {BEC39683-221F-E4CB-FADB-E15AA0F88785} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) %SQL_PRODUCT_SHORT_NAME% Data Tools - BI for Visual Studio 2013 (HKLM-x32\...\{B0966B41-F778-41B1-98DB-145885CD2213}) (Version: 12.0.2430.0 - Microsoft Corporation) Hidden %SQL_PRODUCT_SHORT_NAME% SSIS 64Bit For SSDTBI (HKLM\...\{B94FEEA2-93E4-4682-942C-140C2BCECD29}) (Version: 12.0.2430.0 - Microsoft Corporation) Hidden 64 Bit HP CIO Components Installer (HKLM\...\{30689060-43BD-46E9-8A54-E6CDB18AAB88}) (Version: 20.2.1 - HP Inc.) Hidden Active Directory Authentication Library for SQL Server (HKLM\...\{52D1FCFD-1052-4D75-B3FB-9906901AFD98}) (Version: 13.1.4001.0 - Microsoft Corporation) Hidden Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20040 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 31.0.0.96 - Adobe Systems Incorporated) Adobe Flash Player 31 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 31.0.0.108 - Adobe Systems Incorporated) Adobe Flash Player 31 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 31.0.0.108 - Adobe Systems Incorporated) Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version: 3.0 - ) Amazon Redshift ODBC Driver 64-bit (HKLM\...\{788C401A-726B-4CE7-8BC2-89FD7967A6ED}) (Version: 1.2.1 - Amazon) AMD Catalyst Install Manager (HKLM\...\{2748FDE2-7BA8-1D20-11A2-FF01CEB009A5}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.) Application Insights Tools for Visual Studio 2013 (HKLM-x32\...\{873F2D30-973B-415E-9BCA-E465AF816CCF}) (Version: 2.5 - Microsoft Corporation) Hidden Barracuda Email Security Gateway Outlook Add-In 8.0.3.0 (HKLM-x32\...\{D12A92A5-F3DF-4108-BF0A-674C884C9F42}) (Version: 8.0.3.0 - Barracuda Networks) BarTender 10.1 (HKLM\...\BarTender Suite) (Version: 10.1.2961 - Seagull Scientific) BarTender 10.1 (HKLM-x32\...\{FB2433CE-7C65-4206-BC82-561386A34F72}) (Version: 10.1.2961 - Seagull Scientific) Hidden Behaviors SDK (Windows Phone) for Visual Studio 2013 (HKLM-x32\...\{594DB57D-58D1-4AA3-AE6C-BF99484F52F8}) (Version: 12.0.50716.0 - Microsoft Corporation) Hidden Behaviors SDK (Windows) for Visual Studio 2013 (HKLM-x32\...\{28C7344F-E894-4CF5-8D05-EDC7ED71796C}) (Version: 12.0.50429.0 - Microsoft Corporation) Hidden BlackBerry Link (HKLM-x32\...\{8296C41C-3C7B-446F-B2D2-AAA1FAAD16AE}) (Version: 1.1.1.41 - Research In Motion Ltd.) Hidden BlackBerry Link (HKLM-x32\...\BlackBerry_10_Desktop) (Version: 1.1.1.41 - Research In Motion Ltd.) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Build Tools - amd64 (HKLM\...\{DE293220-4F3A-40C8-B825-E151A231455A}) (Version: 12.0.40629 - Microsoft Corporation) Hidden Build Tools - x86 (HKLM-x32\...\{20C6C9E5-B5B0-40A2-8ACD-EF08A9562A5B}) (Version: 12.0.40629 - Microsoft Corporation) Hidden Build Tools Language Resources - amd64 (HKLM\...\{ACE05087-00E9-480F-A955-1C3D7B977A7D}) (Version: 12.0.40629 - Microsoft Corporation) Hidden Build Tools Language Resources - x86 (HKLM-x32\...\{2F2A7D0D-C28D-4953-A59A-A5EF1171E03F}) (Version: 12.0.40629 - Microsoft Corporation) Hidden CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.51.815.0 - Logitech) Hidden Cisco AMP for Endpoints Connector (HKLM-x32\...\Immunet Protect) (Version: 6.0.5.10636 - Cisco Systems, Inc.) Cisco WebEx Meetings (HKLM-x32\...\{9A05337E-31EC-4E55-A34B-64EC47928062}) (Version: 30.15.0.10007 - Cisco WebEx LLC) Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC) ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32\...\{E598B692-764A-413C-8530-59163D6B4AE3}) (Version: 4.6.01590 - Microsoft Corporation) Hidden ConnectWise Automate Control Center (HKLM-x32\...\{6C5F2B57-DA09-426C-AB4A-A80BD9FC2F21}) (Version: 11.0.418 - LabTech Software, LLC) Hidden Crystal Reports 2008 Runtime SP2 (HKLM-x32\...\{C484CC8D-03CF-4022-89C4-DB4F02E8A15B}) (Version: 12.2.0.290 - Business Objects) Hidden Crystal Reports XI (HKLM-x32\...\{7505DE9C-4E85-4636-82F0-50F38077B900}) (Version: 11.0.0.128227 - Business Objects) Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 7.1.1.0 - Hewlett-Packard Company) DirectX for Managed Code Update (Summer 2004) (HKLM-x32\...\{E9E34215-82EF-4909-BE2F-F581F0DC9062}) (Version: 9.02.2904 - Microsoft) Hidden Drive Encryption For HP ProtectTools (HKLM\...\{27F1E086-5691-4EB8-8BA1-5CBA87D67EB5}) (Version: 7.0.38.31665 - Hewlett-Packard Company) Dropbox (HKU\S-1-5-21-52592350-14834091-22564546-1052\...\Dropbox) (Version: 58.4.92 - Dropbox, Inc.) Entity Framework 6.1.3 Tools for Visual Studio 2013 (HKLM-x32\...\{D5170452-84D1-4725-AD9C-F9ECFD0A9E9F}) (Version: 12.0.40302.0 - Microsoft Corporation) erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden F19131BB-1B2F-46D8-840B-9A619DBAF5B5 (HKLM-x32\...\{F19131BB-1B2F-46D8-840B-9A619DBAF5B5}) (Version: - ) FFmpeg (Windows) for Audacity version 2.2.2 (HKLM-x32\...\{9C7E31E3-017F-434C-AC40-24431A354A1E}_is1) (Version: 2.2.2 - ) File Sanitizer For HP ProtectTools (HKLM-x32\...\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}) (Version: 7.0.2.2 - Hewlett-Packard Company) FileZilla Client 3.37.3 (HKLM-x32\...\FileZilla Client) (Version: 3.37.3 - Tim Kosse) Free Video Compressor (HKLM-x32\...\{01554C33-4131-4BC7-9E6D-AF85E02BDF4F}_is1) (Version: - freevideocompressor.com) Git version 2.11.0.3 (HKLM\...\Git_is1) (Version: 2.11.0.3 - The Git Development Community) Google Chrome (HKLM\...\{CF96AAAE-85FF-3621-8D4C-C60F91F8F281}) (Version: 69.0.3497.100 - Google, Inc.) Google Talk (remove only) (HKLM-x32\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version: - ) Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden GoTo Opener (HKLM-x32\...\{351B54B2-1AFC-42A7-A8C0-9E05C26F0D1E}) (Version: 1.0.470 - LogMeIn, Inc.) GoToMeeting 8.35.0.10697 (HKU\S-1-5-21-52592350-14834091-22564546-1052\...\GoToMeeting) (Version: 8.35.0.10697 - LogMeIn, Inc.) Hewlett-Packard ACLM.NET v1.2.1.1 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 7.0.1.1199 - Hewlett-Packard Company) HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15430.4033 - Hewlett-Packard Company) HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company) HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard) IBM Data Server Runtime Client - DB2COPY1 (HKLM\...\{D69ADB0B-B88E-4339-85BD-6B7AD104F039}) (Version: 9.7.600.413 - IBM) Icecream Screen Recorder version 4.88 (HKLM-x32\...\{7ADEC622-3230-4C9A-9DCE-9BD462B74095}_is1) (Version: 4.88 - Icecream Apps) Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.3.1427 - Intel Corporation) Intel(R) Network Connections 16.8.45.1 (HKLM\...\PROSetDX) (Version: 16.8.45.1 - Intel) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation) Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.6.245 - Intel Corporation) Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation) IntelliTraceProfilerProxy (HKLM-x32\...\{0A2EDF2C-9A71-43D7-964A-696BB7CEAC65}) (Version: 15.0.25.0 - Microsoft Corporation) Hidden Ipswitch WS_FTP 12 (HKLM-x32\...\{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}) (Version: 12.4 - Ipswitch) Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation) join.me (HKU\S-1-5-21-52592350-14834091-22564546-1052\...\JoinMe) (Version: 1.20.0.116 - LogMeIn, Inc.) Juniper Networks Network Connect 7.1.16 (HKLM-x32\...\Juniper Network Connect 7.1.16) (Version: 7.1.16.26805 - Juniper Networks) Juniper Networks, Inc. Setup Client (HKU\S-1-5-21-52592350-14834091-22564546-1052\...\Juniper_Setup_Client) (Version: 7.1.16.38941 - Juniper Networks, Inc.) Kit SDK de vérification de Visual Studio 2012 - fra (HKLM-x32\...\{8A3862F9-F587-3DFA-AAFC-C1F0E116F05C}) (Version: 12.0.30501 - Microsoft Corporation) Hidden LabTech Software Control Center (HKLM-x32\...\{bef02efa-c369-434a-92de-0497c1a11fad}) (Version: 11.0.418 - LabTech Software, LLC) LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - ) LocalESPC (HKLM-x32\...\{62910715-63E3-0AB0-0B29-99140DE1C15E}) (Version: 8.59.29989 - Microsoft Corporation) Hidden Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.) Malwarebytes version 3.6.1.2711 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.6.1.2711 - Malwarebytes) McAfee Agent (HKLM\...\{80684F9A-6B01-4F3F-A8C7-C4B7BDF072F1}) (Version: 5.0.6.220 - McAfee, Inc.) McAfee Endpoint Security Platform (HKLM\...\{6D20F37F-05CB-401E-83A3-DEB93B29196E}) (Version: 10.5.4 - McAfee, LLC.) McAfee Endpoint Security Threat Prevention (HKLM\...\{4F574B83-3AE0-419F-8A3B-985C389334B4}) (Version: 10.5.4 - McAfee, LLC.) Memory Profiler (HKLM-x32\...\{4522FE06-850C-4106-AB9E-B32C1462DF8B}) (Version: 12.0.40629 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation) Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation) Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation) Microsoft AS OLE DB Provider for SQL Server 2014 (HKLM\...\{B18D21B6-0056-4E35-896A-339E84D86897}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation) Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation) Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation) Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation) Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation) Microsoft ODBC Driver 11 for SQL Server (HKLM\...\{A22EED3F-6DB6-4987-8023-6C6B7030E554}) (Version: 12.2.5000.0 - Microsoft Corporation) Microsoft Office 365 Business - en-us (HKLM\...\O365BusinessRetail - en-us) (Version: 16.0.10827.20138 - Microsoft Corporation) Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 18.151.0729.0012 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-52592350-14834091-22564546-1052\...\OneDriveSetup.exe) (Version: 18.151.0729.0012 - Microsoft Corporation) Microsoft Report Viewer 2014 Runtime (HKLM-x32\...\{327E9C0D-1687-414F-923E-F5979E549548}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation) Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}) (Version: 10.51.2500.0 - Microsoft Corporation) Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{E534493E-80D2-4E37-8020-3ECAC55D9DB5}) (Version: 10.53.6000.34 - Microsoft Corporation) Microsoft SQL Server 2008 Setup Support Files (HKLM-x32\...