Solved Something hanging up IE

glhglh · Sep 21, 2017

Frist 1:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-09-2017
Ran by Gary (administrator) on GLH-HP-I7 (20-09-2017 22:50:49)
Running from C:\Users\Gary\Desktop\Virus Files
Loaded Profiles: Gary (Available Profiles: Gary)
Platform: Windows 10 Home Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(HP) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\UCT\HDR Express 2\HDRExpress2Service.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
() C:\Program Files\UCT\HDR Express 3\HDRExpress3Service.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hp\HP System Event\HPWMISVC.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(PostgreSQL Global Development Group) C:\PostgreSQL\9.3\bin\pg_ctl.exe
(arvato digital services llc) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(PostgreSQL Global Development Group) C:\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\PostgreSQL\9.3\bin\postgres.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 7500 E910\Bin\ScanToPCActivationApp.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hp\HP System Event\HPMSGSVC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.16410.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon-x64.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 7500 E910\Bin\HPNetworkCommunicator.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8497368 2015-08-14] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2473800 2014-09-08] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-07-14] (Apple Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3481912 2017-09-20] (Dropbox, Inc.)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [653576 2015-06-29] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [286784 2015-08-13] (RealNetworks, Inc.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [127528 2015-07-08] (Hewlett-Packard Company)
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [324976 2010-05-21] (Flexera Software, Inc.)
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Roxio Creator NXT Pro 3\Common\RoxWatchTray15.exe [295112 2014-09-26] (Corel Corporation)
HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [714992 2016-07-05] ()
HKU\S-1-5-21-2403600405-3902123954-3795360202-1001\...\Run: [HP Officejet 7500 E910 (NET)] => C:\Program Files\HP\HP Officejet 7500 E910\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2403600405-3902123954-3795360202-1001\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [603392 2015-08-26] (NETGEAR Inc.)
HKU\S-1-5-21-2403600405-3902123954-3795360202-1001\...\Run: [Google Update] => C:\Users\Gary\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-04-27] (Google Inc.)
HKU\S-1-5-21-2403600405-3902123954-3795360202-1001\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110376 2017-09-11] (Siber Systems)
HKU\S-1-5-21-2403600405-3902123954-3795360202-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Mystify.scr [150016 2017-03-18] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2015-08-13]
ShortcutTarget: RealTimes.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6edd252c-d2b6-4b01-8e0f-90f2a5c271d4}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp13.msn.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp13.msn.com
HKU\S-1-5-21-2403600405-3902123954-3795360202-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.nytimes.com/?WT.z_jog=1&hF=f&vS=undefined
HKU\S-1-5-21-2403600405-3902123954-3795360202-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2403600405-3902123954-3795360202-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2015-07-27] (RealDownloader)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2017-07-24] (Microsoft Corporation)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2017-09-11] (Siber Systems Inc.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-25] (Google Inc.)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-07-24] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2015-07-27] (RealDownloader)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2017-07-24] (Microsoft Corporation)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2017-09-11] (Siber Systems Inc.)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-07-25] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-25] (Google Inc.)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2017-07-24] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2017-09-11] (Siber Systems Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-25] (Google Inc.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2017-09-11] (Siber Systems Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-25] (Google Inc.)
Toolbar: HKU\S-1-5-21-2403600405-3902123954-3795360202-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-25] (Google Inc.)
Toolbar: HKU\S-1-5-21-2403600405-3902123954-3795360202-1001 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2017-09-11] (Siber Systems Inc.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-24] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-07-24] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-24] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-07-24] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-24] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-07-24] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-24] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-07-24] (Microsoft Corporation)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_130.dll [2017-09-14] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-07-24] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_130.dll [2017-09-14] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-07-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2017-07-24] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=18.0.2.59 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2015-08-13] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=18.0.2.59 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2015-08-13] (RealTimes)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-08-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2403600405-3902123954-3795360202-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin HKU\S-1-5-21-2403600405-3902123954-3795360202-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://www.nytimes.com/?WT.z_jog=1","hxxp://www.peacecorpskorea.com/","hxxps://www.facebook.com/groups/Korea.xpcvs/","hxxps://translate.google.com/?hl=en","hxxp://sellers.alibris.com/ops/index.cfm"
CHR Profile: C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default [2017-09-20]
CHR Extension: (Google Slides) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-11]
CHR Extension: (Google Docs) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-11]
CHR Extension: (Google Drive) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Cast) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2016-03-25]
CHR Extension: (Google Search) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Google Sheets) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-11]
CHR Extension: (Google Docs Offline) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
CHR Extension: (HP Network Check Launcher) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkfpchpiljkaemlpmpebnglgkomamfeo [2017-03-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-06]
CHR Extension: (Gmail) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-11]
CHR Extension: (Chrome Media Router) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-19]
CHR Extension: (RoboForm Password Manager) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2017-09-06]
CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2016-04-10]
CHR HKLM-x32\...\Chrome\Extension: [jkfpchpiljkaemlpmpebnglgkomamfeo] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2016-04-10]

glhglh · Sep 21, 2017

Frist 2:

