Solved First a popup then a slow computer

[glhglh]

frst.txt:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-06-2017 01
Ran by betty (administrator) on BETTYSLAPTOP (26-06-2017 14:01:17)
Running from C:\Users\betty\Desktop\Virus
Loaded Profiles: betty (Available Profiles: betty)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Validity Sensors, Inc.) C:\Windows\System32\valWBFPolicyService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(BERNINA International AG) C:\Program Files (x86)\BERNINA\UCS\UniversalCommunicationServer.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.PORTFOLIOCENTER\MSSQL\Binn\sqlservr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\Common\SpeechRuntime.exe
(Box, Inc.) C:\Program Files\Box\Box Sync\BoxSync.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(HP Inc.) C:\Program Files\HP\HP OfficeJet Pro 8720\Bin\ScanToPCActivationApp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Amazon Services LLC) C:\Users\betty\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Box, Inc.) C:\Users\betty\AppData\Local\Box\Box Local Com Server\Box Local Com Service.exe
(Box, Inc.) C:\Users\betty\AppData\Local\Box\Box Edit\Box Edit.exe
(HP Inc.) C:\Program Files\HP\HP OfficeJet Pro 8720\Bin\HPNetworkCommunicatorCom.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\FAHWindow64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVE.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSYNC.EXE
() C:\Program Files\Box\Box Sync\BoxSyncMonitor.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Siber Systems Inc.) C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome-nm-host.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [401896 2016-11-01] ()
HKLM\...\Run: [BoxSync] => C:\Program Files\Box\Box Sync\BoxSync.exe [5367192 2017-04-06] (Box, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1804616 2015-09-06] (NVIDIA Corporation)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-04-27] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-08-16] (IDT, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-04-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [654088 2015-02-17] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3776824 2015-03-17] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 2015\Acrobat\Acrotray.exe [1867856 2017-03-29] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1720584 2015-02-08] (CyberLink Corp.)
HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat 2015\Acrobat\AdobeCollabSync.exe [883792 2017-03-29] (Adobe Systems Incorporated)
HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\Run: [LaserAppUpdate] => C:\Program Files (x86)\Laser App Enterprise\uformagent.exe [1345696 2015-03-17] (Laser App Software Inc.)
HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [602880 2015-06-01] (NETGEAR Inc.)
HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\Run: [HP OfficeJet Pro 8720 (NET)] => C:\Program Files\HP\HP OfficeJet Pro 8720\Bin\ScanToPCActivationApp.exe [3736584 2015-08-31] (HP Inc.)
HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\Run: [84170B6E5D572F906ED7D9B0BCB9879B5F0A771D._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1197912 2017-06-22] (Google Inc.)
HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\Run: [Zoom] => [X]
HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110376 2017-04-06] (Siber Systems)
HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\Run: [Amazon Music] => C:\Users\betty\AppData\Local\Amazon Music\Amazon Music Helper.exe [3694056 2017-04-18] (Amazon Services LLC)
HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\Run: [Box Local Com Server] => C:\Users\betty\AppData\Local\Box\Box Local Com Server\Box Local Com Service.exe [123472 2017-06-05] (Box, Inc.)
HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\Run: [Box Edit] => C:\Users\betty\AppData\Local\Box\Box Edit\Box Edit.exe [928336 2017-06-05] (Box, Inc.)
ShellIconOverlayIdentifiers: [ BoxSyncFileLocked] -> {2a607da5-abe8-358e-a881-c0f5faf2d3a5} => C:\WINDOWS\system32\mscoree.dll [2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ BoxSyncFileLockedByOther] -> {f7d2951f-0b6b-346c-99ec-69cffc30a364} => C:\WINDOWS\system32\mscoree.dll [2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ BoxSyncNotSynced] -> {5ea95e3d-3e46-3812-b03c-49785fa67d41} => C:\WINDOWS\system32\mscoree.dll [2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ BoxSyncProblem] -> {a88b7184-bfa1-3d14-8efb-2225df9699bc} => C:\WINDOWS\system32\mscoree.dll [2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ BoxSyncSynced] -> {c89f9943-8f58-3eca-bd55-a658f53b2f48} => C:\WINDOWS\system32\mscoree.dll [2016-07-16] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2017-01-30]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAHConsole.exe (WinZip Computing, S.L.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2015-07-02]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2015-07-02]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2015-07-02]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2015\QBW32.EXE (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update Notifier.lnk [2017-01-30]
ShortcutTarget: Update Notifier.lnk -> C:\Program Files\WinZip\WZUpdateNotifier.exe (WinZip)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2017-01-30]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
Startup: C:\Users\betty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneDrive for Business.lnk [2016-07-04]
ShortcutTarget: OneDrive for Business.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVE.EXE (Microsoft Corporation)
Startup: C:\Users\betty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-07-14]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{145518f7-fc80-414c-8b8a-ae2922a335e9}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{e9b4875d-8166-464d-b3c1-e2c842fb95ec}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131358354019985278&GUID=8E54BA8E-EBEB-41E4-A39B-4141A575E24F
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKU\S-1-5-21-223588219-2138284121-77307795-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131358354019994047&GUID=8E54BA8E-EBEB-41E4-A39B-4141A575E24F
HKU\S-1-5-21-223588219-2138284121-77307795-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
SearchScopes: HKLM -> {6A1DE76A-BA2E-4191-AB59-4E8D3C3BAB2E} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-223588219-2138284121-77307795-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=U270DF&PC=U270&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-223588219-2138284121-77307795-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=U270DF&PC=U270&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-223588219-2138284121-77307795-1002 -> {AD551F51-A315-4FF4-BF1F-7FDEA2FA7672} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-05-05] (Microsoft Corporation)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2017-04-06] (Siber Systems Inc.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2017-01-01] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\x64\AcroIEFavStub.dll [2015-10-24] (Adobe Systems Incorporated)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-05-05] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2017-01-01] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\x64\AcroIEFavStub.dll [2015-10-24] (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-05-05] (Microsoft Corporation)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2017-04-06] (Siber Systems Inc.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\AcroIEFavStub.dll [2015-10-24] (Adobe Systems Incorporated)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-05-05] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\AcroIEFavStub.dll [2015-10-24] (Adobe Systems Incorporated)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2017-04-06] (Siber Systems Inc.)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\x64\AcroIEFavStub.dll [2015-10-24] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2017-04-06] (Siber Systems Inc.)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\AcroIEFavStub.dll [2015-10-24] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-223588219-2138284121-77307795-1002 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2017-04-06] (Siber Systems Inc.)
Toolbar: HKU\S-1-5-21-223588219-2138284121-77307795-1002 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\x64\AcroIEFavStub.dll [2015-10-24] (Adobe Systems Incorporated)
Handler-x32: intu-help-qb8 - {CD17C364-2EC8-4929-91A9-C4839A20E909} - C:\Program Files (x86)\Intuit\QuickBooks 2015\HelpAsyncPluggableProtocol.dll [2017-04-25] (Intuit, Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-05] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-05] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-05] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-05] (Microsoft Corporation)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\system32\mscoree.dll [2016-07-16] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: db0wk1yf.default
FF ProfilePath: C:\Users\betty\AppData\Roaming\Mozilla\Firefox\Profiles\db0wk1yf.default [2016-12-26]
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\db0wk1yf.default -> Yahoo powered search
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\db0wk1yf.default -> Yahoo powered search
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\db0wk1yf.default -> Yahoo powered search
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 2015\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat DC - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 2015\Acrobat\Browser\WCFirefoxExtn [2017-04-14]
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi
FF Extension: (RoboForm Toolbar) - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi [2017-04-06]
FF HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_131.dll [2017-06-16] ()
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2017-01-01] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2017-01-01] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-06-16] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll [2013-06-26] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-09] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-09] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-05-05] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-05-05] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 2015\Acrobat\Air\nppdf32.dll [2017-03-29] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems)
FF Plugin HKU\S-1-5-21-223588219-2138284121-77307795-1002: @citrixonline.com/appdetectorplugin -> C:\Users\betty\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-08-27] (Citrix Online)
FF Plugin HKU\S-1-5-21-223588219-2138284121-77307795-1002: @ringcentral.com/RingCentralMeetingsPlugin -> C:\Users\betty\AppData\Roaming\RingCentralMeetings\bin\nprcmsplugin.dll [2016-06-23] (Zoom Video Communications, Inc. and RingCentral Inc.)
FF Plugin HKU\S-1-5-21-223588219-2138284121-77307795-1002: @zoom.us/ZoomVideoPlugin -> C:\Users\betty\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2017-01-25] (Zoom Video Communications, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\betty\AppData\Roaming\mozilla\plugins\npatgpc.dll [2016-02-18] (Cisco WebEx LLC)

Chrome:
=======
CHR StartupUrls: Default -> "chrome://newtab/","hxxps://si2.schwabinstitutional.com/SI2/SecAdmin/Logon.aspx?to=%2fSI2%2fHome%2fdefault.aspx%3f1gABAAABANYAGgAAAAAaAAU%253d%26subtab%3dServiceRequests","hxxp://www.nytimes.com/","hxxps://www.bloomberg.com/","hxxp://www.wsj.com/","hxxps://www.washingtonpost.com/","hxxp://www.economist.com/"
CHR Profile: C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default [2017-06-26]
CHR Extension: (Google Slides) - C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-28]
CHR Extension: (Google Docs) - C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-28]
CHR Extension: (Google Drive) - C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-05]
CHR Extension: (Honey) - C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2017-06-26]
CHR Extension: (appear.in screen sharing) - C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodncoafpihbhpfljcaofnebjkaiaiga [2017-06-05]
CHR Extension: (Google Search) - C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Adobe Acrobat) - C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-14]
CHR Extension: (Google Sheets) - C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-28]
CHR Extension: (Cisco WebEx Extension) - C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2017-04-18]
CHR Extension: (Cube Time & Expense Tracking) - C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\lenheondoadkgoodcgmcijcoiahhemch [2015-07-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-14]
CHR Extension: (StartMeeting.com Extension) - C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnedppabchbjaplcbjpbkcjhpmfdhpin [2016-01-11]
CHR Extension: (Toggl Button: Productivity & Time Tracker) - C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejgccbfbmkkpaidnkphaiaecficdnfn [2017-06-16]
CHR Extension: (Email Access) - C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\piffljpodgadkdfopgnoailbecjbaink [2016-08-22]
CHR Extension: (Gmail) - C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-28]
CHR Extension: (Chrome Media Router) - C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-16]
CHR Extension: (RoboForm Password Manager) - C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2017-05-22]
CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2015-06-20]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2015-06-20]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
S3 BoxSyncUpdateService; C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [36240 2016-02-26] (Box, Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3294912 2017-05-05] (Microsoft Corporation)
S3 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [608520 2015-02-17] (Hewlett-Packard Development Company, L.P.)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373744 2016-11-01] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-09] (Intel Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-08-29] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-09] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
R2 MSSQL$PORTFOLIOCENTER; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.PORTFOLIOCENTER\MSSQL\Binn\sqlservr.exe [43130032 2015-03-30] (Microsoft Corporation)
S3 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2015-06-01] (NETGEAR)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [459832 2017-02-06] (NVIDIA Corporation)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2017-04-25] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2015-03-17] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2015-03-17] (Intuit Inc.) [File not signed]
S4 SQLAgent$PORTFOLIOCENTER; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.PORTFOLIOCENTER\MSSQL\Binn\SQLAGENT.EXE [381104 2015-03-30] (Microsoft Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-08-16] (IDT, Inc.) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [260704 2016-09-02] (Synaptics Incorporated)
R2 UniversalCommunicationServer; C:\Program Files (x86)\BERNINA\UCS\UniversalCommunicationServer.exe [90496 2013-05-02] (BERNINA International AG)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [32768 2013-08-01] (Validity Sensors, Inc.) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-27] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-04-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

[glhglh]

