Inactive ACMB2 - DNS Unlocker - cannot rid

Status
Not open for further replies.
K

krtread

Hi. Totally stuck. Malwarebytes, Adwcleaner, windows defender... doesn't work. Finds it, but it returns quickly. Chrome, Mozilla are affected. Thank you geek gods.

~~~~~~~
Here is my Farbar FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-03-2017
Ran by jsilver (administrator) on NCP-SAMSUNG-01 (14-03-2017 20:49:55)
Running from C:\Users\Jess Silver\Desktop\kt spyware
Loaded Profiles: jsilver (Available Profiles: jsilver)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Microsoft Corporation) C:\Program Files (x86)\EMET\EMET_Service.exe
() C:\Windows\System32\GManager.exe
(Code 42 Software) C:\Program Files\CrashPlan\CrashPlanService.exe
() C:\Program Files (x86)\Common Files\DesktopUtil\MCTDesktopSvr.exe
() C:\Windows\System32\mlpatch.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Program Files (x86)\EMET\EMET_Agent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Magic Control Technology Corporation) C:\Program Files (x86)\Common Files\DesktopUtil\MCTDUtil.exe
(Magic Control Technology Corporation) C:\Program Files (x86)\Common Files\DesktopUtil\FDispPos.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Blue Jeans) C:\Users\Jess Silver\AppData\Local\Blue Jeans\App\BlueJeans.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(IBM Corp.) C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClient.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(IBM Corp.) C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClientUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
() C:\ProgramData\{47588EC2-F0F3-3969-E64D-3EE7F03676D5}\9131DE82-269A-6929-A402-9F238384706B.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft® Windows® Operating System) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14040296 2015-09-18] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242200 2016-11-11] (ELAN Microelectronics Corp.)
HKLM\...\Run: [MCTDUtil] => C:\Program Files (x86)\Common Files\DesktopUtil\Util-Desktop.exe [195200 2011-05-03] ()
HKLM\...\Run: [FDispPos] => C:\Program Files (x86)\Common Files\DesktopUtil\Util-Desktop.exe [195200 2011-05-03] ()
HKLM\...\Run: [TUCCDUtil] => C:\Program Files (x86)\Mct Corp\UVTP100\Driver\TUCCDUTIL\TUCCD.exe [1896568 2016-10-12] (Magic Control Technology Corporation)
HKLM\...\Run: [CrashPlanTray] => C:\Program Files\CrashPlan\CrashPlanTray.exe [461192 2016-12-01] (Code 42 Software, Inc.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [684024 2012-10-17] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HPUsageTrackingLEDM] => C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe [30264 2009-08-04] (Hewlett-Packard Company)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKU\S-1-5-21-2854528859-1650723732-3483195984-1004\...\Run: [Google Update] => C:\Users\Jess Silver\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-16] (Google Inc.)
HKU\S-1-5-21-2854528859-1650723732-3483195984-1004\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29494400 2016-07-13] (Skype Technologies S.A.)
Startup: C:\Users\Jess Silver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bluejeans-helper.vbs [2017-01-05] ()
Startup: C:\Users\Jess Silver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-12-29]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.137.1
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{07d97036-84de-4cd0-a878-05cb2b30ec68}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{bd0545c3-5535-4672-99c4-e24f1ff5d4a4}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{bd0545c3-5535-4672-99c4-e24f1ff5d4a4}: [DhcpNameServer] 192.168.137.1
ManualProxies:
Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_102\bin\ssv.dll [2016-08-16] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_102\bin\jp2ssv.dll [2016-08-16] (Oracle Corporation)
IE Session Restore: HKU\S-1-5-21-2854528859-1650723732-3483195984-1004 -> is enabled.
FireFox:
========
FF DefaultProfile: pa4wbl01.default
FF ProfilePath: C:\Users\Jess Silver\AppData\Roaming\Mozilla\Firefox\Profiles\pa4wbl01.default [2017-03-08]
FF Homepage: Mozilla\Firefox\Profiles\pa4wbl01.default -> hxxp://google.com/
FF Extension: (Zotero) - C:\Users\Jess Silver\AppData\Roaming\Mozilla\Firefox\Profiles\pa4wbl01.default\Extensions\zotero@chnm.gmu.edu.xpi [2017-01-20]
FF Extension: (Zotero Word for Windows Integration) - C:\Users\Jess Silver\AppData\Roaming\Mozilla\Firefox\Profiles\pa4wbl01.default\Extensions\zoteroWinWordIntegration@zotero.org [2017-01-20]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-24] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-24] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.102.2 -> C:\Program Files (x86)\Java\jre1.8.0_102\bin\dtplugin\npDeployJava1.dll [2016-08-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.102.2 -> C:\Program Files (x86)\Java\jre1.8.0_102\bin\plugin2\npjp2.dll [2016-08-16] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2854528859-1650723732-3483195984-1004: @citrixonline.com/appdetectorplugin -> C:\Users\Jess Silver\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-12-08] (Citrix Online)
FF Plugin HKU\S-1-5-21-2854528859-1650723732-3483195984-1004: @talk.google.com/GoogleTalkPlugin -> C:\Users\Jess Silver\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2854528859-1650723732-3483195984-1004: @talk.google.com/O1DPlugin -> C:\Users\Jess Silver\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2854528859-1650723732-3483195984-1004: @tools.google.com/Google Update;version=3 -> C:\Users\Jess Silver\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-2854528859-1650723732-3483195984-1004: @tools.google.com/Google Update;version=9 -> C:\Users\Jess Silver\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-2854528859-1650723732-3483195984-1004: bluejeans.com/bjninstallplugin -> C:\Users\Jess Silver\AppData\Roaming\Blue Jeans\bjnplugin\2.160.63.8\npbjninstallplugin_2.160.63.8.dll [2016-07-05] (Blue Jeans)
FF Plugin HKU\S-1-5-21-2854528859-1650723732-3483195984-1004: bluejeans.com/bjnplugin -> C:\Users\Jess Silver\AppData\Roaming\Blue Jeans\bjnplugin\2.160.63.8\npbjnplugin_2.160.63.8.dll [2016-07-05] (Blue Jeans)
FF Plugin HKU\S-1-5-21-2854528859-1650723732-3483195984-1004: bluejeans.com/rbjninstallplugin -> C:\Users\Jess Silver\AppData\Roaming\Blue Jeans\rbjnplugin\2.160.66.8\nprbjninstallplugin_2.160.66.8.dll [2016-07-18] (Blue Jeans)
FF Plugin HKU\S-1-5-21-2854528859-1650723732-3483195984-1004: bluejeans.com/rbjnplugin -> C:\Users\Jess Silver\AppData\Roaming\Blue Jeans\rbjnplugin\2.160.66.8\nprbjnplugin_2.160.66.8.dll [2016-07-18] (Blue Jeans)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-07-19] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Jess Silver\AppData\Roaming\mozilla\plugins\npatgpc.dll [2016-02-24] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Jess Silver\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Jess Silver\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
Chrome:
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\Jess Silver\AppData\Local\Google\Chrome\User Data\Default [2017-03-10]
CHR Profile: C:\Users\Jess Silver\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-03-14]
CHR Extension: (Google Slides) - C:\Users\Jess Silver\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-03-09]
CHR Extension: (Google Docs) - C:\Users\Jess Silver\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-03-09]
CHR Extension: (Google Drive) - C:\Users\Jess Silver\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-09]
CHR Extension: (YouTube) - C:\Users\Jess Silver\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-09]
CHR Extension: (Adobe Acrobat) - C:\Users\Jess Silver\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-09]
CHR Extension: (Google Sheets) - C:\Users\Jess Silver\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-03-09]
CHR Extension: (Google Docs Offline) - C:\Users\Jess Silver\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jess Silver\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Blue Jeans Meeting) - C:\Users\Jess Silver\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nodamnmigpadbnfioofpbacngdlcidgn [2017-03-09]
CHR Extension: (Gmail) - C:\Users\Jess Silver\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-09]
CHR Extension: (Chrome Media Router) - C:\Users\Jess Silver\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-09]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 BESClient; C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClient.exe [9594864 2016-12-02] (IBM Corp.)