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269; C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [457960 2013-10-16] ()
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
S3 becldr3Service; C:\Program Files\BCL Technologies\easyConverter SDK 3\Common\becldr.exe [263168 2013-07-03] () [File not signed]
R2 BOT4Service; C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe [22760 2014-01-22] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3705536 2017-07-03] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-10-06] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-10-06] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51016 2017-09-20] (Dropbox, Inc.)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5738528 2014-11-07] (Fitbit, Inc.) [File not signed]
R2 HDRExpress2Service; C:\Program Files\UCT\HDR Express 2\HDRExpress2Service.exe [32888 2013-08-02] ()
R2 HDRExpress3Service; C:\Program Files\UCT\HDR Express 3\HDRExpress3Service.exe [32784 2014-10-23] ()
R2 hpsrv; C:\WINDOWS\system32\Hpservice.exe [38728 2016-10-12] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [321896 2017-07-06] (HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [602888 2015-06-29] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-23] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373720 2017-04-28] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation)
R2 jhi_service; C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223008 2015-07-06] (Intel Corporation)
R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-10-28] ()
S3 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2015-08-26] (NETGEAR)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-01] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-08] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19438920 2014-09-08] (NVIDIA Corporation)
R2 postgresql-x64-9.3; C:\PostgreSQL\9.3\bin\pg_ctl.exe [90624 2015-06-09] (PostgreSQL Global Development Group) [File not signed]
R2 PSI_SVC_2; c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2013-09-13] (arvato digital services llc)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)
S2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [32880 2015-07-27] ()
R2 RealTimes Desktop Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1115736 2015-08-13] (RealNetworks, Inc.)
S3 RoxMediaDB15; C:\Program Files (x86)\Roxio Creator NXT Pro 3\Common\RoxMediaDB15.exe [1097928 2014-09-26] (Corel Corporation)
S2 RoxWatch15; C:\Program Files (x86)\Roxio Creator NXT Pro 3\Common\RoxWatch15.exe [342216 2014-09-26] (Corel Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [294616 2015-08-14] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [266848 2016-12-27] (Synaptics Incorporated)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [44544 2015-03-03] (Synaptics Incorporated) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-19] (Microsoft Corporation)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3831712 2015-10-28] (Intel® Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Accelerometer; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [56128 2016-10-12] (HP)
S3 aswTap; C:\WINDOWS\system32\DRIVERS\aswTap.sys [44640 2014-09-05] (The OpenVPN Project)
R0 hpdskflt; C:\WINDOWS\System32\DRIVERS\hpdskflt.sys [42312 2016-10-12] (HP)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [230656 2017-03-09] (Intel Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251832 2017-09-20] (Malwarebytes)
R1 MpKslf2ed3911; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C395210B-813A-48AF-BA28-3AEDC61ECABC}\MpKslf2ed3911.sys [44928 2017-09-20] (Microsoft Corporation)
R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3509512 2015-11-05] (Intel Corporation)
R2 NPF; C:\WINDOWS\system32\drivers\npf.sys [35344 2015-10-14] (CACE Technologies, Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvhmwu.inf_amd64_a2527a6474fd95b3\nvlddmkm.sys [14456920 2017-05-18] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-09-08] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
R0 PxHlpa64; C:\WINDOWS\System32\drivers\PxHlpa64.sys [56336 2013-07-19] (Corel Corporation)
R1 RrNetCapFilterDriver; C:\WINDOWS\system32\DRIVERS\RrNetCapFilterDriver.sys [25256 2015-07-29] (Audials AG)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [886528 2015-08-14] (Realtek )
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [751632 2015-05-14] (Realsil Semiconductor Corporation)
R0 Sahdad64; C:\WINDOWS\System32\Drivers\Sahdad64.sys [28304 2013-10-16] (Corel Corporation)
R0 Saibad64; C:\WINDOWS\System32\Drivers\Saibad64.sys [20112 2013-10-16] (Corel Corporation)
R1 SaibVdAd64; C:\WINDOWS\System32\Drivers\SaibVdAd64.sys [27792 2013-10-16] (Corel Corporation)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [30448 2014-06-16] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [72792 2016-12-27] (Synaptics Incorporated)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30384 2015-06-23] (HP Inc.)
R3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [49896 2016-07-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-20 12:04 - 2017-09-20 12:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-09-20 11:59 - 2017-09-20 11:59 - 000766242 _____ C:\WINDOWS\SysWOW64\rsslogs.20170920115903
2017-09-20 04:28 - 2017-09-20 04:28 - 000051016 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-09-20 04:28 - 2017-09-20 04:28 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-09-20 04:28 - 2017-09-20 04:28 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-09-20 04:28 - 2017-09-20 04:28 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-09-19 13:21 - 2017-09-20 11:59 - 000571273 _____ C:\WINDOWS\SysWOW64\rsslogs.20170919132012
2017-09-18 05:57 - 2017-09-19 13:21 - 001145070 _____ C:\WINDOWS\SysWOW64\rsslogs.20170918055727
2017-09-17 11:13 - 2017-09-18 05:57 - 001369106 _____ C:\WINDOWS\SysWOW64\rsslogs.20170917111229
2017-09-16 12:52 - 2017-09-17 11:13 - 000020716 _____ C:\WINDOWS\SysWOW64\rsslogs.20170916125123
2017-09-15 13:29 - 2017-09-16 12:52 - 000582012 _____ C:\WINDOWS\SysWOW64\rsslogs.20170915132856
2017-09-14 05:58 - 2017-09-15 13:29 - 001168286 _____ C:\WINDOWS\SysWOW64\rsslogs.20170914055724
2017-09-13 21:59 - 2017-09-14 05:58 - 000582976 _____ C:\WINDOWS\SysWOW64\rsslogs.20170913215820
2017-09-13 21:22 - 2017-09-04 22:30 - 000287648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-09-13 21:22 - 2017-09-04 22:21 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-09-13 21:22 - 2017-09-04 22:18 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-09-13 21:22 - 2017-09-04 22:16 - 000546208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-09-13 21:22 - 2017-09-04 22:12 - 001409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-09-13 21:22 - 2017-09-04 22:12 - 001292880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-09-13 21:22 - 2017-09-04 22:12 - 000627080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-09-13 21:22 - 2017-09-04 22:12 - 000081176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2017-09-13 21:22 - 2017-09-04 22:11 - 002675104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-09-13 21:22 - 2017-09-04 21:53 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-09-13 21:22 - 2017-09-04 21:52 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-09-13 21:22 - 2017-09-04 21:50 - 004330920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll
2017-09-13 21:22 - 2017-09-04 21:46 - 004471888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-09-13 21:22 - 2017-09-04 21:45 - 005821496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-09-13 21:22 - 2017-09-04 21:45 - 002476712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-09-13 21:22 - 2017-09-04 21:45 - 002166808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-09-13 21:22 - 2017-09-04 21:45 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-09-13 21:22 - 2017-09-04 21:45 - 000085784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialUIBroker.exe
2017-09-13 21:22 - 2017-09-04 21:44 - 000569264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2017-09-13 21:22 - 2017-09-04 21:43 - 000611096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-09-13 21:22 - 2017-09-04 21:43 - 000359560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-09-13 21:22 - 2017-09-04 21:43 - 000280480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-09-13 21:22 - 2017-09-04 21:43 - 000169376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-09-13 21:22 - 2017-09-04 21:43 - 000042456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbs.dll
2017-09-13 21:22 - 2017-09-04 21:42 - 002330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-09-13 21:22 - 2017-09-04 21:42 - 000703056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-09-13 21:22 - 2017-09-04 21:42 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-09-13 21:22 - 2017-09-04 21:42 - 000291904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
2017-09-13 21:22 - 2017-09-04 21:42 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-09-13 21:22 - 2017-09-04 21:41 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-09-13 21:22 - 2017-09-04 21:41 - 006761560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-09-13 21:22 - 2017-09-04 21:41 - 004671832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-09-13 21:22 - 2017-09-04 21:41 - 001106904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2017-09-13 21:22 - 2017-09-04 21:41 - 001013912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2017-09-13 21:22 - 2017-09-04 21:40 - 000052768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2017-09-13 21:22 - 2017-09-04 21:37 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-09-13 21:22 - 2017-09-04 21:28 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2017-09-13 21:22 - 2017-09-04 21:28 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\buttonconverter.sys
2017-09-13 21:22 - 2017-09-04 21:27 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-09-13 21:22 - 2017-09-04 21:27 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2017-09-13 21:22 - 2017-09-04 21:26 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-09-13 21:22 - 2017-09-04 21:26 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-09-13 21:22 - 2017-09-04 21:26 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2017-09-13 21:22 - 2017-09-04 21:26 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2017-09-13 21:22 - 2017-09-04 21:26 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-09-13 21:22 - 2017-09-04 21:25 - 013844480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-09-13 21:22 - 2017-09-04 21:25 - 001448960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-09-13 21:22 - 2017-09-04 21:25 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-09-13 21:22 - 2017-09-04 21:25 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-09-13 21:22 - 2017-09-04 21:24 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-09-13 21:22 - 2017-09-04 21:24 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcrecovery.dll
2017-09-13 21:22 - 2017-09-04 21:24 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-09-13 21:22 - 2017-09-04 21:23 - 020509184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-09-13 21:22 - 2017-09-04 21:23 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2017-09-13 21:22 - 2017-09-04 21:23 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-09-13 21:22 - 2017-09-04 21:22 - 000742912 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2017-09-13 21:22 - 2017-09-04 21:22 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2017-09-13 21:22 - 2017-09-04 21:22 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2017-09-13 21:22 - 2017-09-04 21:22 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2017-09-13 21:22 - 2017-09-04 21:22 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-09-13 21:22 - 2017-09-04 21:22 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-09-13 21:22 - 2017-09-04 21:22 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-09-13 21:22 - 2017-09-04 21:21 - 006728704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-09-13 21:22 - 2017-09-04 21:21 - 001178624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2017-09-13 21:22 - 2017-09-04 21:21 - 000408576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2017-09-13 21:22 - 2017-09-04 21:21 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll
2017-09-13 21:22 - 2017-09-04 21:21 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2017-09-13 21:22 - 2017-09-04 21:21 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-09-13 21:22 - 2017-09-04 21:21 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.exe
2017-09-13 21:22 - 2017-09-04 21:20 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-09-13 21:22 - 2017-09-04 21:20 - 000370176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-09-13 21:22 - 2017-09-04 21:19 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-09-13 21:22 - 2017-09-04 21:19 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-09-13 21:22 - 2017-09-04 21:19 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.dll
2017-09-13 21:22 - 2017-09-04 21:19 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2017-09-13 21:22 - 2017-09-04 21:19 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput.dll
2017-09-13 21:22 - 2017-09-04 21:19 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-09-13 21:22 - 2017-09-04 21:19 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-09-13 21:22 - 2017-09-04 21:18 - 000524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2017-09-13 21:22 - 2017-09-04 21:18 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2017-09-13 21:22 - 2017-09-04 21:18 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-09-13 21:22 - 2017-09-04 21:18 - 000452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasplap.dll
2017-09-13 21:22 - 2017-09-04 21:18 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-09-13 21:22 - 2017-09-04 21:18 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput8.dll
2017-09-13 21:22 - 2017-09-04 21:18 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasman.dll
2017-09-13 21:22 - 2017-09-04 21:17 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-09-13 21:22 - 2017-09-04 21:17 - 008207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-09-13 21:22 - 2017-09-04 21:17 - 000918528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2017-09-13 21:22 - 2017-09-04 21:17 - 000852480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasgcw.dll
2017-09-13 21:22 - 2017-09-04 21:17 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2017-09-13 21:22 - 2017-09-04 21:17 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2017-09-13 21:22 - 2017-09-04 21:16 - 005961728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-09-13 21:22 - 2017-09-04 21:16 - 000844288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2017-09-13 21:22 - 2017-09-04 21:16 - 000563200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2017-09-13 21:22 - 2017-09-04 21:16 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-09-13 21:22 - 2017-09-04 21:16 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-09-13 21:22 - 2017-09-04 21:16 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll
2017-09-13 21:22 - 2017-09-04 21:15 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-09-13 21:22 - 2017-09-04 21:15 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-09-13 21:22 - 2017-09-04 21:15 - 000657408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-09-13 21:22 - 2017-09-04 21:15 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-09-13 21:22 - 2017-09-04 21:15 - 000430592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-09-13 21:22 - 2017-09-04 21:15 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll
2017-09-13 21:22 - 2017-09-04 21:14 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-09-13 21:22 - 2017-09-04 21:14 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-09-13 21:22 - 2017-09-04 21:14 - 000754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-09-13 21:22 - 2017-09-04 21:14 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-09-13 21:22 - 2017-09-04 21:14 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2017-09-13 21:22 - 2017-09-04 21:13 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-09-13 21:22 - 2017-09-04 21:13 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-09-13 21:22 - 2017-09-04 21:12 - 006265856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-09-13 21:22 - 2017-09-04 21:12 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-09-13 21:22 - 2017-09-04 21:12 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-09-13 21:22 - 2017-09-04 21:12 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-09-13 21:22 - 2017-09-04 21:11 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-09-13 21:22 - 2017-09-04 21:11 - 003654656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-09-13 21:22 - 2017-09-04 21:11 - 001463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-09-13 21:22 - 2017-09-04 21:11 - 001355264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2017-09-13 21:22 - 2017-09-04 21:11 - 001060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2017-09-13 21:22 - 2017-09-04 21:11 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-09-13 21:22 - 2017-09-04 21:11 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-09-13 21:22 - 2017-09-04 21:10 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-09-13 21:22 - 2017-09-04 21:10 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-09-13 21:22 - 2017-09-04 21:10 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-09-13 21:22 - 2017-09-04 21:10 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthHFSrv.dll
2017-09-13 21:22 - 2017-09-04 21:06 - 000221696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
2017-09-13 21:22 - 2017-09-04 21:06 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-09-13 21:22 - 2017-09-04 21:04 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RstrtMgr.dll
2017-09-13 21:22 - 2017-09-04 21:04 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2017-09-13 21:21 - 2017-09-04 22:31 - 001596592 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-09-13 21:21 - 2017-09-04 22:31 - 001346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-09-13 21:21 - 2017-09-04 22:31 - 001147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-09-13 21:21 - 2017-09-04 22:31 - 001024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-09-13 21:21 - 2017-09-04 22:31 - 000821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-09-13 21:21 - 2017-09-04 22:31 - 000750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-09-13 21:21 - 2017-09-04 22:31 - 000115792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2017-09-13 21:21 - 2017-09-04 22:27 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-09-13 21:21 - 2017-09-04 22:27 - 000136096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-09-13 21:21 - 2017-09-04 22:26 - 008319904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-09-13 21:21 - 2017-09-04 22:26 - 001930840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-09-13 21:21 - 2017-09-04 22:25 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-09-13 21:21 - 2017-09-04 22:25 - 000159648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2017-09-13 21:21 - 2017-09-04 22:24 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-09-13 21:21 - 2017-09-04 22:24 - 000519584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2017-09-13 21:21 - 2017-09-04 22:23 - 004462120 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
2017-09-13 21:21 - 2017-09-04 22:23 - 001242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-09-13 21:21 - 2017-09-04 22:20 - 001057824 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2017-09-13 21:21 - 2017-09-04 22:19 - 004848960 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-09-13 21:21 - 2017-09-04 22:19 - 002443168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys

glhglh · Sep 21, 2017

Frist 3:

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269; C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [457960 2013-10-16] ()
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
S3 becldr3Service; C:\Program Files\BCL Technologies\easyConverter SDK 3\Common\becldr.exe [263168 2013-07-03] () [File not signed]
R2 BOT4Service; C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe [22760 2014-01-22] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3705536 2017-07-03] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-10-06] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-10-06] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51016 2017-09-20] (Dropbox, Inc.)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5738528 2014-11-07] (Fitbit, Inc.) [File not signed]
R2 HDRExpress2Service; C:\Program Files\UCT\HDR Express 2\HDRExpress2Service.exe [32888 2013-08-02] ()
R2 HDRExpress3Service; C:\Program Files\UCT\HDR Express 3\HDRExpress3Service.exe [32784 2014-10-23] ()
R2 hpsrv; C:\WINDOWS\system32\Hpservice.exe [38728 2016-10-12] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [321896 2017-07-06] (HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [602888 2015-06-29] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-23] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373720 2017-04-28] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation)
R2 jhi_service; C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223008 2015-07-06] (Intel Corporation)
R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-10-28] ()
S3 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2015-08-26] (NETGEAR)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-01] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-08] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19438920 2014-09-08] (NVIDIA Corporation)
R2 postgresql-x64-9.3; C:\PostgreSQL\9.3\bin\pg_ctl.exe [90624 2015-06-09] (PostgreSQL Global Development Group) [File not signed]
R2 PSI_SVC_2; c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2013-09-13] (arvato digital services llc)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)
S2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [32880 2015-07-27] ()
R2 RealTimes Desktop Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1115736 2015-08-13] (RealNetworks, Inc.)
S3 RoxMediaDB15; C:\Program Files (x86)\Roxio Creator NXT Pro 3\Common\RoxMediaDB15.exe [1097928 2014-09-26] (Corel Corporation)
S2 RoxWatch15; C:\Program Files (x86)\Roxio Creator NXT Pro 3\Common\RoxWatch15.exe [342216 2014-09-26] (Corel Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [294616 2015-08-14] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [266848 2016-12-27] (Synaptics Incorporated)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [44544 2015-03-03] (Synaptics Incorporated) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-19] (Microsoft Corporation)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3831712 2015-10-28] (Intel® Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Accelerometer; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [56128 2016-10-12] (HP)
S3 aswTap; C:\WINDOWS\system32\DRIVERS\aswTap.sys [44640 2014-09-05] (The OpenVPN Project)
R0 hpdskflt; C:\WINDOWS\System32\DRIVERS\hpdskflt.sys [42312 2016-10-12] (HP)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [230656 2017-03-09] (Intel Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251832 2017-09-20] (Malwarebytes)
R1 MpKslf2ed3911; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C395210B-813A-48AF-BA28-3AEDC61ECABC}\MpKslf2ed3911.sys [44928 2017-09-20] (Microsoft Corporation)
R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3509512 2015-11-05] (Intel Corporation)
R2 NPF; C:\WINDOWS\system32\drivers\npf.sys [35344 2015-10-14] (CACE Technologies, Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvhmwu.inf_amd64_a2527a6474fd95b3\nvlddmkm.sys [14456920 2017-05-18] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-09-08] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
R0 PxHlpa64; C:\WINDOWS\System32\drivers\PxHlpa64.sys [56336 2013-07-19] (Corel Corporation)
R1 RrNetCapFilterDriver; C:\WINDOWS\system32\DRIVERS\RrNetCapFilterDriver.sys [25256 2015-07-29] (Audials AG)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [886528 2015-08-14] (Realtek )
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [751632 2015-05-14] (Realsil Semiconductor Corporation)
R0 Sahdad64; C:\WINDOWS\System32\Drivers\Sahdad64.sys [28304 2013-10-16] (Corel Corporation)
R0 Saibad64; C:\WINDOWS\System32\Drivers\Saibad64.sys [20112 2013-10-16] (Corel Corporation)
R1 SaibVdAd64; C:\WINDOWS\System32\Drivers\SaibVdAd64.sys [27792 2013-10-16] (Corel Corporation)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [30448 2014-06-16] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [72792 2016-12-27] (Synaptics Incorporated)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30384 2015-06-23] (HP Inc.)
R3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [49896 2016-07-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-20 12:04 - 2017-09-20 12:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-09-20 11:59 - 2017-09-20 11:59 - 000766242 _____ C:\WINDOWS\SysWOW64\rsslogs.20170920115903
2017-09-20 04:28 - 2017-09-20 04:28 - 000051016 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-09-20 04:28 - 2017-09-20 04:28 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-09-20 04:28 - 2017-09-20 04:28 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-09-20 04:28 - 2017-09-20 04:28 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-09-19 13:21 - 2017-09-20 11:59 - 000571273 _____ C:\WINDOWS\SysWOW64\rsslogs.20170919132012
2017-09-18 05:57 - 2017-09-19 13:21 - 001145070 _____ C:\WINDOWS\SysWOW64\rsslogs.20170918055727
2017-09-17 11:13 - 2017-09-18 05:57 - 001369106 _____ C:\WINDOWS\SysWOW64\rsslogs.20170917111229
2017-09-16 12:52 - 2017-09-17 11:13 - 000020716 _____ C:\WINDOWS\SysWOW64\rsslogs.20170916125123
2017-09-15 13:29 - 2017-09-16 12:52 - 000582012 _____ C:\WINDOWS\SysWOW64\rsslogs.20170915132856
2017-09-14 05:58 - 2017-09-15 13:29 - 001168286 _____ C:\WINDOWS\SysWOW64\rsslogs.20170914055724
2017-09-13 21:59 - 2017-09-14 05:58 - 000582976 _____ C:\WINDOWS\SysWOW64\rsslogs.20170913215820
2017-09-13 21:22 - 2017-09-04 22:30 - 000287648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-09-13 21:22 - 2017-09-04 22:21 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-09-13 21:22 - 2017-09-04 22:18 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-09-13 21:22 - 2017-09-04 22:16 - 000546208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-09-13 21:22 - 2017-09-04 22:12 - 001409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-09-13 21:22 - 2017-09-04 22:12 - 001292880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-09-13 21:22 - 2017-09-04 22:12 - 000627080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-09-13 21:22 - 2017-09-04 22:12 - 000081176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2017-09-13 21:22 - 2017-09-04 22:11 - 002675104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-09-13 21:22 - 2017-09-04 21:53 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-09-13 21:22 - 2017-09-04 21:52 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-09-13 21:22 - 2017-09-04 21:50 - 004330920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll
2017-09-13 21:22 - 2017-09-04 21:46 - 004471888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-09-13 21:22 - 2017-09-04 21:45 - 005821496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-09-13 21:22 - 2017-09-04 21:45 - 002476712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-09-13 21:22 - 2017-09-04 21:45 - 002166808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-09-13 21:22 - 2017-09-04 21:45 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-09-13 21:22 - 2017-09-04 21:45 - 000085784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialUIBroker.exe
2017-09-13 21:22 - 2017-09-04 21:44 - 000569264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2017-09-13 21:22 - 2017-09-04 21:43 - 000611096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-09-13 21:22 - 2017-09-04 21:43 - 000359560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-09-13 21:22 - 2017-09-04 21:43 - 000280480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-09-13 21:22 - 2017-09-04 21:43 - 000169376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-09-13 21:22 - 2017-09-04 21:43 - 000042456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbs.dll
2017-09-13 21:22 - 2017-09-04 21:42 - 002330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-09-13 21:22 - 2017-09-04 21:42 - 000703056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-09-13 21:22 - 2017-09-04 21:42 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-09-13 21:22 - 2017-09-04 21:42 - 000291904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
2017-09-13 21:22 - 2017-09-04 21:42 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-09-13 21:22 - 2017-09-04 21:41 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-09-13 21:22 - 2017-09-04 21:41 - 006761560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-09-13 21:22 - 2017-09-04 21:41 - 004671832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-09-13 21:22 - 2017-09-04 21:41 - 001106904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2017-09-13 21:22 - 2017-09-04 21:41 - 001013912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2017-09-13 21:22 - 2017-09-04 21:40 - 000052768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2017-09-13 21:22 - 2017-09-04 21:37 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-09-13 21:22 - 2017-09-04 21:28 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2017-09-13 21:22 - 2017-09-04 21:28 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\buttonconverter.sys
2017-09-13 21:22 - 2017-09-04 21:27 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-09-13 21:22 - 2017-09-04 21:27 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2017-09-13 21:22 - 2017-09-04 21:26 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-09-13 21:22 - 2017-09-04 21:26 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-09-13 21:22 - 2017-09-04 21:26 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2017-09-13 21:22 - 2017-09-04 21:26 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2017-09-13 21:22 - 2017-09-04 21:26 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-09-13 21:22 - 2017-09-04 21:25 - 013844480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-09-13 21:22 - 2017-09-04 21:25 - 001448960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-09-13 21:22 - 2017-09-04 21:25 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-09-13 21:22 - 2017-09-04 21:25 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-09-13 21:22 - 2017-09-04 21:24 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-09-13 21:22 - 2017-09-04 21:24 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcrecovery.dll