Frst64.txt 2:
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77416 2016-12-14] ()
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [349960 2016-07-12] (Intel Corporation)
R3 ikbevent; C:\WINDOWS\system32\DRIVERS\ikbevent.sys [21408 2013-08-08] ()
R3 imsevent; C:\WINDOWS\system32\DRIVERS\imsevent.sys [21920 2013-08-08] ()
R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD64.sys [46568 2013-08-07] ()
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176064 2017-06-26] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [102856 2017-06-26] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-06-26] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [250816 2017-06-26] (Malwarebytes)
S3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2017-06-26] (Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-09] (Intel Corporation)
R1 MpKsl26521f56; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B9D9FBBC-A7D5-4D35-90EB-D1B545010112}\MpKsl26521f56.sys [44928 2017-06-26] (Microsoft Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3506464 2015-09-16] (Intel Corporation)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2015-08-18] (CACE Technologies, Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvhm.inf_amd64_7c553af4468727c1\nvlddmkm.sys [14311352 2017-02-10] (NVIDIA Corporation)
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [751632 2015-05-14] (Realsil Semiconductor Corporation)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-08-01] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [71264 2016-09-02] (Synaptics Incorporated)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\system32\DRIVERS\WirelessButtonDriver64.sys [31840 2016-03-24] (HP)
R3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [49896 2016-07-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-26 13:38 - 2017-06-26 13:44 - 00000000 ____D C:\AdwCleaner
2017-06-26 13:35 - 2017-06-26 14:01 - 00000000 ____D C:\FRST
2017-06-26 13:33 - 2017-06-26 13:33 - 00176064 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-06-26 13:32 - 2017-06-26 13:46 - 00250816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-06-26 13:32 - 2017-06-26 13:46 - 00102856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-06-26 13:32 - 2017-06-26 13:46 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-06-26 13:32 - 2017-06-26 13:33 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-06-26 13:32 - 2017-06-26 13:32 - 00001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-06-26 13:32 - 2017-06-26 13:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-06-26 13:32 - 2017-06-26 13:32 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-06-26 13:32 - 2017-06-26 13:32 - 00000000 ____D C:\Program Files\Malwarebytes
2017-06-26 13:32 - 2016-12-14 12:55 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-06-26 13:30 - 2017-06-26 13:30 - 00015186 _____ C:\Users\betty\Desktop\dont know which client.xlsx
2017-06-24 18:51 - 2017-06-24 18:51 - 00031563 _____ C:\Users\betty\Downloads\administrative-assistant-interview-questions.pdf
2017-06-24 17:19 - 2017-06-24 17:19 - 01555150 _____ C:\Users\betty\Downloads\IRAFiduciaryOptimizer.pdf
2017-06-22 12:21 - 2017-06-22 12:21 - 00000441 _____ C:\Users\betty\Downloads\NewEvent.ics
2017-06-20 23:28 - 2017-06-20 23:28 - 00073883 _____ C:\Users\betty\Downloads\34334761195-628480287-ticket (1).pdf
2017-06-20 13:59 - 2017-06-20 13:59 - 00141575 _____ C:\Users\betty\Downloads\Monthly Statements Request 2017 June 20.pdf
2017-06-20 11:29 - 2017-06-20 11:29 - 00000000 ___HD C:\OneDriveTemp
2017-06-20 11:16 - 2017-06-20 11:16 - 01371805 _____ C:\Users\betty\Downloads\Profile_Profile_Acct_View_72406_20170620.pdf
2017-06-19 15:31 - 2017-06-19 15:31 - 00102869 _____ C:\Users\betty\Downloads\Theon Medical.pdf
2017-06-16 14:00 - 2017-06-16 14:00 - 00000000 ___SD C:\WINDOWS\UpdateAssistantV2
2017-06-16 11:05 - 2017-06-16 11:05 - 00285334 _____ C:\Users\betty\Downloads\estate planning_06_15_2017_1653.fls
2017-06-16 10:10 - 2017-06-16 10:10 - 00558474 _____ C:\Users\betty\Downloads\Angela (2).pdf
2017-06-15 21:01 - 2017-06-15 21:01 - 00162816 _____ C:\Users\betty\Downloads\histretSP (3).xls
2017-06-15 20:45 - 2017-06-15 22:04 - 00200192 _____ C:\Users\betty\Downloads\histretSP (2).xls
2017-06-15 20:44 - 2017-06-15 22:02 - 00200704 _____ C:\Users\betty\Downloads\histretSP (1).xls
2017-06-15 20:37 - 2017-06-15 20:37 - 00162816 _____ C:\Users\betty\Downloads\histretSP.xls
2017-06-15 20:35 - 2017-06-15 20:35 - 00564577 _____ C:\Users\betty\Downloads\Angela (1).pdf
2017-06-15 20:32 - 2017-06-15 20:32 - 00689736 _____ C:\Users\betty\Downloads\Angela.pdf
2017-06-14 09:33 - 2017-06-14 09:33 - 00080490 _____ C:\Users\betty\Downloads\34334761195-628480287-ticket.pdf
2017-06-14 08:31 - 2017-06-03 03:50 - 00315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-06-14 08:31 - 2017-06-03 03:16 - 00279904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-06-14 08:31 - 2017-06-03 03:14 - 00379232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-06-14 08:31 - 2017-06-03 03:11 - 01706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-06-14 08:31 - 2017-06-03 03:09 - 02213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-06-14 08:31 - 2017-06-03 03:08 - 07783256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-06-14 08:31 - 2017-06-03 03:06 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-06-14 08:31 - 2017-06-03 03:01 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2017-06-14 08:31 - 2017-06-03 02:59 - 01181024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-06-14 08:31 - 2017-06-03 02:59 - 00118112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-06-14 08:31 - 2017-06-03 02:58 - 00340832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-06-14 08:31 - 2017-06-03 02:55 - 00780640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-06-14 08:31 - 2017-06-03 02:54 - 00187232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-06-14 08:31 - 2017-06-03 02:53 - 00404824 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-06-14 08:31 - 2017-06-03 02:52 - 01021784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2017-06-14 08:31 - 2017-06-03 02:52 - 00607072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2017-06-14 08:31 - 2017-06-03 02:52 - 00111968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2017-06-14 08:31 - 2017-06-03 02:51 - 02187104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-06-14 08:31 - 2017-06-03 02:51 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-06-14 08:31 - 2017-06-03 02:50 - 00857440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-06-14 08:31 - 2017-06-03 02:50 - 00381792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-06-14 08:31 - 2017-06-03 02:49 - 20967840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-06-14 08:31 - 2017-06-03 02:48 - 01112416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2017-06-14 08:31 - 2017-06-03 02:48 - 00857952 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2017-06-14 08:31 - 2017-06-03 02:48 - 00148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2017-06-14 08:31 - 2017-06-03 02:45 - 22220864 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-06-14 08:31 - 2017-06-03 02:44 - 01412640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-06-14 08:31 - 2017-06-03 02:44 - 00545944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-06-14 08:31 - 2017-06-03 02:40 - 00628552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-06-14 08:31 - 2017-06-03 02:39 - 05686272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-06-14 08:31 - 2017-06-03 02:39 - 02532192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-06-14 08:31 - 2017-06-03 02:33 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-06-14 08:31 - 2017-06-03 02:32 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-06-14 08:31 - 2017-06-03 02:31 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2017-06-14 08:31 - 2017-06-03 02:31 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-06-14 08:31 - 2017-06-03 02:28 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-06-14 08:31 - 2017-06-03 02:28 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edputil.dll
2017-06-14 08:31 - 2017-06-03 02:26 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-06-14 08:31 - 2017-06-03 02:26 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthBrokerUI.dll
2017-06-14 08:31 - 2017-06-03 02:23 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-06-14 08:31 - 2017-06-03 02:22 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2017-06-14 08:31 - 2017-06-03 02:22 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcorehc.dll
2017-06-14 08:31 - 2017-06-03 02:22 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tcpipcfg.dll
2017-06-14 08:31 - 2017-06-03 02:20 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-06-14 08:31 - 2017-06-03 02:19 - 01164288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2017-06-14 08:31 - 2017-06-03 02:18 - 22569984 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-06-14 08:31 - 2017-06-03 02:16 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2017-06-14 08:31 - 2017-06-03 02:16 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-06-14 08:31 - 2017-06-03 02:15 - 19414016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-06-14 08:31 - 2017-06-03 02:15 - 18364928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-06-14 08:31 - 2017-06-03 02:15 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-06-14 08:31 - 2017-06-03 02:15 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-06-14 08:31 - 2017-06-03 02:15 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-06-14 08:31 - 2017-06-03 02:14 - 00238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-06-14 08:31 - 2017-06-03 02:14 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-06-14 08:31 - 2017-06-03 02:14 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-06-14 08:31 - 2017-06-03 02:12 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdProxy.dll
2017-06-14 08:31 - 2017-06-03 02:11 - 00353792 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-06-14 08:31 - 2017-06-03 02:10 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-06-14 08:31 - 2017-06-03 02:09 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcorehc.dll
2017-06-14 08:31 - 2017-06-03 02:09 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2017-06-14 08:31 - 2017-06-03 02:08 - 12187648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-06-14 08:31 - 2017-06-03 02:08 - 02643968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-06-14 08:31 - 2017-06-03 02:08 - 01221120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2017-06-14 08:31 - 2017-06-03 02:08 - 00691200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-06-14 08:31 - 2017-06-03 02:07 - 00552960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-06-14 08:31 - 2017-06-03 02:07 - 00456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2017-06-14 08:31 - 2017-06-03 02:06 - 03664384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-06-14 08:31 - 2017-06-03 02:05 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-06-14 08:31 - 2017-06-03 02:05 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hnetcfg.dll
2017-06-14 08:31 - 2017-06-03 02:04 - 06042624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-06-14 08:31 - 2017-06-03 02:04 - 02006528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-06-14 08:31 - 2017-06-03 02:04 - 00773120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-06-14 08:31 - 2017-06-03 02:03 - 01988096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-06-14 08:31 - 2017-06-03 02:03 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-06-14 08:31 - 2017-06-03 02:02 - 02997760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-06-14 08:31 - 2017-06-03 02:01 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-06-14 08:31 - 2017-06-03 02:00 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-06-14 08:31 - 2017-06-03 01:56 - 13091840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-06-14 08:31 - 2017-06-03 01:54 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2017-06-14 08:31 - 2017-06-03 01:53 - 08125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-06-14 08:31 - 2017-06-03 01:52 - 03403264 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-06-14 08:31 - 2017-06-03 01:52 - 00975872 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-06-14 08:31 - 2017-06-03 01:51 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2017-06-14 08:31 - 2017-06-03 01:50 - 04744704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-06-14 08:31 - 2017-06-03 01:50 - 02538496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-06-14 08:31 - 2017-06-03 01:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-06-14 08:31 - 2017-06-03 01:49 - 02475520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-06-14 08:31 - 2017-06-03 01:49 - 01845248 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-06-14 08:31 - 2017-06-03 01:49 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-06-14 08:31 - 2017-06-03 01:49 - 00903680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-06-14 08:31 - 2017-06-03 01:49 - 00351744 _____ (Microsoft Corporation) C:\WINDOWS\system32\hnetcfg.dll
2017-06-14 08:31 - 2017-06-03 01:48 - 01131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-06-14 08:31 - 2017-06-03 01:48 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-06-14 08:31 - 2017-06-03 01:48 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-06-14 08:31 - 2017-06-03 01:46 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-06-14 08:31 - 2017-06-03 01:40 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-06-14 08:31 - 2017-05-24 22:56 - 00038752 _____ (Microsoft Corporation) C:\WINDOWS\system32\OOBEUpdater.exe
2017-06-14 08:31 - 2017-03-03 23:22 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-06-14 08:31 - 2017-03-03 23:19 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2017-06-14 08:31 - 2017-03-03 23:16 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2017-06-14 08:31 - 2017-03-03 23:16 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2017-06-14 08:31 - 2016-09-06 21:53 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll
2017-06-14 08:30 - 2017-06-03 03:50 - 00192856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-06-14 08:30 - 2017-06-03 03:14 - 01564512 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-06-14 08:30 - 2017-06-03 03:14 - 01214816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-06-14 08:30 - 2017-06-03 03:14 - 00629088 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-06-14 08:30 - 2017-06-03 03:14 - 00544096 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-06-14 08:30 - 2017-06-03 03:14 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-06-14 08:30 - 2017-06-03 03:14 - 00334176 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-06-14 08:30 - 2017-06-03 03:14 - 00233824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-06-14 08:30 - 2017-06-03 03:14 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-06-14 08:30 - 2017-06-03 03:14 - 00136024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-06-14 08:30 - 2017-06-03 03:14 - 00096608 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-06-14 08:30 - 2017-06-03 03:14 - 00034648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-06-14 08:30 - 2017-06-03 03:11 - 00128864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2017-06-14 08:30 - 2017-06-03 02:59 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-06-14 08:30 - 2017-06-03 02:49 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-06-14 08:30 - 2017-06-03 02:49 - 00509280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-06-14 08:30 - 2017-06-03 02:48 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-06-14 08:30 - 2017-06-03 02:48 - 00989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-06-14 08:30 - 2017-06-03 02:44 - 01600624 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-06-14 08:30 - 2017-06-03 02:40 - 01566552 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-06-14 08:30 - 2017-06-03 02:39 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-06-14 08:30 - 2017-06-03 02:22 - 07217152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-06-14 08:30 - 2017-06-03 02:16 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-06-14 08:30 - 2017-06-03 02:14 - 00045056 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-06-14 08:30 - 2017-06-03 02:10 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\edputil.dll
2017-06-14 08:30 - 2017-06-03 02:10 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBrokerUI.dll
2017-06-14 08:30 - 2017-06-03 02:09 - 00489472 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2017-06-14 08:30 - 2017-06-03 02:08 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-06-14 08:30 - 2017-06-03 02:08 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-06-14 08:30 - 2017-06-03 02:07 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\HNetCfgClient.dll
2017-06-14 08:30 - 2017-06-03 02:06 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2017-06-14 08:30 - 2017-06-03 01:58 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdProxy.dll
2017-06-14 08:30 - 2017-06-03 01:52 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-06-14 08:30 - 2017-06-03 01:52 - 00886784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2017-06-14 08:30 - 2017-06-03 01:51 - 01418240 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2017-06-14 08:30 - 2017-06-03 01:49 - 03615744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-06-14 08:30 - 2017-06-03 01:49 - 02318848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-06-14 08:30 - 2017-06-03 01:48 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-06-14 08:30 - 2017-06-02 23:08 - 00080078 _____ C:\WINDOWS\system32\normidna.nls
2017-06-13 19:49 - 2017-06-15 20:44 - 00192512 _____ C:\Users\betty\Downloads\Accounts_View_20170614.xls
2017-06-13 19:48 - 2017-06-15 20:44 - 00104466 _____ C:\Users\betty\Downloads\Profile_Master_08004831_061317.104803PM_ET.csv
2017-06-13 19:22 - 2017-06-13 19:22 - 00612837 _____ C:\Users\betty\Downloads\05534900017326.pdf
2017-06-13 15:36 - 2017-06-13 15:36 - 00058085 _____ C:\Users\betty\Downloads\529 Plans Brochure.pdf
2017-06-13 12:26 - 2017-06-13 12:26 - 00016384 _____ C:\Users\betty\Downloads\RMD & Distribution Analysis 01-01-2017 to 05-29-2017.xls
2017-06-12 11:38 - 2017-06-12 11:38 - 00043680 _____ C:\Users\betty\Downloads\Action List (1).xlsx
2017-06-12 09:44 - 2017-06-12 09:44 - 00284190 _____ C:\Users\betty\Downloads\sitemap50.xml.gz
2017-06-11 17:46 - 2017-06-11 17:46 - 00255488 _____ C:\Users\betty\Downloads\DivorceTB12015.xls
2017-06-11 17:46 - 2017-06-11 17:46 - 00255488 _____ C:\Users\betty\Downloads\DivorceTB12015 (2).xls
2017-06-11 17:46 - 2017-06-11 17:46 - 00255488 _____ C:\Users\betty\Downloads\DivorceTB12015 (1).xls
2017-06-09 20:23 - 2017-06-09 20:23 - 00047616 _____ C:\Users\betty\Downloads\Transaction_6f6d781a-d7d8-4f43-abd4-c9d5092139cf_20170610.xls
2017-06-09 12:31 - 2017-06-09 12:31 - 00470091 _____ C:\Users\betty\Downloads\Quarterly Report 2017-06-09 19-29-34_.pdf.pdf
2017-06-08 15:55 - 2017-06-12 12:08 - 00139776 _____ C:\Users\betty\Downloads\Fixed Income Security Details.xls
2017-06-08 15:47 - 2017-06-08 15:47 - 00218112 _____ C:\Users\betty\Downloads\Sec_in_Accout_c5be8673-3a90-4c95-b0f5-dec2acdd7e23_20170608.xls
2017-06-08 14:28 - 2017-06-08 14:28 - 00074480 _____ C:\Users\betty\Downloads\AST 1 Account Balances 2826399.pdf
2017-06-07 19:01 - 2017-06-07 19:01 - 00033141 _____ C:\Users\betty\Downloads\LOA Remove Bo.pdf
2017-06-07 19:01 - 2017-06-07 19:01 - 00033141 _____ C:\Users\betty\Downloads\LOA Remove Bo (1).pdf
2017-06-07 07:02 - 2017-06-07 07:02 - 00015244 _____ C:\Users\betty\Downloads\DetlPosn_Grp_Brattesani_Karen_&_Douglas_Potter_060217 (Autosaved).csv
2017-06-06 22:10 - 2017-06-06 22:10 - 00020407 _____ C:\Users\betty\Downloads\contacts_by_state (7).pdf
2017-06-06 22:10 - 2017-06-06 22:10 - 00020196 _____ C:\Users\betty\Downloads\contacts_by_state (8).pdf
2017-06-06 22:09 - 2017-06-06 22:09 - 00022318 _____ C:\Users\betty\Downloads\contacts_by_state (5).pdf
2017-06-06 22:09 - 2017-06-06 22:09 - 00022139 _____ C:\Users\betty\Downloads\contacts_by_state (6).pdf
2017-06-06 22:09 - 2017-06-06 22:09 - 00022032 _____ C:\Users\betty\Downloads\contacts_by_state (4).pdf
2017-06-06 22:08 - 2017-06-06 22:08 - 00036457 _____ C:\Users\betty\Downloads\contacts_by_state (2).pdf
2017-06-06 22:08 - 2017-06-06 22:08 - 00019537 _____ C:\Users\betty\Downloads\contacts_by_state (3).pdf
2017-06-06 22:07 - 2017-06-06 22:07 - 00038455 _____ C:\Users\betty\Downloads\contacts_by_state (1).pdf
2017-06-06 22:07 - 2017-06-06 22:07 - 00020301 _____ C:\Users\betty\Downloads\contacts_by_state.pdf
2017-06-06 22:05 - 2017-06-06 22:05 - 00241079 _____ C:\Users\betty\Downloads\contacts_by_keyword.pdf
2017-06-06 22:03 - 2017-06-06 22:03 - 00890981 _____ C:\Users\betty\Downloads\contacts_by_important_information.pdf
2017-06-06 21:59 - 2017-06-06 21:59 - 00069457 _____ C:\Users\betty\Downloads\contacts_by_important_information (2).csv
2017-06-06 21:57 - 2017-06-06 21:57 - 00069457 _____ C:\Users\betty\Downloads\contacts_by_important_information (1).csv
2017-06-06 21:52 - 2017-06-06 21:52 - 00000739 _____ C:\Users\betty\Downloads\contacts_by_professional (1).csv
2017-06-06 21:49 - 2017-06-06 21:49 - 00000895 _____ C:\Users\betty\Downloads\client_birthday_reminders.csv
2017-06-06 21:46 - 2017-06-06 21:46 - 00031120 _____ C:\Users\betty\Downloads\workflow_task_report.pdf
2017-06-06 21:45 - 2017-06-06 21:45 - 00001777 _____ C:\Users\betty\Downloads\workflow_task_report.csv
2017-06-06 21:40 - 2017-06-06 21:40 - 00001278 _____ C:\Users\betty\Downloads\Tag Groups (13).csv
2017-06-06 21:38 - 2017-06-06 21:38 - 00001042 _____ C:\Users\betty\Downloads\Tag Groups (12).csv
2017-06-06 21:36 - 2017-06-06 21:36 - 00001336 _____ C:\Users\betty\Downloads\Tag Groups (11).csv
2017-06-06 21:34 - 2017-06-06 21:34 - 00000933 _____ C:\Users\betty\Downloads\Tag Groups (10).csv
2017-06-06 21:32 - 2017-06-06 21:32 - 00001181 _____ C:\Users\betty\Downloads\Tag Groups (9).csv
2017-06-06 21:31 - 2017-06-06 21:31 - 00001334 _____ C:\Users\betty\Downloads\Tag Groups (8).csv
2017-06-06 21:29 - 2017-06-06 21:29 - 00002680 _____ C:\Users\betty\Downloads\Tag Groups (7).csv
2017-06-06 21:27 - 2017-06-06 21:27 - 00001373 _____ C:\Users\betty\Downloads\Tag Groups (6).csv
2017-06-06 21:24 - 2017-06-06 21:24 - 00001415 _____ C:\Users\betty\Downloads\Tag Groups (5).csv
2017-06-06 21:23 - 2017-06-06 21:23 - 00001415 _____ C:\Users\betty\Downloads\Tag Groups (4).csv
2017-06-06 19:12 - 2017-06-06 19:12 - 00000764 _____ C:\Users\betty\Downloads\Tag Groups (3).csv
2017-06-06 19:11 - 2017-06-06 19:11 - 00002046 _____ C:\Users\betty\Downloads\Tag Groups (2).csv
2017-06-06 19:09 - 2017-06-06 19:09 - 00004728 _____ C:\Users\betty\Downloads\Tag Groups (1).csv
2017-06-06 19:07 - 2017-06-06 19:07 - 00000783 _____ C:\Users\betty\Downloads\Tag Groups.csv
2017-06-06 18:56 - 2017-06-06 18:56 - 00021052 _____ C:\Users\betty\Downloads\Clients.csv
2017-06-06 18:50 - 2017-06-06 18:50 - 00327205 _____ C:\Users\betty\Downloads\Contacts (1).csv
2017-06-06 18:37 - 2017-06-06 18:37 - 01650484 _____ C:\Users\betty\Downloads\Contacts 2017-06-06.csv
2017-06-06 18:27 - 2017-06-06 18:27 - 00001994 _____ C:\Users\betty\Downloads\Contacts.csv
2017-06-06 18:11 - 2017-06-06 18:11 - 06661747 _____ C:\Users\betty\Downloads\notes_by_contact_report (1).csv
2017-06-06 17:38 - 2017-06-06 17:38 - 00001321 _____ C:\Users\betty\Downloads\workflow_report.csv
2017-06-06 15:37 - 2017-06-06 15:37 - 00063924 _____ C:\Users\betty\Downloads\activities_by_contact (3).pdf
2017-06-06 15:32 - 2017-06-06 15:32 - 01210564 _____ C:\Users\betty\Downloads\activities_by_contact (2).pdf
2017-06-06 15:30 - 2017-06-06 15:30 - 00629139 _____ C:\Users\betty\Downloads\activities_by_contact (1).pdf
2017-06-06 15:28 - 2017-06-06 15:28 - 00049404 _____ C:\Users\betty\Downloads\activities_by_contact.pdf
2017-06-06 13:28 - 2017-06-06 13:41 - 06983353 _____ C:\Users\betty\Downloads\notes_by_contact_report.csv
2017-06-06 12:53 - 2017-06-06 12:53 - 00844287 _____ C:\Users\betty\Downloads\notes_by_contact_report.pdf
2017-06-06 12:42 - 2017-06-06 12:42 - 00074084 _____ C:\Users\betty\Downloads\contacts_by_status.csv
2017-06-06 12:40 - 2017-06-06 12:40 - 00000882 _____ C:\Users\betty\Downloads\contacts_by_state.csv
2017-06-06 12:03 - 2017-06-06 12:03 - 00507972 _____ C:\WINDOWS\Minidump\060617-46890-01.dmp
2017-06-06 11:55 - 2017-06-06 11:55 - 00000739 _____ C:\Users\betty\Downloads\contacts_by_professional.csv
2017-06-06 11:52 - 2017-06-06 11:53 - 00111333 _____ C:\Users\betty\Downloads\contacts_by_keyword.csv
2017-06-06 11:50 - 2017-06-06 11:51 - 00069457 _____ C:\Users\betty\Downloads\contacts_by_important_information.csv
2017-06-06 11:47 - 2017-06-06 11:47 - 00074084 _____ C:\Users\betty\Downloads\contacts_by_category.csv
2017-06-06 11:47 - 2017-06-06 11:47 - 00074084 _____ C:\Users\betty\Downloads\contacts_by_category (1).csv
2017-06-05 23:28 - 2017-06-05 23:28 - 00000698 _____ C:\Users\betty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-06-05 23:17 - 2017-06-05 23:28 - 00000000 ____D C:\WINDOWS\Microsoft Antimalware
2017-06-05 17:10 - 2017-06-05 17:10 - 00565747 _____ C:\Users\betty\Downloads\=_UTF-8_Q_EnrollmentCertificate=2Epdf_=
2017-06-05 16:08 - 2017-06-05 16:09 - 00512060 _____ C:\WINDOWS\Minidump\060517-30625-01.dmp
2017-06-05 08:40 - 2017-06-05 08:40 - 00001048 _____ C:\Users\betty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\join.me.lnk
2017-06-05 08:17 - 2017-06-05 08:17 - 00630890 _____ C:\Users\betty\Downloads\2017 May Moran 401kDistributi (1).pdf
2017-06-05 08:16 - 2017-06-05 08:16 - 00630890 _____ C:\Users\betty\Downloads\2017 May Moran 401kDistributi.pdf
2017-06-02 12:34 - 2017-06-02 12:34 - 00230494 _____ C:\Users\betty\Downloads\2016 Tax Return (Potter Douglas W and Ka - Client Copy).pdf
2017-06-02 08:37 - 2017-06-02 08:37 - 00007180 _____ C:\Users\betty\Downloads\CostBasis_Acct_51088337_060217.113759AM_ET.csv
2017-06-02 08:28 - 2017-06-02 08:28 - 00001654 _____ C:\Users\betty\Downloads\CostBasis_Acct_70826862_060217.112845AM_ET.csv
2017-06-02 08:25 - 2017-06-02 08:51 - 00071680 _____ C:\Users\betty\Downloads\standard_currentholdings_upload_template (3).xls
2017-06-02 08:21 - 2017-06-02 08:21 - 00017872 _____ C:\Users\betty\Downloads\DetlPosn_Grp_Brattesani_Karen_&_Douglas_Potter_060217.104822AM_ET.csv
2017-06-02 08:19 - 2017-06-02 08:19 - 00011514 _____ C:\Users\betty\Downloads\SummPosn_Grp_Brattesani_Karen_&_Douglas_Potter_060217.104822AM_ET.csv
2017-06-02 08:05 - 2017-06-20 21:54 - 00000000 ____D C:\Users\betty\AppData\Local\TogglDesktop
2017-06-02 08:05 - 2017-06-02 08:05 - 00000000 ____D C:\Users\betty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Toggl
2017-06-02 08:04 - 2017-06-02 08:04 - 07830904 _____ C:\Users\betty\Downloads\TogglDesktopInstaller-7.4.31.exe
2017-06-01 13:27 - 2017-06-01 13:27 - 00384593 _____ C:\Users\betty\Downloads\5519-3930_123116_stmt.pdf
2017-06-01 07:24 - 2017-06-01 07:24 - 00533075 _____ C:\Users\betty\Downloads\Download_2017-06-01.zip
2017-05-31 15:29 - 2017-05-31 15:29 - 00001255 _____ C:\Users\betty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update and Privacy Settings.lnk
2017-05-31 15:27 - 2017-05-31 15:28 - 00000000 ____D C:\Program Files\UNP
2017-05-31 15:27 - 2017-05-31 15:27 - 00000000 ____D C:\WINDOWS\system32\UNP
2017-05-30 07:41 - 2017-05-30 07:41 - 00221184 _____ C:\Users\betty\Downloads\Sec_in_Accout_f14c8bca-01db-439d-ad0b-b1d98ff59665_20170530.xls
2017-05-30 07:40 - 2017-05-30 07:40 - 00221184 _____ C:\Users\betty\Downloads\Sec_in_Accout_c8b86077-912d-4b8a-8bfd-50fba5f81e74_20170530.xls

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-26 14:00 - 2016-08-20 11:46 - 00000000 ____D C:\Users\betty\Desktop\Virus
2017-06-26 13:51 - 2016-10-01 10:29 - 01755508 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-06-26 13:49 - 2015-06-20 09:42 - 00000000 __RDO C:\Users\betty\OneDrive
2017-06-26 13:47 - 2016-10-01 10:24 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-06-26 13:47 - 2016-07-16 12:11 - 00000000 __SHD C:\Users\betty\IntelGraphicsProfiles
2017-06-26 13:46 - 2016-10-01 10:25 - 00000000 ____D C:\ProgramData\NVIDIA
2017-06-26 13:45 - 2016-10-01 10:57 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-06-26 13:45 - 2016-07-15 23:04 - 01310720 _____ C:\WINDOWS\system32\config\BBI
2017-06-26 13:45 - 2015-06-29 06:53 - 00000358 _____ C:\WINDOWS\Tasks\HPCeeScheduleForbetty.job
2017-06-26 13:12 - 2016-10-01 10:22 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-06-26 12:40 - 2015-07-28 15:00 - 00002309 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-26 12:16 - 2015-06-24 15:26 - 00000000 ____D C:\ProgramData\flsplan
2017-06-26 12:16 - 2015-06-20 13:29 - 00000000 ____D C:\Users\betty\AppData\Local\CrashDumps
2017-06-26 11:47 - 2016-10-01 10:30 - 00000000 ____D C:\Users\betty
2017-06-26 11:47 - 2015-06-20 13:18 - 00000000 ____D C:\Users\betty\Documents\Family Law Software
2017-06-26 06:53 - 2016-10-01 12:24 - 00000000 ____D C:\Users\betty\AppData\Local\Deployment
2017-06-24 18:58 - 2015-06-20 09:17 - 00000000 ____D C:\Users\betty\AppData\Local\Packages
2017-06-24 15:42 - 2016-10-01 10:57 - 00003250 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForbetty
2017-06-24 13:31 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-06-23 09:35 - 2016-07-16 04:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-06-22 12:00 - 2015-07-30 07:55 - 00000000 __HDC C:\ProgramData\{A4BCF67D-EA8B-46F0-B19D-90368494B7A3}
2017-06-20 11:29 - 2016-12-13 10:22 - 00003284 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-06-20 11:29 - 2016-07-16 12:20 - 00002366 _____ C:\Users\betty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-06-19 11:32 - 2015-08-14 19:16 - 00000000 ____D C:\Users\betty\AppData\Roaming\Box
2017-06-17 09:45 - 2015-06-29 13:31 - 00000000 ____D C:\Users\betty\Documents\Custom Office Templates
2017-06-16 19:54 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\rescache
2017-06-16 19:21 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-06-16 19:21 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-06-16 14:13 - 2016-07-16 04:45 - 00000000 ____D C:\WINDOWS\INF
2017-06-16 14:12 - 2016-04-26 23:39 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-06-16 14:08 - 2015-08-27 11:03 - 00000684 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-223588219-2138284121-77307795-1002.job
2017-06-16 14:08 - 2015-08-27 11:03 - 00000588 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-223588219-2138284121-77307795-1002.job
2017-06-16 14:07 - 2016-10-01 10:21 - 00918304 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-06-16 14:07 - 2015-09-18 10:07 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-06-16 14:07 - 2015-09-18 10:07 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-06-16 14:00 - 2016-07-16 04:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-06-16 14:00 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-06-16 14:00 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-06-14 10:03 - 2015-06-29 13:37 - 00000000 ___RD C:\Users\betty\Box Sync
2017-06-14 09:00 - 2015-06-20 21:38 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-06-14 08:56 - 2015-09-18 10:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-06-14 08:56 - 2015-06-20 21:37 - 133627792 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-06-14 08:55 - 2016-07-16 04:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-06-12 09:44 - 2017-01-30 13:31 - 00000000 ____D C:\Users\betty\AppData\Local\WinZip
2017-06-12 07:02 - 2015-07-02 12:47 - 00000000 ____D C:\Users\betty\Documents\QuickBooks
2017-06-09 15:20 - 2015-08-26 13:30 - 00000000 ___RD C:\Users\betty\OneDrive - The Hedrick Co-
2017-06-07 14:56 - 2016-12-21 11:50 - 00000000 ____D C:\Users\betty\AppData\Local\join.me
2017-06-06 12:31 - 2015-08-05 09:44 - 00000000 ____D C:\Users\betty\AppData\Local\ElevatedDiagnostics
2017-06-06 12:03 - 2016-12-26 17:04 - 00000000 ____D C:\WINDOWS\Minidump
2017-06-06 12:03 - 2015-10-20 15:47 - 1069652749 _____ C:\WINDOWS\MEMORY.DMP
2017-06-05 22:14 - 2016-12-26 22:24 - 00000000 ____D C:\Program Files (x86)\ONetSetup
2017-06-05 16:27 - 2014-06-24 22:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-06-05 10:00 - 2016-07-16 04:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-06-02 23:36 - 2016-07-16 04:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-06-02 23:36 - 2016-07-16 04:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-05-30 17:07 - 2015-06-20 21:07 - 00565416 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2017-01-31 21:40 - 2017-01-31 21:42 - 1913420 _____ () C:\Users\betty\AppData\Roaming\qeinst.log

Some files in TEMP:
====================
2017-01-02 12:34 - 2017-01-02 12:34 - 0008728 _____ () C:\Users\betty\AppData\Local\Temp\BullseyeCoverage-2-x86.dll
2016-12-14 23:06 - 2016-12-14 23:06 - 2458672 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Users\betty\AppData\Local\Temp\libeay32.dll
2016-12-14 23:06 - 2016-12-14 23:06 - 0970912 _____ (Microsoft Corporation) C:\Users\betty\AppData\Local\Temp\msvcr120.dll
2017-03-05 15:45 - 2017-04-06 10:22 - 21387040 _____ (Siber Systems) C:\Users\betty\AppData\Local\Temp\RoboForm-Setup.exe
2016-12-14 23:06 - 2016-12-14 23:06 - 0772672 _____ () C:\Users\betty\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-06-20 11:24

==================== End of FRST.txt ============================

 