R2 CrashPlanService; C:\Program Files\CrashPlan\CrashPlanService.exe [266120 2016-12-01] (Code 42 Software)
R2 EMET_Service; C:\Program Files (x86)\EMET\EMET_Service.exe [31880 2014-11-09] (Microsoft Corporation)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [129752 2016-11-11] (ELAN Microelectronics Corp.)
R2 GManager; C:\WINDOWS\system32\GManager.exe [2572408 2016-09-29] ()
S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [24888 2015-07-26] (Hewlett-Packard Company)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
R2 MCTDesktopSvr; C:\Program Files (x86)\Common Files\DesktopUtil\MCTDesktopSvr.exe [199296 2011-05-03] ()
R2 MlPatch; C:\WINDOWS\system32\MlPatch.exe [2244912 2014-08-22] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 ETDSMBus; C:\WINDOWS\system32\DRIVERS\ETDSMBus.sys [32328 2015-09-25] (ELAN Microelectronic Corp.)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2017-03-14] (Malwarebytes)
R3 mctkmd; C:\WINDOWS\system32\drivers\mctkmd64.sys [174712 2016-09-29] (Magic Control Technology Corporation)
R0 mctkmdldr; C:\WINDOWS\System32\drivers\mctkmdldr64.sys [19584 2011-04-08] (Magic Control Technology Corporation)
S3 mvusbews; C:\WINDOWS\System32\Drivers\mvusbews.sys [20480 2012-09-25] (Marvell Semiconductor, Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NETwNe64; C:\WINDOWS\System32\drivers\NETwew01.sys [3343872 2016-07-16] (Intel Corporation)
R3 RadioHIDMini; C:\WINDOWS\System32\drivers\RadioHIDMini.sys [23408 2012-07-30] (Windows (R) Win 7 DDK provider)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek )
R3 SensorsAlsDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [216064 2016-07-16] (Microsoft Corporation)
S3 t2usb64; C:\WINDOWS\system32\drivers\t2usb64.sys [329328 2016-11-23] (Magic Control Technology Corp.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-03-14 20:49 - 2017-03-14 20:49 - 00000000 ____D C:\Users\Jess Silver\Desktop\kt spyware
2017-03-14 20:49 - 2017-03-14 20:49 - 00000000 ____D C:\FRST
2017-03-14 13:48 - 2017-03-14 13:48 - 00126474 _____ C:\Users\Jess Silver\Downloads\40copies_bw_CoastalResilience_AppsSession_HRA-hands-on.pdf
2017-03-14 10:49 - 2017-03-14 10:49 - 00003976 _____ C:\WINDOWS\System32\Tasks\{5B95D032-EC3E-6799-7EFA-6DF88A4A577F}
2017-03-14 10:49 - 2017-03-14 10:49 - 00000000 ____D C:\ProgramData\{47588EC2-F0F3-3969-E64D-3EE7F03676D5}
2017-03-14 10:27 - 2017-03-14 10:27 - 00103173 _____ C:\Users\Jess Silver\Downloads\daeb9835768da67aa79b56a440a087.xlsx
2017-03-10 11:49 - 2017-03-14 10:49 - 00000000 ____D C:\ProgramData\5419a1a
2017-03-10 11:13 - 2017-03-10 11:13 - 04486911 _____ C:\Users\Jess Silver\Downloads\DB_SB_nyas_ecb_b4_13322_1715006_rev.pdf
2017-03-09 15:01 - 2017-03-09 15:01 - 00240336 _____ C:\Users\Jess Silver\Downloads\Blue Jeans Launcher.exe
2017-03-09 12:34 - 2017-03-09 12:34 - 00002348 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-03-09 12:34 - 2017-03-09 12:34 - 00002336 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-03-09 12:33 - 2017-03-09 12:33 - 01129376 _____ (Google Inc.) C:\Users\Jess Silver\Downloads\ChromeSetup.exe
2017-03-09 11:24 - 2017-03-09 11:25 - 00017000 _____ C:\Users\Jess Silver\Downloads\ShellfishAquacultureInterviews_ForNatCap.xlsx
2017-03-08 21:44 - 2017-03-08 21:47 - 00000000 ____D C:\Users\Jess Silver\AppData\LocalLow\Mozilla
2017-03-08 21:26 - 2017-03-08 21:26 - 00000000 _____ C:\autoexec.bat
2017-03-08 21:25 - 2017-03-08 22:19 - 00000000 ____D C:\Users\Jess Silver\AppData\Roaming\Enigma Software Group
2017-03-08 21:25 - 2017-03-08 21:25 - 00000000 ____D C:\sh4ldr
2017-03-08 21:24 - 2017-03-08 22:19 - 00000000 ____D C:\Program Files\Enigma Software Group
2017-03-08 16:53 - 2017-03-08 16:53 - 00035847 _____ C:\Users\Jess Silver\Downloads\bhs_grumpv1_ppoints_shp.zip
2017-03-08 16:30 - 2017-03-08 16:30 - 00016746 _____ C:\Users\Jess Silver\AppData\Local\recently-used.xbel
2017-03-08 16:18 - 2017-03-08 16:18 - 00697656 _____ C:\Users\Jess Silver\Downloads\Development_ID-sm-scaled.tif
2017-03-08 15:38 - 2017-03-08 15:38 - 00000000 ____D C:\Users\Jess Silver\Desktop\Presentation1
2017-03-08 14:10 - 2017-03-08 14:10 - 01161721 _____ C:\Users\Jess Silver\Downloads\Graphic 2_v3.pptx
2017-03-08 13:37 - 2017-03-09 13:44 - 00000000 ____D C:\Users\Jess Silver\Desktop\Katies_Project
2017-03-08 13:34 - 2017-03-08 16:30 - 00000000 ____D C:\Users\Jess Silver\AppData\Local\gtk-2.0
2017-03-08 13:34 - 2017-03-08 13:34 - 00000000 ____D C:\Users\Jess Silver\.thumbnails
2017-03-08 13:32 - 2017-03-08 22:19 - 00000000 ____D C:\Users\Jess Silver\.gimp-2.8
2017-03-08 13:32 - 2017-03-08 13:32 - 00000939 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2017-03-08 13:32 - 2017-03-08 13:32 - 00000000 ____D C:\Users\Jess Silver\AppData\Local\gegl-0.2
2017-03-08 13:31 - 2017-03-08 13:32 - 00000000 ____D C:\Program Files\GIMP 2
2017-03-08 13:09 - 2017-03-08 13:09 - 02226715 _____ C:\Users\Jess Silver\Downloads\Arkema and Ruckelshaus_proofs.pdf
2017-03-08 12:55 - 2017-03-13 12:00 - 00002302 _____ C:\Users\Jess Silver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IBM BigFix.lnk
2017-03-08 12:47 - 2017-03-08 12:47 - 04031440 _____ C:\Users\Jess Silver\Downloads\adwcleaner_6.044.exe