2017-09-13 21:22 - 2017-09-04 21:24 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-09-13 21:22 - 2017-09-04 21:23 - 020509184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-09-13 21:22 - 2017-09-04 21:23 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2017-09-13 21:22 - 2017-09-04 21:23 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-09-13 21:22 - 2017-09-04 21:22 - 000742912 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2017-09-13 21:22 - 2017-09-04 21:22 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2017-09-13 21:22 - 2017-09-04 21:22 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2017-09-13 21:22 - 2017-09-04 21:22 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2017-09-13 21:22 - 2017-09-04 21:22 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-09-13 21:22 - 2017-09-04 21:22 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-09-13 21:22 - 2017-09-04 21:22 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-09-13 21:22 - 2017-09-04 21:21 - 006728704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-09-13 21:22 - 2017-09-04 21:21 - 001178624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2017-09-13 21:22 - 2017-09-04 21:21 - 000408576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2017-09-13 21:22 - 2017-09-04 21:21 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll
2017-09-13 21:22 - 2017-09-04 21:21 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2017-09-13 21:22 - 2017-09-04 21:21 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-09-13 21:22 - 2017-09-04 21:21 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.exe
2017-09-13 21:22 - 2017-09-04 21:20 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-09-13 21:22 - 2017-09-04 21:20 - 000370176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-09-13 21:22 - 2017-09-04 21:19 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-09-13 21:22 - 2017-09-04 21:19 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-09-13 21:22 - 2017-09-04 21:19 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.dll
2017-09-13 21:22 - 2017-09-04 21:19 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2017-09-13 21:22 - 2017-09-04 21:19 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput.dll
2017-09-13 21:22 - 2017-09-04 21:19 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-09-13 21:22 - 2017-09-04 21:19 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-09-13 21:22 - 2017-09-04 21:18 - 000524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2017-09-13 21:22 - 2017-09-04 21:18 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2017-09-13 21:22 - 2017-09-04 21:18 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-09-13 21:22 - 2017-09-04 21:18 - 000452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasplap.dll
2017-09-13 21:22 - 2017-09-04 21:18 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-09-13 21:22 - 2017-09-04 21:18 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput8.dll
2017-09-13 21:22 - 2017-09-04 21:18 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasman.dll
2017-09-13 21:22 - 2017-09-04 21:17 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-09-13 21:22 - 2017-09-04 21:17 - 008207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-09-13 21:22 - 2017-09-04 21:17 - 000918528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2017-09-13 21:22 - 2017-09-04 21:17 - 000852480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasgcw.dll
2017-09-13 21:22 - 2017-09-04 21:17 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2017-09-13 21:22 - 2017-09-04 21:17 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2017-09-13 21:22 - 2017-09-04 21:16 - 005961728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-09-13 21:22 - 2017-09-04 21:16 - 000844288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2017-09-13 21:22 - 2017-09-04 21:16 - 000563200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2017-09-13 21:22 - 2017-09-04 21:16 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-09-13 21:22 - 2017-09-04 21:16 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-09-13 21:22 - 2017-09-04 21:16 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll
2017-09-13 21:22 - 2017-09-04 21:15 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-09-13 21:22 - 2017-09-04 21:15 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-09-13 21:22 - 2017-09-04 21:15 - 000657408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-09-13 21:22 - 2017-09-04 21:15 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-09-13 21:22 - 2017-09-04 21:15 - 000430592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-09-13 21:22 - 2017-09-04 21:15 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll
2017-09-13 21:22 - 2017-09-04 21:14 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-09-13 21:22 - 2017-09-04 21:14 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-09-13 21:22 - 2017-09-04 21:14 - 000754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-09-13 21:22 - 2017-09-04 21:14 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-09-13 21:22 - 2017-09-04 21:14 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2017-09-13 21:22 - 2017-09-04 21:13 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-09-13 21:22 - 2017-09-04 21:13 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-09-13 21:22 - 2017-09-04 21:12 - 006265856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-09-13 21:22 - 2017-09-04 21:12 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-09-13 21:22 - 2017-09-04 21:12 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-09-13 21:22 - 2017-09-04 21:12 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-09-13 21:22 - 2017-09-04 21:11 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-09-13 21:22 - 2017-09-04 21:11 - 003654656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-09-13 21:22 - 2017-09-04 21:11 - 001463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-09-13 21:22 - 2017-09-04 21:11 - 001355264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2017-09-13 21:22 - 2017-09-04 21:11 - 001060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2017-09-13 21:22 - 2017-09-04 21:11 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-09-13 21:22 - 2017-09-04 21:11 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-09-13 21:22 - 2017-09-04 21:10 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-09-13 21:22 - 2017-09-04 21:10 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-09-13 21:22 - 2017-09-04 21:10 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-09-13 21:22 - 2017-09-04 21:10 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthHFSrv.dll
2017-09-13 21:22 - 2017-09-04 21:06 - 000221696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
2017-09-13 21:22 - 2017-09-04 21:06 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-09-13 21:22 - 2017-09-04 21:04 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RstrtMgr.dll
2017-09-13 21:22 - 2017-09-04 21:04 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2017-09-13 21:21 - 2017-09-04 22:31 - 001596592 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-09-13 21:21 - 2017-09-04 22:31 - 001346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-09-13 21:21 - 2017-09-04 22:31 - 001147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-09-13 21:21 - 2017-09-04 22:31 - 001024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-09-13 21:21 - 2017-09-04 22:31 - 000821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-09-13 21:21 - 2017-09-04 22:31 - 000750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-09-13 21:21 - 2017-09-04 22:31 - 000115792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2017-09-13 21:21 - 2017-09-04 22:27 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-09-13 21:21 - 2017-09-04 22:27 - 000136096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-09-13 21:21 - 2017-09-04 22:26 - 008319904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-09-13 21:21 - 2017-09-04 22:26 - 001930840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-09-13 21:21 - 2017-09-04 22:25 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-09-13 21:21 - 2017-09-04 22:25 - 000159648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2017-09-13 21:21 - 2017-09-04 22:24 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-09-13 21:21 - 2017-09-04 22:24 - 000519584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2017-09-13 21:21 - 2017-09-04 22:23 - 004462120 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
2017-09-13 21:21 - 2017-09-04 22:23 - 001242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-09-13 21:21 - 2017-09-04 22:20 - 001057824 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2017-09-13 21:21 - 2017-09-04 22:19 - 004848960 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-09-13 21:21 - 2017-09-04 22:19 - 002443168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-09-13 21:21 - 2017-09-04 22:18 - 007326128 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-09-13 21:21 - 2017-09-04 22:18 - 005477096 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-09-13 21:21 - 2017-09-04 22:18 - 002972552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2017-09-13 21:21 - 2017-09-04 22:18 - 002647224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-09-13 21:21 - 2017-09-04 22:18 - 001668344 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2017-09-13 21:21 - 2017-09-04 22:18 - 000685512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2017-09-13 21:21 - 2017-09-04 22:18 - 000212384 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-09-13 21:21 - 2017-09-04 22:17 - 000316320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-09-13 21:21 - 2017-09-04 22:16 - 001320344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-09-13 21:21 - 2017-09-04 22:16 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-09-13 21:21 - 2017-09-04 22:16 - 000724200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-09-13 21:21 - 2017-09-04 22:16 - 000715168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-09-13 21:21 - 2017-09-04 22:16 - 000410168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-09-13 21:21 - 2017-09-04 22:16 - 000228256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-09-13 21:21 - 2017-09-04 22:16 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-09-13 21:21 - 2017-09-04 22:16 - 000049720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbs.dll
2017-09-13 21:21 - 2017-09-04 22:15 - 003116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-09-13 21:21 - 2017-09-04 22:15 - 000871448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-09-13 21:21 - 2017-09-04 22:15 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-09-13 21:21 - 2017-09-04 22:15 - 000381824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2017-09-13 21:21 - 2017-09-04 22:15 - 000257440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-09-13 21:21 - 2017-09-04 22:14 - 021352656 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-09-13 21:21 - 2017-09-04 22:14 - 007907344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-09-13 21:21 - 2017-09-04 22:14 - 004708504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-09-13 21:21 - 2017-09-04 22:14 - 001146176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2017-09-13 21:21 - 2017-09-04 22:14 - 000958664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll

glhglh · Sep 21, 2017

Frst 4:

2017-09-13 21:21 - 2017-09-04 22:14 - 000254176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-09-13 21:21 - 2017-09-04 22:14 - 000094624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-09-13 21:21 - 2017-09-04 22:13 - 001619816 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-09-13 21:21 - 2017-09-04 22:13 - 000064680 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2017-09-13 21:21 - 2017-09-04 22:11 - 000610720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2017-09-13 21:21 - 2017-09-04 22:11 - 000387936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-09-13 21:21 - 2017-09-04 21:53 - 001620880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-09-13 21:21 - 2017-09-04 21:45 - 023679488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-09-13 21:21 - 2017-09-04 21:31 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-09-13 21:21 - 2017-09-04 21:30 - 001639936 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-09-13 21:21 - 2017-09-04 21:30 - 001275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-09-13 21:21 - 2017-09-04 21:30 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-09-13 21:21 - 2017-09-04 21:30 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-09-13 21:21 - 2017-09-04 21:30 - 000447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-09-13 21:21 - 2017-09-04 21:30 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-09-13 21:21 - 2017-09-04 21:30 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-09-13 21:21 - 2017-09-04 21:30 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrvext.dll
2017-09-13 21:21 - 2017-09-04 21:30 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-09-13 21:21 - 2017-09-04 21:29 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrPS.dll
2017-09-13 21:21 - 2017-09-04 21:28 - 017371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-09-13 21:21 - 2017-09-04 21:28 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-09-13 21:21 - 2017-09-04 21:27 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-09-13 21:21 - 2017-09-04 21:27 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\CfgSPCellular.dll
2017-09-13 21:21 - 2017-09-04 21:27 - 000131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAPNCsp.dll
2017-09-13 21:21 - 2017-09-04 21:27 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-09-13 21:21 - 2017-09-04 21:27 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\datamarketsvc.dll
2017-09-13 21:21 - 2017-09-04 21:27 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2017-09-13 21:21 - 2017-09-04 21:27 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-09-13 21:21 - 2017-09-04 21:26 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2017-09-13 21:21 - 2017-09-04 21:26 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\csplte.dll
2017-09-13 21:21 - 2017-09-04 21:26 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2017-09-13 21:21 - 2017-09-04 21:26 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2017-09-13 21:21 - 2017-09-04 21:26 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-09-13 21:21 - 2017-09-04 21:26 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.exe
2017-09-13 21:21 - 2017-09-04 21:26 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnpinst.exe
2017-09-13 21:21 - 2017-09-04 21:25 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-09-13 21:21 - 2017-09-04 21:25 - 000527872 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-09-13 21:21 - 2017-09-04 21:25 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-09-13 21:21 - 2017-09-04 21:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-09-13 21:21 - 2017-09-04 21:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nsiproxy.sys
2017-09-13 21:21 - 2017-09-04 21:24 - 000457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2017-09-13 21:21 - 2017-09-04 21:24 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\tpmvsc.dll
2017-09-13 21:21 - 2017-09-04 21:24 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.dll
2017-09-13 21:21 - 2017-09-04 21:24 - 000334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-09-13 21:21 - 2017-09-04 21:24 - 000274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2017-09-13 21:21 - 2017-09-04 21:24 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput.dll
2017-09-13 21:21 - 2017-09-04 21:24 - 000109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2017-09-13 21:21 - 2017-09-04 21:23 - 000739840 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2017-09-13 21:21 - 2017-09-04 21:23 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-09-13 21:21 - 2017-09-04 21:23 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-09-13 21:21 - 2017-09-04 21:23 - 000305152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2017-09-13 21:21 - 2017-09-04 21:23 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-09-13 21:21 - 2017-09-04 21:23 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2017-09-13 21:21 - 2017-09-04 21:23 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasman.dll
2017-09-13 21:21 - 2017-09-04 21:22 - 023684608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-09-13 21:21 - 2017-09-04 21:22 - 000556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-09-13 21:21 - 2017-09-04 21:22 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-09-13 21:21 - 2017-09-04 21:22 - 000477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasplap.dll
2017-09-13 21:21 - 2017-09-04 21:22 - 000413184 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2017-09-13 21:21 - 2017-09-04 21:22 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-09-13 21:21 - 2017-09-04 21:22 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2017-09-13 21:21 - 2017-09-04 21:22 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-09-13 21:21 - 2017-09-04 21:22 - 000213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput8.dll
2017-09-13 21:21 - 2017-09-04 21:22 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetpp.dll
2017-09-13 21:21 - 2017-09-04 21:21 - 001051136 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2017-09-13 21:21 - 2017-09-04 21:21 - 000946688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasgcw.dll
2017-09-13 21:21 - 2017-09-04 21:21 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2017-09-13 21:21 - 2017-09-04 21:21 - 000691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2017-09-13 21:21 - 2017-09-04 21:21 - 000422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-09-13 21:21 - 2017-09-04 21:20 - 007337472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-09-13 21:21 - 2017-09-04 21:20 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-09-13 21:21 - 2017-09-04 21:20 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-09-13 21:21 - 2017-09-04 21:20 - 000546816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-09-13 21:21 - 2017-09-04 21:20 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-09-13 21:21 - 2017-09-04 21:20 - 000282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2017-09-13 21:21 - 2017-09-04 21:20 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-09-13 21:21 - 2017-09-04 21:19 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-09-13 21:21 - 2017-09-04 21:19 - 001085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-09-13 21:21 - 2017-09-04 21:19 - 001028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-09-13 21:21 - 2017-09-04 21:19 - 000996864 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2017-09-13 21:21 - 2017-09-04 21:19 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-09-13 21:21 - 2017-09-04 21:19 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-09-13 21:21 - 2017-09-04 21:19 - 000243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2017-09-13 21:21 - 2017-09-04 21:18 - 012801536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-09-13 21:21 - 2017-09-04 21:18 - 004175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-09-13 21:21 - 2017-09-04 21:18 - 002078720 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-09-13 21:21 - 2017-09-04 21:18 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-09-13 21:21 - 2017-09-04 21:18 - 000921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2017-09-13 21:21 - 2017-09-04 21:18 - 000874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-09-13 21:21 - 2017-09-04 21:18 - 000864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-09-13 21:21 - 2017-09-04 21:18 - 000832000 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe
2017-09-13 21:21 - 2017-09-04 21:18 - 000803328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-09-13 21:21 - 2017-09-04 21:18 - 000752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-09-13 21:21 - 2017-09-04 21:18 - 000564736 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2017-09-13 21:21 - 2017-09-04 21:18 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-09-13 21:21 - 2017-09-04 21:18 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-09-13 21:21 - 2017-09-04 21:18 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-09-13 21:21 - 2017-09-04 21:18 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-09-13 21:21 - 2017-09-04 21:17 - 002765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-09-13 21:21 - 2017-09-04 21:17 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-09-13 21:21 - 2017-09-04 21:17 - 001397760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-09-13 21:21 - 2017-09-04 21:17 - 000757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2017-09-13 21:21 - 2017-09-04 21:16 - 002805248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-09-13 21:21 - 2017-09-04 21:16 - 002680320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2017-09-13 21:21 - 2017-09-04 21:16 - 000440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll
2017-09-13 21:21 - 2017-09-04 21:16 - 000397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2017-09-13 21:21 - 2017-09-04 21:15 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-09-13 21:21 - 2017-09-04 21:15 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-09-13 21:21 - 2017-09-04 21:15 - 003059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-09-13 21:21 - 2017-09-04 21:15 - 002503680 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-09-13 21:21 - 2017-09-04 21:15 - 002055680 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-09-13 21:21 - 2017-09-04 21:15 - 001736704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2017-09-13 21:21 - 2017-09-04 21:15 - 001460224 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-09-13 21:21 - 2017-09-04 21:15 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-09-13 21:21 - 2017-09-04 21:15 - 001143296 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-09-13 21:21 - 2017-09-04 21:15 - 001077248 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-09-13 21:21 - 2017-09-04 21:15 - 000706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-09-13 21:21 - 2017-09-04 21:15 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-09-13 21:21 - 2017-09-04 21:15 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-09-13 21:21 - 2017-09-04 21:14 - 011887104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-09-13 21:21 - 2017-09-04 21:14 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-09-13 21:21 - 2017-09-04 21:14 - 002445824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-09-13 21:21 - 2017-09-04 21:14 - 002177024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2017-09-13 21:21 - 2017-09-04 21:14 - 002006528 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2017-09-13 21:21 - 2017-09-04 21:14 - 001657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2017-09-13 21:21 - 2017-09-04 21:14 - 001583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-09-13 21:21 - 2017-09-04 21:14 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-09-13 21:21 - 2017-09-04 21:14 - 000827904 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-09-13 21:21 - 2017-09-04 21:14 - 000810496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-09-13 21:21 - 2017-09-04 21:13 - 002009600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-09-13 21:21 - 2017-09-04 21:13 - 001802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-09-13 21:21 - 2017-09-04 21:13 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-09-13 21:21 - 2017-09-04 21:12 - 002153984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2017-09-13 21:21 - 2017-09-04 21:11 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2017-09-13 21:21 - 2017-09-04 21:09 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
2017-09-13 21:21 - 2017-09-04 21:07 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RstrtMgr.dll
2017-09-13 21:21 - 2017-09-04 21:07 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-09-13 21:21 - 2017-09-04 21:06 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-09-13 21:21 - 2017-08-31 22:55 - 000031932 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-09-13 21:15 - 2017-09-13 21:15 - 000002856 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2017-09-13 21:15 - 2017-09-13 21:15 - 000000904 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-09-13 21:15 - 2017-09-13 21:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-09-13 21:15 - 2017-09-13 21:15 - 000000000 ____D C:\Program Files\CCleaner
2017-09-13 20:26 - 2017-09-13 20:26 - 000110872 _____ C:\WINDOWS\SysWOW64\rsslogs.20170913202536
2017-09-13 20:25 - 2017-09-13 20:27 - 001982660 _____ C:\WINDOWS\Minidump\091317-20703-01.dmp
2017-09-13 20:25 - 2017-09-13 20:25 - 1088513436 _____ C:\WINDOWS\MEMORY.DMP
2017-09-13 20:25 - 2017-09-13 20:25 - 000000000 ____D C:\WINDOWS\Minidump
2017-09-11 19:52 - 2017-09-11 19:52 - 000157030 _____ C:\WINDOWS\SysWOW64\rsslogs.20170911195154
2017-09-11 11:54 - 2017-09-11 19:52 - 000581912 _____ C:\WINDOWS\SysWOW64\rsslogs.20170911115306
2017-09-11 03:21 - 2017-09-11 03:21 - 000623330 _____ C:\WINDOWS\SysWOW64\rsslogs.20170911032010
2017-09-10 07:29 - 2017-09-11 03:21 - 000468399 _____ C:\WINDOWS\SysWOW64\rsslogs.20170910072821
2017-09-09 11:39 - 2017-09-10 07:29 - 000762366 _____ C:\WINDOWS\SysWOW64\rsslogs.20170909113854
2017-09-08 15:53 - 2017-09-09 11:39 - 000064560 _____ C:\WINDOWS\SysWOW64\rsslogs.20170908155207
2017-09-07 12:32 - 2017-09-08 15:53 - 000638680 _____ C:\WINDOWS\SysWOW64\rsslogs.20170907123118
2017-09-06 12:12 - 2017-09-07 12:32 - 000725489 _____ C:\WINDOWS\SysWOW64\rsslogs.20170906121131
2017-09-05 18:01 - 2017-09-06 12:12 - 000162130 _____ C:\WINDOWS\SysWOW64\rsslogs.20170905180037
2017-09-02 14:30 - 2017-09-19 21:07 - 000003236 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForGary
2017-09-02 14:30 - 2017-09-19 21:07 - 000000348 _____ C:\WINDOWS\Tasks\HPCeeScheduleForGary.job
2017-08-28 10:09 - 2017-08-28 10:09 - 000001863 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-08-28 10:09 - 2017-08-28 10:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-08-28 10:08 - 2017-08-28 10:09 - 000000000 ____D C:\Program Files\iTunes
2017-08-28 10:08 - 2017-08-28 10:08 - 000000000 ____D C:\Program Files\iPod