[glhglh]

addition:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-06-2017 01
Ran by betty (26-06-2017 14:03:21)
Running from C:\Users\betty\Desktop\Virus
Windows 10 Home Version 1607 (X64) (2016-10-01 18:01:58)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-223588219-2138284121-77307795-500 - Administrator - Disabled)
betty (S-1-5-21-223588219-2138284121-77307795-1002 - Administrator - Enabled) => C:\Users\betty
DefaultAccount (S-1-5-21-223588219-2138284121-77307795-503 - Limited - Disabled)
Guest (S-1-5-21-223588219-2138284121-77307795-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

(HKLM-x32\...\{B5FAD058-6C87-4902-9A03-DB744AD66263}) (Version: - )
Adobe Acrobat DC (2015) (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0E0F06755100}) (Version: 15.006.30306 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
Amazon Music (HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\Amazon Amazon Music) (Version: 5.4.2.1801 - Amazon Services LLC)
Ansel (Version: 376.82 - NVIDIA Corporation) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
BERNINA ARTlink 7 (HKLM-x32\...\{CA812D88-2139-4107-97B5-1B2D2A1DD04D}) (Version: 18.0.94.7011 - BERNINA)
BERNINA ARTlink 7 (x32 Version: 18.0.94.7011 - Wilcom) Hidden
BERNINA Universal Communication Server (HKLM-x32\...\{CF27C964-3902-4CA3-9C71-B0EAEB302AB5}) (Version: 1.27.70 - BERNINA)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Box Sync (HKLM\...\{CB732C5D-1F06-41A8-B984-B84B87053E8C}) (Version: 4.0.7800.0 - Box, Inc.)
Box Sync (x32 Version: 4.0.6447.0 - Box Inc.) Hidden
Box Tools (HKLM-x32\...\{4DD12C59-0CD4-422F-9DF3-C7A5E10E6539}) (Version: 3.3.3.1728 - Box)
Cisco WebEx Meetings (HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{DB014C85-A264-4BCA-A66F-6DD1FCF8EC36}) (Version: 1.0.335 - Citrix)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4.6515 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.9.4928 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.4.4824 - CyberLink Corp.)
CyberLink Power Media Player 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.6.5104 - CyberLink Corp.)
CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.5.6909 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.9.5009 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.4.3122 - CyberLink Corp.)
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
EPSON WorkForce 645 Series Printer Uninstall (HKLM\...\EPSON WorkForce 645 Series) (Version: - SEIKO EPSON Corporation)
FreeMind (HKLM-x32\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 0.9.0 - )
GDR 4042 for SQL Server 2008 R2 (KB3045313) (HKLM-x32\...\KB3045313) (Version: 10.52.4042.0 - Microsoft Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
GoToMeeting 8.7.0.7155 (HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\GoToMeeting) (Version: 8.7.0.7155 - CitrixOnline)
HP 3D DriveGuard (HKLM-x32\...\{13133E99-B0D5-4143-B832-AAD55C62A41C}) (Version: 6.0.19.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{59F8C5AA-91BD-423D-BF05-09A80F39898F}) (Version: 2.10.62 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{1154543C-D5D0-49BE-A004-82EE0A3746AE}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Dropbox Plugin (HKLM-x32\...\{3E261474-8DF2-463B-984E-0B6396F58D1C}) (Version: 36.0.39.57346 - HP)
HP Google Drive Plugin (HKLM-x32\...\{9469285B-AB76-434A-8533-2EE643318F2E}) (Version: 36.0.39.57346 - HP)
HP OfficeJet Pro 8720 Basic Device Software (HKLM\...\{98A7C54D-74EB-461C-8124-E78BF938401F}) (Version: 38.1.1881.57490 - HP Inc.)
HP OfficeJet Pro 8720 Help (HKLM-x32\...\{18E5A98E-E857-4087-AF73-4E6B9AB0A140}) (Version: 38.0.0 - HP)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7493.4758 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{D17A3B70-B75E-4C49-83D6-C17DDF65B35F}) (Version: 1.3.4 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{AED1C141-3AFC-47FE-AE90-C820AA60B103}) (Version: 2.2.5 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
I.R.I.S. OCR (HKLM-x32\...\{093C645A-294E-41E4-904C-DDF13DC47A27}) (Version: 12.3.6.12 - HP)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6491.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel(R) PRO/Wireless Driver (HKLM\...\{ac7ad2d7-04b3-460c-b370-07e3d3e3aa4e}) (Version: 17.01.0000.1697 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3368 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 3.0.1335.5) (HKLM\...\{302600C1-6BDF-4FD1-1307-148929CC1385}) (Version: 3.1.1307.0362 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
Intel(R) Smart Connect Technology (HKLM\...\{9B5FD763-5074-474C-B898-24567E6450C8}) (Version: 4.2.40.2439 - Intel Corporation)
iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
Java 8 Update 111 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
join.me (HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\JoinMe) (Version: 3.2.1.5059 - LogMeIn, Inc.)
Laser App Enterprise (HKLM-x32\...\Laser App Enterprise) (Version: 10.0.0.50 - Laser App Software Inc.)
Laser App Enterprise (x32 Version: 10.0.0.54 - Laser App Software Inc.) Hidden
Malwarebytes version 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes)
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.5.166.0 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.7369.2130 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (HKLM-x32\...\Microsoft SQL Server 2008 R2) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{49860BCD-24D6-44C1-922E-AC12FE32234E}) (Version: 10.52.4042.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Setup (English) (HKLM-x32\...\{EFECC55D-7B0A-4D05-8487-CC2FD7C618A3}) (Version: 10.52.4042.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM-x32\...\{D441BD04-E548-4F8E-97A4-1B66135BAAA8}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server Browser (HKLM-x32\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{6E740973-8E71-42F9-A910-C18452E60450}) (Version: 9.00.3042.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft SQLXML 4.0 SP1 (HKLM\...\{70544B21-8A43-4A30-8F59-DC6F73A5EE9A}) (Version: 10.0.1600.60 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{CD5AAE18-1DF8-4D7B-8B99-9071D7D36126}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package (HKLM-x32\...\Microsoft Visual J# 2.0 Redistributable Package) (Version: - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.4.12.00 - NETGEAR Inc.)
novaPDF v7 (novaPDF 7.4 printer) (HKLM\...\novaPDF v7_is1) (Version: - Softland)
NVIDIA Graphics Driver 376.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.82 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0927 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0927 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7369.2130 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7369.2130 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7369.2130 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7369.2130 - Microsoft Corporation) Hidden
Pinger (HKLM-x32\...\Pinger 1.1.1.2) (Version: 1.1.1.2 - Pinger Inc.)
Pinger (x32 Version: 1.1.1.2 - Pinger Inc.) Hidden
PortfolioCenter (HKLM-x32\...\InstallShield_{5B0F5755-7BE9-42AF-9AFC-F424C8E67C1C}) (Version: 5.10.100.2 - Schwab Performance Technologies)
PortfolioCenter (x32 Version: 5.10.100.2 - Schwab Performance Technologies) Hidden
PortfolioCenter Database Components (HKLM-x32\...\InstallShield_{D06C26DA-AC5F-43E7-A687-34D4CA83017B}) (Version: 5.10.100.2 - Schwab Performance Technologies)
PortfolioCenter Database Components (x32 Version: 5.10.100.2 - Schwab Performance Technologies) Hidden
PortfolioCenter Management Console (HKLM-x32\...\InstallShield_{4268D342-1374-490F-B277-BADAE5A0EE21}) (Version: 5.10.100.2 - Schwab Performance Technologies)
PortfolioCenter Management Console (x32 Version: 5.10.100.2 - Schwab Performance Technologies) Hidden
Quarterly Express Plus (HKLM-x32\...\Quarterly Express Plus 2.2.19) (Version: 2.2.19 - Lewis Software Associates LLC)
Quarterly Express Plus (x32 Version: 2.2.19 - Lewis Software Associates LLC) Hidden
QuickBooks (x32 Version: 25.0.4014.2506 - Intuit Inc.) Hidden
QuickBooks Pro 2015 (HKLM-x32\...\{8F02EFA1-8F5E-4E47-A6B5-D99E4FE90271}) (Version: 25.0.4013.2506 - Intuit Inc.)
QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21239 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.19.726.2013 - Realtek)
Retriever for the Desktop (HKLM-x32\...\{9FF80FBE-980E-4A42-B338-B1304958A84C}) (Version: 2.0.1 - Redtail Technology)
RingCentral Meetings (HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\RingCentralMeetings) (Version: 4.2 - Zoom Video Communications, Inc. and RingCentral Inc.)
RoboForm 7-9-28-8 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-28-8 - Siber Systems)
Savings Bond Wizard (HKLM-x32\...\{566DBD89-9955-4024-9384-A6301C8C6584}) (Version: 5.0 - U.S. Department of the Treasury)
Schwab Data Delivery (HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\18fd9afc2e517afc) (Version: 17.2.7404.0 - Charles Schwab - Schwab Data Delivery)
Service Pack 2 for SQL Server 2008 R2 (KB2630458) (HKLM-x32\...\KB2630458) (Version: 10.52.4000.0 - Microsoft Corporation)
SQL Server 2008 R2 SP2 Common Files (x32 Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Services (x32 Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Shared (x32 Version: 10.52.4000.0 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (x32 Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SupportCalc-FD
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.2.4.10 - Synaptics Incorporated)
Toggl Desktop (HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\TogglDesktop) (Version: - Toggl)
Validity WBF DDK (HKLM\...\{21498212-1146-4540-8A81-6A1328BA19F2}) (Version: 4.5.228.0 - Validity Sensors, Inc.)
VC12X64Redist (HKLM\...\{B573CC21-AE24-4BC5-9B0B-15CF29A3F982}) (Version: 1.00.0000 - Intuit Inc.)
VC12X86Redist (HKLM-x32\...\{EA9886ED-21F8-4867-A049-CE6817291EE6}) (Version: 1.00.0000 - Intuit Inc.)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17332 - Microsoft Corporation)
WinSCP 5.7.7 (HKLM-x32\...\winscp3_is1) (Version: 5.7.7 - Martin Prikryl)
WinZip 21.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C2410D}) (Version: 21.0.12288 - WinZip Computing, S.L. )
YCharts Excel (HKLM-x32\...\{B937CE83-D945-4965-B16E-D056A16EA848}) (Version: 3.12 - YChartsExcel)
Zoom (HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\ZoomUMX) (Version: 4.0 - Zoom Video Communications, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-223588219-2138284121-77307795-1002_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\betty\AppData\Local\Citrix\GoToMeeting\6441\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-223588219-2138284121-77307795-1002_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.dll ()

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04DA6EFD-403C-4227-BDF0-CDA4116D1C48} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {0EED94AF-A3DC-43F6-B408-52CD8FC0B446} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-05-05] (Microsoft Corporation)
Task: {1C9701A3-624C-4450-8B99-E01A0D7BA6F8} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-06-04] (Microsoft Corporation)
Task: {2D46AC4B-FD3A-4D54-A43E-A2ABACEF45DF} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {2EE62CD7-0836-4AD3-AAEF-046CD2D5CCAB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-28] (Google Inc.)
Task: {352B1847-D7EC-438D-A5E3-D3D6E6E0949D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-06-04] (Microsoft Corporation)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {3DE4615C-06E2-4C13-86C6-760C1C875542} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-05-05] (Microsoft Corporation)
Task: {3FD1C5A9-8AE8-4F6C-98BD-8B6999716AF7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-28] (Google Inc.)
Task: {431CE228-BF6B-493B-8FF0-1EBCAAD53327} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2017-04-06] (Siber Systems)
Task: {449F729D-9452-4456-9F63-590BC4315B16} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-07-08] (Microsoft Corporation)
Task: {463A71F6-403B-4726-A543-AA8C5E5B994D} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2016-09-02] (Synaptics Incorporated)
Task: {52AC6F9F-F94F-4DE9-AB50-EC5ADA951A3D} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\betty\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {5F920B7C-53A5-4790-B516-C97B29085B2A} - System32\Tasks\{A5CFEB52-4F2C-42F7-AEB5-60B765FFCB04} => pcalua.exe -a E:\AutorunPro.EXE -d E:\
Task: {67162168-34AE-495E-8831-6FE9C4532174} - System32\Tasks\WinZip Update Notifier => C:\Program Files\WinZip\WZUpdateNotifier.exe [2016-12-12] (WinZip)
Task: {808E67F7-DA20-49BE-BD8F-B9D2EBE5A880} - System32\Tasks\HPCeeScheduleForbetty => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {98CEC015-2D11-47A4-B439-A8B7B55645DB} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-07-08] (Microsoft Corporation)
Task: {A07863E4-2DCD-4501-BF9C-3E5B884B0AD4} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxps://www.roboform.com/test-pass.html?aaa=KICMOJMMIMHMOMLJOJNJCNKMKJJMNMCNLMJMGMPMCNNJIMOMNJCNPMLJNJNMJMMJLMLJKJPMKMLMJNJICMIMCNGMCNNMHMFMOMOMCNGMKMMMCNOMLMMMGMMMFMPMCNPMCNOMLMMMGMMMCNNMJNPICMOMFMEKMICNJJCKFMJMKMJMJNHICMKJCJMIOMNMJNBJCMNJKJLILIGIJNKJCMJNNICMJNDJCMKJBJJ (the data entry has 58 more characters).
Task: {BE49FBBF-6B74-41A6-898A-9F9AB2417670} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-06-07] (Hewlett-Packard Development Company, L.P.)
Task: {C23DB440-1289-42AB-8C7F-A0AEB17F3654} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {C6271A45-8199-40FA-A614-FCD8AAA1ADCE} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-07-08] (Microsoft Corporation)
Task: {D6DB8BB8-5E2A-4129-92A0-1D1B2F73A507} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-07-08] (Microsoft Corporation)
Task: {DCEDAADC-6C63-4213-AE10-0D9C6621D591} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-05-05] (Microsoft Corporation)
Task: {DD459294-B7FE-4008-885A-C10DDCB512DC} - System32\Tasks\Laser App Enterprise Updates => C:\Windows\Installer\Laser App Enterprise Updates for All Users.lnk [Argument = /update]
Task: {E5C83277-BB34-4D95-AAD9-EC18971BFFAA} - System32\Tasks\G2MUploadTask-S-1-5-21-223588219-2138284121-77307795-1002 => C:\Users\betty\AppData\Local\Citrix\GoToMeeting\5174\g2mupload.exe [2016-07-03] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {E7174266-9D34-43E9-BD52-A30CD4F189B2} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-06-16] (Adobe Systems Incorporated)
Task: {E9376063-1EE5-4EA0-B4B0-178D0D2A86BA} - System32\Tasks\WinZipBackGroundToolsTask => C:\Program Files\WinZip\WzBGTools.exe [2016-12-12] (WinZip Computing, S.L.)
Task: {E9940121-595A-4142-B581-52E469484D86} - System32\Tasks\G2MUpdateTask-S-1-5-21-223588219-2138284121-77307795-1002 => C:\Users\betty\AppData\Local\Citrix\GoToMeeting\5174\g2mupdate.exe [2016-07-03] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {FCA5A718-C48D-48B8-9774-33B605E86BD8} - System32\Tasks\SDD_PC Download => Iexplore.exe hxxps://si2.schwabinstitutional.com/sdd/Schwab.SI.SI2Desktop.Container.application?SCHEDULE=YES
Task: {FDE3119D-56B2-466C-9D87-6C0F791D14C2} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2015-07-08] (Microsoft)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-223588219-2138284121-77307795-1002.job => C:\Users\betty\AppData\Local\Citrix\GoToMeeting\7155\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-223588219-2138284121-77307795-1002.job => C:\Users\betty\AppData\Local\Citrix\GoToMeeting\7155\g2mupload.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForbetty.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\Laser App Enterprise Updates.job => C:\Windows\Installer\Laser App Enterprise Updates for All Users.lnk
Task: C:\WINDOWS\Tasks\SDD_Daily.job => C:\PROGRA~1\INTERN~1\iexplore.exe `hxxps:/si2.schwabinstitutional.com/sdd/
Task: C:\WINDOWS\Tasks\SDD_PC Download.job => C:\PROGRA~1\INTERN~1\iexplore.exe `hxxps:/si2.schwabinstitutional.com/sdd/

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\betty\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 04:42 - 2016-07-16 04:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-06-14 08:31 - 2017-06-03 03:01 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-01 18:12 - 2016-09-01 18:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-13 14:56 - 2017-01-13 14:56 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-10-01 10:25 - 2017-02-06 04:37 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-06-26 13:32 - 2016-12-14 12:55 - 02259232 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-06-26 13:32 - 2016-12-14 12:55 - 02813904 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
2017-04-10 12:48 - 2017-01-29 06:55 - 08930504 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-05-27 15:50 - 2016-11-01 23:05 - 00401896 _____ () C:\WINDOWS\system32\igfxTray.exe
2016-10-01 11:15 - 2016-10-01 11:15 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-14 14:43 - 2017-03-03 23:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-14 14:44 - 2017-03-03 23:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-14 14:44 - 2017-03-03 23:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-14 14:44 - 2017-03-03 23:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-06-14 08:31 - 2017-06-03 01:47 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-06-14 08:31 - 2017-06-03 01:47 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-06-14 08:31 - 2017-06-03 01:51 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-04-06 12:12 - 2017-04-06 12:12 - 00118088 _____ () C:\Program Files\Box\Box Sync\_ctypes.pyd
2017-04-06 12:12 - 2017-04-06 12:12 - 01157960 _____ () C:\Program Files\Box\Box Sync\_hashlib.pyd
2017-04-06 12:12 - 2017-04-06 12:12 - 00053576 _____ () C:\Program Files\Box\Box Sync\_socket.pyd
2017-04-06 12:12 - 2017-04-06 12:12 - 01751880 _____ () C:\Program Files\Box\Box Sync\_ssl.pyd
2016-09-15 15:45 - 2016-09-15 15:45 - 00134544 _____ () C:\Program Files\Box\Box Sync\win32api.pyd
2015-02-19 15:10 - 2015-02-19 15:10 - 00137728 _____ () C:\Program Files\Box\Box Sync\pywintypes27.dll
2015-02-19 15:10 - 2015-02-19 15:10 - 00503808 _____ () C:\Program Files\Box\Box Sync\pythoncom27.dll
2017-04-06 12:12 - 2017-04-06 12:12 - 00050504 _____ () C:\Program Files\Box\Box Sync\_psutil_windows.pyd
2017-04-06 12:12 - 2017-04-06 12:12 - 00695624 _____ () C:\Program Files\Box\Box Sync\unicodedata.pyd
2017-04-06 12:08 - 2017-04-06 12:08 - 00009544 _____ () C:\Program Files\Box\Box Sync\clr.pyd
2017-04-06 12:12 - 2017-04-06 12:12 - 00033096 _____ () C:\Program Files\Box\Box Sync\ujson.pyd
2017-04-06 12:11 - 2017-04-06 12:11 - 00016712 _____ () C:\Program Files\Box\Box Sync\select.pyd
2017-04-06 12:12 - 2017-04-06 12:12 - 00172872 _____ () C:\Program Files\Box\Box Sync\_elementtree.pyd
2017-04-06 12:11 - 2017-04-06 12:11 - 00170312 _____ () C:\Program Files\Box\Box Sync\pyexpat.pyd
2016-09-15 15:45 - 2016-09-15 15:45 - 00444816 _____ () C:\Program Files\Box\Box Sync\win32com.shell.shell.pyd
2016-09-15 15:45 - 2016-09-15 15:45 - 00029072 _____ () C:\Program Files\Box\Box Sync\win32event.pyd
2016-09-15 15:45 - 2016-09-15 15:45 - 00155536 _____ () C:\Program Files\Box\Box Sync\win32file.pyd
2017-04-06 12:12 - 2017-04-06 12:12 - 00065352 _____ () C:\Program Files\Box\Box Sync\_sqlite3.pyd
2016-09-15 15:45 - 2016-09-15 15:45 - 00142224 _____ () C:\Program Files\Box\Box Sync\win32security.pyd
2016-09-15 15:45 - 2016-09-15 15:45 - 00050064 _____ () C:\Program Files\Box\Box Sync\win32process.pyd
2016-09-15 15:45 - 2016-09-15 15:45 - 00059792 _____ () C:\Program Files\Box\Box Sync\win32service.pyd
2017-04-06 12:12 - 2017-04-06 12:12 - 00032072 _____ () C:\Program Files\Box\Box Sync\_yappi.pyd
2017-04-06 12:12 - 2017-04-06 12:12 - 00037704 _____ () C:\Program Files\Box\Box Sync\_multiprocessing.pyd
2016-09-15 15:45 - 2016-09-15 15:45 - 00027536 _____ () C:\Program Files\Box\Box Sync\win32clipboard.pyd
2016-09-15 15:45 - 2016-09-15 15:45 - 00229264 _____ () C:\Program Files\Box\Box Sync\win32gui.pyd
2017-04-06 12:04 - 2017-04-06 12:04 - 00166216 _____ () C:\Program Files\Box\Box Sync\BoxSyncMonitor.exe
2017-06-26 12:40 - 2017-06-22 20:21 - 03807064 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libglesv2.dll
2017-06-26 12:40 - 2017-06-22 20:21 - 00100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libegl.dll
2014-06-24 23:18 - 2013-08-09 05:25 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2017-04-10 12:46 - 2017-01-29 02:46 - 08929992 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\advisorbriefcase.com -> hxxps://www.advisorbriefcase.com
IE trusted site: HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\sharepoint.com -> hxxps://hedrickcodotcom.sharepoint.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 06:25 - 2013-08-22 06:25 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-223588219-2138284121-77307795-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\betty\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

 

[glhglh]