2017-03-06 17:06 - 2017-03-06 17:06 - 01050315 _____ C:\Users\Jess Silver\Downloads\1_b_geomorphology (3.3.3dev).tif
2017-03-06 17:06 - 2017-03-06 17:06 - 00857187 _____ C:\Users\Jess Silver\Downloads\1_b_geomorphology (3.1.0).tif
2017-03-06 17:05 - 2017-03-06 17:05 - 01050343 _____ C:\Users\Jess Silver\Downloads\1_i_coastal_exposure (3.3.3dev).tif
2017-03-06 17:05 - 2017-03-06 17:05 - 00857215 _____ C:\Users\Jess Silver\Downloads\1_i_coastal_exposure (3.1.0).tif
2017-03-06 13:40 - 2017-03-06 13:40 - 00025061 _____ C:\Users\Jess Silver\Downloads\Copy of SFBay_ScopingReport_MapofOrganizations_Feb17_2017_rls.xlsx
2017-03-02 17:06 - 2017-03-02 17:06 - 454656545 _____ C:\WINDOWS\MEMORY.DMP
2017-03-02 17:06 - 2017-03-02 17:06 - 00313500 _____ C:\WINDOWS\Minidump\030217-4765-01.dmp
2017-03-02 17:06 - 2017-03-02 17:06 - 00000000 ____D C:\WINDOWS\Minidump
2017-03-02 16:08 - 2017-03-02 16:08 - 00040621 _____ C:\Users\Jess Silver\Downloads\Park Attendance FY1314 (1).pdf
2017-03-02 15:29 - 2017-03-02 15:29 - 00040873 _____ C:\Users\Jess Silver\Downloads\Park Attendance FY1112.pdf
2017-03-02 15:29 - 2017-03-02 15:29 - 00040750 _____ C:\Users\Jess Silver\Downloads\Park Attendance FY1213.pdf
2017-03-02 15:29 - 2017-03-02 15:29 - 00040621 _____ C:\Users\Jess Silver\Downloads\Park Attendance FY1314.pdf
2017-03-02 15:23 - 2017-03-02 15:23 - 00040235 _____ C:\Users\Jess Silver\Downloads\Park Attendance FY1415.pdf
2017-03-02 15:03 - 2017-03-02 15:03 - 00057262 _____ C:\Users\Jess Silver\Downloads\Park Attendance FY1516.pdf
2017-03-02 12:44 - 2017-03-02 12:46 - 00000000 ____D C:\Users\Jess Silver\Desktop\Papers
2017-03-01 14:25 - 2017-03-08 22:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-03-01 12:33 - 2017-03-01 12:33 - 00001108 _____ C:\Users\Jess Silver\Downloads\ArcGISDesktopAdvanced_SingleUse_506633.prvc
2017-02-28 12:49 - 2017-02-28 12:49 - 00549445 _____ C:\Users\Jess Silver\Downloads\Data (2).pdf
2017-02-28 12:22 - 2017-02-28 12:22 - 00017385 _____ C:\Users\Jess Silver\Downloads\GRP_Data_Management_Reporting_MUYNMhW.xlsx
2017-02-28 12:21 - 2017-02-28 12:21 - 00016432 _____ C:\Users\Jess Silver\Downloads\GRP Information Management Reporting.xlsx
2017-02-28 11:42 - 2017-02-28 12:39 - 00000000 ____D C:\Users\Jess Silver\Downloads\Archive
2017-02-28 11:42 - 2017-02-28 11:42 - 00029179 _____ C:\Users\Jess Silver\Downloads\Archive.zip
2017-02-23 15:08 - 2017-02-23 15:08 - 00549445 _____ C:\Users\Jess Silver\Downloads\Data (1).pdf
2017-02-23 15:08 - 2017-02-23 15:08 - 00012709 _____ C:\Users\Jess Silver\Downloads\GRP_Data_and_Info_Management_Reporting_1_lHVtwDh (1).xlsx
2017-02-23 13:34 - 2017-02-23 13:34 - 00613977 _____ C:\Users\Jess Silver\Downloads\Inputs for Liberia.zip
2017-02-17 14:56 - 2017-02-17 14:56 - 00002221 _____ C:\Users\Public\Desktop\Google Earth.lnk
2017-02-17 14:56 - 2017-02-17 14:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2017-02-16 12:15 - 2017-02-17 13:51 - 00022916 _____ C:\Users\Jess Silver\Downloads\SFBay_ScopingReport_MapofOrganizations-2_mr.xlsx
2017-02-16 11:04 - 2017-02-16 11:04 - 00401761 _____ C:\Users\Jess Silver\Downloads\BARC NatCap Partnership Letter 2_16_17.pdf
2017-02-13 12:43 - 2017-02-13 12:43 - 00033128 _____ C:\Users\Jess Silver\Downloads\runs_Mastic.xlsx
2017-02-13 12:35 - 2017-02-13 12:35 - 07597990 _____ C:\Users\Jess Silver\Downloads\CV_BH_112316.zip
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-03-14 20:26 - 2015-12-29 23:10 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-03-14 20:23 - 2015-09-02 19:37 - 01564696 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-14 20:22 - 2016-10-27 12:25 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-03-14 15:24 - 2015-03-30 11:37 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2017-03-14 15:24 - 2015-03-19 11:35 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-03-14 15:22 - 2015-03-19 11:35 - 138634176 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-03-14 15:21 - 2016-07-16 04:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-03-14 15:16 - 2015-12-17 22:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-03-14 15:15 - 2015-12-17 22:16 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-03-14 15:15 - 2015-12-17 22:16 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-03-14 11:06 - 2015-03-30 12:34 - 00000000 ____D C:\Users\Jess Silver\Desktop\desktop_misc
2017-03-14 11:03 - 2015-03-26 09:07 - 00000000 ____D C:\Users\Jess Silver\AppData\Local\Packages
2017-03-14 10:49 - 2016-10-27 12:36 - 00003882 _____ C:\WINDOWS\System32\Tasks\{8B534575-27ED-F69D-359E-023AFC92252C}
2017-03-14 09:37 - 2016-07-16 04:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-14 09:37 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-03-14 09:33 - 2015-03-31 10:44 - 00002827 _____ C:\WINDOWS\system32\GManager.ini
2017-03-13 11:58 - 2016-10-27 12:36 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-13 11:57 - 2016-10-27 12:27 - 00000000 ____D C:\Users\Jess Silver
2017-03-13 11:57 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\addins