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-20 22:50 - 2016-02-28 16:13 - 000000000 ____D C:\FRST
2017-09-20 22:50 - 2016-02-28 15:59 - 000000000 ____D C:\Users\Gary\Desktop\Virus Files
2017-09-20 22:49 - 2015-11-04 19:52 - 000000000 ____D C:\Users\Gary\AppData\Local\CrashDumps
2017-09-20 22:48 - 2017-03-15 20:13 - 000251832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-09-20 22:20 - 2017-05-09 21:02 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-09-20 18:37 - 2017-05-09 21:41 - 000004154 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{7448B62C-9E8A-4939-9545-ED4482A418AD}
2017-09-20 12:04 - 2014-11-12 00:46 - 000000000 ____D C:\Program Files (x86)\Dropbox
2017-09-20 12:02 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-09-19 13:24 - 2017-03-18 14:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-09-18 12:33 - 2015-06-11 18:56 - 000002313 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-09-17 11:21 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\rescache
2017-09-14 21:25 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-09-14 21:25 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-09-14 14:30 - 2015-06-11 17:50 - 000000000 ___RD C:\Dropbox
2017-09-13 22:27 - 2017-03-18 14:01 - 000000000 ____D C:\WINDOWS\INF
2017-09-13 22:20 - 2015-06-11 23:43 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-09-13 22:19 - 2017-05-09 21:06 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-09-13 22:19 - 2015-06-11 17:05 - 000000000 __SHD C:\Users\Gary\IntelGraphicsProfiles
2017-09-13 22:05 - 2017-05-09 21:07 - 001296474 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-09-13 22:04 - 2017-05-09 21:09 - 000000000 ____D C:\Users\Gary
2017-09-13 21:58 - 2017-05-09 21:07 - 000000000 ____D C:\ProgramData\Validity
2017-09-13 21:58 - 2017-05-09 21:07 - 000000000 ____D C:\ProgramData\NVIDIA
2017-09-13 21:58 - 2017-05-09 21:02 - 000574888 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-09-13 21:57 - 2017-05-09 21:41 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-09-13 21:57 - 2017-03-18 04:40 - 002097152 _____ C:\WINDOWS\system32\config\BBI
2017-09-13 21:55 - 2017-03-18 14:03 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-09-13 21:55 - 2017-03-18 14:03 - 000000000 ___SD C:\WINDOWS\system32\F12
2017-09-13 21:55 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2017-09-13 21:55 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-09-13 21:55 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\system32\setup
2017-09-13 21:55 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-09-13 21:55 - 2017-03-18 14:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-09-13 21:55 - 2017-03-18 14:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-09-13 21:41 - 2015-06-11 21:43 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-09-13 21:37 - 2015-06-11 21:43 - 138202976 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-09-13 21:36 - 2017-03-18 13:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-09-11 13:37 - 2015-06-11 17:05 - 000000000 ____D C:\Users\Gary\AppData\Local\Packages
2017-09-11 11:58 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-09-11 11:52 - 2015-06-11 17:36 - 000000924 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2017-09-11 11:52 - 2015-06-11 17:36 - 000000920 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2017-09-11 11:47 - 2017-05-09 21:41 - 000004202 _____ C:\WINDOWS\System32\Tasks\Open URL by RoboForm
2017-09-11 11:47 - 2017-05-09 21:41 - 000003678 _____ C:\WINDOWS\System32\Tasks\Run RoboForm TaskBar Icon
2017-09-11 11:47 - 2016-04-10 14:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
2017-09-11 11:47 - 2015-06-11 19:03 - 000000000 ____D C:\Users\Gary\AppData\Roaming\RoboForm
2017-09-06 16:31 - 2015-07-20 10:29 - 000000000 ____D C:\Program Files (x86)\PlayersOnly
2017-09-06 15:33 - 2015-07-22 14:30 - 000000000 ____D C:\Program Files (x86)\PokerTracker 4
2017-09-02 08:15 - 2017-03-18 14:06 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-09-02 08:15 - 2017-03-18 14:06 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-08-31 15:22 - 2017-05-09 21:41 - 000003984 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2017-08-31 15:22 - 2017-05-09 21:41 - 000003752 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore

==================== Files in the root of some directories =======

2017-03-30 16:11 - 2017-03-30 16:11 - 000004995 _____ () C:\ProgramData\flwjycbm.bab
2017-07-04 18:32 - 2017-07-04 18:33 - 000000369 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2017-03-30 16:11 - 2017-03-30 16:11 - 000000016 _____ () C:\ProgramData\mntemp

Some files in TEMP:
====================
2017-07-02 14:26 - 2017-07-02 14:26 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo1128716736120984894.dll
2017-08-20 13:52 - 2017-08-20 13:52 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo1185994884251480055.dll
2017-07-15 12:01 - 2017-07-15 12:01 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo1491096867797644175.dll
2017-06-05 12:29 - 2017-06-05 12:29 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo153054027379585416.dll
2017-05-29 18:28 - 2017-05-29 18:28 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo1561345372663756916.dll
2017-07-21 19:38 - 2017-07-21 19:38 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo2024714246969511761.dll
2017-07-25 13:38 - 2017-07-25 13:38 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo2472413089026195962.dll
2017-06-22 18:43 - 2017-06-22 18:43 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo2502458910472016515.dll
2017-06-07 10:13 - 2017-06-07 10:13 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo2538183489741080225.dll
2017-07-24 12:35 - 2017-07-24 12:35 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo258110524934299212.dll
2017-07-02 12:09 - 2017-07-02 12:09 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo2974122502050258248.dll
2017-07-09 11:44 - 2017-07-09 11:44 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo2979912673764321384.dll
2017-07-13 13:06 - 2017-07-13 13:06 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo3054743838578008087.dll
2017-05-20 13:40 - 2017-05-20 13:40 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo3245360875198374731.dll
2017-07-27 15:39 - 2017-07-27 15:39 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo3388391011747693981.dll
2017-05-22 18:15 - 2017-05-22 18:15 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo3434674155159723301.dll
2017-05-29 11:23 - 2017-05-29 11:23 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo3579157665354429070.dll
2017-07-02 19:24 - 2017-07-02 19:24 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo3618998181673647516.dll
2017-09-06 15:36 - 2017-09-06 15:36 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo3727372090349535255.dll
2017-05-27 12:26 - 2017-05-27 12:26 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo3743427441832958526.dll
2017-06-01 14:02 - 2017-06-01 14:02 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo3961472310719402037.dll
2017-05-23 17:22 - 2017-05-23 17:22 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo4399265340766192970.dll
2017-07-06 13:49 - 2017-07-06 13:49 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo4559334740244096220.dll
2017-05-22 15:00 - 2017-05-22 15:00 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo4939372026009556110.dll
2017-07-16 11:25 - 2017-07-16 11:25 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo5379308313281628998.dll
2017-08-20 14:55 - 2017-08-20 14:55 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo5549117569092789258.dll
2017-07-22 14:28 - 2017-07-22 14:28 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo5589061492157912847.dll
2017-07-03 14:54 - 2017-07-03 14:54 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo561815919147524134.dll
2017-07-06 13:02 - 2017-07-06 13:02 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo5627761532422515662.dll
2017-07-22 11:14 - 2017-07-22 11:14 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo5990592677599352364.dll
2017-09-06 15:32 - 2017-09-06 15:32 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo6032715703456542523.dll
2017-07-08 13:26 - 2017-07-08 13:26 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo6130993628735843944.dll
2017-07-16 15:54 - 2017-07-16 15:54 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo6276048343441141411.dll
2017-05-27 18:21 - 2017-05-27 18:21 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo633435002992961525.dll
2017-07-21 11:21 - 2017-07-21 11:21 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo6380050904439228569.dll
2017-07-05 19:42 - 2017-07-05 19:42 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo6405406407824816842.dll
2017-07-09 15:50 - 2017-07-09 15:50 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo6436310274419385548.dll
2017-07-22 14:27 - 2017-07-22 14:27 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo6500777139135593071.dll
2017-07-16 17:56 - 2017-07-16 17:56 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo6583595737629943818.dll
2017-07-11 20:03 - 2017-07-11 20:03 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo6881982614050675614.dll
2017-05-26 15:27 - 2017-05-26 15:27 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo6890264939196049150.dll
2017-05-21 16:15 - 2017-05-21 16:15 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo7072223947755728673.dll
2017-05-28 19:05 - 2017-05-28 19:05 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo7451802377285235743.dll
2017-07-17 15:33 - 2017-07-17 15:33 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo7494978754685569551.dll
2017-07-20 16:32 - 2017-07-20 16:32 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo7588198512604405414.dll
2017-07-17 15:25 - 2017-07-17 15:25 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo7642839192522625626.dll
2017-07-15 17:17 - 2017-07-15 17:17 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo7694872152620873824.dll
2017-07-25 17:01 - 2017-07-25 17:01 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo7830584707698594227.dll
2017-07-19 17:26 - 2017-07-19 17:26 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo7870615670175668938.dll
2017-05-20 16:43 - 2017-05-20 16:43 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo7963567259217866278.dll
2017-05-20 12:00 - 2017-05-20 12:00 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo7965225033155851332.dll
2017-07-14 17:27 - 2017-07-14 17:27 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo8256362640445354082.dll
2017-07-14 15:54 - 2017-07-14 15:54 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo8551694538777191730.dll
2017-06-05 15:55 - 2017-06-05 15:55 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo8735167331746754159.dll
2017-07-04 13:20 - 2017-07-04 13:20 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo8891460120144130369.dll
2017-07-17 15:35 - 2017-07-17 15:35 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo903048273976466746.dll
2017-05-25 14:38 - 2017-05-25 14:38 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo9057561928707003808.dll
2017-07-11 16:08 - 2017-07-11 16:08 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo9085320885667089679.dll
2017-05-11 14:15 - 2017-05-11 14:15 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo9222431378436618685.dll
2017-05-28 12:51 - 2017-05-28 12:51 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo988009505613204984.dll
2017-07-11 15:05 - 2017-07-11 15:05 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo99119825588414507.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-09-13 21:47