HKLM\...\StartupApproved\StartupFolder: => "Intuit Data Protect.lnk"
HKLM\...\StartupApproved\StartupFolder: => "QuickBooks_Standard_21.lnk"
HKLM\...\StartupApproved\StartupFolder: => "QuickBooks Update Agent.lnk"
HKLM\...\StartupApproved\Run: => "SysTrayApp"
HKLM\...\StartupApproved\Run: => "SynTPEnh"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "HPMessageService"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Intuit SyncManager"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\StartupApproved\StartupFolder: => "OneDrive for Business.lnk"
HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\StartupApproved\Run: => "Power2GoExpress8"
HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\StartupApproved\Run: => "Adobe Acrobat Synchronizer"
HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\StartupApproved\Run: => "LaserAppUpdate"
HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\StartupApproved\Run: => "NETGEARGenie"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{9B12FE77-02C5-46A3-9C8F-3C9B9F7CE515}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{D4A4AA59-C111-4F56-B5ED-13B36CF928C1}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{ACF3E387-B502-41A5-99FF-7177FE02E1AA}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{EC85DAE3-E32D-47D4-B3D6-98C4D3E4B713}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{6221AAF7-721A-419C-BB6A-B16956125A14}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{CF4DC541-160E-4E99-91E8-89D26AEC5842}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{5282447E-3236-4FC5-9F50-933B28C3187D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{5F7832E1-8124-4843-A440-12B61B8DE9C2}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{BBD25918-7FDA-48F4-A9AB-E1A9FB6BB7B1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B1CB5C1D-288E-47FB-84DD-A2FC747786C8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5FB37F94-1AB9-4710-AB32-CC93DBD1FF04}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A464823E-37E9-4E88-A7BD-13F77ACF05E0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A8229529-7EB0-42CA-B69E-151ACA79EC9F}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{81F83299-2998-42C7-B391-6C15DD7B7AE8}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{91F36541-D98A-4C8B-9C83-139FE92B6584}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{551A9F90-9743-4FC7-A2E7-DC209E6C80B3}] => (Allow) c:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{5C66F09C-B614-4474-B1A3-3A96012E575C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{1BDD8A01-38ED-40A0-8588-180D82C6CD00}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{CC23F4CA-C3C9-44FE-B51B-49B654D923C0}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{68715254-D5D0-4079-BECD-023BA0D888AA}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{A08B0C0C-5C38-4B68-875E-4B57C060149B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{3B311D07-DD3D-4B44-9F65-070DCA777746}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{5CA5085F-54BD-4296-9209-88D3C14CCDC7}] => (Allow) C:\Program Files (x86)\Schwab Performance Technologies\PortfolioCenter\PCServerManager.exe
FirewallRules: [{23B78644-F036-4A51-84A5-3554E9732779}] => (Allow) C:\Program Files (x86)\Schwab Performance Technologies\PortfolioCenter\PCServerManager.exe
FirewallRules: [{2BB3A8B2-D9E1-481E-93C4-CF5BBE29CDCE}] => (Allow) C:\Program Files (x86)\Schwab Performance Technologies\PortfolioCenter\PCExportWizard.exe
FirewallRules: [{F29E9B67-F210-40CB-BE74-28ADBDD38766}] => (Allow) C:\Program Files (x86)\Schwab Performance Technologies\PortfolioCenter\PCExportWizard.exe
FirewallRules: [{6D37C88C-CEC2-4F1D-A627-ADD479004029}] => (Allow) C:\Program Files (x86)\Schwab Performance Technologies\PortfolioCenter\PortfolioCenter.exe
FirewallRules: [{B4CFE49C-771A-46B0-8168-52462D2F48AF}] => (Allow) C:\Program Files (x86)\Schwab Performance Technologies\PortfolioCenter\PortfolioCenter.exe
FirewallRules: [{9B45EC6D-2C98-467F-8C10-D11AB8BBE462}] => (Allow) C:\Program Files (x86)\Microsoft SQL Server\100\Shared\SqlWtsn.exe
FirewallRules: [{3D4606F7-6EE5-49C1-8966-8C2E588014C8}] => (Allow) C:\Program Files (x86)\Microsoft SQL Server\100\Shared\SqlWtsn.exe
FirewallRules: [{C7818641-4995-47BA-B593-E9F29AF6C68D}] => (Allow) C:\Program Files (x86)\Microsoft SQL Server\100\Setup Bootstrap\SQLServer2008R2\x86\LandingPage.exe
FirewallRules: [{5D0E1531-FBD5-4B0F-B4D4-DF426BD4B11E}] => (Allow) C:\Program Files (x86)\Microsoft SQL Server\100\Setup Bootstrap\SQLServer2008R2\x86\LandingPage.exe
FirewallRules: [{4E028E3B-D38B-4AFB-8418-7D14DCEB2CF6}] => (Allow) C:\Program Files (x86)\Microsoft SQL Server\100\Setup Bootstrap\Release\x86\LandingPage.exe
FirewallRules: [{A5D99608-25AA-4151-AAA7-E168715F5A8C}] => (Allow) C:\Program Files (x86)\Microsoft SQL Server\100\Setup Bootstrap\Release\x86\LandingPage.exe
FirewallRules: [{51D6C454-6900-4A97-8F25-26E09F04F64D}] => (Allow) C:\Program Files (x86)\Microsoft SQL Server\100\Setup Bootstrap\Release\x86\LandingPage.exe
FirewallRules: [{C986018C-71FE-4886-B503-77F0608109AB}] => (Allow) C:\Program Files (x86)\Microsoft SQL Server\100\Setup Bootstrap\Release\x86\LandingPage.exe
FirewallRules: [{C19B5AA0-38AD-443D-BA9F-BE314EC41F75}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [TCP Query User{90897F2F-47DB-445B-A935-A0F6CC7AF767}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [UDP Query User{71655A4E-98DB-4C05-B9E3-CDB6571CBAA9}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [TCP Query User{02966D7E-E33A-44B9-B8DE-FBC3C897A2E9}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [UDP Query User{ED5DB793-956E-4302-AEAB-627DA905452F}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [TCP Query User{AE2B5981-B06D-4177-9EAA-D6626C1C7DDF}C:\program files (x86)\lewis software associates llc\quarterly express plus\quarterly express plus.exe] => (Allow) C:\program files (x86)\lewis software associates llc\quarterly express plus\quarterly express plus.exe
FirewallRules: [UDP Query User{C5594EED-EAB7-4274-8C5E-FC00D8A34DE8}C:\program files (x86)\lewis software associates llc\quarterly express plus\quarterly express plus.exe] => (Allow) C:\program files (x86)\lewis software associates llc\quarterly express plus\quarterly express plus.exe
FirewallRules: [{6B4806DC-C9D3-4D8D-AC70-EC1CB22CA3E4}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{441C4E5C-D05C-4D8F-B4ED-154D98975024}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [TCP Query User{5387E399-7E6F-4066-A019-3BD24C4035B6}C:\program files (x86)\8x8 virtual office\8x8 - virtual office\8x8 - virtual office.exe] => (Allow) C:\program files (x86)\8x8 virtual office\8x8 - virtual office\8x8 - virtual office.exe
FirewallRules: [UDP Query User{B37F94C6-DA9F-4500-8F3A-67816F841981}C:\program files (x86)\8x8 virtual office\8x8 - virtual office\8x8 - virtual office.exe] => (Allow) C:\program files (x86)\8x8 virtual office\8x8 - virtual office\8x8 - virtual office.exe
FirewallRules: [{E615CB42-1809-4C57-853F-CE7AA967B6E2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D0796EE4-C656-485C-A7F8-F9C8443D0A8F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8721A7BB-6150-4E02-9085-C7038D97C937}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8F13CD30-13C2-46C1-8C95-CAADD3B3541B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{66B6362B-2031-4600-90B7-F735668928A9}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{99C51ABB-EB76-4720-8401-B4CEB81EFE78}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{012E242B-BCF4-4AC4-9E2D-C9C7C108FB62}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe
FirewallRules: [{35C4ED33-0392-42E7-8FAC-A7EB08CC4548}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe
FirewallRules: [{EE01684B-508F-4B31-A57A-66C9F4439C85}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe
FirewallRules: [{2FC451CB-F8C0-49C3-BCD3-84C1399D4A28}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe
FirewallRules: [{C05AA4B3-27A0-4383-AA16-745A51632D71}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{F022DA75-77D5-4AA7-957E-0FB4395E32E9}] => (Allow) C:\Users\betty\AppData\Local\Temp\7zS125F\HP.EasyStart.exe
FirewallRules: [{01132AEC-FB3E-4FE2-A502-BC73AC8FAB82}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8720\bin\FaxApplications.exe
FirewallRules: [{D8A56197-B17A-4943-ABD2-EBFDFEF4EB3B}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8720\bin\DigitalWizards.exe
FirewallRules: [{9EC00D50-BAB7-4BCC-9A04-8A6A30164E1D}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8720\bin\SendAFax.exe
FirewallRules: [{88F930E3-C0A2-476D-9C42-176B5CD33E19}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8720\bin\FaxPrinterUtility.exe
FirewallRules: [{FCA46394-63F7-45C8-8B5D-FA2143A08B89}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8720\Bin\DeviceSetup.exe
FirewallRules: [{0F4CDFF6-92B3-45F0-A91B-31AA1E611D10}] => (Allow) LPort=5357
FirewallRules: [{64829415-C344-49B1-A429-E49810C96715}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8720\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{23DF0E56-1E2A-4DDF-8422-4806614B46B1}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{48180C29-1CC3-42B7-819F-69EF7CACA255}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [TCP Query User{43E8ECB1-E814-45AE-89D7-621139041607}C:\users\betty\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\betty\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [UDP Query User{1F23C11F-5BB9-4F52-92E9-32A37233DE8C}C:\users\betty\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\betty\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [{9A54A72F-C6AC-4511-81DA-D6E4C3DBAC84}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{F6ECD478-828B-4B80-A904-7DF328011833}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{5D4052DB-2BA1-499E-93F5-B3D33C2BDC03}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe

==================== Restore Points =========================

09-06-2017 08:31:40 Windows Update
14-06-2017 08:32:27 Windows Update
23-06-2017 11:10:17 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: Flex
Description: Bluetooth LE Device
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Microsoft
Service: BthLEEnum
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/26/2017 01:56:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program MicrosoftEdgeCP.exe version 11.0.14393.953 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 23d8

Start Time: 01d2eebe74a04930

Termination Time: 5

Application Path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

Report Id: d56c14d2-5ab1-11e7-82ba-d07e359a4c9a

Faulting package full name: Microsoft.MicrosoftEdge_38.14393.1066.0_neutral__8wekyb3d8bbwe

Faulting package-relative application ID: MicrosoftEdge

Error: (06/26/2017 01:34:54 PM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "C:\Program Files\WinZip\adxloader.dll.Manifest".Error in manifest or policy file "C:\Program Files\WinZip\adxloader.dll.Manifest" on line 2.
The manifest file root element must be assembly.

Error: (06/26/2017 01:33:51 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (06/26/2017 12:16:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FlsPlan.exe, version: 19.1.1.1, time stamp: 0x58ff084c
Faulting module name: combase.dll, version: 10.0.14393.1198, time stamp: 0x59028479
Exception code: 0xc0000602
Fault offset: 0x0007973d
Faulting process id: 0x37e4
Faulting application start time: 0x01d2eeac97d46795
Faulting application path: C:\Program Files (x86)\FLSPlan\FlsPlan.exe
Faulting module path: C:\WINDOWS\System32\combase.dll
Report Id: 06b01446-8f4a-421f-afcf-6b6f9715efe6
Faulting package full name:
Faulting package-relative application ID:

Error: (06/26/2017 10:57:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1125

Error: (06/26/2017 10:57:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1125

Error: (06/26/2017 10:57:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/26/2017 06:53:09 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "WmiApRpl" in DLL "C:\WINDOWS\system32\wbem\wmiaprpl.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (06/26/2017 06:53:09 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL SQLAgent$PORTFOLIOCENTER. The first four bytes (DWORD) of the Data section contains the Windows error code.

Error: (06/26/2017 06:53:08 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.


System errors:
=============
Error: (06/26/2017 01:51:08 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Intel(R) Rapid Storage Technology service to connect.

Error: (06/26/2017 01:51:00 PM) (Source: DCOM) (EventID: 10010) (User: BETTYSLAPTOP)
Description: The server {E844CD23-864D-4921-B18B-ED60A150E112} did not register with DCOM within the required timeout.

Error: (06/26/2017 01:50:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (06/26/2017 01:50:17 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.

Error: (06/26/2017 01:50:09 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.

Error: (06/26/2017 01:47:13 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/26/2017 01:47:13 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/26/2017 01:47:09 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/26/2017 01:45:16 PM) (Source: DCOM) (EventID: 10010) (User: BETTYSLAPTOP)
Description: The server {E844CD23-864D-4921-B18B-ED60A150E112} did not register with DCOM within the required timeout.

Error: (06/26/2017 01:45:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Apple Mobile Device Service service failed to start due to the following error:
The media is write protected.


CodeIntegrity:
===================================
Date: 2017-06-26 14:01:12.585
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-06-26 14:01:12.584
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-06-26 13:59:56.420
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-06-26 13:59:56.417
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-06-16 17:18:58.103
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvhm.inf_amd64_7c553af4468727c1\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-06-06 12:14:50.018
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvhm.inf_amd64_7c553af4468727c1\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-06-05 12:20:59.841
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvhm.inf_amd64_7c553af4468727c1\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-06-02 08:04:27.038
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-06-02 08:04:27.036
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-05-23 11:19:30.285
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvhm.inf_amd64_7c553af4468727c1\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4710MQ CPU @ 2.50GHz
Percentage of memory in use: 34%
Total physical RAM: 16316.02 MB
Available physical RAM: 10703.71 MB
Total Virtual: 18748.02 MB
Available Virtual: 12722.82 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:903.43 GB) (Free:781.37 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:26.2 GB) (Free:2.52 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 1E1F4777)

Partition: GPT.

==================== End of Addition.txt ============================

 

[glhglh]

Just in case:

Adware:

# AdwCleaner v6.047 - Logfile created 26/06/2017 at 13:44:39
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-06-26.1 [Server]
# Operating System : Windows 10 Home (X64)
# Username : betty - BETTYSLAPTOP
# Running from : C:\Users\betty\Desktop\Virus\adwcleaner_6.047.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****

[-] Folder deleted: C:\Users\betty\AppData\Local\PackageAware


***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\Codejock.SkinFramework.15.3.1
[-] Key deleted: HKLM\SOFTWARE\Classes\Codejock.SkinFrameworkGlobalSettings.15.3.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Codejock.SkinFramework.15.3.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Codejock.SkinFrameworkGlobalSettings.15.3.1
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{128507E0-C56F-43C0-BCF1-8193B35FE4C4}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{40217CB8-4463-4030-B324-AC6A8075FEC8}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{63C40CBE-DE43-4B56-BCEB-E14B825CF245}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{AFA0E6A1-28D7-4F2C-87A7-7266367B4655}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{BD0C1912-66C3-49CC-8B12-7B347BF6C846}


***** [ Web browsers ] *****

[-] [C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1822 Bytes] - [26/06/2017 13:44:39]
C:\AdwCleaner\AdwCleaner[S0].txt - [2246 Bytes] - [26/06/2017 13:43:15]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1968 Bytes] ##########

 

[glhglh]

And fss:
Farbar Service Scanner Version: 27-01-2016
Ran by betty (administrator) on 26-06-2017 at 14:10:42
Running from "C:\Users\betty\Desktop\Virus"
Microsoft Windows 10 Home (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

 

[Broni]

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=======================================

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

• Close all the running programs
• Double click on downloaded setup.exe file to install the program.
• Click on Start Scan button.
• Click on another Start Scan button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.

Please download Malwarebytes to your desktop.

• Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
• Then click Finish.
• Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
• If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
• When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
• Restart your computer when prompted to do so.
• The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

Please download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  Vista/Windows 7/8 users right-click and select Run As Administrator
• The tool will start to update the database if one is required.
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• After the scan has finished, click on the Logfile button.
• A window will open which lists the logs of your scans.
• Click on the Scan tab.
• Double-click the most recent scan which will be at the top of the list....the log will appear.
• Review the results...see note below
• After reviewing the log, click on the Clean button.
• Press OK when asked to close all programs and follow the onscreen prompts.
• Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
• After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
• To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
• Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
• A copy of all logfiles are saved to C:\AdwCleaner.

-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

 

[glhglh]

I forgot to add this last night. the first thing I did was a malware scan but it kept ending immediately like this:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 6/27/17
Scan Time: 5:00 PM
Logfile:
Administrator: Yes

-Software Information-
Version: 3.0.5.1299
Components Version:
Update Package Version:
License: Trial

-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: BETTYSLAPTOP\betty

-Scan Summary-
Scan Type: Threat Scan
Result: Cancelled
Objects Scanned: 0
(No malicious items detected)
Time Elapsed: 0 min, 5 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Disabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)

Which is not right.

here is the adware:

# AdwCleaner v6.047 - Logfile created 26/06/2017 at 13:44:39

running rkiller now.
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-06-26.1 [Server]
# Operating System : Windows 10 Home (X64)
# Username : betty - BETTYSLAPTOP
# Running from : C:\Users\betty\Desktop\Virus\adwcleaner_6.047.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****

[-] Folder deleted: C:\Users\betty\AppData\Local\PackageAware


***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\Codejock.SkinFramework.15.3.1
[-] Key deleted: HKLM\SOFTWARE\Classes\Codejock.SkinFrameworkGlobalSettings.15.3.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Codejock.SkinFramework.15.3.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Codejock.SkinFrameworkGlobalSettings.15.3.1
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{128507E0-C56F-43C0-BCF1-8193B35FE4C4}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{40217CB8-4463-4030-B324-AC6A8075FEC8}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{63C40CBE-DE43-4B56-BCEB-E14B825CF245}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{AFA0E6A1-28D7-4F2C-87A7-7266367B4655}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{BD0C1912-66C3-49CC-8B12-7B347BF6C846}


***** [ Web browsers ] *****

[-] [C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1822 Bytes] - [26/06/2017 13:44:39]
C:\AdwCleaner\AdwCleaner[S0].txt - [2246 Bytes] - [26/06/2017 13:43:15]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1968 Bytes] ##########

 

[glhglh]

roguekiller:

RogueKiller V12.11.4.0 (x64) [Jun 26 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.14393) 64 bits version
Started in : Normal mode
User : betty [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 06/27/2017 17:06:37 (Duration : 01:09:34)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 2 ¤¤¤
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Description -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {F022DA75-77D5-4AA7-957E-0FB4395E32E9} : v2.26|Action=Allow|Active=TRUE|Dir=In|App=C:\Users\betty\AppData\Local\Temp\7zS125F\HP.EasyStart.exe|Name=HP EasyStart|Desc=Allow HP EasyStart| [x] -> Not selected

¤¤¤ Tasks : 3 ¤¤¤
[Hj.Shortcut] %WINDIR%\Tasks\SDD_Daily.job -- C:\PROGRA~1\INTERN~1\iexplore.exe (https://si2.schwabinstitutional.com/sdd/Schwab.SI.SI2Desktop.Container.application?SCHEDULE=YES) -> Deleted
[Hj.Shortcut] %WINDIR%\Tasks\SDD_PC Download.job -- C:\PROGRA~1\INTERN~1\iexplore.exe (https://si2.schwabinstitutional.com/sdd/Schwab.SI.SI2Desktop.Container.application?SCHEDULE=YES) -> Deleted
[Hj.Shortcut] \SDD_PC Download -- C:\PROGRA~1\INTERN~1\iexplore.exe (https://si2.schwabinstitutional.com/sdd/Schwab.SI.SI2Desktop.Container.application?SCHEDULE=YES) -> Deleted

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 4 ¤¤¤
[PUP.Gen0][Chrome:Addon] Default : Honey [bmnlcjabgnpnenekpadlanbbkooimhnj] -> Not selected
[PUM.SearchEngine][Firefox:Config] db0wk1yf.default : user_pref("browser.search.selectedEngine", "Yahoo powered search"); -> Not selected
[PUM.SearchEngine][Firefox:Config] db0wk1yf.default : user_pref("browser.search.defaultenginename", "Yahoo powered search"); -> Not selected
[PUM.HomePage][Chrome:Config] Default [SecurePrefs] : session.startup_urls [chrome://newtab/|https://si2.schwabinstitutional.com...washingtonpost.com/|http://www.economist.com/] -> Not selected

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: HGST HTS541010A9E680 +++++
--- User ---
[MBR] fd9c45f893067b4140b808bdc8664c76
[BSP] f5d2fdebf049248a4e68d20ee572f3c3 : Empty MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 650 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 1333248 | Size: 260 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1865728 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 2127872 | Size: 925110 MB
4 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 1896755200 | Size: 884 MB
5 - [SYSTEM] Basic data partition | Offset (sectors): 1898565632 | Size: 26830 MB
User = LL1 ... OK
User = LL2 ... OK

 

[glhglh]

Even after rkiller, malbytes won't run.

JRT:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 10 Home x64
Ran by betty (Administrator) on Tue 06/27/2017 at 18:35:46.29
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 2

Successfully deleted: C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj (Folder)
Successfully deleted: C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bmnlcjabgnpnenekpadlanbbkooimhnj (Folder)



Registry: 0

adware again:

# AdwCleaner v6.047 - Logfile created 27/06/2017 at 18:48:03
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-06-26.1 [Local]
# Operating System : Windows 10 Home (X64)
# Username : betty - BETTYSLAPTOP
# Running from : C:\Users\betty\Desktop\Virus\adwcleaner_6.047.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

No malicious folders found.


***** [ Files ] *****

No malicious files found.


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

No malicious registry entries found.


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
No malicious Chromium based browser items found.

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [2055 Bytes] - [26/06/2017 13:44:39]
C:\AdwCleaner\AdwCleaner[S0].txt - [2246 Bytes] - [26/06/2017 13:43:15]
C:\AdwCleaner\AdwCleaner[S1].txt - [1145 Bytes] - [27/06/2017 18:48:03]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1218 Bytes] ##########




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 06/27/2017 at 18:39:22.90
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[Broni]

I see you're running outdated version of MBAM.
My version reads 3.1.2.
Upgrade and try again.