2017-03-13 11:57 - 2016-07-15 23:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-03-09 22:17 - 2016-07-16 04:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-03-09 22:17 - 2016-07-16 04:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-03-09 12:34 - 2015-03-26 13:14 - 00000000 ____D C:\Program Files (x86)\Google
2017-03-09 12:34 - 2015-03-26 13:13 - 00000000 ____D C:\Users\Jess Silver\AppData\Local\Google
2017-03-08 22:19 - 2015-12-16 13:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-03-08 12:58 - 2015-03-30 12:46 - 00000000 ____D C:\Users\Jess Silver\Desktop\Silverwell Farm
2017-03-08 12:37 - 2015-12-08 11:12 - 00000716 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2854528859-1650723732-3483195984-1004.job
2017-03-08 12:37 - 2015-12-08 11:12 - 00000620 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2854528859-1650723732-3483195984-1004.job
2017-03-08 12:37 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\vpnplugins
2017-03-08 11:07 - 2016-04-27 13:02 - 00000000 ____D C:\Users\Jess Silver\Desktop\Jess_Stuff
2017-03-06 17:06 - 2015-03-30 12:55 - 00000000 ____D C:\Arc_outputs
2017-03-02 17:06 - 2016-07-16 04:45 - 00000000 ____D C:\WINDOWS\INF
2017-03-02 12:22 - 2016-10-27 12:25 - 00401800 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-03-01 12:14 - 2016-05-23 13:31 - 00000000 ____D C:\Users\Jess Silver\.qgis2
2017-03-01 12:14 - 2015-03-31 12:31 - 00000000 ____D C:\Users\Jess Silver\.matplotlib
2017-02-28 11:25 - 2016-02-12 16:02 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-02-28 11:24 - 2015-03-30 10:33 - 00000000 ____D C:\Users\Jess Silver\AppData\Roaming\Skype
2017-02-24 21:12 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-02-24 21:12 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-02-22 17:08 - 2015-04-29 14:41 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-22 10:51 - 2016-12-09 14:26 - 00003292 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-02-22 10:51 - 2015-09-03 10:26 - 00002385 _____ C:\Users\Jess Silver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-22 10:51 - 2015-04-21 11:06 - 00000000 ___RD C:\Users\Jess Silver\OneDrive
2017-02-13 13:44 - 2015-03-30 11:35 - 00000000 ____D C:\Users\Jess Silver\AppData\Local\Microsoft Help
==================== Files in the root of some directories =======
2017-03-08 16:30 - 2017-03-08 16:30 - 0016746 _____ () C:\Users\Jess Silver\AppData\Local\recently-used.xbel
2016-10-27 12:26 - 2016-10-27 12:26 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-03-30 11:32 - 2015-03-30 11:46 - 0003589 _____ () C:\ProgramData\StanfordOfficeInstaller.log
Some files in TEMP:
====================
2016-11-02 14:29 - 2017-02-07 11:55 - 43976160 _____ (Skype Technologies S.A.) C:\Users\Jess Silver\AppData\Local\Temp\SkypeSetup.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-03-14 15:14
==================== End of FRST.txt ============================
 
Welcome aboard

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=====================================

FRST creates two logs. You posted only one.
 
Apologies.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-03-2017
Ran by jsilver (14-03-2017 20:50:59)
Running from C:\Users\Jess Silver\Desktop\kt spyware
Windows 10 Home Version 1607 (X64) (2016-10-27 19:37:37)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2854528859-1650723732-3483195984-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2854528859-1650723732-3483195984-503 - Limited - Disabled)
Guest (S-1-5-21-2854528859-1650723732-3483195984-501 - Limited - Disabled)
James (S-1-5-21-2854528859-1650723732-3483195984-1001 - Administrator - Enabled)
jsilver (S-1-5-21-2854528859-1650723732-3483195984-1004 - Administrator - Enabled) => C:\Users\Jess Silver
wbier_000 (S-1-5-21-2854528859-1650723732-3483195984-1002 - Limited - Enabled)
will (S-1-5-21-2854528859-1650723732-3483195984-1003 - Administrator - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.38 beta (HKLM-x32\...\7-Zip) (Version: - )
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.1 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
ArcGIS 10.2.2 for Desktop (HKLM-x32\...\ArcGIS 10.2.2 for Desktop) (Version: 10.2.3552 - Environmental Systems Research Institute, Inc.)
ArcGIS 10.2.2 for Desktop (x32 Version: 10.2.3552 - Environmental Systems Research Institute, Inc.) Hidden
bjnplugin (HKLM-x32\...\{C2A68837-A3F0-4F7F-91AD-CBA6B4C13B68}) (Version: 2.160.63.8 - Blue Jeans)
Blue Jeans (HKLM-x32\...\{6A61F200-8B14-401A-86EA-77F5DA79CF68}) (Version: 1.22.19 - Blue Jeans)
Bulk Download Application 1.3 (HKLM-x32\...\6641-2649-7532-6780) (Version: 1.3 - )
Bulk Download Application 1.3 (HKLM-x32\...\6641-2649-7532-6780-1) (Version: 1.3 - )
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.01065 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.01065 - Cisco Systems, Inc.) Hidden
Cisco WebEx Meetings (HKU\S-1-5-21-2854528859-1650723732-3483195984-1004\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{678753E6-E526-4AE5-A144-00240772543A}) (Version: 1.0.393 - Citrix)
CrashPlan PROe (HKLM\...\{974FB182-ABFE-4EF2-89D6-46549B77E3CE}) (Version: 4.8.1.4 - Code 42 Software)
ELAN Touchpad driver X64 15.7.9.2_WHQL (HKLM\...\Elantech) (Version: 15.7.9.2 - ELAN Microelectronic Corp.)