\{8F72E2D4-1E48-4534-8DB8-1E8E012899C6}) (Version: 10.3.5500.0 - Microsoft Corporation) Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation) Microsoft SQL Server 2012 Data-Tier App Framework (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation) Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 Native Client (HKLM\...\{1385D3DB-8E80-427B-91D2-B7535862B8E4}) (Version: 11.3.6518.0 - Microsoft Corporation) Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2012 T-SQL Language Service (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation) Microsoft SQL Server 2014 (HKLM-x32\...\Microsoft SQL Server SQLServer2014) (Version: - Microsoft Corporation) Microsoft SQL Server 2014 Express LocalDB (HKLM\...\{78426A54-76E9-4F08-A3D6-661289D991A2}) (Version: 12.2.5000.0 - Microsoft Corporation) Microsoft SQL Server 2014 Management Objects (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server 2014 Management Objects (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server 2014 Policies (HKLM-x32\...\{1C30FE7E-8A8C-4492-89D6-10CB20C3B0EB}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server 2014 Setup (English) (HKLM-x32\...\{B2A61109-7DFB-46CE-A0D7-62E395AF2E29}) (Version: 12.2.5000.0 - Microsoft Corporation) Microsoft SQL Server 2014 Transact-SQL Compiler Service (HKLM\...\{BB370367-7163-4E01-9A2E-8BCE17F7706F}) (Version: 12.2.5000.0 - Microsoft Corporation) Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{E8C99927-8E6E-4B6B-B80C-1B8B23B1767D}) (Version: 12.2.5000.0 - Microsoft Corporation) Microsoft SQL Server 2014 T-SQL Language Service (HKLM\...\{7FE9A69F-6D91-4E2E-86B5-E2EB27AE6041}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server 2014 T-SQL Language Service (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft SQL Server 2016 LocalDB (HKLM\...\{9097BF1A-13A0-4A4A-A1F8-473E2A669863}) (Version: 13.1.4001.0 - Microsoft Corporation) Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation) Microsoft SQL Server Data Tools - enu (12.0.41012.0) (HKLM-x32\...\{AC8E0CF4-42A1-4151-B684-97CF6FD726CF}) (Version: 12.0.41012.0 - Microsoft Corporation) Microsoft SQL Server Data Tools - Visual Studio 2017 (HKLM-x32\...\{32a43eab-7dc0-4a53-a59a-8107b8fcafeb}) (Version: 14.0.16134.0 - Microsoft Corporation) Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation) Microsoft SQL Server Data-Tier Application Framework (x64) (HKLM\...\{8EEC46D2-8208-4799-8328-2AA00F96AB8A}) (Version: 12.0.1294.0 - Microsoft Corporation) Microsoft SQL Server Management Studio Express (HKLM\...\{B6C87B73-79A5-401A-A12A-4DD96EC40442}) (Version: 9.00.4035.00 - Microsoft Corporation) Microsoft SQL Server System CLR Types (HKLM-x32\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{4AEB505C-95E1-4964-9B64-8D27F3186D30}) (Version: 12.0.2000.8 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2014 (x64) (HKLM\...\{65BC038D-2086-4C3B-90C5-A6798F044BD5}) (Version: 12.2.5000.0 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2017 CTP2.1 (HKLM\...\{9BAD8F82-A221-42CE-AFF0-7CAB825790C9}) (Version: 14.0.600.250 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2017 CTP2.1 (HKLM-x32\...\{F0DD1AA8-44D7-4ACE-AF65-7378EA5D884C}) (Version: 14.0.600.250 - Microsoft Corporation) Microsoft Visio Professional 2016 - en-us (HKLM\...\VisioProRetail - en-us) (Version: 16.0.10827.20138 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x64) - 14.11.25325 (HKLM-x32\...\{6c6356fe-cbfa-4944-9bed-a9e99f45cb7a}) (Version: 14.11.25325.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x86) - 14.11.25325 (HKLM-x32\...\{404c9c27-8377-4fd1-b607-7ca635db4e49}) (Version: 14.11.25325.0 - Microsoft Corporation) Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE (x64)) (Version: - Microsoft Corporation) Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2012 Shell (Integrated) (HKLM-x32\...\{55b160d2-8221-45fd-ab30-4388c69c0f3b}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual Studio 2012 Shell (Isolated) (HKLM-x32\...\{d2e0df0f-bf0a-4a89-9530-ebf93842c393}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual Studio 2013 Shell (Integrated) (HKLM-x32\...\{246c9aa4-e96d-476e-a3f4-789b455c7478}) (Version: 12.0.21005.13 - Microsoft Corporation) Microsoft Visual Studio 2013 Shell (Isolated) (HKLM-x32\...\{dd77c2ff-db69-44f7-9e5c-63aa540dfe07}) (Version: 12.0.21005.13 - Microsoft Corporation) Microsoft Visual Studio 2017 (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.12.111.1002 - Microsoft Corporation) Microsoft Visual Studio Express 2013 for Windows Desktop - ENU with Update 5 (HKLM-x32\...\{9be17f19-c737-431d-b922-66cbd4e685f2}) (Version: 12.0.40629.0 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{e20d88d6-6150-4602-b4ef-49e138467d4d}) (Version: 11.0.51108 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2012 Language Support (HKLM-x32\...\{44774b10-3e2b-443c-899b-56c46b370aa7}) (Version: 11.0.50727.0 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2017 (HKLM-x32\...\{5a7dc0ad-cdb2-43b5-8b82-f81065fe6092}) (Version: 15.0.26717 - Microsoft Corporation) Mouse Tracks 2009 (HKLM-x32\...\{B27E26A9-E6D3-448D-B729-E64298A99373}) (Version: 7.2.2 - Gritware, LLC) Mozilla Firefox 36.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0 (x86 en-US)) (Version: 36.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MySQL Connector Net 8.0.12 (HKLM-x32\...\{2668417A-186B-4052-8076-8A5B2E9E0CF2}) (Version: 8.0.12 - Oracle) MySQL Connector/ODBC 3.51 (HKLM-x32\...\{B53D7D6B-9BB0-4EA8-82B9-9293CB41FCE1}) (Version: 3.51.26 - MySQL AB) Hidden MySQL Connector/ODBC 8.0 (HKLM\...\{23E46103-4512-46CE-99DD-F3B75B20F22C}) (Version: 8.0.12 - Oracle Corporation) MySQL Installer - Community (HKLM-x32\...\{03194E5D-19FA-4CF1-A327-482EB305A154}) (Version: 1.4.26.0 - Oracle Corporation) MySQL Workbench 8.0 CE (HKLM\...\{3D4D54C3-6D4E-435F-8894-2125D900822C}) (Version: 8.0.12 - Oracle Corporation) Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.8 - Notepad++ Team) Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.10827.20138 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.10827.20138 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.10827.20138 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.10827.20138 - Microsoft Corporation) Hidden opensource (HKLM-x32\...\{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}) (Version: 1.0.14960.3876 - Your Company Name) Hidden Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (HKLM\...\{E237254B-36A1-3D27-815E-B37C13BE0796}) (Version: 11.0.51108 - Microsoft Corporation) Hidden Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (HKLM-x32\...\{03077B58-6ACF-32CA-B42A-EAA458C295A1}) (Version: 11.0.51108 - Microsoft Corporation) Hidden PowerShellIntegration.Notifications (HKLM-x32\...\{0B48F5AE-6A17-49C1-8C65-81C6F74E6CF2}) (Version: 2.6.0.0 - Microsoft Corporation) Hidden Prerequisites for SSDT (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation) Prerequisites for SSDT (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation) psqlODBC_x64 (HKLM\...\{C0249921-2C35-47C1-83D8-8EABC438A96F}) (Version: 09.03.0400 - PostgreSQL Global Development Group) Python Tools Redirection Template (HKLM-x32\...\{C6028E83-4C47-459F-9EDC-7D1412CBCD97}) (Version: 1.1 - Microsoft Corporation) Hidden R2EdiViewer 7.18A (HKLM-x32\...\R_Deploy_0) (Version: 7.18A - Ralf Röding) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6730 - Realtek Semiconductor Corp.) Recovery Manager (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.0.5223 - CyberLink Corp.) Hidden Samsung Kies3 (HKLM-x32\...\{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15024.8 - Samsung Electronics Co., Ltd.) Hidden Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15024.8 - Samsung Electronics Co., Ltd.) Samsung SideSync 3.0 (HKLM-x32\...\Samsung SideSync) (Version: 3.1.5.1038 - Samsung Electronics Co., Ltd.) Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.53.0 - Samsung Electronics Co., Ltd.) ScreenConnect Client (889927366ea076b3) (HKLM-x32\...\{B6B9A330-54B0-47D5-9F07-87AFECCA9C61}) (Version: 6.6.18120.6697 - ScreenConnect Software) SDK de comprobación de Visual Studio 2012 - esn (HKLM-x32\...\{90EF884E-5253-324C-9C11-63C9DA16BF0C}) (Version: 12.0.30501 - Microsoft Corporation) Hidden Service Pack 2 for SQL Server 2014 (KB3171021) (HKLM-x32\...\KB3171021) (Version: 12.2.5000.0 - Microsoft Corporation) Skype for Business Web App Plug-in (HKLM-x32\...\{37C8167B-B653-4955-A6E8-EBB8DE937DDD}) (Version: 15.8.20020.400 - Microsoft Corporation) Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.7.64.0 - Safer-Networking Ltd.) SQL Anywhere 12 - Client (HKLM\...\{A8429447-7813-4717-9803-EB505ECAE698}) (Version: 12.1.4134 - iAnywhere Solutions, Inc.) SQL Server 2014 Client Tools (HKLM-x32\...\{62C4004B-AC88-404D-A098-793B19FCC7EE}) (Version: 12.2.5000.0 - Microsoft Corporation) Hidden SQL Server 2014 Client Tools (HKLM-x32\...\{9F875FF1-A8E5-4FAC-831C-912C44654D4B}) (Version: 12.2.5000.0 - Microsoft Corporation) Hidden SQL Server 2014 Common Files (HKLM-x32\...\{BFB3B874-8033-4F5E-BE47-0AED2541E57C}) (Version: 12.2.5000.0 - Microsoft Corporation) Hidden SQL Server 2014 Common Files (HKLM-x32\...\{F78A23CD-E9A0-46E3-88E2-CF2CC93AE7BA}) (Version: 12.2.5000.0 - Microsoft Corporation) Hidden SQL Server 2014 Data Tools - BI for Visual Studio 2013 (HKLM-x32\...\{FC6997B5-E23C-49AD-B9BF-BD0B7F4D8BA0}) (Version: 12.0.2430.0 - Microsoft Corporation) Hidden SQL Server 2014 Management Studio (HKLM-x32\...\{B9577FC9-8B7D-4EA3-9826-0CC5520017F0}) (Version: 12.2.5000.0 - Microsoft Corporation) Hidden SQL Server 2014 Management Studio (HKLM-x32\...\{C11506E2-AAF1-4A7B-B7AD-081658384051}) (Version: 12.2.5000.0 - Microsoft Corporation) Hidden SQL Server 2014 SQL Data Quality Common (HKLM-x32\...\{1DB4F090-6E80-4DC8-9844-850316780073}) (Version: 12.2.5000.0 - Microsoft Corporation) Hidden SQL Server Integration Services 2012 (HKLM-x32\...\{DB97C76B-9116-42C5-8814-0041856EB9E6}) (Version: 11.4.7001.0 - Microsoft Corporation) Hidden SQL Server Integration Services 2014 (HKLM-x32\...