If that doesn't work follow these steps to reinstall MBAM: https://forums.malwarebytes.com/top...ds-then-stops/?do=findComment&comment=1119325

 

[glhglh]

I noted that and while waiting, I deleted it, rebooted, and downloaded again and the scan has been running for 20 min.

here is the log:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 6/27/17
Scan Time: 7:32 PM
Log File: MWB.txt
Administrator: Yes

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.141
Update Package Version: 1.0.2244
License: Trial

-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: BETTYSLAPTOP\betty

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 423590
Threats Detected: 28
Threats Quarantined: 28
Time Elapsed: 10 min, 47 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 11
PUP.Optional.Spigot.Generic, C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\piffljpodgadkdfopgnoailbecjbaink\1.0_0\_locales\en, Quarantined, [2054], [362981],1.0.2244
PUP.Optional.Spigot.Generic, C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\piffljpodgadkdfopgnoailbecjbaink\1.0_0\html\popup, Quarantined, [2054], [362981],1.0.2244
PUP.Optional.Spigot.Generic, C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\piffljpodgadkdfopgnoailbecjbaink\1.0_0\_metadata, Quarantined, [2054], [362981],1.0.2244
PUP.Optional.Spigot.Generic, C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\piffljpodgadkdfopgnoailbecjbaink\1.0_0\js\popup, Quarantined, [2054], [362981],1.0.2244
PUP.Optional.Spigot.Generic, C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\piffljpodgadkdfopgnoailbecjbaink\1.0_0\_locales, Quarantined, [2054], [362981],1.0.2244
PUP.Optional.Spigot.Generic, C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\piffljpodgadkdfopgnoailbecjbaink\1.0_0\newtab, Quarantined, [2054], [362981],1.0.2244
PUP.Optional.Spigot.Generic, C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\piffljpodgadkdfopgnoailbecjbaink\1.0_0\html, Quarantined, [2054], [362981],1.0.2244
PUP.Optional.Spigot.Generic, C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\piffljpodgadkdfopgnoailbecjbaink\1.0_0\css, Quarantined, [2054], [362981],1.0.2244
PUP.Optional.Spigot.Generic, C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\piffljpodgadkdfopgnoailbecjbaink\1.0_0\js, Quarantined, [2054], [362981],1.0.2244
PUP.Optional.Spigot.Generic, C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\piffljpodgadkdfopgnoailbecjbaink\1.0_0, Quarantined, [2054], [362981],1.0.2244
PUP.Optional.Spigot.Generic, C:\USERS\BETTY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PIFFLJPODGADKDFOPGNOAILBECJBAINK, Quarantined, [2054], [362981],1.0.2244

File: 17
PUP.Optional.MindSpark, C:\USERS\BETTY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_fromdoctopdf.dl.myway.com_0.localstorage, Quarantined, [281], [240305],1.0.2244
PUP.Optional.MindSpark, C:\USERS\BETTY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_fromdoctopdf.dl.myway.com_0.localstorage-journal, Quarantined, [281], [240305],1.0.2244
PUP.Optional.Spigot.Generic, C:\USERS\BETTY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\PIFFLJPODGADKDFOPGNOAILBECJBAINK\1.0_0\BACKGROUND.JS, Quarantined, [2054], [362981],1.0.2244
PUP.Optional.Spigot.Generic, C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\piffljpodgadkdfopgnoailbecjbaink\1.0_0\css\description.css, Quarantined, [2054], [362981],1.0.2244
PUP.Optional.Spigot.Generic, C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\piffljpodgadkdfopgnoailbecjbaink\1.0_0\css\popup.css, Quarantined, [2054], [362981],1.0.2244
PUP.Optional.Spigot.Generic, C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\piffljpodgadkdfopgnoailbecjbaink\1.0_0\html\popup\description.html, Quarantined, [2054], [362981],1.0.2244
PUP.Optional.Spigot.Generic, C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\piffljpodgadkdfopgnoailbecjbaink\1.0_0\html\popup\popup.html, Quarantined, [2054], [362981],1.0.2244
PUP.Optional.Spigot.Generic, C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\piffljpodgadkdfopgnoailbecjbaink\1.0_0\js\popup\popup.js, Quarantined, [2054], [362981],1.0.2244
PUP.Optional.Spigot.Generic, C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\piffljpodgadkdfopgnoailbecjbaink\1.0_0\js\userNewTab.js, Quarantined, [2054], [362981],1.0.2244
PUP.Optional.Spigot.Generic, C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\piffljpodgadkdfopgnoailbecjbaink\1.0_0\newtab\newtab.html, Quarantined, [2054], [362981],1.0.2244
PUP.Optional.Spigot.Generic, C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\piffljpodgadkdfopgnoailbecjbaink\1.0_0\_locales\en\messages.json, Quarantined, [2054], [362981],1.0.2244
PUP.Optional.Spigot.Generic, C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\piffljpodgadkdfopgnoailbecjbaink\1.0_0\_metadata\computed_hashes.json, Quarantined, [2054], [362981],1.0.2244
PUP.Optional.Spigot.Generic, C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\piffljpodgadkdfopgnoailbecjbaink\1.0_0\_metadata\verified_contents.json, Quarantined, [2054], [362981],1.0.2244
PUP.Optional.Spigot.Generic, C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\piffljpodgadkdfopgnoailbecjbaink\1.0_0\icon.png, Quarantined, [2054], [362981],1.0.2244
PUP.Optional.Spigot.Generic, C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\piffljpodgadkdfopgnoailbecjbaink\1.0_0\manifest.json, Quarantined, [2054], [362981],1.0.2244
PUP.Optional.MindSpark, C:\USERS\BETTY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_fromdoctopdf.dl.tb.ask.com_0.localstorage, Quarantined, [281], [240306],1.0.2244
PUP.Optional.MindSpark, C:\USERS\BETTY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_fromdoctopdf.dl.tb.ask.com_0.localstorage-journal, Quarantined, [281], [240306],1.0.2244

Physical Sector: 0
(No malicious items detected)


(end)

 

[Broni]

Good

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

• Double click to run it.
• Make sure you checkmark Addition.txt box.
• Press Scan button.
• Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

 

[glhglh]

Frst.txt 1:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-06-2017
Ran by betty (administrator) on BETTYSLAPTOP (28-06-2017 18:47:59)
Running from C:\Users\betty\Desktop\Virus
Loaded Profiles: betty (Available Profiles: betty)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.PORTFOLIOCENTER\MSSQL\Binn\sqlservr.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Validity Sensors, Inc.) C:\Windows\System32\valWBFPolicyService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\Common\SpeechRuntime.exe
(Box, Inc.) C:\Program Files\Box\Box Sync\BoxSync.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(HP Inc.) C:\Program Files\HP\HP OfficeJet Pro 8720\Bin\ScanToPCActivationApp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Amazon Services LLC) C:\Users\betty\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Box, Inc.) C:\Users\betty\AppData\Local\Box\Box Local Com Server\Box Local Com Service.exe
(Box, Inc.) C:\Users\betty\AppData\Local\Box\Box Edit\Box Edit.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\FAHWindow64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(WinZip) C:\Program Files\WinZip\WZUpdateNotifier.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(HP Inc.) C:\Program Files\HP\HP OfficeJet Pro 8720\Bin\HPNetworkCommunicatorCom.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSYNC.EXE
() C:\Program Files\Box\Box Sync\BoxSyncMonitor.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVE.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1705.1301.0_x64__8wekyb3d8bbwe\Calculator.exe
() C:\Program Files\WindowsApps\9E2F88E3.Twitter_5.8.0.0_x86__wgeqdkkx372wm\Twitter.Windows.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Schwab Performance Technologies, Inc.) C:\Program Files (x86)\Schwab Performance Technologies\PortfolioCenter\PortfolioCenter.exe
(Schwab Performance Technologies, Inc.) C:\Program Files (x86)\Schwab Performance Technologies\PortfolioCenter\SPTServer.exe
(BERNINA International AG) C:\Program Files (x86)\BERNINA\UCS\UniversalCommunicationServer.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon-x64.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
(Xerox Corporation) C:\Windows\System32\spool\drivers\x64\3\x2jobtHT.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [401896 2016-11-01] ()
HKLM\...\Run: [BoxSync] => C:\Program Files\Box\Box Sync\BoxSync.exe [5367192 2017-04-06] (Box, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1804616 2015-09-06] (NVIDIA Corporation)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-04-27] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-08-16] (IDT, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-04-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [654088 2015-02-17] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3776824 2015-03-17] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 2015\Acrobat\Acrotray.exe [1867856 2017-03-29] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1720584 2015-02-08] (CyberLink Corp.)
HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat 2015\Acrobat\AdobeCollabSync.exe [883792 2017-03-29] (Adobe Systems Incorporated)
HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\Run: [LaserAppUpdate] => C:\Program Files (x86)\Laser App Enterprise\uformagent.exe [1345696 2015-03-17] (Laser App Software Inc.)
HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [602880 2015-06-01] (NETGEAR Inc.)
HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\Run: [HP OfficeJet Pro 8720 (NET)] => C:\Program Files\HP\HP OfficeJet Pro 8720\Bin\ScanToPCActivationApp.exe [3736584 2015-08-31] (HP Inc.)
HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\Run: [84170B6E5D572F906ED7D9B0BCB9879B5F0A771D._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1197912 2017-06-22] (Google Inc.)
HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\Run: [Zoom] => [X]
HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110376 2017-04-06] (Siber Systems)
HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\Run: [Amazon Music] => C:\Users\betty\AppData\Local\Amazon Music\Amazon Music Helper.exe [3694056 2017-04-18] (Amazon Services LLC)
HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\Run: [Box Local Com Server] => C:\Users\betty\AppData\Local\Box\Box Local Com Server\Box Local Com Service.exe [123472 2017-06-05] (Box, Inc.)
HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\Run: [Box Edit] => C:\Users\betty\AppData\Local\Box\Box Edit\Box Edit.exe [928336 2017-06-05] (Box, Inc.)
ShellIconOverlayIdentifiers: [ BoxSyncFileLocked] -> {2a607da5-abe8-358e-a881-c0f5faf2d3a5} => C:\WINDOWS\system32\mscoree.dll [2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ BoxSyncFileLockedByOther] -> {f7d2951f-0b6b-346c-99ec-69cffc30a364} => C:\WINDOWS\system32\mscoree.dll [2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ BoxSyncNotSynced] -> {5ea95e3d-3e46-3812-b03c-49785fa67d41} => C:\WINDOWS\system32\mscoree.dll [2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ BoxSyncProblem] -> {a88b7184-bfa1-3d14-8efb-2225df9699bc} => C:\WINDOWS\system32\mscoree.dll [2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ BoxSyncSynced] -> {c89f9943-8f58-3eca-bd55-a658f53b2f48} => C:\WINDOWS\system32\mscoree.dll [2016-07-16] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2017-01-30]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAHConsole.exe (WinZip Computing, S.L.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2015-07-02]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2015-07-02]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2015-07-02]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2015\QBW32.EXE (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update Notifier.lnk [2017-01-30]
ShortcutTarget: Update Notifier.lnk -> C:\Program Files\WinZip\WZUpdateNotifier.exe (WinZip)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2017-01-30]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
Startup: C:\Users\betty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneDrive for Business.lnk [2016-07-04]
ShortcutTarget: OneDrive for Business.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVE.EXE (Microsoft Corporation)
Startup: C:\Users\betty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-07-14]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{145518f7-fc80-414c-8b8a-ae2922a335e9}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{e9b4875d-8166-464d-b3c1-e2c842fb95ec}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131358354019985278&GUID=8E54BA8E-EBEB-41E4-A39B-4141A575E24F
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKU\S-1-5-21-223588219-2138284121-77307795-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131358354019994047&GUID=8E54BA8E-EBEB-41E4-A39B-4141A575E24F
HKU\S-1-5-21-223588219-2138284121-77307795-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
SearchScopes: HKLM -> {6A1DE76A-BA2E-4191-AB59-4E8D3C3BAB2E} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-223588219-2138284121-77307795-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=U270DF&PC=U270&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-223588219-2138284121-77307795-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=U270DF&PC=U270&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-223588219-2138284121-77307795-1002 -> {AD551F51-A315-4FF4-BF1F-7FDEA2FA7672} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-06-04] (Microsoft Corporation)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2017-04-06] (Siber Systems Inc.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2017-01-01] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\x64\AcroIEFavStub.dll [2015-10-24] (Adobe Systems Incorporated)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-06-04] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2017-01-01] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\x64\AcroIEFavStub.dll [2015-10-24] (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-06-04] (Microsoft Corporation)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2017-04-06] (Siber Systems Inc.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\AcroIEFavStub.dll [2015-10-24] (Adobe Systems Incorporated)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-06-04] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\AcroIEFavStub.dll [2015-10-24] (Adobe Systems Incorporated)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2017-04-06] (Siber Systems Inc.)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\x64\AcroIEFavStub.dll [2015-10-24] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2017-04-06] (Siber Systems Inc.)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\AcroIEFavStub.dll [2015-10-24] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-223588219-2138284121-77307795-1002 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2017-04-06] (Siber Systems Inc.)
Toolbar: HKU\S-1-5-21-223588219-2138284121-77307795-1002 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\x64\AcroIEFavStub.dll [2015-10-24] (Adobe Systems Incorporated)
Handler-x32: intu-help-qb8 - {CD17C364-2EC8-4929-91A9-C4839A20E909} - C:\Program Files (x86)\Intuit\QuickBooks 2015\HelpAsyncPluggableProtocol.dll [2017-04-25] (Intuit, Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-04] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-04] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-04] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-04] (Microsoft Corporation)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\system32\mscoree.dll [2016-07-16] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: db0wk1yf.default
FF ProfilePath: C:\Users\betty\AppData\Roaming\Mozilla\Firefox\Profiles\db0wk1yf.default [2016-12-26]
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\db0wk1yf.default -> Yahoo powered search
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\db0wk1yf.default -> Yahoo powered search
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\db0wk1yf.default -> Yahoo powered search
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 2015\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat DC - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 2015\Acrobat\Browser\WCFirefoxExtn [2017-04-14]
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi
FF Extension: (RoboForm Toolbar) - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi [2017-04-06]
FF HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_131.dll [2017-06-16] ()
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2017-01-01] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2017-01-01] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-06-16] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll [2013-06-26] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-09] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-09] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-06-04] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-06-04] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 2015\Acrobat\Air\nppdf32.dll [2017-03-29] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems)
FF Plugin HKU\S-1-5-21-223588219-2138284121-77307795-1002: @citrixonline.com/appdetectorplugin -> C:\Users\betty\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-08-27] (Citrix Online)
FF Plugin HKU\S-1-5-21-223588219-2138284121-77307795-1002: @ringcentral.com/RingCentralMeetingsPlugin -> C:\Users\betty\AppData\Roaming\RingCentralMeetings\bin\nprcmsplugin.dll [2016-06-23] (Zoom Video Communications, Inc. and RingCentral Inc.)
FF Plugin HKU\S-1-5-21-223588219-2138284121-77307795-1002: @zoom.us/ZoomVideoPlugin -> C:\Users\betty\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2017-01-25] (Zoom Video Communications, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\betty\AppData\Roaming\mozilla\plugins\npatgpc.dll [2016-02-18] (Cisco WebEx LLC)

Chrome:
=======
CHR StartupUrls: Default -> "chrome://newtab/","hxxps://si2.schwabinstitutional.com/SI2/SecAdmin/Logon.aspx?to=%2fSI2%2fHome%2fdefault.aspx%3f1gABAAABANYAGgAAAAAaAAU%253d%26subtab%3dServiceRequests","hxxp://www.nytimes.com/","hxxps://www.bloomberg.com/","hxxp://www.wsj.com/","hxxps://www.washingtonpost.com/","hxxp://www.economist.com/"
CHR Profile: C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default [2017-06-28]
CHR Extension: (Google Slides) - C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-28]
CHR Extension: (Google Docs) - C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-28]
CHR Extension: (Google Drive) - C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-05]
CHR Extension: (Honey) - C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2017-06-28]
CHR Extension: (appear.in screen sharing) - C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodncoafpihbhpfljcaofnebjkaiaiga [2017-06-05]
CHR Extension: (Google Search) - C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Adobe Acrobat) - C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-14]
CHR Extension: (Google Sheets) - C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-28]
CHR Extension: (Cisco WebEx Extension) - C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2017-04-18]
CHR Extension: (Cube Time & Expense Tracking) - C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\lenheondoadkgoodcgmcijcoiahhemch [2015-07-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-14]
CHR Extension: (StartMeeting.com Extension) - C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnedppabchbjaplcbjpbkcjhpmfdhpin [2016-01-11]
CHR Extension: (Toggl Button: Productivity & Time Tracker) - C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejgccbfbmkkpaidnkphaiaecficdnfn [2017-06-16]
CHR Extension: (Gmail) - C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-28]
CHR Extension: (Chrome Media Router) - C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-27]
CHR Extension: (RoboForm Password Manager) - C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2017-05-22]
CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2015-06-20]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2015-06-20]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
S3 BoxSyncUpdateService; C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [36240 2016-02-26] (Box, Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3705536 2017-06-04] (Microsoft Corporation)
S3 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [608520 2015-02-17] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373744 2016-11-01] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-09] (Intel Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-08-29] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-09] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 MSSQL$PORTFOLIOCENTER; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.PORTFOLIOCENTER\MSSQL\Binn\sqlservr.exe [43130032 2015-03-30] (Microsoft Corporation)
S3 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2015-06-01] (NETGEAR)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [459832 2017-02-06] (NVIDIA Corporation)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2017-04-25] (Intuit) [File not signed]
R3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2015-03-17] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2015-03-17] (Intuit Inc.) [File not signed]
S4 SQLAgent$PORTFOLIOCENTER; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.PORTFOLIOCENTER\MSSQL\Binn\SQLAGENT.EXE [381104 2015-03-30] (Microsoft Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-08-16] (IDT, Inc.) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [260704 2016-09-02] (Synaptics Incorporated)
R2 UniversalCommunicationServer; C:\Program Files (x86)\BERNINA\UCS\UniversalCommunicationServer.exe [90496 2013-05-02] (BERNINA International AG)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [32768 2013-08-01] (Validity Sensors, Inc.) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-27] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-04-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77376 2017-05-25] ()
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [349960 2016-07-12] (Intel Corporation)
R3 ikbevent; C:\WINDOWS\system32\DRIVERS\ikbevent.sys [21408 2013-08-08] ()
R3 imsevent; C:\WINDOWS\system32\DRIVERS\imsevent.sys [21920 2013-08-08] ()
R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD64.sys [46568 2013-08-07] ()
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [188312 2017-06-27] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [113592 2017-06-27] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [44960 2017-06-27] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [252832 2017-06-27] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [93600 2017-06-28] (Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-09] (Intel Corporation)
R1 MpKslb8ab3e06; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C4E35FCD-DB8E-4085-9360-8E2920AE2BE0}\MpKslb8ab3e06.sys [44928 2017-06-27] (Microsoft Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3506464 2015-09-16] (Intel Corporation)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2015-08-18] (CACE Technologies, Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvhm.inf_amd64_7c553af4468727c1\nvlddmkm.sys [14311352 2017-02-10] (NVIDIA Corporation)
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [751632 2015-05-14] (Realsil Semiconductor Corporation)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-08-01] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [71264 2016-09-02] (Synaptics Incorporated)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-06-27] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\system32\DRIVERS\WirelessButtonDriver64.sys [31840 2016-03-24] (HP)
R3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [49896 2016-07-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

[glhglh]