EMET 5.1 (HKLM-x32\...\{72E7AE20-5B12-4F27-AF5E-DA03E3C09466}) (Version: 5.1 - Microsoft Corporation)
Fotosizer 2.09 (HKLM-x32\...\Fotosizer) (Version: 2.09.0.548 - Fotosizer.com)
GIMP 2.8.20 (HKLM\...\GIMP-2_is1) (Version: 2.8.20 - The GIMP Team)
Git version 2.8.4 (HKLM\...\Git_is1) (Version: 2.8.4 - The Git Development Community)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GoToMeeting 8.1.0.6519 (HKU\S-1-5-21-2854528859-1650723732-3483195984-1004\...\GoToMeeting) (Version: 8.1.0.6519 - CitrixOnline)
HP Support Solutions Framework (HKLM-x32\...\{F6A11738-3EE4-4573-AEA5-6CD5D491C167}) (Version: 12.0.30.81 - Hewlett-Packard Company)
hppLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppP1100P1560P1600SeriesLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppusgP1100P1560P1600Series (x32 Version: 1.0.0.1 - Hewlett-Packard) Hidden
IBM BigFix Client (HKLM-x32\...\{53744C0B-332F-4BAF-86F6-9745593FC1E2}) (Version: 9.5.4.38 - IBM Corp.)
Inkscape 0.91 (HKLM\...\{81922150-317E-4BB0-A31D-FF1C14F707C5}) (Version: 0.91 - inkscape.org)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
InVEST 3.3.2 x86 (HKLM-x32\...\The Natural Capital Project InVEST 3.3.2 x86) (Version: 3.3.2 x86 - The Natural Capital Project)
InVEST null.post403-n9746ac6c6576 x86 (HKLM-x32\...\The Natural Capital Project InVEST null.post403-n9746ac6c6576 x86) (Version: null.post403-n9746ac6c6576 x86 - The Natural Capital Project)
Java 8 Update 102 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180102F0}) (Version: 8.0.1020.14 - Oracle Corporation)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Java 8 Update 74 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218074F0}) (Version: 8.0.740.2 - Oracle Corporation)
Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
Java 8 Update 92 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218092F0}) (Version: 8.0.920.14 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
MATLAB R2016a (HKLM\...\Matlab R2016a) (Version: 9.0 - MathWorks)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2854528859-1650723732-3483195984-1004\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50905.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Python 2.7 h5py-2.4.0 (HKU\S-1-5-21-2854528859-1650723732-3483195984-1004\...\h5py-py2.7) (Version: - )
Python 2.7 natcap.invest-3.3.1.post4+n7407637d7c14 (HKU\S-1-5-21-2854528859-1650723732-3483195984-1004\...\natcap.invest-py2.7) (Version: - )
Python 2.7 pywin32-214 (HKLM-x32\...\pywin32-py2.7) (Version: - )
Python 2.7.11 (HKLM-x32\...\{16E52445-1392-469F-9ADB-FC03AF00CD61}) (Version: 2.7.11150 - Python Software Foundation)
Python 3.5.1 (Anaconda3 4.0.0 64-bit) (HKU\S-1-5-21-2854528859-1650723732-3483195984-1004\...\Python 3.5.1 (Anaconda3 4.0.0 64-bit)) (Version: 4.0.0 - Continuum Analytics, Inc.)
QGIS Essen 2.14.2 Essen (HKLM-x32\...\QGIS Essen) (Version: - QGIS Development Team)
QGIS Wien 2.8.1 Wien (HKLM\...\QGIS Wien) (Version: - QGIS Development Team)
Rapid Environment Editor version 9.0.0.930 (HKLM\...\{34AD4E52-723F-4377-9CDD-BCBD892264FA}_is1) (Version: 9.0.0.930 - Oleg Danilov)
rbjnplugin (HKLM-x32\...\{95CEA27C-FB1A-4A41-A966-0BE5E9223F5F}) (Version: 2.160.66.8 - Blue Jeans)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7543 - Realtek Semiconductor Corp.)
Scribus 1.4.6 (HKLM-x32\...\Scribus 1.4.6) (Version: 1.4.6 - The Scribus Team)
Skype™ 7.26 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.)
SourceTree (HKLM-x32\...\SourceTree 1.8.3) (Version: 1.8.3 - Atlassian)
SourceTree (x32 Version: 1.8.3 - Atlassian) Hidden
Sublime Text 2.0.2 (HKLM\...\Sublime Text 2_is1) (Version: - )
System Center Endpoint Protection (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer)
Trigger External Graphics Family 16.09.1121.0179 (HKLM-x32\...\{81C5AD1D-C7C6-48AC-AC85-8F04293B1780}) (Version: 16.09.1121.0179 - MCT Corp)
Update for Skype for Business 2015 (KB3039776) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{9F6B3627-AF9E-40A5-AAD5-3497C4327616}) (Version: - Microsoft)
Wing IDE 5.1.5-1 (HKLM-x32\...\Wing IDE 5.1_is1) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2854528859-1650723732-3483195984-1004_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Jess Silver\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2854528859-1650723732-3483195984-1004_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Jess Silver\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2854528859-1650723732-3483195984-1004_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Jess Silver\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2854528859-1650723732-3483195984-1004_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-2854528859-1650723732-3483195984-1004_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Jess Silver\AppData\Local\Citrix\GoToMeeting\3911\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2854528859-1650723732-3483195984-1004_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Jess Silver\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2854528859-1650723732-3483195984-1004_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Jess Silver\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2854528859-1650723732-3483195984-1004_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Jess Silver\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0EFEED84-0E10-450B-942C-6BF1A9781D95} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {1478C548-8F7A-4972-B3C6-B307DB530FA8} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {18F085EC-74DB-48F9-9F96-E0C99732FB2B} - System32\Tasks\G2MUploadTask-S-1-5-21-2854528859-1650723732-3483195984-1004 => C:\Users\Jess Silver\AppData\Local\Citrix\GoToMeeting\5742\g2mupload.exe [2016-10-26] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {1B5A7A71-3BA8-4F7A-A9C0-CDF87C88F11D} - System32\Tasks\EMET_AutoBackdown => powershell.exe -ExecutionPolicy Bypass -File "C:\Program Files (x86)\BigFix Enterprise\BES Client\Auto_Backdown.ps1"
Task: {1BB7635C-99A3-4247-A071-9F10362A438C} - System32\Tasks\G2MUpdateTask-S-1-5-21-2854528859-1650723732-3483195984-1004 => C:\Users\Jess Silver\AppData\Local\Citrix\GoToMeeting\5742\g2mupdate.exe [2016-10-26] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {1C568A5C-74FD-4AA6-BCDA-5CFB6CAFA229} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {2D07DC2C-54B3-491E-BD83-27EEB109D116} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-21] (Microsoft Corporation)
Task: {2EC179F1-D775-4E33-9033-3F63A878117B} - System32\Tasks\{5B95D032-EC3E-6799-7EFA-6DF88A4A577F} => C:\ProgramData\{47588EC2-F0F3-3969-E64D-3EE7F03676D5}\9131DE82-269A-6929-A402-9F238384706B.exe [2017-03-14] () <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => %SystemRoot%\System32\AutoWorkplace.exe