==================== End of FRST.txt ============================

glhglh · Sep 21, 2017

Addition 1:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-09-2017
Ran by Gary (20-09-2017 22:51:59)
Running from C:\Users\Gary\Desktop\Virus Files
Windows 10 Home Version 1703 (X64) (2017-05-10 04:55:32)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2403600405-3902123954-3795360202-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2403600405-3902123954-3795360202-503 - Limited - Disabled)
Gary (S-1-5-21-2403600405-3902123954-3795360202-1001 - Administrator - Enabled) => C:\Users\Gary
Guest (S-1-5-21-2403600405-3902123954-3795360202-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2403600405-3902123954-3795360202-1003 - Limited - Enabled)
postgres (S-1-5-21-2403600405-3902123954-3795360202-1004 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.130 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.7.1 64-bit (HKLM\...\{BC86B82C-8C0E-4408-9AC1-6B0F2D636963}) (Version: 5.7.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.22) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.22 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
AmericasCardroom (HKLM-x32\...\296836EA-EF3A-4C36-8C13-3A6C1DB2D4BE) (Version: 16.6 - IGSoft)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 382.05 - NVIDIA Corporation) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{D2FE6376-E549-4F63-A2C5-CA24DA035DE4}) (Version: 5.6 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{BB109E24-EE90-485B-A28B-ADDEFB40540B}) (Version: 5.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Audials (HKLM-x32\...\{ACA1302B-490F-439F-AACD-10D63E64C17F}) (Version: 12.1.6800.0 - Audials AG)
Audials (HKLM-x32\...\{B7ED0A74-E78B-4F71-A9E2-10D960F50AF4}) (Version: 14.1.8400.0 - Audials AG)
BCL easyConverter SDK 3 (Word Version) 64 (HKLM\...\{350CC85B-CA59-4F85-909D-8E4CDBF532FA}) (Version: 3.0.64 - BCL Technologies)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.34 - Piriform)
ChromecastApp (HKU\S-1-5-21-2403600405-3902123954-3795360202-1001\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1693.0 - Google Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Contents (HKLM-x32\...\{C8A4DA60-6A94-4627-B7C9-DB6223D531FE}) (Version: 1.0.0.93 - Corel Corporation) Hidden
Corel FastFlick (HKLM-x32\...\_{10EC8494-8A92-49D8-9677-2483EB01F7F1}) (Version: 1.0.0.93 - Corel Corporation)
Corel PaintShop Pro X6 (HKLM-x32\...\_{166D1CB6-DD8A-40DD-9E25-4D31D2D6DE4D}) (Version: 16.2.0.20 - Corel Corporation)
Corel PaintShop Pro X6 (HKLM-x32\...\{161AB62E-65D6-46E5-B3D8-2AC15D3B920B}) (Version: 16.2.0.20 - Corel Corporation) Hidden
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.8.0.203 - Corel Inc.)
Creator NXT 3 Content (HKLM-x32\...\{246D31A0-7B8A-41EA-8E31-33C2F2F26B53}) (Version: 16.0.004 - Roxio) Hidden
Dazzle Video Capture DVC100 X64 Driver 1.06 (HKLM-x32\...\{BFF23267-1D19-444E-93E2-E5059BE805EA}) (Version: 1.06.0000 - Pinnacle) Hidden
DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
DisplayLink Core Software (HKLM\...\{65B2569D-303B-41EC-B38C-0934963BC3AD}) (Version: 7.7.60366.0 - DisplayLink Corp.)
DisplayLink Graphics (HKLM\...\{DB8324FA-E972-454B-B039-E911D568BD56}) (Version: 7.7.59032.0 - DisplayLink Corp.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 36.3.19 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.63.1 - Dropbox, Inc.) Hidden
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Evernote v. 5.5.3 (HKLM-x32\...\{B1A0F908-1448-11E4-8684-00163E98E7D0}) (Version: 5.5.3.4236 - Evernote Corp.)
Family Tree Maker 2014 (HKLM\...\{39EF38DF-2727-4C09-A165-FD3B87BA3AE9}) (Version: 22.0.207 - Ancestry.com, Inc.) Hidden
Family Tree Maker 2014 (HKLM-x32\...\Family Tree Maker 2014) (Version: 22.0.207 - Ancestry.com, Inc.)
Fitbit Connect (HKLM-x32\...\{E54705FB-98A6-4C03-B2DC-D8C3B5486DCD}) (Version: 2.0.0.6512 - Fitbit Inc.)
GoldWave v5.70 (HKLM-x32\...\GoldWave v5.70) (Version: 5.70 - GoldWave Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.91 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
HDR Express 3 (HKLM-x32\...\HDR Express 3) (Version: 3.0.0.11677 - Unified Color Technologies)
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM-x32\...\{E8D0E2B8-B64B-44BC-8E01-00DDACBDF78A}) (Version: 6.0.28.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{ADE2F6A7-E7BD-4955-BD66-30903B223DDF}) (Version: 2.20.41 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{C203E224-E4BE-4210-9D30-EB6571ACA1F9}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Officejet 7500 E910 Basic Device Software (HKLM\...\{7CF50183-026B-418D-A26C-A254290BD824}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 7500 E910 Help (HKLM-x32\...\{24DC9885-E759-4BD2-8A20-D4AC509A7FDE}) (Version: 140.0.93.93 - Hewlett Packard)
HP Officejet 7500 E910 Product Improvement Study (HKLM\...\{CC9F7DAB-5F9B-43B1-882C-1CC2A231EF40}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7745.4851 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.4.19.3 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.7.27.15 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{8B4EE87E-6D40-4C91-B5E8-0DC77DC412F1}) (Version: 1.4.1 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{EFA01423-3857-468C-B7B6-F30AA08E50BC}) (Version: 1.1.5.1 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
ICA (HKLM-x32\...\{10EC8494-8A92-49D8-9677-2483EB01F7F1}) (Version: 1.0.0.93 - Corel Corporation) Hidden
ICA (HKLM-x32\...\{166D1CB6-DD8A-40DD-9E25-4D31D2D6DE4D}) (Version: 16.2.0.20 - Corel Corporation) Hidden
Image Composite Editor (HKLM\...\{92AB5708-1AAA-4B1B-A8D5-45CF3AD77519}) (Version: 2.0.3 - Microsoft Corporation)
Intel(R) Chipset Device Software (HKLM-x32\...\{60c073df-e736-4210-9c3a-5fc2b651cef3}) (Version: 10.1.1.7 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1156 - Intel Corporation)
Intel(R) PRO/Wireless Driver (HKLM\...\{9f63698a-6f92-4dd3-be96-6a75e3672dae}) (Version: 18.30.0000.3514 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4549 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{7224B7CE-196C-4E2A-A1AE-1D7BF259FD36}) (Version: 3.4.1942 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{5BBC7722-E4D9-4406-A8B9-1E11A23B9EAF}) (Version: 5.0.32.0 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{A501AF33-9AEA-4703-BC2F-D4B86458899D}) (Version: 17.1.1531.1764 - Intel Corporation)
IPM_PSP_COM (HKLM-x32\...\{164D34E1-0271-4960-8A26-E8990A302DB1}) (Version: 16.2.0.20 - Corel Corporation) Hidden
IPM_PSP_COM64 (HKLM\...\{1678F86C-889D-4198-8249-F4625058256B}) (Version: 16.2.0.20 - Corel Corporation) Hidden
IPM_VS_Pro (HKLM-x32\...\{126FB9B0-85B6-476A-AF26-BE008D8DFC53}) (Version: 1.0 - Corel Corporation) Hidden
iTunes (HKLM\...\{02F95875-9527-49CC-B32F-970ADAEBD1EF}) (Version: 12.6.2.20 - Apple Inc.)
iZotope Music & Speech Cleaner (HKLM-x32\...\iZotope Music & Speech Cleaner_is1) (Version: 1.00 - iZotope, Inc.)
LifeScan USB Device Driver vSL2.0 (Driver Removal) (HKLM-x32\...\LFSVCOMM&10C4&85A7) (Version: - LifeScan Inc)
Living Cookbook 2015 (HKLM-x32\...\{1DA632BA-F963-4B97-A2B6-50F9003A13B8}) (Version: 5.0.85 - Radium Technologies) Hidden
Living Cookbook 2015 (HKLM-x32\...\Living Cookbook 2015) (Version: 5.0.85 - Radium Technologies, Inc.)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Meter Drivers for OneTouch(R) Software (HKLM-x32\...\{A2C173E1-FB29-4B31-8ED6-CBEE8025E00A}) (Version: 1.10.0.0 - LifeScan) Hidden
Meter Drivers for OneTouch(R) Software (HKLM-x32\...\{B28470A5-F73F-432C-8066-05BA652AA5D1}) (Version: 1.9.1.0 - LifeScan) Hidden