Frst.txt 2

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-28 17:35 - 2017-06-28 17:35 - 00000000 ___HD C:\OneDriveTemp
2017-06-28 13:16 - 2017-06-28 18:45 - 00083968 _____ C:\Users\betty\Downloads\Report_Users_20170628.xls
2017-06-28 12:24 - 2017-06-28 12:24 - 00093525 _____ C:\Users\betty\Downloads\Financial Businesses - June Notice (2).pdf
2017-06-28 12:24 - 2017-06-28 12:24 - 00093525 _____ C:\Users\betty\Downloads\Financial Businesses - June Notice (1).pdf
2017-06-28 12:22 - 2017-06-28 12:22 - 00093525 _____ C:\Users\betty\Downloads\Financial Businesses - June Notice.pdf
2017-06-27 19:30 - 2017-06-28 13:50 - 00093600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-06-27 19:30 - 2017-06-27 19:46 - 00252832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-06-27 19:30 - 2017-06-27 19:46 - 00113592 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-06-27 19:30 - 2017-06-27 19:46 - 00044960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-06-27 19:30 - 2017-06-27 19:30 - 00188312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-06-27 19:30 - 2017-06-27 19:30 - 00001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-06-27 19:30 - 2017-06-27 19:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-06-27 19:30 - 2017-06-27 19:30 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-06-27 19:30 - 2017-06-27 19:30 - 00000000 ____D C:\Program Files\Malwarebytes
2017-06-27 19:30 - 2017-05-25 11:58 - 00077376 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-06-27 18:39 - 2017-06-27 18:39 - 00000845 _____ C:\Users\betty\Desktop\JRT.txt
2017-06-27 17:05 - 2017-06-27 17:05 - 00000906 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-06-27 17:05 - 2017-06-27 17:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-06-27 17:05 - 2017-06-27 17:05 - 00000000 ____D C:\Program Files\RogueKiller
2017-06-26 13:38 - 2017-06-27 18:48 - 00000000 ____D C:\AdwCleaner
2017-06-26 13:35 - 2017-06-28 18:47 - 00000000 ____D C:\FRST
2017-06-26 13:30 - 2017-06-26 13:30 - 00015186 _____ C:\Users\betty\Desktop\dont know which client.xlsx
2017-06-24 18:51 - 2017-06-24 18:51 - 00031563 _____ C:\Users\betty\Downloads\administrative-assistant-interview-questions.pdf
2017-06-24 17:19 - 2017-06-24 17:19 - 01555150 _____ C:\Users\betty\Downloads\IRAFiduciaryOptimizer.pdf
2017-06-22 12:21 - 2017-06-22 12:21 - 00000441 _____ C:\Users\betty\Downloads\NewEvent.ics
2017-06-20 23:28 - 2017-06-20 23:28 - 00073883 _____ C:\Users\betty\Downloads\34334761195-628480287-ticket (1).pdf
2017-06-20 13:59 - 2017-06-20 13:59 - 00141575 _____ C:\Users\betty\Downloads\Monthly Statements Request 2017 June 20.pdf
2017-06-20 11:16 - 2017-06-20 11:16 - 01371805 _____ C:\Users\betty\Downloads\Profile_Profile_Acct_View_72406_20170620.pdf
2017-06-19 15:31 - 2017-06-19 15:31 - 00102869 _____ C:\Users\betty\Downloads\Theon Medical.pdf
2017-06-16 14:00 - 2017-06-16 14:00 - 00000000 ___SD C:\WINDOWS\UpdateAssistantV2
2017-06-16 11:05 - 2017-06-16 11:05 - 00285334 _____ C:\Users\betty\Downloads\estate planning_06_15_2017_1653.fls
2017-06-16 10:10 - 2017-06-16 10:10 - 00558474 _____ C:\Users\betty\Downloads\Angela (2).pdf
2017-06-15 21:01 - 2017-06-15 21:01 - 00162816 _____ C:\Users\betty\Downloads\histretSP (3).xls
2017-06-15 20:45 - 2017-06-15 22:04 - 00200192 _____ C:\Users\betty\Downloads\histretSP (2).xls
2017-06-15 20:44 - 2017-06-15 22:02 - 00200704 _____ C:\Users\betty\Downloads\histretSP (1).xls
2017-06-15 20:37 - 2017-06-15 20:37 - 00162816 _____ C:\Users\betty\Downloads\histretSP.xls
2017-06-15 20:35 - 2017-06-15 20:35 - 00564577 _____ C:\Users\betty\Downloads\Angela (1).pdf
2017-06-15 20:32 - 2017-06-15 20:32 - 00689736 _____ C:\Users\betty\Downloads\Angela.pdf
2017-06-14 09:33 - 2017-06-14 09:33 - 00080490 _____ C:\Users\betty\Downloads\34334761195-628480287-ticket.pdf
2017-06-14 08:31 - 2017-06-03 03:50 - 00315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-06-14 08:31 - 2017-06-03 03:16 - 00279904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-06-14 08:31 - 2017-06-03 03:14 - 00379232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-06-14 08:31 - 2017-06-03 03:11 - 01706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-06-14 08:31 - 2017-06-03 03:09 - 02213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-06-14 08:31 - 2017-06-03 03:08 - 07783256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-06-14 08:31 - 2017-06-03 03:06 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-06-14 08:31 - 2017-06-03 03:01 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2017-06-14 08:31 - 2017-06-03 02:59 - 01181024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-06-14 08:31 - 2017-06-03 02:59 - 00118112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-06-14 08:31 - 2017-06-03 02:58 - 00340832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-06-14 08:31 - 2017-06-03 02:55 - 00780640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-06-14 08:31 - 2017-06-03 02:54 - 00187232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-06-14 08:31 - 2017-06-03 02:53 - 00404824 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-06-14 08:31 - 2017-06-03 02:52 - 01021784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2017-06-14 08:31 - 2017-06-03 02:52 - 00607072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2017-06-14 08:31 - 2017-06-03 02:52 - 00111968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2017-06-14 08:31 - 2017-06-03 02:51 - 02187104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-06-14 08:31 - 2017-06-03 02:51 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-06-14 08:31 - 2017-06-03 02:50 - 00857440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-06-14 08:31 - 2017-06-03 02:50 - 00381792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-06-14 08:31 - 2017-06-03 02:49 - 20967840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-06-14 08:31 - 2017-06-03 02:48 - 01112416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2017-06-14 08:31 - 2017-06-03 02:48 - 00857952 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2017-06-14 08:31 - 2017-06-03 02:48 - 00148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2017-06-14 08:31 - 2017-06-03 02:45 - 22220864 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-06-14 08:31 - 2017-06-03 02:44 - 01412640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-06-14 08:31 - 2017-06-03 02:44 - 00545944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-06-14 08:31 - 2017-06-03 02:40 - 00628552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-06-14 08:31 - 2017-06-03 02:39 - 05686272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-06-14 08:31 - 2017-06-03 02:39 - 02532192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-06-14 08:31 - 2017-06-03 02:33 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-06-14 08:31 - 2017-06-03 02:32 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-06-14 08:31 - 2017-06-03 02:31 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2017-06-14 08:31 - 2017-06-03 02:31 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-06-14 08:31 - 2017-06-03 02:28 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-06-14 08:31 - 2017-06-03 02:28 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edputil.dll
2017-06-14 08:31 - 2017-06-03 02:26 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-06-14 08:31 - 2017-06-03 02:26 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthBrokerUI.dll
2017-06-14 08:31 - 2017-06-03 02:23 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-06-14 08:31 - 2017-06-03 02:22 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2017-06-14 08:31 - 2017-06-03 02:22 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcorehc.dll
2017-06-14 08:31 - 2017-06-03 02:22 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tcpipcfg.dll
2017-06-14 08:31 - 2017-06-03 02:20 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-06-14 08:31 - 2017-06-03 02:19 - 01164288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2017-06-14 08:31 - 2017-06-03 02:18 - 22569984 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-06-14 08:31 - 2017-06-03 02:16 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2017-06-14 08:31 - 2017-06-03 02:16 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-06-14 08:31 - 2017-06-03 02:15 - 19414016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-06-14 08:31 - 2017-06-03 02:15 - 18364928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-06-14 08:31 - 2017-06-03 02:15 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-06-14 08:31 - 2017-06-03 02:15 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-06-14 08:31 - 2017-06-03 02:15 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-06-14 08:31 - 2017-06-03 02:14 - 00238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-06-14 08:31 - 2017-06-03 02:14 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-06-14 08:31 - 2017-06-03 02:14 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-06-14 08:31 - 2017-06-03 02:12 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdProxy.dll
2017-06-14 08:31 - 2017-06-03 02:11 - 00353792 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-06-14 08:31 - 2017-06-03 02:10 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-06-14 08:31 - 2017-06-03 02:09 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcorehc.dll
2017-06-14 08:31 - 2017-06-03 02:09 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2017-06-14 08:31 - 2017-06-03 02:08 - 12187648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-06-14 08:31 - 2017-06-03 02:08 - 02643968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-06-14 08:31 - 2017-06-03 02:08 - 01221120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2017-06-14 08:31 - 2017-06-03 02:08 - 00691200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-06-14 08:31 - 2017-06-03 02:07 - 00552960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-06-14 08:31 - 2017-06-03 02:07 - 00456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2017-06-14 08:31 - 2017-06-03 02:06 - 03664384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-06-14 08:31 - 2017-06-03 02:05 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-06-14 08:31 - 2017-06-03 02:05 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hnetcfg.dll
2017-06-14 08:31 - 2017-06-03 02:04 - 06042624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-06-14 08:31 - 2017-06-03 02:04 - 02006528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-06-14 08:31 - 2017-06-03 02:04 - 00773120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-06-14 08:31 - 2017-06-03 02:03 - 01988096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-06-14 08:31 - 2017-06-03 02:03 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-06-14 08:31 - 2017-06-03 02:02 - 02997760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-06-14 08:31 - 2017-06-03 02:01 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-06-14 08:31 - 2017-06-03 02:00 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-06-14 08:31 - 2017-06-03 01:56 - 13091840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-06-14 08:31 - 2017-06-03 01:54 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2017-06-14 08:31 - 2017-06-03 01:53 - 08125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-06-14 08:31 - 2017-06-03 01:52 - 03403264 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-06-14 08:31 - 2017-06-03 01:52 - 00975872 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-06-14 08:31 - 2017-06-03 01:51 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2017-06-14 08:31 - 2017-06-03 01:50 - 04744704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-06-14 08:31 - 2017-06-03 01:50 - 02538496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-06-14 08:31 - 2017-06-03 01:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-06-14 08:31 - 2017-06-03 01:49 - 02475520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-06-14 08:31 - 2017-06-03 01:49 - 01845248 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-06-14 08:31 - 2017-06-03 01:49 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-06-14 08:31 - 2017-06-03 01:49 - 00903680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-06-14 08:31 - 2017-06-03 01:49 - 00351744 _____ (Microsoft Corporation) C:\WINDOWS\system32\hnetcfg.dll
2017-06-14 08:31 - 2017-06-03 01:48 - 01131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-06-14 08:31 - 2017-06-03 01:48 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-06-14 08:31 - 2017-06-03 01:48 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-06-14 08:31 - 2017-06-03 01:46 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-06-14 08:31 - 2017-06-03 01:40 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-06-14 08:31 - 2017-05-24 22:56 - 00038752 _____ (Microsoft Corporation) C:\WINDOWS\system32\OOBEUpdater.exe
2017-06-14 08:31 - 2017-03-03 23:22 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-06-14 08:31 - 2017-03-03 23:19 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2017-06-14 08:31 - 2017-03-03 23:16 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2017-06-14 08:31 - 2017-03-03 23:16 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2017-06-14 08:31 - 2016-09-06 21:53 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll
2017-06-14 08:30 - 2017-06-03 03:50 - 00192856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-06-14 08:30 - 2017-06-03 03:14 - 01564512 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-06-14 08:30 - 2017-06-03 03:14 - 01214816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-06-14 08:30 - 2017-06-03 03:14 - 00629088 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-06-14 08:30 - 2017-06-03 03:14 - 00544096 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-06-14 08:30 - 2017-06-03 03:14 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-06-14 08:30 - 2017-06-03 03:14 - 00334176 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-06-14 08:30 - 2017-06-03 03:14 - 00233824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-06-14 08:30 - 2017-06-03 03:14 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-06-14 08:30 - 2017-06-03 03:14 - 00136024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-06-14 08:30 - 2017-06-03 03:14 - 00096608 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-06-14 08:30 - 2017-06-03 03:14 - 00034648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-06-14 08:30 - 2017-06-03 03:11 - 00128864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2017-06-14 08:30 - 2017-06-03 02:59 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-06-14 08:30 - 2017-06-03 02:49 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-06-14 08:30 - 2017-06-03 02:49 - 00509280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-06-14 08:30 - 2017-06-03 02:48 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-06-14 08:30 - 2017-06-03 02:48 - 00989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-06-14 08:30 - 2017-06-03 02:44 - 01600624 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-06-14 08:30 - 2017-06-03 02:40 - 01566552 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-06-14 08:30 - 2017-06-03 02:39 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-06-14 08:30 - 2017-06-03 02:22 - 07217152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-06-14 08:30 - 2017-06-03 02:16 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-06-14 08:30 - 2017-06-03 02:14 - 00045056 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-06-14 08:30 - 2017-06-03 02:10 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\edputil.dll
2017-06-14 08:30 - 2017-06-03 02:10 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBrokerUI.dll
2017-06-14 08:30 - 2017-06-03 02:09 - 00489472 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2017-06-14 08:30 - 2017-06-03 02:08 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-06-14 08:30 - 2017-06-03 02:08 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-06-14 08:30 - 2017-06-03 02:07 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\HNetCfgClient.dll
2017-06-14 08:30 - 2017-06-03 02:06 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2017-06-14 08:30 - 2017-06-03 01:58 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdProxy.dll
2017-06-14 08:30 - 2017-06-03 01:52 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-06-14 08:30 - 2017-06-03 01:52 - 00886784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2017-06-14 08:30 - 2017-06-03 01:51 - 01418240 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2017-06-14 08:30 - 2017-06-03 01:49 - 03615744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-06-14 08:30 - 2017-06-03 01:49 - 02318848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-06-14 08:30 - 2017-06-03 01:48 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-06-14 08:30 - 2017-06-02 23:08 - 00080078 _____ C:\WINDOWS\system32\normidna.nls
2017-06-13 19:49 - 2017-06-15 20:44 - 00192512 _____ C:\Users\betty\Downloads\Accounts_View_20170614.xls
2017-06-13 19:48 - 2017-06-15 20:44 - 00104466 _____ C:\Users\betty\Downloads\Profile_Master_08004831_061317.104803PM_ET.csv
2017-06-13 19:22 - 2017-06-13 19:22 - 00612837 _____ C:\Users\betty\Downloads\05534900017326.pdf
2017-06-13 15:36 - 2017-06-13 15:36 - 00058085 _____ C:\Users\betty\Downloads\529 Plans Brochure.pdf
2017-06-13 12:26 - 2017-06-13 12:26 - 00016384 _____ C:\Users\betty\Downloads\RMD & Distribution Analysis 01-01-2017 to 05-29-2017.xls
2017-06-12 11:38 - 2017-06-12 11:38 - 00043680 _____ C:\Users\betty\Downloads\Action List (1).xlsx
2017-06-12 09:44 - 2017-06-12 09:44 - 00284190 _____ C:\Users\betty\Downloads\sitemap50.xml.gz
2017-06-11 17:46 - 2017-06-11 17:46 - 00255488 _____ C:\Users\betty\Downloads\DivorceTB12015.xls
2017-06-11 17:46 - 2017-06-11 17:46 - 00255488 _____ C:\Users\betty\Downloads\DivorceTB12015 (2).xls
2017-06-11 17:46 - 2017-06-11 17:46 - 00255488 _____ C:\Users\betty\Downloads\DivorceTB12015 (1).xls
2017-06-09 20:23 - 2017-06-09 20:23 - 00047616 _____ C:\Users\betty\Downloads\Transaction_6f6d781a-d7d8-4f43-abd4-c9d5092139cf_20170610.xls
2017-06-09 12:31 - 2017-06-09 12:31 - 00470091 _____ C:\Users\betty\Downloads\Quarterly Report 2017-06-09 19-29-34_.pdf.pdf
2017-06-08 15:55 - 2017-06-12 12:08 - 00139776 _____ C:\Users\betty\Downloads\Fixed Income Security Details.xls
2017-06-08 15:47 - 2017-06-08 15:47 - 00218112 _____ C:\Users\betty\Downloads\Sec_in_Accout_c5be8673-3a90-4c95-b0f5-dec2acdd7e23_20170608.xls
2017-06-08 14:28 - 2017-06-08 14:28 - 00074480 _____ C:\Users\betty\Downloads\AST 1 Account Balances 2826399.pdf
2017-06-07 19:01 - 2017-06-07 19:01 - 00033141 _____ C:\Users\betty\Downloads\LOA Remove Bo.pdf
2017-06-07 19:01 - 2017-06-07 19:01 - 00033141 _____ C:\Users\betty\Downloads\LOA Remove Bo (1).pdf
2017-06-07 07:02 - 2017-06-07 07:02 - 00015244 _____ C:\Users\betty\Downloads\DetlPosn_Grp_Brattesani_Karen_&_Douglas_Potter_060217 (Autosaved).csv
2017-06-06 22:10 - 2017-06-06 22:10 - 00020407 _____ C:\Users\betty\Downloads\contacts_by_state (7).pdf
2017-06-06 22:10 - 2017-06-06 22:10 - 00020196 _____ C:\Users\betty\Downloads\contacts_by_state (8).pdf
2017-06-06 22:09 - 2017-06-06 22:09 - 00022318 _____ C:\Users\betty\Downloads\contacts_by_state (5).pdf
2017-06-06 22:09 - 2017-06-06 22:09 - 00022139 _____ C:\Users\betty\Downloads\contacts_by_state (6).pdf
2017-06-06 22:09 - 2017-06-06 22:09 - 00022032 _____ C:\Users\betty\Downloads\contacts_by_state (4).pdf
2017-06-06 22:08 - 2017-06-06 22:08 - 00036457 _____ C:\Users\betty\Downloads\contacts_by_state (2).pdf
2017-06-06 22:08 - 2017-06-06 22:08 - 00019537 _____ C:\Users\betty\Downloads\contacts_by_state (3).pdf
2017-06-06 22:07 - 2017-06-06 22:07 - 00038455 _____ C:\Users\betty\Downloads\contacts_by_state (1).pdf
2017-06-06 22:07 - 2017-06-06 22:07 - 00020301 _____ C:\Users\betty\Downloads\contacts_by_state.pdf
2017-06-06 22:05 - 2017-06-06 22:05 - 00241079 _____ C:\Users\betty\Downloads\contacts_by_keyword.pdf
2017-06-06 22:03 - 2017-06-06 22:03 - 00890981 _____ C:\Users\betty\Downloads\contacts_by_important_information.pdf
2017-06-06 21:59 - 2017-06-06 21:59 - 00069457 _____ C:\Users\betty\Downloads\contacts_by_important_information (2).csv
2017-06-06 21:57 - 2017-06-06 21:57 - 00069457 _____ C:\Users\betty\Downloads\contacts_by_important_information (1).csv
2017-06-06 21:52 - 2017-06-06 21:52 - 00000739 _____ C:\Users\betty\Downloads\contacts_by_professional (1).csv
2017-06-06 21:49 - 2017-06-06 21:49 - 00000895 _____ C:\Users\betty\Downloads\client_birthday_reminders.csv
2017-06-06 21:46 - 2017-06-06 21:46 - 00031120 _____ C:\Users\betty\Downloads\workflow_task_report.pdf
2017-06-06 21:45 - 2017-06-06 21:45 - 00001777 _____ C:\Users\betty\Downloads\workflow_task_report.csv
2017-06-06 21:40 - 2017-06-06 21:40 - 00001278 _____ C:\Users\betty\Downloads\Tag Groups (13).csv
2017-06-06 21:38 - 2017-06-06 21:38 - 00001042 _____ C:\Users\betty\Downloads\Tag Groups (12).csv
2017-06-06 21:36 - 2017-06-06 21:36 - 00001336 _____ C:\Users\betty\Downloads\Tag Groups (11).csv
2017-06-06 21:34 - 2017-06-06 21:34 - 00000933 _____ C:\Users\betty\Downloads\Tag Groups (10).csv
2017-06-06 21:32 - 2017-06-06 21:32 - 00001181 _____ C:\Users\betty\Downloads\Tag Groups (9).csv
2017-06-06 21:31 - 2017-06-06 21:31 - 00001334 _____ C:\Users\betty\Downloads\Tag Groups (8).csv
2017-06-06 21:29 - 2017-06-06 21:29 - 00002680 _____ C:\Users\betty\Downloads\Tag Groups (7).csv
2017-06-06 21:27 - 2017-06-06 21:27 - 00001373 _____ C:\Users\betty\Downloads\Tag Groups (6).csv
2017-06-06 21:24 - 2017-06-06 21:24 - 00001415 _____ C:\Users\betty\Downloads\Tag Groups (5).csv
2017-06-06 21:23 - 2017-06-06 21:23 - 00001415 _____ C:\Users\betty\Downloads\Tag Groups (4).csv
2017-06-06 19:12 - 2017-06-06 19:12 - 00000764 _____ C:\Users\betty\Downloads\Tag Groups (3).csv
2017-06-06 19:11 - 2017-06-06 19:11 - 00002046 _____ C:\Users\betty\Downloads\Tag Groups (2).csv
2017-06-06 19:09 - 2017-06-06 19:09 - 00004728 _____ C:\Users\betty\Downloads\Tag Groups (1).csv
2017-06-06 19:07 - 2017-06-06 19:07 - 00000783 _____ C:\Users\betty\Downloads\Tag Groups.csv
2017-06-06 18:56 - 2017-06-06 18:56 - 00021052 _____ C:\Users\betty\Downloads\Clients.csv
2017-06-06 18:50 - 2017-06-06 18:50 - 00327205 _____ C:\Users\betty\Downloads\Contacts (1).csv
2017-06-06 18:37 - 2017-06-06 18:37 - 01650484 _____ C:\Users\betty\Downloads\Contacts 2017-06-06.csv
2017-06-06 18:27 - 2017-06-06 18:27 - 00001994 _____ C:\Users\betty\Downloads\Contacts.csv
2017-06-06 18:11 - 2017-06-06 18:11 - 06661747 _____ C:\Users\betty\Downloads\notes_by_contact_report (1).csv
2017-06-06 17:38 - 2017-06-06 17:38 - 00001321 _____ C:\Users\betty\Downloads\workflow_report.csv
2017-06-06 15:37 - 2017-06-06 15:37 - 00063924 _____ C:\Users\betty\Downloads\activities_by_contact (3).pdf
2017-06-06 15:32 - 2017-06-06 15:32 - 01210564 _____ C:\Users\betty\Downloads\activities_by_contact (2).pdf
2017-06-06 15:30 - 2017-06-06 15:30 - 00629139 _____ C:\Users\betty\Downloads\activities_by_contact (1).pdf
2017-06-06 15:28 - 2017-06-06 15:28 - 00049404 _____ C:\Users\betty\Downloads\activities_by_contact.pdf
2017-06-06 13:28 - 2017-06-06 13:41 - 06983353 _____ C:\Users\betty\Downloads\notes_by_contact_report.csv
2017-06-06 12:53 - 2017-06-06 12:53 - 00844287 _____ C:\Users\betty\Downloads\notes_by_contact_report.pdf
2017-06-06 12:42 - 2017-06-06 12:42 - 00074084 _____ C:\Users\betty\Downloads\contacts_by_status.csv
2017-06-06 12:40 - 2017-06-06 12:40 - 00000882 _____ C:\Users\betty\Downloads\contacts_by_state.csv
2017-06-06 12:03 - 2017-06-06 12:03 - 00507972 _____ C:\WINDOWS\Minidump\060617-46890-01.dmp
2017-06-06 11:55 - 2017-06-06 11:55 - 00000739 _____ C:\Users\betty\Downloads\contacts_by_professional.csv
2017-06-06 11:52 - 2017-06-06 11:53 - 00111333 _____ C:\Users\betty\Downloads\contacts_by_keyword.csv
2017-06-06 11:50 - 2017-06-06 11:51 - 00069457 _____ C:\Users\betty\Downloads\contacts_by_important_information.csv
2017-06-06 11:47 - 2017-06-06 11:47 - 00074084 _____ C:\Users\betty\Downloads\contacts_by_category.csv
2017-06-06 11:47 - 2017-06-06 11:47 - 00074084 _____ C:\Users\betty\Downloads\contacts_by_category (1).csv
2017-06-05 23:28 - 2017-06-05 23:28 - 00000698 _____ C:\Users\betty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-06-05 23:17 - 2017-06-05 23:28 - 00000000 ____D C:\WINDOWS\Microsoft Antimalware
2017-06-05 17:10 - 2017-06-05 17:10 - 00565747 _____ C:\Users\betty\Downloads\=_UTF-8_Q_EnrollmentCertificate=2Epdf_=
2017-06-05 16:08 - 2017-06-05 16:09 - 00512060 _____ C:\WINDOWS\Minidump\060517-30625-01.dmp
2017-06-05 08:40 - 2017-06-05 08:40 - 00001048 _____ C:\Users\betty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\join.me.lnk
2017-06-05 08:17 - 2017-06-05 08:17 - 00630890 _____ C:\Users\betty\Downloads\2017 May Moran 401kDistributi (1).pdf
2017-06-05 08:16 - 2017-06-05 08:16 - 00630890 _____ C:\Users\betty\Downloads\2017 May Moran 401kDistributi.pdf
2017-06-04 08:00 - 2017-06-04 08:00 - 00395520 _____ (Microsoft Corporation) C:\WINDOWS\system32\vccorlib140.dll
2017-06-04 08:00 - 2017-06-04 08:00 - 00243992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\concrt140.dll
2017-06-04 08:00 - 2017-06-04 08:00 - 00087792 _____ (Microsoft Corporation) C:\WINDOWS\system32\vcruntime140.dll
2017-06-04 07:55 - 2017-06-04 07:55 - 00633072 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp140.dll
2017-06-04 07:55 - 2017-06-04 07:55 - 00440048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp140.dll
2017-06-04 07:55 - 2017-06-04 07:55 - 00267528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vccorlib140.dll
2017-06-04 07:54 - 2017-06-04 07:54 - 00333592 _____ (Microsoft Corporation) C:\WINDOWS\system32\concrt140.dll
2017-06-04 07:54 - 2017-06-04 07:54 - 00083696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vcruntime140.dll
2017-06-02 12:34 - 2017-06-02 12:34 - 00230494 _____ C:\Users\betty\Downloads\2016 Tax Return (Potter Douglas W and Ka - Client Copy).pdf
2017-06-02 08:37 - 2017-06-02 08:37 - 00007180 _____ C:\Users\betty\Downloads\CostBasis_Acct_51088337_060217.113759AM_ET.csv
2017-06-02 08:28 - 2017-06-02 08:28 - 00001654 _____ C:\Users\betty\Downloads\CostBasis_Acct_70826862_060217.112845AM_ET.csv
2017-06-02 08:25 - 2017-06-02 08:51 - 00071680 _____ C:\Users\betty\Downloads\standard_currentholdings_upload_template (3).xls
2017-06-02 08:21 - 2017-06-02 08:21 - 00017872 _____ C:\Users\betty\Downloads\DetlPosn_Grp_Brattesani_Karen_&_Douglas_Potter_060217.104822AM_ET.csv
2017-06-02 08:19 - 2017-06-02 08:19 - 00011514 _____ C:\Users\betty\Downloads\SummPosn_Grp_Brattesani_Karen_&_Douglas_Potter_060217.104822AM_ET.csv
2017-06-02 08:05 - 2017-06-20 21:54 - 00000000 ____D C:\Users\betty\AppData\Local\TogglDesktop
2017-06-02 08:05 - 2017-06-02 08:05 - 00000000 ____D C:\Users\betty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Toggl
2017-06-02 08:04 - 2017-06-02 08:04 - 07830904 _____ C:\Users\betty\Downloads\TogglDesktopInstaller-7.4.31.exe
2017-06-01 13:27 - 2017-06-01 13:27 - 00384593 _____ C:\Users\betty\Downloads\5519-3930_123116_stmt.pdf
2017-06-01 07:24 - 2017-06-01 07:24 - 00533075 _____ C:\Users\betty\Downloads\Download_2017-06-01.zip
2017-05-31 15:29 - 2017-05-31 15:29 - 00001255 _____ C:\Users\betty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update and Privacy Settings.lnk
2017-05-31 15:27 - 2017-05-31 15:28 - 00000000 ____D C:\Program Files\UNP
2017-05-31 15:27 - 2017-05-31 15:27 - 00000000 ____D C:\WINDOWS\system32\UNP
2017-05-30 07:41 - 2017-05-30 07:41 - 00221184 _____ C:\Users\betty\Downloads\Sec_in_Accout_f14c8bca-01db-439d-ad0b-b1d98ff59665_20170530.xls
2017-05-30 07:40 - 2017-05-30 07:40 - 00221184 _____ C:\Users\betty\Downloads\Sec_in_Accout_c8b86077-912d-4b8a-8bfd-50fba5f81e74_20170530.xls