Task: {35BB7355-1D57-4550-8C38-8199EC937F32} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {37DCC5CE-C34C-4629-AAC7-88F3B366D096} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {3A493DA9-193C-4ECA-A61E-6705B9062A3E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {3CFCFBBB-6478-487B-8920-F0E7C2CE5AE3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-21] (Microsoft Corporation)
Task: {4F8D411D-8266-427A-932A-2006C26419E2} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {53150C71-6DE1-4145-A344-62DD99FF303A} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {54FF83F2-7FF6-47CA-B67C-83D089791F53} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {55A2740E-7277-42EF-A7A0-E794ECC82384} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {56B656C2-228D-4A64-9401-12C102D8F599} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Jess Silver\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {609C99E6-DAF7-4AA6-8D3E-847AC347BE75} - System32\Tasks\MATLAB R2016a Startup Accelerator => C:\Program Files\MATLAB\R2016a\bin\win64\MATLABStartupAccelerator.exe [2015-12-28] ()
Task: {61192831-9D04-4935-ACC3-DEAA2FA64EB2} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-09-18] (Realtek Semiconductor)
Task: {6687D0E8-7F86-450F-A046-12EEDA77A573} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-03-14] (Microsoft Corporation)
Task: {747EFC25-CAE4-41C5-AFC4-B375A3166534} - \{7A780D47-097A-0A7E-0B11-0F0A057F110C} -> No File <==== ATTENTION
Task: {8D05F770-F2A3-4C33-9C48-DD832857A1C0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-26] (Google Inc.)
Task: {8EF10666-92A2-4A2E-A01B-127056A95F05} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2854528859-1650723732-3483195984-1004Core => C:\Users\Jess Silver\AppData\Local\Google\Update\GoogleUpdate.exe [2015-12-02] (Google Inc.)
Task: {94788185-681B-485D-8A56-6A422AB3A41B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-26] (Google Inc.)
Task: {961D816E-C0EC-4D4C-8B50-27D03860ECF0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {9CED5D00-1AA0-4740-B97D-6CD768F53289} - \WPD\SqmUpload_S-1-5-21-2854528859-1650723732-3483195984-1004 -> No File <==== ATTENTION
Task: {AF2D28B7-6839-44A5-91B8-8F9DFDCBAEE9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2854528859-1650723732-3483195984-1004UA => C:\Users\Jess Silver\AppData\Local\Google\Update\GoogleUpdate.exe [2015-12-02] (Google Inc.)
Task: {B2D37BB1-CE29-4366-B54A-14F84CAACB77} - System32\Tasks\{8B534575-27ED-F69D-359E-023AFC92252C} => Regsvr32.exe /s /n /I:"/rt" "C:\PROGRA~3\5419a1a\6742ae3a.dll" <==== ATTENTION
Task: {BC53DFEE-CCDF-4796-B134-305D0D61A9B2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2854528859-1650723732-3483195984-1004UA1d257e639c188df => C:\Users\Jess Silver\AppData\Local\Google\Update\GoogleUpdate.exe [2015-12-02] (Google Inc.)
Task: {C7F76AE4-1307-42D8-BD53-9022B251209B} - \WPD\SqmUpload_S-1-5-21-2854528859-1650723732-3483195984-1003 -> No File <==== ATTENTION
Task: {CD4D8706-55B6-4B7A-9A12-5F988F78BE80} - \WPD\SqmUpload_S-1-5-21-2854528859-1650723732-3483195984-1001 -> No File <==== ATTENTION
Task: {D173BBEB-EDA8-4E96-8630-18F2C4A35E6D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2854528859-1650723732-3483195984-1004Core1d257e639b5e091 => C:\Users\Jess Silver\AppData\Local\Google\Update\GoogleUpdate.exe [2015-12-02] (Google Inc.)
Task: {E1D42427-BD5C-4C1C-B107-0E0C13DC99AF} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => %ProgramFiles%\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {EC5AA7A9-1470-49BB-86C1-C4096C549502} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-24] (Adobe Systems Incorporated)
Task: {F0426B06-D320-4910-BD59-F436279CC1C3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2854528859-1650723732-3483195984-1004.job => C:\Users\Jess Silver\AppData\Local\Citrix\GoToMeeting\6519\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2854528859-1650723732-3483195984-1004.job => C:\Users\Jess Silver\AppData\Local\Citrix\GoToMeeting\6519\g2mupload.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2854528859-1650723732-3483195984-1004Core.job => C:\Users\Jess Silver\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2854528859-1650723732-3483195984-1004UA.job => C:\Users\Jess Silver\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\MATLAB R2016a Startup Accelerator.job => C:\Program Files\MATLAB\R2016a\bin\win64\MATLABStartupAccelerator.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Jess Silver\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anaconda3 (64-bit)\Anaconda Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> "/K" "C:\Users\Jess Silver\Anaconda3\Scripts\activate.bat" "C:\Users\Jess Silver\Anaconda3"

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 04:42 - 2016-07-16 04:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-13 11:23 - 2016-12-09 03:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-09-10 12:24 - 2012-08-31 15:03 - 00288768 _____ () C:\WINDOWS\System32\HP1100LM.DLL
2015-06-30 16:40 - 2012-08-31 15:02 - 00074240 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\HP1100PP.DLL
2015-12-15 11:37 - 2016-09-29 11:51 - 02572408 _____ () C:\WINDOWS\system32\GManager.exe
2016-12-01 23:37 - 2016-12-01 23:37 - 00014848 _____ () C:\Program Files\CrashPlan\md564.dll
2016-12-01 23:37 - 2016-12-01 23:37 - 00238592 _____ () \\?\C:\Program Files\CrashPlan\cpnative64.dll
2016-12-01 23:37 - 2016-12-01 23:37 - 00082432 _____ () \\?\C:\Program Files\CrashPlan\c42archive64.dll
2016-12-01 23:37 - 2016-12-01 23:37 - 00484864 _____ () \\?\C:\Program Files\CrashPlan\libleveldb64.dll
2015-03-31 10:43 - 2011-05-03 18:13 - 00199296 _____ () C:\Program Files (x86)\Common Files\DesktopUtil\MCTDesktopSvr.exe
2015-03-31 10:43 - 2014-08-22 18:10 - 02244912 _____ () C:\WINDOWS\system32\MlPatch.exe
2016-12-13 11:23 - 2016-12-09 03:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-06-14 13:38 - 2016-06-14 13:38 - 08909504 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-10-27 13:21 - 2016-10-27 13:21 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-10 12:59 - 2016-12-21 00:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-10 12:59 - 2016-12-21 00:08 - 00693248 _____ () C:\Windows\ShellExperiences\MtcUvc.dll
2017-01-10 12:59 - 2016-12-20 23:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-10 12:59 - 2016-12-20 23:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-10 12:59 - 2016-12-20 23:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-10 12:59 - 2016-12-20 23:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-10 12:59 - 2016-12-20 23:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-10 12:59 - 2016-12-20 23:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-03-13 11:34 - 2017-03-13 11:34 - 00077312 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-03-13 11:34 - 2017-03-13 11:34 - 00182784 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-03-13 11:34 - 2017-03-13 11:34 - 41048064 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-03-13 11:34 - 2017-03-13 11:34 - 02236896 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\roottools.dll