\{D5D68C12-ECF0-49BB-9722-DA964B722E08}) (Version: 12.2.5556.0 - Microsoft Corporation) Hidden SQL Server Integration Services 2016 (HKLM-x32\...\{D56E4042-C796-4499-BD55-7DD034ED9DD5}) (Version: 13.1.4451.0 - Microsoft Corporation) Hidden SQL Server Integration Services Singleton (HKLM-x32\...\{0D50919E-A9BF-4F4D-89D2-C3BBB571125E}) (Version: 14.0.800.98 - Microsoft Corporation) Hidden Team Explorer for Microsoft Visual Studio 2013 (HKLM-x32\...\{C9E7751E-88ED-36CF-B610-71A1D262E906}) (Version: 12.0.21005 - Microsoft Corporation) Hidden TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer) TreeSize Free V3.4.5 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.4.5 - JAM Software) TruckMate 2013 (HKLM-x32\...\{874F4E43-6846-4526-8B10-E81F717358F8}) (Version: 13.2.1000 - TMW Systems Inc.) TypeScript Power Tool (HKLM-x32\...\{6098D454-CB7B-44C2-8615-D869FD9655C7}) (Version: 1.0.5.0 - Microsoft Corporation) Hidden TypeScript Tools for Microsoft Visual Studio 2013 (HKLM-x32\...\{0E4A9B1A-12D2-4827-BE61-44DBD72797FB}) (Version: 1.0.5.0 - Microsoft Corporation) Hidden Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation) vcpp_crt.redist.clickonce (HKLM-x32\...\{C36E80D0-EED5-481F-9852-1EBB0DD122B6}) (Version: 14.11.25325 - Microsoft Corporation) Hidden Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation) Visual Studio 2013 Update 5 (KB2829760) (HKLM-x32\...\{17551f85-1d1c-4142-a83f-bbd18a3522c2}) (Version: 12.0.40629 - Microsoft Corporation) VMware vSphere Client 4.1 (HKLM-x32\...\{A0B433B1-941D-46F5-AE59-286263534232}) (Version: 4.1.0.14766 - VMware, Inc.) VMware vSphere Client 5.1 (HKLM-x32\...\{09DC364B-A77A-49A0-972B-E43F0DACC5E3}) (Version: 5.1.0.3577 - VMware, Inc.) VMware vSphere Client 5.5 (HKLM-x32\...\{4CFB0494-2E96-4631-8364-538E2AA91324}) (Version: 5.5.0.5274 - VMware, Inc.) VMware vSphere Client 6.0 (HKLM-x32\...\{593390AC-CACE-4278-AA77-350012BF10B1}) (Version: 6.0.0.7236 - VMware, Inc.) VNC Mirror Driver 1.8.0 (HKLM\...\VNCMirror_is1) (Version: 1.8.0 - RealVNC Ltd.) VNC Printer Driver 1.8.0 (HKLM\...\VNCPrinter_is1) (Version: 1.8.0 - RealVNC Ltd.) VNC Server 5.0.5 (HKLM\...\RealVNC_is1) (Version: 5.0.5 - RealVNC Ltd) VNC Viewer 5.0.5 (HKLM\...\RealVNCViewer_is1) (Version: 5.0.5 - RealVNC Ltd) VS Update core components (HKLM-x32\...\{7CE8C6D0-6EA4-34C3-A4ED-8C28A1D67228}) (Version: 12.0.40629 - Microsoft Corporation) Hidden vs_clickoncebootstrappermsi (HKLM-x32\...\{DCAD4F0C-21F2-4955-9C0A-2B7CEA610A74}) (Version: 15.0.26621 - Microsoft Corporation) Hidden vs_clickoncebootstrappermsires (HKLM-x32\...\{C32010D8-3E5A-4E2F-874E-9AAEB2384006}) (Version: 15.0.26621 - Microsoft Corporation) Hidden vs_clickoncesigntoolmsi (HKLM-x32\...\{440B670C-9862-487A-A381-57173D344039}) (Version: 15.0.26621 - Microsoft Corporation) Hidden vs_communitymsi (HKLM-x32\...\{52100697-9C66-44F3-BA20-68F8148CDF9B}) (Version: 15.0.26711 - Microsoft Corporation) Hidden vs_communitymsires (HKLM-x32\...\{40040E64-50EB-4FCF-B209-DA0B20821759}) (Version: 15.0.26621 - Microsoft Corporation) Hidden vs_devenvmsi (HKLM-x32\...\{BFFA2FFB-1095-4ADD-A352-368806D2412B}) (Version: 15.0.26621 - Microsoft Corporation) Hidden vs_filehandler_amd64 (HKLM-x32\...\{DDEF2BD0-F728-4D04-A085-B5ACC9ADC311}) (Version: 15.0.26711 - Microsoft Corporation) Hidden vs_filehandler_x86 (HKLM-x32\...\{2512A3CE-E1E4-46D5-8B40-28DA3AE2261E}) (Version: 15.0.26711 - Microsoft Corporation) Hidden vs_FileTracker_Singleton (HKLM-x32\...\{384F31FB-B99D-48A7-9D72-E1FEBEC2201A}) (Version: 15.0.26621 - Microsoft Corporation) Hidden vs_minshellinteropmsi (HKLM-x32\...\{D0772A03-7FC2-4B20-AC1F-B278299AA9C7}) (Version: 15.0.26621 - Microsoft Corporation) Hidden vs_minshellmsi (HKLM-x32\...\{66555B06-A474-4F98-A9D4-D753E5EBABE8}) (Version: 15.0.26906 - Microsoft Corporation) Hidden vs_minshellmsires (HKLM-x32\...\{6DFE6F8D-B61D-4348-AB70-4ABF1210DFD5}) (Version: 15.0.26621 - Microsoft Corporation) Hidden vs_SQLClickOnceBootstrappermsi (HKLM-x32\...\{5C682D5E-7168-47C6-87CD-53E2103B08AC}) (Version: 15.0.26621 - Microsoft Corporation) Hidden vs_tipsmsi (HKLM-x32\...\{032E21D1-556F-49D6-9518-CF53202AF63B}) (Version: 15.0.26621 - Microsoft Corporation) Hidden WebEx Productivity Tools (HKLM-x32\...\{88F83780-D7C0-11E6-A169-002618092B3B}) (Version: 31.11.1.62 - Cisco WebEx LLC) WebM Project Directshow Filters (HKU\S-1-5-21-52592350-14834091-22564546-1052\...\webmdshow) (Version: 1.0.4.1 - WebM Project) WinX HD Video Converter Deluxe 5.9.7 (HKLM-x32\...\WinX HD Video Converter Deluxe_is1) (Version: - Digiarty Software, Inc.) WinZip 15.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240CF}) (Version: 15.0.10039 - WinZip Computing, S.L. ) Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org) Zebra CardStudio (HKLM-x32\...\{D4AF1D5F-9CB1-4735-BD98-E1DBE853F82D}) (Version: 1.21.4100.00 - Zebra Technologies Corporation) Zebra CardStudio Clipart (HKLM-x32\...\{2AF2F8F6-0863-4B91-9E6A-57317A7579F3}) (Version: 1.0 - Zebra Technologies Corporation) Zebra CardStudio Quick Designs (HKLM-x32\...\{158587D9-FDD0-4FE5-B04F-BD4FB50B1F50}) (Version: 1.21.4100.00 - Zebra Technologies Corporation) Zebra Setup Utilities (HKLM-x32\...\{9207A8EC-3B2D-4A4A-8BF7-957FC19BB3DE}) (Version: 1.1.9.1192 - Zebra Technologies) Hidden Zebra ZXP S3 and S1 Card Printers (HKLM-x32\...\{1132009E-7E6B-43D3-8F24-5554F5E9483B}) (Version: 05.01.00.00 - Zebra Technologies Corporation) ZOC Terminal 6.2 (HKLM-x32\...\ZOC6) (Version: 6.28 - EmTec Innovative Software) Пакет Visual Studio 2012 Verification SDK - rus (HKLM-x32\...\{977CABC5-7B4B-3AE4-8E1B-56C673C1D638}) (Version: 12.0.30501 - Microsoft Corporation) Hidden Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (HKLM\...\{25FB53C5-BE4C-3B6C-A0C9-D49A39227E1E}) (Version: 11.0.51108 - Microsoft Corporation) Hidden Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (HKLM-x32\...\{68DC347D-C1C0-3DE2-A53E-CCC71DA53E57}) (Version: 11.0.51108 - Microsoft Corporation) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-52592350-14834091-22564546-1052_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\arntsenc\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-52592350-14834091-22564546-1052_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\arntsenc\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-52592350-14834091-22564546-1052_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\arntsenc\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileCoAuthLib64.dll => No File CustomCLSID: HKU\S-1-5-21-52592350-14834091-22564546-1052_Classes\CLSID\{7ECF6F97-B4F3-4168-9835-F59C06D7875F}\InprocServer32 -> C:\Users\arntsenc\AppData\Local\Microsoft\SkypeForBusinessPlugin\15.8.20020.400\GatewayActiveX-x64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-52592350-14834091-22564546-1052_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\arntsenc\AppData\Local\GoToMeeting\7759\G2MOutlookAddin64.dll => No File CustomCLSID: HKU\S-1-5-21-52592350-14834091-22564546-1052_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\arntsenc\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-52592350-14834091-22564546-1052_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\arntsenc\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-52592350-14834091-22564546-1052_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\arntsenc\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-52592350-14834091-22564546-1052_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\arntsenc\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-52592350-14834091-22564546-1052_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\arntsenc\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-52592350-14834091-22564546-1052_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\arntsenc\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-52592350-14834091-22564546-1052_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\arntsenc\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-52592350-14834091-22564546-1052_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\arntsenc\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-52592350-14834091-22564546-1052_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\arntsenc\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-52592350-14834091-22564546-1052_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\arntsenc\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-52592350-14834091-22564546-1052_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\arntsenc\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-52592350-14834091-22564546-1052_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\arntsenc\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-52592350-14834091-22564546-1052_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\arntsenc\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-52592350-14834091-22564546-1052_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\arntsenc\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-52592350-14834091-22564546-1052_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\arntsenc\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-52592350-14834091-22564546-1052_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\arntsenc\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-52592350-14834091-22564546-1052_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\arntsenc\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\arntsenc\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll [2018-09-25] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\arntsenc\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll [2018-09-25] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\arntsenc\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll [2018-09-25] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\arntsenc\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll [2018-09-25] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\arntsenc\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll [2018-09-25] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\arntsenc\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll [2018-09-25] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\arntsenc\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll [2018-09-25] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\arntsenc\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll [2018-09-25] (Dropbox, Inc.) ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2017-06-18] () ContextMenuHandlers1: [Notepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2017-06-18] () ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.) ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.) ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2012-02-10] (WinZip Computing, S.L.) ContextMenuHandlers1: [WS_FTP] -> {797F3885-5429-11D4-8823-0050DA59922B} => C:\Program Files\ipswitch\WS_FTP 12\wsftpsi.dll [2014-06-09] (Ipswitch, Inc. 83 Hartwell Avenue Lexington, MA 02421) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes) ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2012-02-10] (WinZip Computing, S.L.) ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2013-03-28] (Advanced Micro Devices, Inc.) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-12-14] (Intel Corporation) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-09-19] (Malwarebytes) ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.) ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd.) ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2012-02-10] (WinZip Computing, S.L.) ContextMenuHandlers6: [WS_FTP] -> {797F3885-5429-11D4-8823-0050DA59922B} => C:\Program Files\ipswitch\WS_FTP 12\wsftpsi.dll [2014-06-09] (Ipswitch, Inc. 83 Hartwell Avenue Lexington, MA 02421) ContextMenuHandlers1_S-1-5-21-52592350-14834091-22564546-1052: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\arntsenc\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll [2018-09-25] (Dropbox, Inc.) ContextMenuHandlers4_S-1-5-21-52592350-14834091-22564546-1052: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\arntsenc\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll [2018-09-25] (Dropbox, Inc.) ContextMenuHandlers5_S-1-5-21-52592350-14834091-22564546-1052: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\arntsenc\AppData\Roaming\Dropbox\bin\DropboxExt64.25.0.dll [2018-09-25] (Dropbox, Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {040217B2-EB08-4B93-A938-F1205F5E8D30} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company) Task: {09F94FDA-8880-4DC6-92AD-AE3828EFE6D2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-10-03] (Microsoft Corporation) Task: {0C340021-3889-4A72-B5C7-6F765B8CFD06} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-10-03] (Microsoft Corporation) Task: {1C50B09E-E817-4549-AD3F-49BC31B53971} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [2018-10-03] (Microsoft Corporation) Task: {1CD74900-81EB-48B9-8E47-1ADF9F14A379} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 15.0.437 => C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\Common7\IDE\VSIXAutoUpdate.exe [2017-10-27] () Task: {2644643F-732D-4467-A050-E46E7FA3F92C} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation) Task: {28D92DE0-322E-4181-8450-952EBE582F50} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.) Task: {2ABC95C9-BD52-40DA-B64C-9D1F7D1CC3E4} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-10-03] (Microsoft Corporation) Task: {328FF204-4C57-4D6D-ABB2-5DDAD9BE16E4} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft) Task: {339D1AD0-D172-44F1-ACC3-A003CC0139B9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-10-01] (Adobe Systems Incorporated) Task: {3767670D-F07C-4470-BC2D-C4158391F73D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated) Task: {44E86835-CF52-4F72-BA6C-DAC206C7D9F0} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\Dependencies\RemEngine.exe [2012-02-17] () Task: {45B70091-CB4E-4F31-AF0D-8558407C143D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.) Task: {5EA7851D-955C-48F8-A620-4DED961AA9E3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-52592350-14834091-22564546-1052UA => C:\Users\arntsenc\AppData\Local\Google\Update\GoogleUpdate.exe [2016-12-16] (Google Inc.) Task: {62FAC450-735B-40D2-9606-94D6CE1093D1} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-09-26] (Microsoft Corporation) Task: {632AC804-99E3-4494-ACDA-E840E4C64E0D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-09-05] (Hewlett-Packard Company) Task: {671A5030-C9CD-436F-B36F-16C683E81907} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-10-03] (Microsoft Corporation) Task: {74D2ADF5-4738-4B97-BFB1-3A6F0D599328} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation) Task: {7FD1030D-06BF-4A30-8A25-8BC58DBBA6E3} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-10-03] (Microsoft Corporation) Task: {8279619E-5087-4586-8AD7-994FB688BFDF} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation) Task: {9BE42F19-E957-4455-A5D0-71E8450E8F66} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation) Task: {A15224DD-28DD-4315-822E-FA2639C63829} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_108_Plugin.exe [2018-10-01] (Adobe Systems Incorporated) Task: {A205607F-90F5-4207-9A48-1BBE8D92F0C5} - System32\Tasks\MySQL\Installer\ManifestUpdate => C:\Program Files (x86)\MySQL\MySQL Installer for Windows\MySQLInstallerConsole.exe [2018-05-23] (Oracle Corporation) Task: {B29A2E43-7927-4AA8-B977-E717168EF81B} - System32\Tasks\McAfee DAT Built in test => C:\Program Files\Common Files\McAfee\Engine\scanners\x86_64\datrep\1.0.6.319\mcdatrep.exe [2018-09-01] (McAfee, LLC.) Task: {B6335C99-8717-41FB-B030-D12239BF80BB} - System32\Tasks\G2MUpdateTask-S-1-5-21-52592350-14834091-22564546-1052 => C:\Users\arntsenc\AppData\Local\GoToMeeting\10697\g2mupdate.exe [2018-09-30] (LogMeIn, Inc.) Task: {B6880A09-64D4-473B-BA60-91189AE96217} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-52592350-14834091-22564546-1052Core => C:\Users\arntsenc\AppData\Local\Google\Update\GoogleUpdate.exe [2016-12-16] (Google Inc.) Task: {B8700929-E319-4A7F-9DB4-DB01AD0D98D2} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-09-26] (Microsoft Corporation) Task: {CDA38D30-FD3C-4A9A-BA9A-0AD067E05585} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-52592350-14834091-22564546-1052UA => C:\Users\arntsenc\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.) Task: {D9590585-667F-4FDA-9AD8-9D3F570F5D0E} - System32\Tasks\G2MUploadTask-S-1-5-21-52592350-14834091-22564546-1052 => C:\Users\arntsenc\AppData\Local\GoToMeeting\10697\g2mupload.exe [2018-09-30] (LogMeIn, Inc.) Task: {F7A5444E-F1EA-4025-B76C-1AE50EE900E5} - System32\Tasks\{267D1BFF-7626-49C1-A871-EB0499DF2F7F} => C:\Windows\system32\pcalua.exe -a C:\~junk\11g\client\setup.exe -d C:\~junk\11g\client Task: {FA80A7EA-0D87-45C0-BF49-74D43FAAF82D} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-52592350-14834091-22564546-1052Core => C:\Users\arntsenc\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.) Task: {FBECEDAC-D42D-4790-B4E0-60F53A8479FD} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2018-04-20] (Safer-Networking Ltd.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-52592350-14834091-22564546-1052Core.job => C:\Users\arntsenc\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-52592350-14834091-22564546-1052UA.job => C:\Users\arntsenc\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-52592350-14834091-22564546-1052.job => C:\Users\arntsenc\AppData\Local\GoToMeeting\10697\g2mupdate.exe Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-52592350-14834091-22564546-1052.job => C:\Users\arntsenc\AppData\Local\GoToMeeting\10697\g2mupload.exe ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\arntsenc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Boomerang - SOAP & REST Client.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=eipdnjedkpcnlmmdfdkgfpljanehloah ==================== Loaded Modules (Whitelisted) ============== 2012-06-01 19:55 - 2012-06-01 19:55 - 003346432 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpFve64.dll 2013-09-03 16:27 - 2012-08-31 15:03 - 000288768 _____ () C:\Windows\System32\HP1100LM.DLL 2013-09-03 16:27 - 2012-08-31 15:02 - 000074240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP1100PP.DLL 2013-09-03 12:59 - 2012-12-04 20:33 - 000065024 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP2030PP.DLL 2013-09-03 12:59 - 2012-12-04 20:33 - 001236992 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\HP2030GC.DLL 2013-09-03 12:59 - 2012-12-04 20:33 - 000341504 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\HP2030SD.DLL 2018-01-26 16:15 - 2018-01-26 16:15 - 000724480 _____ () C:\Program Files\Cisco\AMP\6.0.5\dbh.dll 2018-01-26 16:15 - 2018-01-26 16:15 - 000102800 _____ () C:\Program Files\Cisco\AMP\clamav\0.99.3-beta1.49\mspack.dll 2017-06-14 09:20 - 2017-06-14 09:20 - 000559128 _____ () C:\Program Files\McAfee\Agent\sqlite.dll 2017-06-14 09:18 - 2017-06-14 09:18 - 000058680 _____ () C:\Program Files\McAfee\Agent\MXML.dll 2017-06-14 09:21 - 2017-06-14 09:21 - 000028224 _____ () C:\Program Files\McAfee\Agent\trex.dll 2017-06-14 08:47 - 2017-06-14 08:47 - 000152656 _____ () C:\Program Files\McAfee\Agent\libuv.dll 2017-06-14 09:23 - 2017-06-14 09:23 - 000121176 _____ () C:\Program Files\McAfee\Agent\zlib.dll 2017-06-14 08:46 - 2017-06-14 08:46 - 000033856 _____ () C:\Program Files\McAfee\Agent\libini.dll 2012-06-01 19:16 - 2012-06-01 19:16 - 001327104 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe 2018-05-03 12:04 - 2018-05-03 12:04 - 000089368 _____ () C:\Program Files (x86)\ScreenConnect Client (889927366ea076b3)\ScreenConnect.ClientService.exe 2013-09-03 12:59 - 2012-12-04 20:33 - 002672128 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\HP2030SU.DLL 2012-10-30 16:05 - 2012-10-30 16:05 - 000607744 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\JobCapsA.DLL 2013-09-03 16:27 - 2012-08-31 15:03 - 