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-28 18:47 - 2016-08-20 11:46 - 00000000 ____D C:\Users\betty\Desktop\Virus
2017-06-28 18:43 - 2016-10-01 10:22 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-06-28 18:42 - 2015-06-20 09:42 - 00000000 __RDO C:\Users\betty\OneDrive
2017-06-28 15:42 - 2016-10-01 10:57 - 00003250 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForbetty
2017-06-28 15:42 - 2015-06-29 06:53 - 00000358 _____ C:\WINDOWS\Tasks\HPCeeScheduleForbetty.job
2017-06-28 14:40 - 2015-07-02 12:47 - 00000000 ____D C:\Users\betty\Documents\QuickBooks
2017-06-28 13:16 - 2015-06-20 09:17 - 00000000 ____D C:\Users\betty\AppData\Local\Packages
2017-06-28 12:32 - 2016-10-01 10:30 - 00000000 ____D C:\Users\betty
2017-06-28 12:32 - 2015-06-24 15:26 - 00000000 ____D C:\ProgramData\flsplan
2017-06-28 12:32 - 2015-06-20 13:29 - 00000000 ____D C:\Users\betty\AppData\Local\CrashDumps
2017-06-28 12:32 - 2015-06-20 13:18 - 00000000 ____D C:\Users\betty\Documents\Family Law Software
2017-06-28 05:40 - 2016-07-16 04:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-06-28 05:40 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-06-27 19:52 - 2016-10-01 10:29 - 01794600 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-06-27 19:46 - 2016-10-01 10:24 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-06-27 19:46 - 2016-07-16 12:11 - 00000000 __SHD C:\Users\betty\IntelGraphicsProfiles
2017-06-27 19:45 - 2016-10-01 10:57 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-06-27 19:45 - 2016-10-01 10:25 - 00000000 ____D C:\ProgramData\NVIDIA
2017-06-27 19:45 - 2016-07-15 23:04 - 01310720 _____ C:\WINDOWS\system32\config\BBI
2017-06-27 18:36 - 2015-08-26 13:30 - 00000000 ___RD C:\Users\betty\OneDrive - The Hedrick Co-
2017-06-27 17:06 - 2016-08-20 16:22 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-06-26 14:08 - 2016-07-16 04:45 - 00000000 ____D C:\WINDOWS\INF
2017-06-26 14:07 - 2016-07-16 04:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-06-26 14:04 - 2014-06-24 22:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-06-26 12:40 - 2015-07-28 15:00 - 00002309 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-26 06:53 - 2016-10-01 12:24 - 00000000 ____D C:\Users\betty\AppData\Local\Deployment
2017-06-22 12:00 - 2015-07-30 07:55 - 00000000 __HDC C:\ProgramData\{A4BCF67D-EA8B-46F0-B19D-90368494B7A3}
2017-06-20 11:29 - 2016-12-13 10:22 - 00003284 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-06-20 11:29 - 2016-07-16 12:20 - 00002366 _____ C:\Users\betty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-06-19 11:32 - 2015-08-14 19:16 - 00000000 ____D C:\Users\betty\AppData\Roaming\Box
2017-06-17 09:45 - 2015-06-29 13:31 - 00000000 ____D C:\Users\betty\Documents\Custom Office Templates
2017-06-16 19:54 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\rescache
2017-06-16 19:21 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-06-16 19:21 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-06-16 14:12 - 2016-04-26 23:39 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-06-16 14:08 - 2015-08-27 11:03 - 00000684 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-223588219-2138284121-77307795-1002.job
2017-06-16 14:08 - 2015-08-27 11:03 - 00000588 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-223588219-2138284121-77307795-1002.job
2017-06-16 14:07 - 2016-10-01 10:21 - 00918304 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-06-16 14:07 - 2015-09-18 10:07 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-06-16 14:07 - 2015-09-18 10:07 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-06-16 14:00 - 2016-07-16 04:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-06-16 14:00 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-06-16 14:00 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-06-14 10:03 - 2015-06-29 13:37 - 00000000 ___RD C:\Users\betty\Box Sync
2017-06-14 09:00 - 2015-06-20 21:38 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-06-14 08:56 - 2015-09-18 10:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-06-14 08:56 - 2015-06-20 21:37 - 133627792 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-06-14 08:55 - 2016-07-16 04:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-06-12 09:44 - 2017-01-30 13:31 - 00000000 ____D C:\Users\betty\AppData\Local\WinZip
2017-06-07 14:56 - 2016-12-21 11:50 - 00000000 ____D C:\Users\betty\AppData\Local\join.me
2017-06-06 12:31 - 2015-08-05 09:44 - 00000000 ____D C:\Users\betty\AppData\Local\ElevatedDiagnostics
2017-06-06 12:03 - 2016-12-26 17:04 - 00000000 ____D C:\WINDOWS\Minidump
2017-06-06 12:03 - 2015-10-20 15:47 - 1069652749 _____ C:\WINDOWS\MEMORY.DMP
2017-06-05 22:14 - 2016-12-26 22:24 - 00000000 ____D C:\Program Files (x86)\ONetSetup
2017-06-02 23:36 - 2016-07-16 04:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-06-02 23:36 - 2016-07-16 04:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-05-30 17:07 - 2015-06-20 21:07 - 00565416 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2017-01-31 21:40 - 2017-01-31 21:42 - 1913420 _____ () C:\Users\betty\AppData\Roaming\qeinst.log

Some files in TEMP:
====================
2017-01-02 12:34 - 2017-01-02 12:34 - 0008728 _____ () C:\Users\betty\AppData\Local\Temp\BullseyeCoverage-2-x86.dll
2017-06-27 17:06 - 2016-11-11 03:13 - 1886344 _____ (Microsoft Corporation) C:\Users\betty\AppData\Local\Temp\dllnt_dump.dll
2016-12-14 23:06 - 2016-12-14 23:06 - 2458672 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Users\betty\AppData\Local\Temp\libeay32.dll
2016-12-14 23:06 - 2016-12-14 23:06 - 0970912 _____ (Microsoft Corporation) C:\Users\betty\AppData\Local\Temp\msvcr120.dll
2017-03-05 15:45 - 2017-04-06 10:22 - 21387040 _____ (Siber Systems) C:\Users\betty\AppData\Local\Temp\RoboForm-Setup.exe
2016-12-14 23:06 - 2016-12-14 23:06 - 0772672 _____ () C:\Users\betty\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-06-20 11:24

==================== End of FRST.txt ============================

 

[glhglh]

Addition:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-06-2017
Ran by betty (28-06-2017 18:48:51)
Running from C:\Users\betty\Desktop\Virus
Windows 10 Home Version 1607 (X64) (2016-10-01 18:01:58)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-223588219-2138284121-77307795-500 - Administrator - Disabled)
betty (S-1-5-21-223588219-2138284121-77307795-1002 - Administrator - Enabled) => C:\Users\betty
DefaultAccount (S-1-5-21-223588219-2138284121-77307795-503 - Limited - Disabled)
Guest (S-1-5-21-223588219-2138284121-77307795-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat DC (2015) (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0E0F06755100}) (Version: 15.006.30306 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
Amazon Music (HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\Amazon Amazon Music) (Version: 5.4.2.1801 - Amazon Services LLC)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 376.82 - NVIDIA Corporation) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
BERNINA ARTlink 7 (HKLM-x32\...\{0674FEA9-08EF-4FE1-9F72-CF9DD3E18CC8}) (Version: 18.0.94.7011 - Wilcom) Hidden
BERNINA ARTlink 7 (HKLM-x32\...\{CA812D88-2139-4107-97B5-1B2D2A1DD04D}) (Version: 18.0.94.7011 - BERNINA)
BERNINA Universal Communication Server (HKLM-x32\...\{CF27C964-3902-4CA3-9C71-B0EAEB302AB5}) (Version: 1.27.70 - BERNINA)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Box Sync (HKLM\...\{CB732C5D-1F06-41A8-B984-B84B87053E8C}) (Version: 4.0.7800.0 - Box, Inc.)
Box Sync (HKLM-x32\...\{efc6bfaa-b1b1-437f-8b86-7762b83ef39d}) (Version: 4.0.6447.0 - Box Inc.) Hidden
Box Tools (HKLM-x32\...\{4DD12C59-0CD4-422F-9DF3-C7A5E10E6539}) (Version: 3.3.3.1728 - Box)
Cisco WebEx Meetings (HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{DB014C85-A264-4BCA-A66F-6DD1FCF8EC36}) (Version: 1.0.335 - Citrix)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4.6515 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.9.4928 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.4.4824 - CyberLink Corp.)
CyberLink Power Media Player 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.6.5104 - CyberLink Corp.)
CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.5.6909 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.9.5009 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.4.3122 - CyberLink Corp.)
DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
EPSON WorkForce 645 Series Printer Uninstall (HKLM\...\EPSON WorkForce 645 Series) (Version: - SEIKO EPSON Corporation)
FreeMind (HKLM-x32\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 0.9.0 - )
GDR 4042 for SQL Server 2008 R2 (KB3045313) (HKLM-x32\...\KB3045313) (Version: 10.52.4042.0 - Microsoft Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
GoToMeeting 8.7.0.7155 (HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\GoToMeeting) (Version: 8.7.0.7155 - CitrixOnline)
HP 3D DriveGuard (HKLM-x32\...\{13133E99-B0D5-4143-B832-AAD55C62A41C}) (Version: 6.0.19.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{59F8C5AA-91BD-423D-BF05-09A80F39898F}) (Version: 2.10.62 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{1154543C-D5D0-49BE-A004-82EE0A3746AE}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Dropbox Plugin (HKLM-x32\...\{3E261474-8DF2-463B-984E-0B6396F58D1C}) (Version: 36.0.39.57346 - HP)
HP Google Drive Plugin (HKLM-x32\...\{9469285B-AB76-434A-8533-2EE643318F2E}) (Version: 36.0.39.57346 - HP)
HP OfficeJet Pro 8720 Basic Device Software (HKLM\...\{98A7C54D-74EB-461C-8124-E78BF938401F}) (Version: 38.1.1881.57490 - HP Inc.)
HP OfficeJet Pro 8720 Help (HKLM-x32\...\{18E5A98E-E857-4087-AF73-4E6B9AB0A140}) (Version: 38.0.0 - HP)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7493.4758 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{D17A3B70-B75E-4C49-83D6-C17DDF65B35F}) (Version: 1.3.4 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{AED1C141-3AFC-47FE-AE90-C820AA60B103}) (Version: 2.2.5 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
I.R.I.S. OCR (HKLM-x32\...\{093C645A-294E-41E4-904C-DDF13DC47A27}) (Version: 12.3.6.12 - HP)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6491.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel(R) PRO/Wireless Driver (HKLM\...\{ac7ad2d7-04b3-460c-b370-07e3d3e3aa4e}) (Version: 17.01.0000.1697 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3368 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 3.0.1335.5) (HKLM\...\{302600C1-6BDF-4FD1-1307-148929CC1385}) (Version: 3.1.1307.0362 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
Intel(R) Smart Connect Technology (HKLM\...\{9B5FD763-5074-474C-B898-24567E6450C8}) (Version: 4.2.40.2439 - Intel Corporation)
iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
Java 8 Update 111 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
join.me (HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\JoinMe) (Version: 3.2.1.5059 - LogMeIn, Inc.)
Laser App Enterprise (HKLM-x32\...\{52CDF108-5993-4655-B129-D537F5D2D0AB}) (Version: 10.0.0.54 - Laser App Software Inc.) Hidden
Laser App Enterprise (HKLM-x32\...\Laser App Enterprise) (Version: 10.0.0.50 - Laser App Software Inc.)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.5.166.0 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.7766.2092 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (HKLM-x32\...\Microsoft SQL Server 2008 R2) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{49860BCD-24D6-44C1-922E-AC12FE32234E}) (Version: 10.52.4042.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Setup (English) (HKLM-x32\...\{EFECC55D-7B0A-4D05-8487-CC2FD7C618A3}) (Version: 10.52.4042.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM-x32\...\{D441BD04-E548-4F8E-97A4-1B66135BAAA8}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server Browser (HKLM-x32\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{6E740973-8E71-42F9-A910-C18452E60450}) (Version: 9.00.3042.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft SQLXML 4.0 SP1 (HKLM\...\{70544B21-8A43-4A30-8F59-DC6F73A5EE9A}) (Version: 10.0.1600.60 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{CD5AAE18-1DF8-4D7B-8B99-9071D7D36126}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package (HKLM-x32\...\Microsoft Visual J# 2.0 Redistributable Package) (Version: - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.4.12.00 - NETGEAR Inc.)
novaPDF v7 (novaPDF 7.4 printer) (HKLM\...\novaPDF v7_is1) (Version: - Softland)
NVIDIA Graphics Driver 376.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.82 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0927 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0927 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.7766.2092 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.7766.2092 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.7766.2092 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.7668.2066 - Microsoft Corporation) Hidden
Pinger (HKLM-x32\...\{9B56B031-A6C0-4BB7-8F61-938548C1B759}) (Version: 1.1.1.2 - Pinger Inc.) Hidden
Pinger (HKLM-x32\...\Pinger 1.1.1.2) (Version: 1.1.1.2 - Pinger Inc.)
PortfolioCenter (HKLM-x32\...\{5B0F5755-7BE9-42AF-9AFC-F424C8E67C1C}) (Version: 5.10.100.2 - Schwab Performance Technologies) Hidden
PortfolioCenter (HKLM-x32\...\InstallShield_{5B0F5755-7BE9-42AF-9AFC-F424C8E67C1C}) (Version: 5.10.100.2 - Schwab Performance Technologies)
PortfolioCenter Database Components (HKLM-x32\...\{D06C26DA-AC5F-43E7-A687-34D4CA83017B}) (Version: 5.10.100.2 - Schwab Performance Technologies) Hidden
PortfolioCenter Database Components (HKLM-x32\...\InstallShield_{D06C26DA-AC5F-43E7-A687-34D4CA83017B}) (Version: 5.10.100.2 - Schwab Performance Technologies)
PortfolioCenter Management Console (HKLM-x32\...\{4268D342-1374-490F-B277-BADAE5A0EE21}) (Version: 5.10.100.2 - Schwab Performance Technologies) Hidden
PortfolioCenter Management Console (HKLM-x32\...\InstallShield_{4268D342-1374-490F-B277-BADAE5A0EE21}) (Version: 5.10.100.2 - Schwab Performance Technologies)
Quarterly Express Plus (HKLM-x32\...\{B3CF92D5-B005-4C25-BE84-53E72F3117EF}) (Version: 2.2.19 - Lewis Software Associates LLC) Hidden
Quarterly Express Plus (HKLM-x32\...\Quarterly Express Plus 2.2.19) (Version: 2.2.19 - Lewis Software Associates LLC)
QuickBooks (HKLM-x32\...\{604FB1E3-84F2-45E2-AD26-49422B021393}) (Version: 25.0.4014.2506 - Intuit Inc.) Hidden
QuickBooks Pro 2015 (HKLM-x32\...\{8F02EFA1-8F5E-4E47-A6B5-D99E4FE90271}) (Version: 25.0.4013.2506 - Intuit Inc.)
QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21239 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.19.726.2013 - Realtek)
Retriever for the Desktop (HKLM-x32\...\{9FF80FBE-980E-4A42-B338-B1304958A84C}) (Version: 2.0.1 - Redtail Technology)
RingCentral Meetings (HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\RingCentralMeetings) (Version: 4.2 - Zoom Video Communications, Inc. and RingCentral Inc.)
RoboForm 7-9-28-8 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-28-8 - Siber Systems)
RogueKiller version 12.11.4.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.4.0 - Adlice Software)
Savings Bond Wizard (HKLM-x32\...\{566DBD89-9955-4024-9384-A6301C8C6584}) (Version: 5.0 - U.S. Department of the Treasury)
Schwab Data Delivery (HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\18fd9afc2e517afc) (Version: 17.2.7404.0 - Charles Schwab - Schwab Data Delivery)
Service Pack 2 for SQL Server 2008 R2 (KB2630458) (HKLM-x32\...\KB2630458) (Version: 10.52.4000.0 - Microsoft Corporation)
SQL Server 2008 R2 SP2 Common Files (HKLM-x32\...\{CACEA8C8-3D38-4F51-953D-1E6FC3346FEF}) (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Common Files (HKLM-x32\...\{FC835376-FF3B-4CAA-83E0-2148B3FB7C98}) (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Services (HKLM-x32\...\{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}) (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Services (HKLM-x32\...\{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}) (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Shared (HKLM-x32\...\{4C9D82EB-9001-4E59-8F64-0BEEE5F4A30A}) (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Shared (HKLM-x32\...\{F021CC0C-21C3-4038-AA4A-6E3CBC669CE8}) (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (HKLM-x32\...\{93998800-1608-403F-9A51-420A77D23C25}) (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SupportCalc-FD
(HKLM-x32\...\{B5FAD058-6C87-4902-9A03-DB744AD66263}) (Version: - )
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.2.4.10 - Synaptics Incorporated)
Toggl Desktop (HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\TogglDesktop) (Version: - Toggl)
Validity WBF DDK (HKLM\...\{21498212-1146-4540-8A81-6A1328BA19F2}) (Version: 4.5.228.0 - Validity Sensors, Inc.)
VC12X64Redist (HKLM\...\{B573CC21-AE24-4BC5-9B0B-15CF29A3F982}) (Version: 1.00.0000 - Intuit Inc.)
VC12X86Redist (HKLM-x32\...\{EA9886ED-21F8-4867-A049-CE6817291EE6}) (Version: 1.00.0000 - Intuit Inc.)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17332 - Microsoft Corporation)
WinSCP 5.7.7 (HKLM-x32\...\winscp3_is1) (Version: 5.7.7 - Martin Prikryl)
WinZip 21.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C2410D}) (Version: 21.0.12288 - WinZip Computing, S.L. )
YCharts Excel (HKLM-x32\...\{B937CE83-D945-4965-B16E-D056A16EA848}) (Version: 3.12 - YChartsExcel)
Zoom (HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\ZoomUMX) (Version: 4.0 - Zoom Video Communications, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-223588219-2138284121-77307795-1002_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\betty\AppData\Local\Citrix\GoToMeeting\6441\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-223588219-2138284121-77307795-1002_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.dll ()

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04DA6EFD-403C-4227-BDF0-CDA4116D1C48} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {0EED94AF-A3DC-43F6-B408-52CD8FC0B446} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-06-09] (Microsoft Corporation)
Task: {2D46AC4B-FD3A-4D54-A43E-A2ABACEF45DF} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {2EE62CD7-0836-4AD3-AAEF-046CD2D5CCAB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-28] (Google Inc.)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {3FD1C5A9-8AE8-4F6C-98BD-8B6999716AF7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-28] (Google Inc.)
Task: {431CE228-BF6B-493B-8FF0-1EBCAAD53327} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2017-04-06] (Siber Systems)
Task: {449F729D-9452-4456-9F63-590BC4315B16} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-07-08] (Microsoft Corporation)
Task: {463A71F6-403B-4726-A543-AA8C5E5B994D} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2016-09-02] (Synaptics Incorporated)
Task: {4C986CE8-1421-4F4D-A51D-9D3CCE3015C2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-06-09] (Microsoft Corporation)
Task: {52AC6F9F-F94F-4DE9-AB50-EC5ADA951A3D} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\betty\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {5F920B7C-53A5-4790-B516-C97B29085B2A} - System32\Tasks\{A5CFEB52-4F2C-42F7-AEB5-60B765FFCB04} => pcalua.exe -a E:\AutorunPro.EXE -d E:\
Task: {67162168-34AE-495E-8831-6FE9C4532174} - System32\Tasks\WinZip Update Notifier => C:\Program Files\WinZip\WZUpdateNotifier.exe [2016-12-12] (WinZip)
Task: {6723E741-A972-4282-AC69-24F1E98A508C} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-06-04] (Microsoft Corporation)
Task: {808E67F7-DA20-49BE-BD8F-B9D2EBE5A880} - System32\Tasks\HPCeeScheduleForbetty => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {98CEC015-2D11-47A4-B439-A8B7B55645DB} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-07-08] (Microsoft Corporation)
Task: {A07863E4-2DCD-4501-BF9C-3E5B884B0AD4} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxps://www.roboform.com/test-pass.html?aaa=KICMOJMMIMHMOMLJOJNJCNKMKJJMNMCNLMJMGMPMCNNJIMOMNJCNPMLJNJNMJMMJLMLJKJPMKMLMJNJICMIMCNGMCNNMHMFMOMOMCNGMKMMMCNOMLMMMGMMMFMPMCNPMCNOMLMMMGMMMCNNMJNPICMOMFMEKMICNJJCKFMJMKMJMJNHICMKJCJMIOMNMJNBJCMNJKJLILIGIJNKJCMJNNICMJNDJCMKJBJJ (the data entry has 58 more characters).
Task: {BE49FBBF-6B74-41A6-898A-9F9AB2417670} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-06-07] (Hewlett-Packard Development Company, L.P.)
Task: {C23DB440-1289-42AB-8C7F-A0AEB17F3654} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {C6271A45-8199-40FA-A614-FCD8AAA1ADCE} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-07-08] (Microsoft Corporation)
Task: {D6DB8BB8-5E2A-4129-92A0-1D1B2F73A507} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-07-08] (Microsoft Corporation)
Task: {DD459294-B7FE-4008-885A-C10DDCB512DC} - System32\Tasks\Laser App Enterprise Updates => C:\Windows\Installer\Laser App Enterprise Updates for All Users.lnk [Argument = /update]
Task: {E29F6475-813A-4FF9-8D96-1DB6A3714082} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-06-09] (Microsoft Corporation)
Task: {E5C83277-BB34-4D95-AAD9-EC18971BFFAA} - System32\Tasks\G2MUploadTask-S-1-5-21-223588219-2138284121-77307795-1002 => C:\Users\betty\AppData\Local\Citrix\GoToMeeting\5174\g2mupload.exe [2016-07-03] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {E7174266-9D34-43E9-BD52-A30CD4F189B2} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-06-16] (Adobe Systems Incorporated)
Task: {E9376063-1EE5-4EA0-B4B0-178D0D2A86BA} - System32\Tasks\WinZipBackGroundToolsTask => C:\Program Files\WinZip\WzBGTools.exe [2016-12-12] (WinZip Computing, S.L.)
Task: {E9940121-595A-4142-B581-52E469484D86} - System32\Tasks\G2MUpdateTask-S-1-5-21-223588219-2138284121-77307795-1002 => C:\Users\betty\AppData\Local\Citrix\GoToMeeting\5174\g2mupdate.exe [2016-07-03] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {EC6D34CC-6C94-4661-AB24-D0C66C28DCD4} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-06-04] (Microsoft Corporation)
Task: {FDE3119D-56B2-466C-9D87-6C0F791D14C2} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2015-07-08] (Microsoft)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-223588219-2138284121-77307795-1002.job => C:\Users\betty\AppData\Local\Citrix\GoToMeeting\7155\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-223588219-2138284121-77307795-1002.job => C:\Users\betty\AppData\Local\Citrix\GoToMeeting\7155\g2mupload.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForbetty.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\Laser App Enterprise Updates.job => C:\Windows\Installer\Laser App Enterprise Updates for All Users.lnk