2017-03-14 10:49 - 2017-03-14 10:49 - 01192960 _____ () C:\ProgramData\{47588EC2-F0F3-3969-E64D-3EE7F03676D5}\9131DE82-269A-6929-A402-9F238384706B.exe
2012-10-17 10:30 - 2012-10-17 10:30 - 00062968 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2016-06-14 13:38 - 2016-06-14 13:38 - 08909504 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 06:25 - 2016-08-11 07:24 - 00000834 ____N C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2854528859-1650723732-3483195984-1004\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "TUCCDUtil"
HKU\S-1-5-21-2854528859-1650723732-3483195984-1004\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-2854528859-1650723732-3483195984-1004\...\StartupApproved\Run: => "Skype"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{DF517C3E-CC00-4FCF-B129-37655C957D8F}C:\users\jess silver\documents\bda\bda.exe] => (Allow) C:\users\jess silver\documents\bda\bda.exe
FirewallRules: [TCP Query User{9CF4C80E-8235-4F7E-827E-AAD84A40B5B7}C:\users\jess silver\documents\bda\bda.exe] => (Allow) C:\users\jess silver\documents\bda\bda.exe
FirewallRules: [UDP Query User{9E6B6499-D246-44A6-9BE4-E6275BDB9871}C:\program files (x86)\bda\bda.exe] => (Allow) C:\program files (x86)\bda\bda.exe
FirewallRules: [TCP Query User{DCD5C026-7ECA-4E18-8559-DD3DC2E07948}C:\program files (x86)\bda\bda.exe] => (Allow) C:\program files (x86)\bda\bda.exe
FirewallRules: [UDP Query User{446E1E46-10F3-43CB-9904-EDA8565EE98F}C:\program files\matlab\r2016a\bin\win64\matlab.exe] => (Allow) C:\program files\matlab\r2016a\bin\win64\matlab.exe
FirewallRules: [TCP Query User{A4E682F3-3151-4790-981C-666422CD3552}C:\program files\matlab\r2016a\bin\win64\matlab.exe] => (Allow) C:\program files\matlab\r2016a\bin\win64\matlab.exe
FirewallRules: [{5F6B837F-7B7C-4888-8F7E-7ED13BE61980}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{EE5133CB-259B-45D0-8FA6-F4452055AF47}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{14A7F36D-E33F-4245-A4B4-AC4A0CAD3D44}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{D9779EFE-2C9E-46A2-86F8-DF4B064068F3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [UDP Query User{A135EBD4-08BD-48C9-BE98-324AF4F5267D}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [TCP Query User{E7CF9190-EA21-4669-ADD9-9E23496818F9}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{34269C0C-E048-4698-9EAE-6E5EC16D5EC1}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [TCP Query User{A3B06DF0-09EF-45C5-8B2C-7D7045EAC750}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [{7DEB18DF-829E-4774-A030-08FB99F8E582}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1AEF7800-8C91-4A8E-BC43-CDA455C0E8A6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{EE0133AB-B5E1-4438-89B3-580ACC932309}C:\users\jess silver\appdata\local\blue jeans\app\bluejeans.exe] => (Allow) C:\users\jess silver\appdata\local\blue jeans\app\bluejeans.exe
FirewallRules: [TCP Query User{6D6311AD-F51F-4968-871A-774BB47581BA}C:\users\jess silver\appdata\local\blue jeans\app\bluejeans.exe] => (Allow) C:\users\jess silver\appdata\local\blue jeans\app\bluejeans.exe
FirewallRules: [{CDDA4959-7CF0-401B-B1EE-045C75955CA7}] => (Allow) C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClient.exe
FirewallRules: [{D12AF019-0C40-457F-BA7E-C47202A05D97}] => (Allow) C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClient.exe
FirewallRules: [{056DD902-9E67-4D4B-AE24-CD02C3AC2767}] => (Allow) C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClient.exe
FirewallRules: [{1A94C039-F8D3-E944-969E-9EFEB592CEC7}] => (Allow) LPort=52311
FirewallRules: [{4493C5C2-86F6-1042-B5DD-DDCA9BEDADF3}] => (Allow) LPort=52311
FirewallRules: [{11E5ADD3-F32B-47EF-9A1C-BE65FE7647E8}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{77BA1436-2970-4A25-BB49-07771865B4A7}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{C2D3E070-36AC-434C-8690-CBB0F01AF8AF}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{9F3B3BA4-52B8-4EDB-B5D5-BC929B33FE96}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [UDP Query User{C1B67242-742B-4A1D-A9EB-D5735A52B29C}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{CBF07BAF-9D6A-4F56-AD17-777AA72DC659}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{808B5F40-B805-477E-9A12-05F093FFA21D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{FD7092C1-2533-45F2-88D8-6C1551BC3213}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{56659D62-5CDF-42A9-88CB-9BB42AD57C42}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{0C5D9E7A-2460-4E27-9222-68E9E971FC69}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{22EB8101-8746-47C9-8BFB-AC9FAFC8CA05}] => (Allow) C:\Program Files\CrashPlan\CrashPlanService.exe
FirewallRules: [{454B4397-E612-4CF2-912E-FB1DEC4C2A44}] => (Allow) C:\Program Files\CrashPlan\CrashPlanService.exe
FirewallRules: [{8F47361F-ADC2-4819-BFA2-030452DE80E3}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{3278BE07-B152-4FBB-91DD-07D76DC6D9A8}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{BE96671E-5AD7-4D2B-A639-5F6DC1B7656E}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{0CA8E93D-6A3B-44DF-BAF2-1244AE94A667}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [UDP Query User{97B52EEB-7331-45AD-910A-61D397C338BA}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{D825A1CE-009E-4C59-A31C-0A7C47F7CD4C}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{9A34F215-9EF2-4852-8B40-FD135B7701EC}C:\users\jess silver\appdata\local\blue jeans\app\bluejeans.exe] => (Allow) C:\users\jess silver\appdata\local\blue jeans\app\bluejeans.exe
FirewallRules: [UDP Query User{DE9C5164-CBA5-420E-9B16-4DDB0CB6CA6C}C:\users\jess silver\appdata\local\blue jeans\app\bluejeans.exe] => (Allow) C:\users\jess silver\appdata\local\blue jeans\app\bluejeans.exe
FirewallRules: [{44BD533E-7FCC-44EE-ACB4-89D50495B254}] => (Allow) C:\Program Files\CrashPlan\CrashPlanService.exe
FirewallRules: [{71F10DD9-E594-4FE6-869E-BFFF79F7672B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

14-03-2017 15:14:52 Windows Update

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/14/2017 04:21:22 PM) (Source: VSS) (EventID: 12294) (User: )
Description: Volume Shadow Copy Service error: Error calling a routine on the Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine returned E_INVALIDARG.