003034112 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\hp1100su.dll 2013-09-03 16:27 - 2012-08-31 15:02 - 001038336 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\HP1100GC.dll 2018-09-27 15:36 - 2018-09-12 17:57 - 002785784 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll 2018-09-27 15:36 - 2018-09-12 11:35 - 002701064 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll 2018-09-28 10:18 - 2018-09-28 10:18 - 000054440 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll 2015-07-08 13:23 - 2014-06-09 11:50 - 006552072 _____ () C:\Program Files\ipswitch\WS_FTP 12\res0409.dll 2017-06-18 17:44 - 2017-06-18 17:44 - 000230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll 2012-03-19 19:09 - 2012-03-19 19:09 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2012-09-13 01:38 - 2012-09-13 01:38 - 000264040 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe 2018-10-01 22:57 - 2018-09-15 04:26 - 005110616 _____ () C:\Program Files (x86)\Google\Chrome\Application\69.0.3497.100\libglesv2.dll 2018-10-01 22:57 - 2018-09-15 04:26 - 000116056 _____ () C:\Program Files (x86)\Google\Chrome\Application\69.0.3497.100\libegl.dll 2014-11-08 14:22 - 2014-11-08 14:22 - 001267280 _____ () C:\Program Files (x86)\Seagull\BarTender Suite\CmdrSrv.exe 2012-06-01 19:41 - 2012-06-01 19:41 - 002854912 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcEncryptionProviderPlugin.dll 2012-06-01 19:13 - 2012-06-01 19:13 - 000126976 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHostInterface.dll 2012-06-01 19:40 - 2012-06-01 19:40 - 003031040 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeOpalEncryptionProviderPlugin.dll 2012-06-01 19:45 - 2012-06-01 19:45 - 002867200 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpDpHostPlugin.dll 2012-06-01 19:43 - 2012-06-01 19:43 - 000053248 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeOpalATASec4SATA.dll 2012-06-01 19:17 - 2012-06-01 19:17 - 002043904 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeCoreEncryptionPlugin.dll 2012-06-01 19:18 - 2012-06-01 19:18 - 001949696 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeProductDetectionPlugin.dll 2017-06-14 08:46 - 2017-06-14 08:46 - 000029208 _____ () C:\Program Files\McAfee\Agent\x86\libini.dll 2017-06-14 09:20 - 2017-06-14 09:20 - 000434624 _____ () C:\Program Files\McAfee\Agent\x86\sqlite.dll 2017-06-14 09:18 - 2017-06-14 09:18 - 000048848 _____ () C:\Program Files\McAfee\Agent\x86\MXML.dll 2017-06-14 09:20 - 2017-06-14 09:20 - 000027128 _____ () C:\Program Files\McAfee\Agent\x86\trex.dll 2017-06-14 08:46 - 2017-06-14 08:46 - 000141800 _____ () C:\Program Files\McAfee\Agent\x86\libuv.dll 2016-08-19 07:56 - 2016-08-19 07:58 - 001754296 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\tmpod.dll 2018-09-25 13:44 - 2018-09-25 07:52 - 001110856 _____ () C:\Users\arntsenc\AppData\Roaming\Dropbox\bin\dropbox_watchdog.dll 2018-09-25 13:44 - 2018-09-25 07:52 - 002247496 _____ () C:\Users\arntsenc\AppData\Roaming\Dropbox\bin\dropbox_crashpad.dll 2018-09-25 13:44 - 2018-09-25 07:57 - 000024264 _____ () C:\Users\arntsenc\AppData\Roaming\Dropbox\bin\tornado.speedups.cp35-win32.pyd 2018-09-25 13:44 - 2018-09-25 07:55 - 000025456 _____ () C:\Users\arntsenc\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.cp35-win32.pyd 2018-09-25 13:44 - 2018-09-25 07:52 - 000142824 _____ () C:\Users\arntsenc\AppData\Roaming\Dropbox\bin\_cffi_backend.cp35-win32.pyd 2018-09-25 13:44 - 2018-09-25 07:55 - 001958760 _____ () C:\Users\arntsenc\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.cp35-win32.pyd 2018-09-25 13:44 - 2018-09-25 07:55 - 000026328 _____ () C:\Users\arntsenc\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.cp35-win32.pyd 2018-09-25 13:44 - 2018-09-25 07:52 - 000117272 _____ () C:\Users\arntsenc\AppData\Roaming\Dropbox\bin\pywintypes35.dll 2018-09-25 13:44 - 2018-09-25 07:52 - 000109024 _____ () C:\Users\arntsenc\AppData\Roaming\Dropbox\bin\win32api.cp35-win32.pyd 2018-09-25 13:44 - 2018-09-25 07:55 - 000083784 _____ () C:\Users\arntsenc\AppData\Roaming\Dropbox\bin\fastpath.cp35-win32.pyd 2018-09-25 13:44 - 2018-09-25 07:52 - 000418776 _____ () C:\Users\arntsenc\AppData\Roaming\Dropbox\bin\pythoncom35.dll 2018-09-25 13:44 - 2018-09-25 07:52 - 000027616 _____ () C:\Users\arntsenc\AppData\Roaming\Dropbox\bin\win32event.cp35-win32.pyd 2018-09-25 13:44 - 2018-09-25 07:52 - 000049128 _____ () C:\Users\arntsenc\AppData\Roaming\Dropbox\bin\win32process.cp35-win32.pyd 2018-09-25 13:44 - 2018-09-25 07:55 - 000074584 _____ () C:\Users\arntsenc\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.cp35-win32.pyd 2018-09-25 13:44 - 2018-09-25 07:52 - 000131552 _____ () C:\Users\arntsenc\AppData\Roaming\Dropbox\bin\win32file.cp35-win32.pyd 2018-09-25 13:44 - 2018-09-25 07:54 - 000026312 _____ () C:\Users\arntsenc\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.cp35-win32.pyd 2018-09-25 13:44 - 2018-09-25 07:52 - 000026600 _____ () C:\Users\arntsenc\AppData\Roaming\Dropbox\bin\win32clipboard.cp35-win32.pyd 2018-09-25 13:44 - 2018-09-25 07:52 - 000182752 _____ () C:\Users\arntsenc\AppData\Roaming\Dropbox\bin\win32gui.cp35-win32.pyd 2018-09-25 13:44 - 2018-09-25 07:52 - 000027616 _____ () C:\Users\arntsenc\AppData\Roaming\Dropbox\bin\win32pipe.cp35-win32.pyd 2018-09-25 13:44 - 2018-09-25 07:52 - 000119272 _____ () C:\Users\arntsenc\AppData\Roaming\Dropbox\bin\win32security.cp35-win32.pyd 2018-09-25 13:44 - 2018-09-25 07:57 - 000401240 _____ () C:\Users\arntsenc\AppData\Roaming\Dropbox\bin\win32com.shell.shell.cp35-win32.pyd 2018-09-25 13:44 - 2018-09-25 07:52 - 000028640 _____ () C:\Users\arntsenc\AppData\Roaming\Dropbox\bin\win32job.cp35-win32.pyd 2018-09-25 13:44 - 2018-09-25 07:57 - 000034664 _____ () C:\Users\arntsenc\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.cp35-win32.pyd 2018-09-25 13:44 - 2018-09-25 07:52 - 000023520 _____ () C:\Users\arntsenc\AppData\Roaming\Dropbox\bin\mmapfile.cp35-win32.pyd 2018-09-25 13:44 - 2018-09-25 07:52 - 000053736 _____ () C:\Users\arntsenc\AppData\Roaming\Dropbox\bin\win32service.cp35-win32.pyd 2018-09-25 13:44 - 2018-09-25 07:52 - 000065504 _____ () C:\Users\arntsenc\AppData\Roaming\Dropbox\bin\win32evtlog.cp35-win32.pyd 2018-09-25 13:44 - 2018-09-25 07:58 - 000059744 _____ () C:\Users\arntsenc\AppData\Roaming\Dropbox\bin\winshell.compiled._winshell.cp35-win32.pyd 2018-09-25 13:44 - 2018-09-25 07:57 - 000069336 _____ () C:\Users\arntsenc\AppData\Roaming\Dropbox\bin\winenumhandles.compiled._WinEnumHandles.cp35-win32.pyd 2018-09-25 13:44 - 2018-09-25 07:58 - 000028520 _____ () C:\Users\arntsenc\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.cp35-win32.pyd 2018-09-25 13:44 - 2018-09-25 07:54 - 000027488 _____ () C:\Users\arntsenc\AppData\Roaming\Dropbox\bin\crashpad.compiled._Crashpad.cp35-win32.pyd 2018-09-25 13:44 - 2018-09-25 07:52 - 000032736 _____ () C:\Users\arntsenc\AppData\Roaming\Dropbox\bin\win32ts.cp35-win32.pyd 2018-09-25 13:44 - 2018-09-25 07:56 - 000156504 _____ () C:\Users\arntsenc\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.cp35-win32.pyd 2018-09-25 13:44 - 2018-09-25 07:57 - 000092488 _____ () C:\Users\arntsenc\AppData\Roaming\Dropbox\bin\sip.cp35-win32.pyd 2018-09-25 13:44 - 2018-09-25 07:55 - 001779024 _____ () C:\Users\arntsenc\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.cp35-win32.pyd 2018-09-25 13:44 - 2018-09-25 07:55 - 000519504 _____ () C:\Users\arntsenc\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.cp35-win32.pyd 2018-09-25 13:44 - 2018-09-25 07:56 - 000052056 _____ () C:\Users\arntsenc\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineCore.cp35-win32.pyd 2018-09-25 13:44 - 2018-09-25 07:55 - 001929552 _____ () C:\Users\arntsenc\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.cp35-win32.pyd 2018-09-25 13:44 - 2018-09-25 07:56 - 003822784 _____ () C:\Users\arntsenc\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.cp35-win32.pyd 2018-09-25 13:44 - 2018-09-25 07:56 - 000044888 _____ () C:\Users\arntsenc\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.cp35-win32.pyd 2018-09-25 13:44 - 2018-09-25 07:56 - 000132944 _____ () C:\Users\arntsenc\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.cp35-win32.pyd 2018-09-25 13:44 - 2018-09-25 07:56 - 000218456 _____ () C:\Users\arntsenc\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.cp35-win32.pyd 2018-09-25 13:44 - 2018-09-25 07:55 - 000205656 _____ () C:\Users\arntsenc\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.cp35-win32.pyd 2018-09-25 13:44 - 2018-09-25 07:52 - 000061408 _____ () C:\Users\arntsenc\AppData\Roaming\Dropbox\bin\win32print.cp35-win32.pyd 2018-09-25 13:44 - 2018-09-25 07:58 - 000051552 _____ () C:\Users\arntsenc\AppData\Roaming\Dropbox\bin\winrpcserver.compiled._RPCServer.cp35-win32.pyd 2018-09-25 13:44 - 2018-09-25 07:52 - 000027624 _____ () C:\Users\arntsenc\AppData\Roaming\Dropbox\bin\win32profile.cp35-win32.pyd 2018-09-25 13:44 - 2018-09-25 07:58 - 000033632 _____ () C:\Users\arntsenc\AppData\Roaming\Dropbox\bin\winreindex.compiled._winreindex.cp35-win32.pyd 2018-09-25 13:44 - 2018-09-25 07:57 - 000028008 _____ () C:\Users\arntsenc\AppData\Roaming\Dropbox\bin\winffi.user32.compiled._winffi_user32.cp35-win32.pyd 2018-09-25 13:44 - 2018-09-25 07:57 - 000026336 _____ () C:\Users\arntsenc\AppData\Roaming\Dropbox\bin\winffi.iphlpapi.compiled._winffi_iphlpapi.cp35-win32.pyd 2018-09-25 13:44 - 2018-09-25 07:57 - 000025448 _____ () C:\Users\arntsenc\AppData\Roaming\Dropbox\bin\winffi.winerror.compiled._winffi_winerror.cp35-win32.pyd 2018-09-25 13:44 - 2018-09-25 07:58 - 000026328 _____ () C:\Users\arntsenc\AppData\Roaming\Dropbox\bin\winffi.wininet.compiled._winffi_wininet.cp35-win32.pyd 2018-09-25 13:44 - 2018-09-25 07:55 - 000031600 _____ () C:\Users\arntsenc\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.cp35-win32.pyd 2018-09-25 13:44 - 2018-09-25 07:52 - 000494048 _____ () C:\Users\arntsenc\AppData\Roaming\Dropbox\bin\winxpgui.cp35-win32.pyd 2018-09-25 13:44 - 2018-09-25 07:58 - 000029408 _____ () C:\Users\arntsenc\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.cp35-win32.pyd 2018-09-25 13:44 - 2018-09-25 07:55 - 000029024 _____ () C:\Users\arntsenc\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.cp35-win32.pyd 2018-09-25 13:44 - 2018-09-25 07:52 - 000036312 _____ () C:\Users\arntsenc\AppData\Roaming\Dropbox\bin\librsync.dll 2018-09-25 13:44 - 2018-09-25 07:57 - 000025960 _____ () C:\Users\arntsenc\AppData\Roaming\Dropbox\bin\winffi.advapi32.compiled._winffi_advapi32.cp35-win32.pyd 2018-09-25 13:44 - 2018-09-25 07:55 - 000434360 _____ () C:\Users\arntsenc\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL 2018-09-25 13:44 - 2018-09-25 07:57 - 000035680 _____ () C:\Users\arntsenc\AppData\Roaming\Dropbox\bin\wind3d11.compiled._wind3d11.cp35-win32.pyd 2018-09-25 13:44 - 2018-09-25 07:55 - 000025920 _____ () C:\Users\arntsenc\AppData\Roaming\Dropbox\bin\libEGL.DLL 2018-09-25 13:44 - 2018-09-25 07:55 - 001592128 _____ () C:\Users\arntsenc\AppData\Roaming\Dropbox\bin\libGLESv2.dll 2018-09-25 13:44 - 2018-09-25 07:57 - 000029544 _____ () C:\Users\arntsenc\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.cp35-win32.pyd 2018-09-25 13:44 - 2018-09-25 07:56 - 000531280 _____ () C:\Users\arntsenc\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.cp35-win32.pyd 2018-09-25 13:44 - 2018-09-25 07:55 - 000354128 _____ () C:\Users\arntsenc\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.cp35-win32.pyd 2018-09-25 13:44 - 2018-09-25 07:56 - 000037200 _____ () C:\Users\arntsenc\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngine.cp35-win32.pyd 2012-09-13 01:38 - 2012-09-13 01:38 - 002144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll 2012-09-13 01:38 - 2012-09-13 01:38 - 007955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll 2012-09-13 01:38 - 2012-09-13 01:38 - 000341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll 2012-09-13 01:38 - 2012-09-13 01:38 - 000028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll 2012-09-13 01:38 - 2012-09-13 01:38 - 000127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll 2012-09-13 01:39 - 2012-09-13 01:39 - 000336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll 2014-11-08 14:22 - 2014-11-08 14:22 - 000334416 _____ () C:\Program Files (x86)\Seagull\BarTender Suite\CmdrEnu.dll 2014-11-08 13:11 - 2014-11-08 13:11 - 001740800 _____ () C:\Program Files (x86)\Seagull\BarTender Suite\CmdrJobServer.dll 2014-11-08 12:52 - 2014-11-08 12:52 - 001483776 _____ () C:\Program Files (x86)\Seagull\BarTender Suite\CcsBt.dll 2014-11-08 14:23 - 2014-11-08 14:23 - 000031824 _____ () C:\Program Files (x86)\Seagull\BarTender Suite\CmdrJobServerBasePs.dll 2013-08-15 12:27 - 2012-02-21 16:09 - 001198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Windows:nlsPreferences [386] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ScreenConnect Client (889927366ea076b3) => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-52592350-14834091-22564546-1052\...\sharepoint.com -> hxxps://jdsmith.sharepoint.com ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2016-05-18 15:48 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-52592350-14834091-22564546-1052\Control Panel\Desktop\\Wallpaper -> C:\Users\arntsenc\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.10.212 - 192.168.10.241 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == If an entry is included in the fixlist, it will be removed. MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: BlackBerryLink.exe => "C:\Program Files (x86)\Research In Motion\BlackBerry Link\BlackBerryLink.exe" /minimize MSCONFIG\startupreg: File Sanitizer => c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe MSCONFIG\startupreg: MfeEpePcMonitor => "C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe" MSCONFIG\startupreg: RIM PeerManager => "C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe" MSCONFIG\startupreg: RIMBBLaunchAgent.exe => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [{CD84680B-BE3A-48F1-A018-42A5CDF4BC43}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{286EF067-AD52-4ECE-A5AB-046EB294D888}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{CD816D73-06F6-436C-96F2-CA8F99F9BF91}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{CD9F606F-A73B-49BB-83A6-B08D28E40C93}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{BA4A43D6-AC99-457F-BD93-05D4FB1D8148}] => (Allow) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe FirewallRules: [{FAD28245-4354-44E3-AE08-61D93061DE6F}] => (Allow) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe FirewallRules: [{6EEBFBC5-2AFE-4A27-9FA4-151826799E6E}] => (Allow) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe FirewallRules: [{5C4FA85D-8B10-45C4-8E99-12F2BF535E5D}] => (Allow) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe FirewallRules: [{5B21E668-02E7-418D-A7C8-D0E8A51EA15B}] => (Allow) C:\Program Files (x86)\Common Files\Research In Motion\nginx\nginx.exe FirewallRules: [{3DCF7260-F4BA-4B7E-B073-4F927B3C2BD6}] => (Allow) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe FirewallRules: [{D0E8AB37-00E3-4A4D-8DB0-F76DB1C2DFFB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{18F0A86E-829B-4949-9BFD-3A2CF657CC34}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{7C2B83E2-F977-43ED-8BDA-71C1A3144797}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{6D9B6B1F-D365-43D6-8887-9DD940DE9564}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{2F587928-D760-4044-9BDD-8CF7277DC4E4}] => (Allow) C:\Program Files (x86)\Google\Google Talk\googletalk.exe FirewallRules: [{8AADDC2F-5D60-491E-AFE3-606469CBD4C6}] => (Allow) C:\Program Files (x86)\Google\Google Talk\googletalk.exe FirewallRules: [TCP Query User{A5893375-8077-41D5-91B3-D71D2F7892B7}C:\program files (x86)\logitech\logitech vid\vid.exe] => (Allow) C:\program files (x86)\logitech\logitech vid\vid.exe FirewallRules: [UDP Query User{6CA8CE2F-EC06-4809-848C-BE18880BF884}C:\program files (x86)\logitech\logitech vid\vid.exe] => (Allow) C:\program files (x86)\logitech\logitech vid\vid.exe FirewallRules: [{4E9E1F86-049E-432C-8A97-898A977DC7F1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{E1EB6EF0-5882-4937-84CB-29658F3B20B0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{5620F50F-1D5C-42C1-9719-91BFC02AAC33}] => (Allow) C:\Program Files (x86)\Samsung\SideSync3\SideSync3.exe FirewallRules: [{5FD1AE95-65A7-4D63-9341-7296B9B0FFE4}] => (Allow) C:\Program Files (x86)\Samsung\SideSync3\SideSync3.exe FirewallRules: [{23FB9C3D-4E49-4543-B7FD-B1024415D0C0}] => (Allow) C:\Users\arntsenc\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{23638B18-1828-4F1D-A211-B0F8BC485F7E}] => (Allow) C:\Users\arntsenc\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{5EED8367-6F1F-4F32-91BF-51E532BA61B1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{22905165-D3B4-4F87-9B02-9521E4BE18A4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{DE504774-9950-4A17-B9ED-9F636A8DD4B2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{490D3B0B-DCDA-41D9-A4F6-13DF81B270D5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{02E1472A-DE27-43AD-9DAE-C11517DAF851}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\WDExpress.exe FirewallRules: [{BF707CA5-D464-4296-BA84-D4724EF17CC1}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exe FirewallRules: [{F2EE3D33-1D50-4E9C-A8CE-A4D82B86C0CF}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe FirewallRules: [{1431872D-CD21-4D9E-A3AF-C2853FF1DEE0}] => (Allow) C:\Program Files\McAfee\Agent\macmnsvc.exe FirewallRules: [{098FFA6B-6446-49A9-B9DA-D64D33675A39}] => (Allow) C:\Program Files\McAfee\Agent\macmnsvc.exe FirewallRules: [{475B5FCA-761F-435A-AE8D-8CDA20F24DA0}] => (Allow) C:\Program Files\McAfee\Agent\macmnsvc.exe FirewallRules: [{10DF4B07-FF62-4DAA-9515-68B44A363DAE}] => (Allow) C:\Program Files\McAfee\Agent\macmnsvc.exe FirewallRules: [{28D1B6C4-D3F5-4186-8566-EEA89FC4AC3E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{4098B9D5-135E-427F-9A95-082531A112A8}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [{E7BA75D4-8FB4-485B-9F3C-2513F92545D7}] => (Allow) C:\Program Files (x86)\Seagull\BarTender Suite\BtSystem.Service.exe FirewallRules: [{673C6B23-2727-4B8D-AB76-4F141EF6267D}] => (Allow) C:\Program Files (x86)\Seagull\BarTender Suite\BtSystem.Service.exe FirewallRules: [{BAEF1ADD-D994-4815-8EA4-58F4454AEB59}] => (Allow) C:\Program Files (x86)\Seagull\BarTender Suite\HistoryExplorer.exe FirewallRules: [{943314CE-CDB1-4DEB-B44E-9CD806B4AC1D}] => (Allow) C:\Program Files (x86)\Seagull\BarTender Suite\HistoryExplorer.exe FirewallRules: [{33230830-FE9F-4D80-8643-E4A67F301492}] => (Allow) C:\Program Files (x86)\Seagull\BarTender Suite\ReprintConsole.exe FirewallRules: [{32760AE9-3240-47FA-9F6C-3C1A1DC590F4}] => (Allow) C:\Program Files (x86)\Seagull\BarTender Suite\ReprintConsole.exe FirewallRules: [{BE753D80-F850-4124-8817-3A3400327A18}] => (Allow) C:\Program Files (x86)\Seagull\BarTender Suite\SystemDatabaseWizard.exe FirewallRules: [{A53AF7C9-49E1-4995-994B-C229C4768909}] => (Allow) C:\Program Files (x86)\Seagull\BarTender Suite\SystemDatabaseWizard.exe FirewallRules: [{F893D054-DD14-4262-8516-9EFF5C2E0D97}] => (Allow) C:\Program Files (x86)\Seagull\BarTender Suite\SystemDatabaseSetup.exe FirewallRules: [{BBA20998-5834-4666-B0C1-80869B01916B}] => (Allow) C:\Program Files (x86)\Seagull\BarTender Suite\SystemDatabaseSetup.exe FirewallRules: [{C3C3DEEF-48A9-4474-8455-19E47D902113}] => (Allow) C:\Program Files (x86)\Seagull\BarTender Suite\Maestro.Service.exe FirewallRules: [{7D9F666E-1340-4CC1-943E-8612C324D475}] => (Allow) C:\Program Files (x86)\Seagull\BarTender Suite\Maestro.Service.exe FirewallRules: [{F04FFC7F-83B2-4A1A-B5E3-8DA8AAAD4B2F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe FirewallRules: [{A03E5852-561F-494A-A271-191111BD77DA}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{EF595E11-B662-42CB-A4AF-B162DEE83827}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [{ACD9164E-FEE1-4452-83FB-602322BE91BA}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe FirewallRules: [{ED6AF9F7-23CF-4D43-9980-02490E933826}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe FirewallRules: [{D4A56402-141A-4D45-B3E0-519C536F551F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{ED0A0CAF-3CEE-42FD-A1E0-AB9AEE072CA7}] => (Allow) LPort=42004 FirewallRules: [{415DCD1B-EC8C-4096-838A-2A131810FFA6}] => (Allow) LPort=4999 FirewallRules: [{E246B4CA-DD1A-4D7E-97F1-5F224B5159BE}] => (Allow) C:\Windows\LTSvc\LTSVC.exe FirewallRules: [{B155B353-E8A3-4FC3-9A87-88F48DD57358}] => (Allow) C:\Windows\LTSvc\LTSVC.exe FirewallRules: [{5358B431-EF6B-4ED7-B606-3BCEE210F09E}] => (Allow) C:\Windows\LTSvc\LTSVCmon.exe FirewallRules: [{9AF32A5A-D5C6-4181-B77D-C0C072EFD63E}] => (Allow) C:\Windows\LTSvc\LTSVCmon.exe FirewallRules: [{EA40507F-B7C4-4070-9581-09BF02B45E4A}] => (Allow) C:\Windows\LTSvc\LTTray.exe FirewallRules: [{10ED2E3C-0194-4611-95AA-60469E763EF1}] => (Allow) C:\Windows\LTSvc\LTTray.exe StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service ==================== Restore Points ========================= 21-09-2018 00:00:01 Scheduled Checkpoint 28-09-2018 00:00:25 Scheduled Checkpoint ==================== Faulty Device Manager Devices ============= Name: Microsoft Teredo Tunneling Adapter Description: Microsoft Teredo Tunneling Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (10/03/2018 04:12:02 PM) (Source: SideBySide) (EventID: 35) (User: ) Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1. Component identity found in manifest does not match the identity of the component requested. Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0". Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0". Please use sxstrace.exe for detailed diagnosis. Error: (10/03/2018 04:09:52 PM) (Source: SideBySide) (EventID: 35) (User: ) Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1. Component identity found in manifest does not match the identity of the component requested. Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0". Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0". Please use sxstrace.exe for detailed diagnosis. Error: (10/03/2018 04:09:20 PM) (Source: SideBySide) (EventID: 35) (User: ) Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1. Component identity found in manifest does not match the identity of the component requested. Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0". Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0". Please use sxstrace.exe for detailed diagnosis. Error: (10/03/2018 04:08:38 PM) (Source: SideBySide) (EventID: 35) (User: ) Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1. Component identity found in manifest does not match the identity of the component requested. Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0". Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0". Please use sxstrace.exe for detailed diagnosis. Error: (10/03/2018 04:06:35 PM) (Source: SideBySide) (EventID: 35) (User: ) Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1. Component identity found in manifest does not match the identity of the component requested. Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0". Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0". Please use sxstrace.exe for detailed diagnosis. Error: (10/03/2018 04:05:23 PM) (Source: SideBySide) (EventID: 35) (User: ) Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1. Component identity found in manifest does not match the identity of the component requested. Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0". Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0". Please use sxstrace.exe for detailed diagnosis. Error: (10/03/2018 04:04:46 PM) (Source: SideBySide) (EventID: 35) (User: ) Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1. Component identity found in manifest does not match the identity of the component requested. Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0". Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0". Please use sxstrace.exe for detailed diagnosis. Error: (10/03/2018 04:02:38 PM) (Source: SideBySide) (EventID: 35) (User: ) Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1. Component identity found in manifest does not match the identity of the component requested. Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0". Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0". Please use sxstrace.exe for detailed diagnosis. System errors: ============= Error: (10/03/2018 04:07:52 PM) (Source: Ntfs) (EventID: 137) (User: ) Description: The default transaction resource manager on volume \\?\Volume{be466ac5-05cc-11e3-aa90-806e6f6e6963} encountered a non-retryable error and could not start. The data contains the error code. Error: (10/03/2018 04:07:52 PM) (Source: Ntfs) (EventID: 137) (User: ) Description: The default transaction resource manager on volume \\?\Volume{56c297c4-0c2a-11e3-b41e-806e6f6e6963} encountered a non-retryable error and could not start. The data contains the error code. Error: (10/03/2018 04:07:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The VMware USB Arbitration Service service failed to start due to the following error: The pipe has been ended. Error: (10/03/2018 04:07:20 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: The server {3EB3C877-1F16-487C-9050-104DBCD66683} did not register with DCOM within the required timeout. Error: (10/03/2018 04:07:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Software Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. Error: (10/03/2018 04:07:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The BarTender System Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. Error: (10/03/2018 04:07:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Intel(R) Management and Security Application User Notification Service service terminated unexpectedly. It has done this 1 time(s). Error: (10/03/2018 04:07:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The McAfee Agent Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. CodeIntegrity: =================================== Date: 2018-09-28 19:21:25.083 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. Date: 2018-09-28 16:45:04.759 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. Date: 2018-09-28 16:33:30.568 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. Date: 2018-09-28 16:13:35.024 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. Date: 2018-09-28 16:02:58.811 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. Date: 2018-09-28 15:53:12.671 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. Date: 2018-09-28 15:45:23.658 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. Date: 2018-09-28 15:05:36.060 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz Percentage of memory in use: 26% Total physical RAM: 20354.03 MB Available physical RAM: 14918.13 MB Total Virtual: 40706.2 MB Available Virtual: 34682.48 MB ==================== Drives ================================ Drive ? (OS) (Fixed) (Total:215.24 GB) (Free:65.61 GB) NTFS \\?\Volume{56c297c4-0c2a-11e3-b41e-806e6f6e6963}\ (SYSTEM) (Fixed) (Total:0.02 GB) (Free:0 GB) NTFS \\?\Volume{be466ac5-05cc-11e3-aa90-806e6f6e6963}\ (HP_RECOVERY) (Fixed) (Total:8.27 GB) (Free:0 GB) NTFS \\?\Volume{56c297c5-0c2a-11e3-b41e-806e6f6e6963}\ (HP_TOOLS) (Fixed) (Total:0.04 GB) (Free:0.03 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 223.6 GB) (Disk ID: BDCE7E77) Partition 1: (Active) - (Size=25 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=215.2 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=8.3 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=38 MB) - (Type=27) ==================== End of Addition.txt ============================ Link to post Share on other sites More sharing options...
kevinf80 Posted October 3, 2018 ID:1273198 Share Posted October 3, 2018 Thanks for those logs carntsen, continue: Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix" NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Open FRST and press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. Next, Please download Zemana AntiMalware and save it to your Desktop. Install the program and once the installation is complete it will start automatically. Without changing any options, press Scan to begin. After the short scan is finished, if threats are detected press Next to remove them.Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please re-boot your computer manually. Open Zemana AntiMalware again. Click on icon and double click the latest report. Now click File > Save As and choose your Desktop before pressing Save. Attach saved report in your next message. Next, Download Sophos Free Virus Removal Tool and save it to your desktop. If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete..... Please Do Not use your PC whilst the scan is in progress.... This scan is very thorough so may take several hours... Double click the icon and select Run Click Next Select I accept the terms in this license agreement, then click Next twice Click Install Click Finish to launch the program Once the virus database has been updated click Start Scanning If any threats are found click Details, then View log file... (bottom left hand corner) Copy and paste the results in your reply Close the Notepad document, close the Threat Details screen, then click Start cleanup Click Exit to close the program If no threats were found please confirm that result.... The Virus Removal Tool scans the following areas of your computer: Memory, including system memory on 32-bit (x86) versions of Windows The Windows registry All local hard drives, fixed and removable Mapped network drives are not scanned. Note: If threats are found in the computer memory, the scan stops. This is because further scanning could enable the threat to spread. You will be asked to click Start Cleanup to remove the threats before continuing the scan. Let me see those logs in your reply... Thank you, Kevin.. fixlist.txt Link to post Share on other sites More sharing options...