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\betty\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 04:42 - 2016-07-16 04:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-06-14 08:31 - 2017-06-03 03:01 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-01 18:12 - 2016-09-01 18:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-13 14:56 - 2017-01-13 14:56 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-10-01 10:25 - 2017-02-06 04:37 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-06-27 19:30 - 2017-05-25 14:11 - 02270664 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-04-10 12:48 - 2017-01-29 06:55 - 08930504 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-05-27 15:50 - 2016-11-01 23:05 - 00401896 _____ () C:\WINDOWS\system32\igfxTray.exe
2016-10-01 11:15 - 2016-10-01 11:15 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-14 14:43 - 2017-03-03 23:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-14 14:44 - 2017-03-03 23:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-14 14:44 - 2017-03-03 23:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-14 14:44 - 2017-03-03 23:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-06-14 08:31 - 2017-06-03 01:47 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-06-14 08:31 - 2017-06-03 01:47 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-06-14 08:31 - 2017-06-03 01:51 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-04-06 12:12 - 2017-04-06 12:12 - 00118088 _____ () C:\Program Files\Box\Box Sync\_ctypes.pyd
2017-04-06 12:12 - 2017-04-06 12:12 - 01157960 _____ () C:\Program Files\Box\Box Sync\_hashlib.pyd
2017-04-06 12:12 - 2017-04-06 12:12 - 00053576 _____ () C:\Program Files\Box\Box Sync\_socket.pyd
2017-04-06 12:12 - 2017-04-06 12:12 - 01751880 _____ () C:\Program Files\Box\Box Sync\_ssl.pyd
2016-09-15 15:45 - 2016-09-15 15:45 - 00134544 _____ () C:\Program Files\Box\Box Sync\win32api.pyd
2015-02-19 15:10 - 2015-02-19 15:10 - 00137728 _____ () C:\Program Files\Box\Box Sync\pywintypes27.dll
2015-02-19 15:10 - 2015-02-19 15:10 - 00503808 _____ () C:\Program Files\Box\Box Sync\pythoncom27.dll
2017-04-06 12:12 - 2017-04-06 12:12 - 00050504 _____ () C:\Program Files\Box\Box Sync\_psutil_windows.pyd
2017-04-06 12:12 - 2017-04-06 12:12 - 00695624 _____ () C:\Program Files\Box\Box Sync\unicodedata.pyd
2017-04-06 12:08 - 2017-04-06 12:08 - 00009544 _____ () C:\Program Files\Box\Box Sync\clr.pyd
2017-04-06 12:12 - 2017-04-06 12:12 - 00033096 _____ () C:\Program Files\Box\Box Sync\ujson.pyd
2017-04-06 12:11 - 2017-04-06 12:11 - 00016712 _____ () C:\Program Files\Box\Box Sync\select.pyd
2017-04-06 12:12 - 2017-04-06 12:12 - 00172872 _____ () C:\Program Files\Box\Box Sync\_elementtree.pyd
2017-04-06 12:11 - 2017-04-06 12:11 - 00170312 _____ () C:\Program Files\Box\Box Sync\pyexpat.pyd
2016-09-15 15:45 - 2016-09-15 15:45 - 00444816 _____ () C:\Program Files\Box\Box Sync\win32com.shell.shell.pyd
2016-09-15 15:45 - 2016-09-15 15:45 - 00029072 _____ () C:\Program Files\Box\Box Sync\win32event.pyd
2016-09-15 15:45 - 2016-09-15 15:45 - 00155536 _____ () C:\Program Files\Box\Box Sync\win32file.pyd
2017-04-06 12:12 - 2017-04-06 12:12 - 00065352 _____ () C:\Program Files\Box\Box Sync\_sqlite3.pyd
2016-09-15 15:45 - 2016-09-15 15:45 - 00142224 _____ () C:\Program Files\Box\Box Sync\win32security.pyd
2016-09-15 15:45 - 2016-09-15 15:45 - 00050064 _____ () C:\Program Files\Box\Box Sync\win32process.pyd
2016-09-15 15:45 - 2016-09-15 15:45 - 00059792 _____ () C:\Program Files\Box\Box Sync\win32service.pyd
2017-04-06 12:12 - 2017-04-06 12:12 - 00032072 _____ () C:\Program Files\Box\Box Sync\_yappi.pyd
2017-04-06 12:12 - 2017-04-06 12:12 - 00037704 _____ () C:\Program Files\Box\Box Sync\_multiprocessing.pyd
2016-09-15 15:45 - 2016-09-15 15:45 - 00027536 _____ () C:\Program Files\Box\Box Sync\win32clipboard.pyd
2016-09-15 15:45 - 2016-09-15 15:45 - 00229264 _____ () C:\Program Files\Box\Box Sync\win32gui.pyd
2017-04-06 12:04 - 2017-04-06 12:04 - 00166216 _____ () C:\Program Files\Box\Box Sync\BoxSyncMonitor.exe
2017-05-23 09:09 - 2017-05-23 09:09 - 03918848 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1705.1301.0_x64__8wekyb3d8bbwe\Calculator.exe
2017-06-28 05:39 - 2017-06-28 05:39 - 00016384 _____ () C:\Program Files\WindowsApps\9E2F88E3.Twitter_5.8.0.0_x86__wgeqdkkx372wm\Twitter.Windows.exe
2014-06-24 23:18 - 2013-08-09 05:25 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2017-04-10 12:46 - 2017-01-29 02:46 - 08929992 _____ () C:\Program Files (x86)\Microsoft Office\Root\Office16\1033\GrooveIntlResource.dll
2017-06-28 05:39 - 2017-06-28 05:39 - 17809408 _____ () C:\Program Files\WindowsApps\9E2F88E3.Twitter_5.8.0.0_x86__wgeqdkkx372wm\Twitter.Windows.dll
2015-03-31 11:30 - 2015-03-31 11:30 - 00249856 _____ () C:\Program Files (x86)\Schwab Performance Technologies\PortfolioCenter\HYSDBA32.dll
2015-03-31 11:30 - 2015-03-31 11:30 - 00196608 _____ () C:\Program Files (x86)\Schwab Performance Technologies\PortfolioCenter\c4dll32.dll

 

[glhglh]

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\advisorbriefcase.com -> hxxps://www.advisorbriefcase.com
IE trusted site: HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\sharepoint.com -> hxxps://hedrickcodotcom.sharepoint.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 06:25 - 2013-08-22 06:25 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-223588219-2138284121-77307795-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\betty\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "Intuit Data Protect.lnk"
HKLM\...\StartupApproved\StartupFolder: => "QuickBooks_Standard_21.lnk"
HKLM\...\StartupApproved\StartupFolder: => "QuickBooks Update Agent.lnk"
HKLM\...\StartupApproved\Run: => "SysTrayApp"
HKLM\...\StartupApproved\Run: => "SynTPEnh"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "HPMessageService"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Intuit SyncManager"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\StartupApproved\StartupFolder: => "OneDrive for Business.lnk"
HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\StartupApproved\Run: => "Power2GoExpress8"
HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\StartupApproved\Run: => "Adobe Acrobat Synchronizer"
HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\StartupApproved\Run: => "LaserAppUpdate"
HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\StartupApproved\Run: => "NETGEARGenie"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{9B12FE77-02C5-46A3-9C8F-3C9B9F7CE515}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{D4A4AA59-C111-4F56-B5ED-13B36CF928C1}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{ACF3E387-B502-41A5-99FF-7177FE02E1AA}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{EC85DAE3-E32D-47D4-B3D6-98C4D3E4B713}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{6221AAF7-721A-419C-BB6A-B16956125A14}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{CF4DC541-160E-4E99-91E8-89D26AEC5842}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{5282447E-3236-4FC5-9F50-933B28C3187D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{5F7832E1-8124-4843-A440-12B61B8DE9C2}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{BBD25918-7FDA-48F4-A9AB-E1A9FB6BB7B1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B1CB5C1D-288E-47FB-84DD-A2FC747786C8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5FB37F94-1AB9-4710-AB32-CC93DBD1FF04}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A464823E-37E9-4E88-A7BD-13F77ACF05E0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A8229529-7EB0-42CA-B69E-151ACA79EC9F}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{81F83299-2998-42C7-B391-6C15DD7B7AE8}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{91F36541-D98A-4C8B-9C83-139FE92B6584}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{551A9F90-9743-4FC7-A2E7-DC209E6C80B3}] => (Allow) c:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{5C66F09C-B614-4474-B1A3-3A96012E575C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{1BDD8A01-38ED-40A0-8588-180D82C6CD00}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{CC23F4CA-C3C9-44FE-B51B-49B654D923C0}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{68715254-D5D0-4079-BECD-023BA0D888AA}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{A08B0C0C-5C38-4B68-875E-4B57C060149B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{3B311D07-DD3D-4B44-9F65-070DCA777746}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{5CA5085F-54BD-4296-9209-88D3C14CCDC7}] => (Allow) C:\Program Files (x86)\Schwab Performance Technologies\PortfolioCenter\PCServerManager.exe
FirewallRules: [{23B78644-F036-4A51-84A5-3554E9732779}] => (Allow) C:\Program Files (x86)\Schwab Performance Technologies\PortfolioCenter\PCServerManager.exe
FirewallRules: [{2BB3A8B2-D9E1-481E-93C4-CF5BBE29CDCE}] => (Allow) C:\Program Files (x86)\Schwab Performance Technologies\PortfolioCenter\PCExportWizard.exe
FirewallRules: [{F29E9B67-F210-40CB-BE74-28ADBDD38766}] => (Allow) C:\Program Files (x86)\Schwab Performance Technologies\PortfolioCenter\PCExportWizard.exe
FirewallRules: [{6D37C88C-CEC2-4F1D-A627-ADD479004029}] => (Allow) C:\Program Files (x86)\Schwab Performance Technologies\PortfolioCenter\PortfolioCenter.exe
FirewallRules: [{B4CFE49C-771A-46B0-8168-52462D2F48AF}] => (Allow) C:\Program Files (x86)\Schwab Performance Technologies\PortfolioCenter\PortfolioCenter.exe
FirewallRules: [{9B45EC6D-2C98-467F-8C10-D11AB8BBE462}] => (Allow) C:\Program Files (x86)\Microsoft SQL Server\100\Shared\SqlWtsn.exe
FirewallRules: [{3D4606F7-6EE5-49C1-8966-8C2E588014C8}] => (Allow) C:\Program Files (x86)\Microsoft SQL Server\100\Shared\SqlWtsn.exe
FirewallRules: [{C7818641-4995-47BA-B593-E9F29AF6C68D}] => (Allow) C:\Program Files (x86)\Microsoft SQL Server\100\Setup Bootstrap\SQLServer2008R2\x86\LandingPage.exe
FirewallRules: [{5D0E1531-FBD5-4B0F-B4D4-DF426BD4B11E}] => (Allow) C:\Program Files (x86)\Microsoft SQL Server\100\Setup Bootstrap\SQLServer2008R2\x86\LandingPage.exe
FirewallRules: [{4E028E3B-D38B-4AFB-8418-7D14DCEB2CF6}] => (Allow) C:\Program Files (x86)\Microsoft SQL Server\100\Setup Bootstrap\Release\x86\LandingPage.exe
FirewallRules: [{A5D99608-25AA-4151-AAA7-E168715F5A8C}] => (Allow) C:\Program Files (x86)\Microsoft SQL Server\100\Setup Bootstrap\Release\x86\LandingPage.exe
FirewallRules: [{51D6C454-6900-4A97-8F25-26E09F04F64D}] => (Allow) C:\Program Files (x86)\Microsoft SQL Server\100\Setup Bootstrap\Release\x86\LandingPage.exe
FirewallRules: [{C986018C-71FE-4886-B503-77F0608109AB}] => (Allow) C:\Program Files (x86)\Microsoft SQL Server\100\Setup Bootstrap\Release\x86\LandingPage.exe
FirewallRules: [{C19B5AA0-38AD-443D-BA9F-BE314EC41F75}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [TCP Query User{90897F2F-47DB-445B-A935-A0F6CC7AF767}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [UDP Query User{71655A4E-98DB-4C05-B9E3-CDB6571CBAA9}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [TCP Query User{02966D7E-E33A-44B9-B8DE-FBC3C897A2E9}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [UDP Query User{ED5DB793-956E-4302-AEAB-627DA905452F}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [TCP Query User{AE2B5981-B06D-4177-9EAA-D6626C1C7DDF}C:\program files (x86)\lewis software associates llc\quarterly express plus\quarterly express plus.exe] => (Allow) C:\program files (x86)\lewis software associates llc\quarterly express plus\quarterly express plus.exe
FirewallRules: [UDP Query User{C5594EED-EAB7-4274-8C5E-FC00D8A34DE8}C:\program files (x86)\lewis software associates llc\quarterly express plus\quarterly express plus.exe] => (Allow) C:\program files (x86)\lewis software associates llc\quarterly express plus\quarterly express plus.exe
FirewallRules: [{6B4806DC-C9D3-4D8D-AC70-EC1CB22CA3E4}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{441C4E5C-D05C-4D8F-B4ED-154D98975024}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [TCP Query User{5387E399-7E6F-4066-A019-3BD24C4035B6}C:\program files (x86)\8x8 virtual office\8x8 - virtual office\8x8 - virtual office.exe] => (Allow) C:\program files (x86)\8x8 virtual office\8x8 - virtual office\8x8 - virtual office.exe
FirewallRules: [UDP Query User{B37F94C6-DA9F-4500-8F3A-67816F841981}C:\program files (x86)\8x8 virtual office\8x8 - virtual office\8x8 - virtual office.exe] => (Allow) C:\program files (x86)\8x8 virtual office\8x8 - virtual office\8x8 - virtual office.exe
FirewallRules: [{E615CB42-1809-4C57-853F-CE7AA967B6E2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D0796EE4-C656-485C-A7F8-F9C8443D0A8F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8721A7BB-6150-4E02-9085-C7038D97C937}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8F13CD30-13C2-46C1-8C95-CAADD3B3541B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{66B6362B-2031-4600-90B7-F735668928A9}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{99C51ABB-EB76-4720-8401-B4CEB81EFE78}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{012E242B-BCF4-4AC4-9E2D-C9C7C108FB62}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe
FirewallRules: [{35C4ED33-0392-42E7-8FAC-A7EB08CC4548}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe
FirewallRules: [{EE01684B-508F-4B31-A57A-66C9F4439C85}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe
FirewallRules: [{2FC451CB-F8C0-49C3-BCD3-84C1399D4A28}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe
FirewallRules: [{C05AA4B3-27A0-4383-AA16-745A51632D71}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{F022DA75-77D5-4AA7-957E-0FB4395E32E9}] => (Allow) C:\Users\betty\AppData\Local\Temp\7zS125F\HP.EasyStart.exe
FirewallRules: [{01132AEC-FB3E-4FE2-A502-BC73AC8FAB82}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8720\bin\FaxApplications.exe
FirewallRules: [{D8A56197-B17A-4943-ABD2-EBFDFEF4EB3B}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8720\bin\DigitalWizards.exe
FirewallRules: [{9EC00D50-BAB7-4BCC-9A04-8A6A30164E1D}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8720\bin\SendAFax.exe
FirewallRules: [{88F930E3-C0A2-476D-9C42-176B5CD33E19}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8720\bin\FaxPrinterUtility.exe
FirewallRules: [{FCA46394-63F7-45C8-8B5D-FA2143A08B89}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8720\Bin\DeviceSetup.exe
FirewallRules: [{0F4CDFF6-92B3-45F0-A91B-31AA1E611D10}] => (Allow) LPort=5357
FirewallRules: [{64829415-C344-49B1-A429-E49810C96715}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8720\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{23DF0E56-1E2A-4DDF-8422-4806614B46B1}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{48180C29-1CC3-42B7-819F-69EF7CACA255}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [TCP Query User{43E8ECB1-E814-45AE-89D7-621139041607}C:\users\betty\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\betty\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [UDP Query User{1F23C11F-5BB9-4F52-92E9-32A37233DE8C}C:\users\betty\appdata\local\amazon music\amazon music helper.exe] => (Allow) C:\users\betty\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [{9A54A72F-C6AC-4511-81DA-D6E4C3DBAC84}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{F6ECD478-828B-4B80-A904-7DF328011833}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{5D4052DB-2BA1-499E-93F5-B3D33C2BDC03}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe

==================== Restore Points =========================

14-06-2017 08:32:27 Windows Update
23-06-2017 11:10:17 Scheduled Checkpoint
27-06-2017 18:35:46 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name: Flex
Description: Bluetooth LE Device
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Microsoft
Service: BthLEEnum
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/28/2017 02:45:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1125

Error: (06/28/2017 02:45:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1125

Error: (06/28/2017 02:45:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/28/2017 02:44:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1156

Error: (06/28/2017 02:44:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1156

Error: (06/28/2017 02:44:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/28/2017 02:40:33 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2015":
Error: truncating TLG file failed, errorcode:1

Error: (06/28/2017 02:26:00 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2015":
V25.0D R14 (M=1066, L=335, C=249, V=0 (0))

Error: (06/28/2017 12:32:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FlsPlan.exe, version: 19.1.1.1, time stamp: 0x58ff084c
Faulting module name: combase.dll, version: 10.0.14393.1198, time stamp: 0x59028479
Exception code: 0xc0000602
Fault offset: 0x0007973d
Faulting process id: 0x118
Faulting application start time: 0x01d2f0454102b2b6
Faulting application path: C:\Program Files (x86)\FLSPlan\FlsPlan.exe
Faulting module path: C:\WINDOWS\System32\combase.dll
Report Id: fecccd57-38f8-4267-a9f3-52f69891caea
Faulting package full name:
Faulting package-relative application ID:

Error: (06/28/2017 08:53:52 AM) (Source: UniversalCommunicationServer) (EventID: 0) (User: )
Description: Universal Communication Server Terminating: True
reason: System.UnhandledExceptionEventArgs
Stack: TraceEnvironment.XTrace+AssertionFailedException: unexpected message length 4
at TraceEnvironment.XTrace.Assert(Boolean aCondition, String aFormat, Object[] aObjects)
at UniversalCommunicationServer.ServerConnection.stateConnectedOnServerDataReceived(evServerDataReceived aEvent)
at MultiThreading.Reactive.MainLoop()
at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
at System.Threading.ThreadHelper.ThreadStart()


System errors:
=============
Error: (06/28/2017 04:02:42 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.

Error: (06/28/2017 02:47:20 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.

Error: (06/28/2017 02:45:50 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/28/2017 02:44:03 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/28/2017 08:53:52 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Universal Communication Server service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (06/28/2017 12:09:03 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Universal Communication Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (06/27/2017 09:44:52 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.

Error: (06/27/2017 09:40:34 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/27/2017 07:51:22 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {B91D5831-B1BD-4608-8198-D72E155020F7} did not register with DCOM within the required timeout.

Error: (06/27/2017 07:49:32 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.


CodeIntegrity:
===================================
Date: 2017-06-28 18:48:06.958
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-06-28 18:48:06.957
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-06-28 18:47:45.121
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-06-28 18:47:45.120
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-06-28 16:45:03.554
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-06-28 16:45:03.552
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-06-28 11:43:13.811
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvhm.inf_amd64_7c553af4468727c1\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-06-27 20:05:06.619
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-06-27 20:05:06.617
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-06-27 20:05:06.610
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4710MQ CPU @ 2.50GHz
Percentage of memory in use: 27%
Total physical RAM: 16316.02 MB
Available physical RAM: 11792.1 MB
Total Virtual: 18748.02 MB
Available Virtual: 13445.17 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:903.43 GB) (Free:779.54 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:26.2 GB) (Free:2.52 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 1E1F4777)

Partition: GPT.

==================== End of Addition.txt ============================

 

[Broni]

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

[glhglh]

fixlog:

Fix result of Farbar Recovery Scan Tool (x64) Version: 29-06-2017
Ran by betty (28-06-2017 19:02:30) Run:1
Running from C:\Users\betty\Desktop\Virus
Loaded Profiles: betty (Available Profiles: betty)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\Run: [Zoom] => [X]
2017-01-31 21:40 - 2017-01-31 21:42 - 1913420 _____ () C:\Users\betty\AppData\Roaming\qeinst.log
2017-01-02 12:34 - 2017-01-02 12:34 - 0008728 _____ () C:\Users\betty\AppData\Local\Temp\BullseyeCoverage-2-x86.dll
2017-06-27 17:06 - 2016-11-11 03:13 - 1886344 _____ (Microsoft Corporation) C:\Users\betty\AppData\Local\Temp\dllnt_dump.dll
2016-12-14 23:06 - 2016-12-14 23:06 - 2458672 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Users\betty\AppData\Local\Temp\libeay32.dll
2016-12-14 23:06 - 2016-12-14 23:06 - 0970912 _____ (Microsoft Corporation) C:\Users\betty\AppData\Local\Temp\msvcr120.dll
2017-03-05 15:45 - 2017-04-06 10:22 - 21387040 _____ (Siber Systems) C:\Users\betty\AppData\Local\Temp\RoboForm-Setup.exe
2016-12-14 23:06 - 2016-12-14 23:06 - 0772672 _____ () C:\Users\betty\AppData\Local\Temp\sqlite3.dll


*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-21-223588219-2138284121-77307795-1002\Software\Microsoft\Windows\CurrentVersion\Run\\Zoom => value removed successfully
C:\Users\betty\AppData\Roaming\qeinst.log => moved successfully
C:\Users\betty\AppData\Local\Temp\BullseyeCoverage-2-x86.dll => moved successfully
C:\Users\betty\AppData\Local\Temp\dllnt_dump.dll => moved successfully
C:\Users\betty\AppData\Local\Temp\libeay32.dll => moved successfully
C:\Users\betty\AppData\Local\Temp\msvcr120.dll => moved successfully
C:\Users\betty\AppData\Local\Temp\RoboForm-Setup.exe => moved successfully
C:\Users\betty\AppData\Local\Temp\sqlite3.dll => moved successfully

==== End of Fixlog 19:02:31 ====

 

[Broni]

Last scans...

Download Security Check from here or here and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:

• Internet Services
• Windows Firewall
• System Restore
• Security Center
• Windows Update
• Windows Defender
• Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

• Double click the icon and select Run
• Click Next
• Select I accept the terms in this license agreement, then click Next twice
• Click Install
• Click Finish to launch the program
• Once the virus database has been updated click Start Scanning
• If any threats are found click Details, then View log file... (bottom left hand corner)
• Copy and paste the results in your reply
• Close the Notepad document, close the Threat Details screen, then click Start cleanup
• Click Exit to close the program

 

[glhglh]

Security check:

Results of screen317's Security Check version 1.014 --- 12/23/15
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
`````````Anti-malware/Other Utilities Check:`````````
Java version 32-bit out of Date!
Adobe Flash Player 26.0.0.131
Google Chrome (58.0.3029.110)
Google Chrome (59.0.3071.115)
Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSMpEng.exe
Malwarebytes Anti-Malware mbamservice.exe
betty Desktop Virus SecurityCheck.exe
Malwarebytes Anti-Malware mbamtray.exe
Windows Defender MSASCuiL.exe
Windows Defender MpCmdRun.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

 

[glhglh]

fss:

Farbar Service Scanner Version: 27-01-2016
Ran by betty (administrator) on 28-06-2017 at 19:23:18
Running from "C:\Users\betty\Desktop\Virus"
Microsoft Windows 10 Home (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

 

[glhglh]

Tfc no reboot

 

[Broni]

Sophos?

 

[glhglh]

Sophos, clean.

Thank you, as always for your help!!!!!