Routine details GetSnapshot({00000000-0000-0000-0000-000000000000},000001CEEE06D5C0).


Operation:
Get Shadow Copy Properties

Context:
Execution Context: Coordinator

Error: (03/14/2017 04:21:17 PM) (Source: VSS) (EventID: 12294) (User: )
Description: Volume Shadow Copy Service error: Error calling a routine on the Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine returned E_INVALIDARG.
Routine details GetSnapshot({00000000-0000-0000-0000-000000000000},000001CEEE06DB60).


Operation:
Get Shadow Copy Properties

Context:
Execution Context: Coordinator

Error: (03/14/2017 04:06:10 PM) (Source: VSS) (EventID: 12294) (User: )
Description: Volume Shadow Copy Service error: Error calling a routine on the Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine returned E_INVALIDARG.
Routine details GetSnapshot({00000000-0000-0000-0000-000000000000},000001626909D420).


Operation:
Get Shadow Copy Properties

Context:
Execution Context: Coordinator

Error: (03/14/2017 04:06:05 PM) (Source: VSS) (EventID: 12294) (User: )
Description: Volume Shadow Copy Service error: Error calling a routine on the Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine returned E_INVALIDARG.
Routine details GetSnapshot({00000000-0000-0000-0000-000000000000},000001626909D380).


Operation:
Get Shadow Copy Properties

Context:
Execution Context: Coordinator

Error: (03/14/2017 03:50:53 PM) (Source: VSS) (EventID: 12294) (User: )
Description: Volume Shadow Copy Service error: Error calling a routine on the Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine returned E_INVALIDARG.
Routine details GetSnapshot({00000000-0000-0000-0000-000000000000},000001902833BE00).


Operation:
Get Shadow Copy Properties

Context:
Execution Context: Coordinator

Error: (03/14/2017 03:50:48 PM) (Source: VSS) (EventID: 12294) (User: )
Description: Volume Shadow Copy Service error: Error calling a routine on the Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine returned E_INVALIDARG.
Routine details GetSnapshot({00000000-0000-0000-0000-000000000000},000001902833B860).


Operation:
Get Shadow Copy Properties

Context:
Execution Context: Coordinator

Error: (03/14/2017 03:35:41 PM) (Source: VSS) (EventID: 12294) (User: )
Description: Volume Shadow Copy Service error: Error calling a routine on the Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine returned E_INVALIDARG.
Routine details GetSnapshot({00000000-0000-0000-0000-000000000000},0000027C9E5BA860).


Operation:
Get Shadow Copy Properties

Context:
Execution Context: Coordinator

Error: (03/14/2017 03:35:36 PM) (Source: VSS) (EventID: 12294) (User: )
Description: Volume Shadow Copy Service error: Error calling a routine on the Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine returned E_INVALIDARG.
Routine details GetSnapshot({00000000-0000-0000-0000-000000000000},0000027C9E5BB580).


Operation:
Get Shadow Copy Properties

Context:
Execution Context: Coordinator

Error: (03/14/2017 03:20:26 PM) (Source: VSS) (EventID: 12294) (User: )
Description: Volume Shadow Copy Service error: Error calling a routine on the Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine returned E_INVALIDARG.
Routine details GetSnapshot({00000000-0000-0000-0000-000000000000},000001B37135E190).


Operation:
Get Shadow Copy Properties

Context:
Execution Context: Coordinator

Error: (03/14/2017 03:20:19 PM) (Source: VSS) (EventID: 12294) (User: )
Description: Volume Shadow Copy Service error: Error calling a routine on the Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine returned E_INVALIDARG.
Routine details GetSnapshot({00000000-0000-0000-0000-000000000000},000001B37135E190).


Operation:
Get Shadow Copy Properties

Context:
Execution Context: Coordinator


System errors:
=============
Error: (03/14/2017 08:27:40 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.

Error: (03/14/2017 08:25:32 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/14/2017 05:21:22 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.

Error: (03/14/2017 04:27:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/14/2017 02:19:09 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (03/14/2017 01:33:06 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (03/14/2017 10:07:25 AM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (03/14/2017 09:34:54 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.

Error: (03/13/2017 04:02:44 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/13/2017 03:50:32 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.


CodeIntegrity:
===================================
Date: 2017-03-14 14:27:08.686
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\mctux.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-03-14 14:07:16.993
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\mctux.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-03-14 11:37:25.922
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\mctux.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-03-13 13:47:10.511
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-03-10 10:38:49.597
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-03-08 20:22:28.656
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\mctux.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-03-08 14:45:20.140
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-03-06 11:38:50.739
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-03-02 13:07:15.616
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-28 12:25:54.394
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-3537U CPU @ 2.00GHz
Percentage of memory in use: 82%
Total physical RAM: 3717.53 MB
Available physical RAM: 654.28 MB
Total Virtual: 10373.53 MB
Available Virtual: 6500.19 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:237.69 GB) (Free:33.25 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 63A70414)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=237.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

==================== End of Addition.txt ============================
 
redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
redtarget.gif
Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
redtarget.gif
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.


redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
Status
Not open for further replies.

Similar threads

E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni
uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
797
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni

Latest posts

Back