carntsen Posted October 4, 2018 Author ID:1273324 Share Posted October 4, 2018 Here is copy of Fixlog.txt Fix result of Farbar Recovery Scan Tool (x64) Version: 03.10.2018 01 Ran by CArntsen (04-10-2018 07:17:14) Run:1 Running from C:\Users\arntsenc\Downloads Loaded Profiles: CArntsen (Available Profiles: jdsmith & CArntsen & Service & kasadmin & GFranklin & xbase1) Boot Mode: Normal ============================================== fixlist content: ***************** Start CreateRestorePoint: CloseProcesses: HKU\S-1-5-21-52592350-14834091-22564546-1052 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <==== ATTENTION HKU\S-1-5-21-52592350-14834091-22564546-1052 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <==== ATTENTION HKU\S-1-5-21-52592350-14834091-22564546-1052 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <==== ATTENTION HKU\S-1-5-21-52592350-14834091-22564546-1052 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <==== ATTENTION GroupPolicy: Restriction ? <==== ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION S3 LVPr2M64; system32\DRIVERS\LVPr2M64.sys [X] S3 mfeavfk01; \Device\mfeavfk01.sys [X] U4 warpview; no ImagePath AlternateDataStreams: C:\Windows:nlsPreferences [386] FirewallRules: [{ED0A0CAF-3CEE-42FD-A1E0-AB9AEE072CA7}] => (Allow) LPort=42004 FirewallRules: [{415DCD1B-EC8C-4096-838A-2A131810FFA6}] => (Allow) LPort=4999 C:\Windows\system32\VBScript.dll EmptyTemp: Hosts: CMD: ipconfig /flushDNS end ***************** Restore point was successfully created. Processes closed successfully. "HKU\S-1-5-21-52592350-14834091-22564546-1052 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <==== ATTENTION" => not found HKU\S-1-5-21-52592350-14834091-22564546-1052 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <==== ATTENTION => restored successfully HKU\S-1-5-21-52592350-14834091-22564546-1052 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <==== ATTENTION => restored successfully HKU\S-1-5-21-52592350-14834091-22564546-1052 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <==== ATTENTION => restored successfully C:\Windows\system32\GroupPolicy\Machine => moved successfully C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully HKLM\SOFTWARE\Policies\Google => removed successfully HKLM\System\CurrentControlSet\Services\LVPr2M64 => removed successfully LVPr2M64 => service removed successfully HKLM\System\CurrentControlSet\Services\mfeavfk01 => removed successfully mfeavfk01 => service removed successfully HKLM\System\CurrentControlSet\Services\warpview => removed successfully warpview => service removed successfully C:\Windows => ":nlsPreferences" ADS removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{ED0A0CAF-3CEE-42FD-A1E0-AB9AEE072CA7}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{415DCD1B-EC8C-4096-838A-2A131810FFA6}" => removed successfully C:\Windows\system32\VBScript.dll => moved successfully C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. ========= ipconfig /flushDNS ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= =========== EmptyTemp: ========== BITS transfer queue => 8388608 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 182575245 B Java, Flash, Steam htmlcache => 4597 B Windows/system/drivers => 15266470 B Edge => 0 B Chrome => 1167809893 B Firefox => 356083413 B Opera => 0 B Temp, IE cache, history, cookies, recent: Users => 0 B Default => 0 B Public => 0 B ProgramData => 0 B systemprofile => 33058 B systemprofile32 => 30264829 B LocalService => 0 B NetworkService => 0 B jdsmith => 11319976 B arntsenc => 2217924641 B service => 3637946 B kasadmin => 0 B gfranklin => 42113 B xbase1 => 186592409 B xbase2 => 35956 B RecycleBin => 7896544 B EmptyTemp: => 3.9 GB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 07:20:45 ==== Link to post Share on other sites More sharing options...
carntsen Posted October 4, 2018 Author ID:1273325 Share Posted October 4, 2018 Here is Zemana Zemana AntiMalware 2.74.2.150 (Installed) ------------------------------------------------------- Scan Result : Completed Scan Date : 2018/10/4 Operating System : Windows 7 64-bit Processor : 8X Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz BIOS Mode : Legacy CUID : 1284975516CEE8837874C7 Scan Type : System Scan Duration : 1m 58s Scanned Objects : 116877 Detected Objects : 0 Excluded Objects : 0 Read Level : Normal Auto Upload : Enabled Detect All Extensions : Disabled Scan Documents : Disabled Domain Info : JDSMITH,1,3 Detected Objects ------------------------------------------------------- No threats detected Link to post Share on other sites More sharing options...
kevinf80 Posted October 4, 2018 ID:1273332 Share Posted October 4, 2018 Thanks for those logs.. Link to post Share on other sites More sharing options...
carntsen Posted October 4, 2018 Author ID:1273405 Share Posted October 4, 2018 Sophos found nothing MalwareBytes continues to pop-up on every IE session Link to post Share on other sites More sharing options...
kevinf80 Posted October 4, 2018 ID:1273413 Share Posted October 4, 2018 Scan with Autoruns Please download Sysinternals Autoruns from the following link: https://live.sysinternals.com/autoruns.exe save it to your desktop. Note: If using Windows Vista, Windows 7, Windows 8/8.1 or Windows 10 then you also need to do the following: Right-click on Autoruns.exe and select Properties Click on the Compatibility tab Under Privilege Level check the box next to Run this program as an administrator Click on Apply then click OK Double-click Autoruns.exe to run it. Once it starts, please press the Esc key on your keyboard. Now that scanning is stopped, click on the Options button at the top of the program and verify that the following are checked, if they are unchecked, check them:Hide empty locationsHide Windows entries Click on the Options button at the top of the program and select Scan Options... then in the Autoruns Scan Options dialog enable/check the following two options:Verify code signaturesCheck VirusTotal.com Once that's done click the Rescan button at the bottom of the Autoruns Scan Options dialog and this will start the scan again, this time let it finish. When it's finished and says Ready. on the lower left of the program window, please click on the File button at the top of the program and select Save and save the file to your desktop and close Autoruns. Right click on the file on your desktop that you just saved and hover your mouse over Send To and select Compressed (zipped) Folder Attach the ZIP folder you just created to your next reply Link to post Share on other sites More sharing options...
carntsen Posted October 4, 2018 Author ID:1273421 Share Posted October 4, 2018 See attached Zip file DT-CARNTSEN2.zip Link to post Share on other sites More sharing options...
kevinf80 Posted October 4, 2018 ID:1273427 Share Posted October 4, 2018 Download Dr Web Cureit from here http://www.freedrweb.com/cureit save to your desktop. The file will be randomly named Reboot to safe mode <<<<<------------ http://www.computerhope.com/issues/chsafe.htm Run Dr Web Tick the I agree box and select continue Click select objects for scanning Tick all boxes as shown Click the wrench and select automatically apply actions to threats Press start scan The scan will now commence Once the scan has finished click open report <<<--- Do not miss this step A notepad will open Select File > Save as.. Save it to your desktop This log will be excessive, Please attach it to your next reply… Link to post Share on other sites More sharing options...
carntsen Posted October 4, 2018 Author ID:1273429 Share Posted October 4, 2018 Dr Web found no threats. Log attached cureit.log Link to post Share on other sites More sharing options...
kevinf80 Posted October 4, 2018 ID:1273431 Share Posted October 4, 2018 Download RogueKiller and save it on your desktop, ensure to download correct version..RogueKiller (X86)RogueKiller (x64) Exit all running applications. Double-click on RogueKiller.exe to launch the tool. On its first execution, RogueKiller will disply the software license (EULA), click on "Accept" to continue. If RogueKiller is unable to load, do not hesitate to try launching it several times or rename it winlogon. Click "Start Scan" to begin the analysis. This may take some time. Once the scan is complete, click the "Open TXT" button to display the scan report. Copy/Paste it's content in your next reply. Do not use the Remove Selected option until i`ve had a look at the log.. Link to post Share on other sites More sharing options...
carntsen Posted October 5, 2018 Author ID:1273562 Share Posted October 5, 2018 9 threats detected.... RogueKiller V12.13.3.0 (x64) [Oct 1 2018] (Free) by Adlice Software mail : http://www.adlice.com/contact/ Feedback : https://forum.adlice.com Website : http://www.adlice.com/download/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : CArntsen [Administrator] Started from : C:\Users\arntsenc\Downloads\RogueKiller_portable64.exe Mode : Scan -- Date : 10/05/2018 08:37:18 (Duration : 00:24:56) ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 9 ¤¤¤ [PUP.Gen0] (X64) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost | bdx : [x] -> Found [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-52592350-14834091-22564546-1052\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Found [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-52592350-14834091-22564546-1052\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Found [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-52592350-14834091-22564546-1052\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-52592350-14834091-22564546-1052\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 0 -> Found [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-52592350-14834091-22564546-1052\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 0 -> Found [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-52592350-14834091-22564546-1052\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-52592350-14834091-22564546-1052\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 0 -> Found [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-52592350-14834091-22564546-1052\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 0 -> Found ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ WMI : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: ATA KINGSTON SH103S3 SCSI Disk Device +++++ --- User --- [MBR] 7b872d3c5c1a7577c346b5c3fc8c38dd [BSP] 88d6f5cc96245b9f92d1db791d726da4 : Windows Vista/7/8|VT.Unknown MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 25 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 53248 | Size: 220408 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 451448832 | Size: 8464 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 3 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 468783104 | Size: 38 MB User = LL1 ... OK User = LL2 ... OK Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted November 7, 2018 Root Admin ID:1279745 Share Posted November 7, 2018 Hello @carntsen I'm sorry for the delay. Did you still need help with this? Thanks, Ron Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted December 7, 2018 Root Admin ID:1285467 Share Posted December 7, 2018 Due to the lack of feedback, this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread. Thanks Link to post Share on other sites More sharing options...
Recommended Posts