Meter Drivers for OneTouch(R) Software v1.10.0.0 (HKLM-x32\...\InstallShield_{A2C173E1-FB29-4B31-8ED6-CBEE8025E00A}) (Version: 1.10.0.0 - LifeScan)
Microlife BPA 3.2.5A (HKLM-x32\...\{B52161A2-B3BB-429A-9A57-A74CAB6185C7}) (Version: 3.2.5A - Microlife) Hidden
Microlife BPA 3.2.5A (HKLM-x32\...\InstallShield_{B52161A2-B3BB-429A-9A57-A74CAB6185C7}) (Version: 3.2.5A - Microlife)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.7766.2099 - Microsoft Corporation)
Microsoft Office 365 ProPlus - ko-kr (HKLM\...\O365ProPlusRetail - ko-kr) (Version: 16.0.7766.2099 - Microsoft Corporation)
Microsoft Office 언어 교정 도구 2013 - 한국어 (HKLM\...\{90150000-001F-0412-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Napster (HKU\S-1-5-21-2403600405-3902123954-3795360202-1001\...\5d01cae694a4998b) (Version: 6.17.55.0 - Rhapsody International Inc.)
NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.4.16.00 - NETGEAR Inc.)
NVIDIA GeForce Experience 2.1.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.2 - NVIDIA Corporation)
NVIDIA Graphics Driver 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 382.05 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.7766.2099 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.7766.2099 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.7668.2066 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0412-1000-0000000FF1CE}) (Version: 16.0.7668.2066 - Microsoft Corporation) Hidden
OneTouch Software (HKLM-x32\...\{82FEBE5D-61EC-4365-A213-2B278780945E}) (Version: - )
PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 11.0 - PlotSoft LLC)
PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.3.0 - Prolific Technology INC)
Players Only (HKU\S-1-5-21-2403600405-3902123954-3795360202-1001\...\Players Only) (Version: 5.0 - )
PokerTracker 4 (remove only) (HKLM-x32\...\PokerTracker4) (Version: - )
PostgreSQL 9.3 (HKLM\...\PostgreSQL 9.3) (Version: 9.3 - PostgreSQL Global Development Group)
PSPPContent (HKLM-x32\...\{162BD2D6-6C63-41A7-8151-93188450D36A}) (Version: 16.2.0.20 - Corel Corporation) Hidden
PSPPHelp (HKLM-x32\...\{16346B2A-87BC-407C-9D6B-72A4D21ABF03}) (Version: 16.2.0.20 - Corel Corporation) Hidden
PSPPro64 (HKLM\...\{16582334-495C-4F1C-A66B-3BFD8866B674}) (Version: 16.2.0.20 - Corel Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
RBVirtualFolder64Inst (HKLM\...\{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}) (Version: 1.00.0000 - Roxio, Inc.) Hidden
RealDownloader (HKLM-x32\...\{13743594-F75E-491E-9EFF-203C8F8DF705}) (Version: 18.1.4.144 - RealNetworks) Hidden
RealDownloader (HKLM-x32\...\{B0235718-21E0-4A90-A42F-9C64C1B531CD}) (Version: 18.0.2.56 - RealNetworks, Inc.) Hidden
RealDownloader (HKLM-x32\...\{f05bfa4b-0c78-4a3e-aa74-8c220b4a7782}) (Version: 18.1.4.144 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM-x32\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM\...\{21E47F47-C9A7-4454-BA48-388327B0EA00}) (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM-x32\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.273.55 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7553 - Realtek Semiconductor Corp.)
RealTimes (RealPlayer) (HKLM-x32\...\RealPlayer 18.0) (Version: 18.0.2 - RealNetworks)
RealUpgrade 1.1 (HKLM-x32\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden
RoboForm 8-4-1-1 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 8-4-1-1 - Siber Systems)
RogueKiller version 12.10.0.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.10.0.0 - Adlice Software)
Roxio Creator NXT 3 Content (HKLM-x32\...\{2DF5BF6E-D32C-4B81-9012-F62B58AFF819}) (Version: 1.0.4.0 - Roxio)
Roxio Creator NXT Pro 3 (HKLM-x32\...\{7B4B9450-39C8-454A-AA2D-6548EE4D21EB}) (Version: 16.0.50.1 - Roxio)
Roxio Virtual Drive x64 (HKLM\...\{632DCE79-2711-4B07-BB89-DA763E96840C}) (Version: 1.00.0000 - Roxio, Inc.) Hidden
Setup (HKLM-x32\...\{16006EE1-DDB7-4E5F-8696-9FEF32C0151A}) (Version: 16.2.0.20 - Corel Corporation) Hidden
Setup (HKLM-x32\...\{F2BACD4C-71F0-487C-AC11-247833494E52}) (Version: 1.0.0.93 - Corel Corporation) Hidden
Share (HKLM-x32\...\{4AA35E5E-F12E-4CC9-92CD-049AF647841B}) (Version: 1.0.0.93 - Corel Corporation) Hidden
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 3.1.200 - NVIDIA Corporation) Hidden
SmartSound Common Data (HKLM-x32\...\{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.) Hidden
SmartSound Common Data (HKLM-x32\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.)
SmartSound Sonicfire Pro 5.8 (HKLM-x32\...\{E5184D41-7796-4127-BBE4-46993F9FAAF3}) (Version: 5.8.0 - SmartSound Software Inc.) Hidden
SmartSound Sonicfire Pro 5.8 (HKLM-x32\...\InstallShield_{E5184D41-7796-4127-BBE4-46993F9FAAF3}) (Version: 5.8.0 - SmartSound Software Inc.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.6 - Sophos Limited)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.11.45 - Synaptics Incorporated)
Synaptics WBF DDK (HKLM\...\{963DDEF5-52CF-4313-81D9-B186B89C0A57}) (Version: 4.5.289.0 - Synaptics)
UpdateService (HKLM-x32\...\{E3AE96D6-E196-45B4-AF62-2B41998B9E37}) (Version: 1.0.0 - RealNetworks, Inc.) Hidden
VCDS Release 14.10.2 (HKLM-x32\...\VCDS Release) (Version: 14.10.2 - Ross-Tech)
Video Downloader (HKLM-x32\...\{8B6202FD-3790-4DD4-B343-51736F7FF4E5}) (Version: 1.2.0 - RealNetworks) Hidden
VSClassic (HKLM-x32\...\{3342D238-E332-43BB-B406-C6EE82273708}) (Version: 1.0.0.93 - Corel Corporation) Hidden
VSPro (HKLM-x32\...\{6AA550DB-4863-44C7-863F-4F4C7D13649F}) (Version: 1.0.0.93 - Corel Corporation) Hidden
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
Windows Driver Package - Ross-Tech HIDClass (02/13/2014 6.3.0.2) (HKLM\...\5E356C0921BECEC7743BAC21F6B7A5775044AFC0) (Version: 02/13/2014 6.3.0.2 - Ross-Tech)
Windows Driver Package - Ross-Tech USB Driver Package (05/12/2014 2.10.00) (HKLM\...\88B02C4BD09AA7910C55C4E74BE8F036244B5CF9) (Version: 05/12/2014 2.10.00 - Ross-Tech)

==================== Custom CLSID (Whitelisted): ==========================

glhglh · Sep 21, 2017

Addition 2:
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2403600405-3902123954-3795360202-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2403600405-3902123954-3795360202-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Gary\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2403600405-3902123954-3795360202-1001_Classes\CLSID\{1F6DE925-8416-40D4-BC66-D69DB9D4360B}\InprocServer32 -> C:\Program Files\Roxio Creator NXT Pro 3\Virtual Drive 10\DC_ShellExt64.dll (Corel Corporation)
CustomCLSID: HKU\S-1-5-21-2403600405-3902123954-3795360202-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Gary\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2403600405-3902123954-3795360202-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Gary\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2403600405-3902123954-3795360202-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2403600405-3902123954-3795360202-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2403600405-3902123954-3795360202-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ContextMenuHandlers1: [Roxio Burn] -> {E8CB9D53-A47A-42B5-9F5B-96B037C9DD4C} => C:\Program Files\Roxio\Roxio Burn\RB_ContextMenu64.dll [2012-07-05] ()
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpcontextmenu.dll [2015-08-13] (RealNetworks, Inc.)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-04-28] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-05-01] (NVIDIA Corporation)
ContextMenuHandlers1_S-1-5-21-2403600405-3902123954-3795360202-1001: [RXDCExtSvr] -> {1F6DE925-8416-40D4-BC66-D69DB9D4360B} => C:\Program Files\Roxio Creator NXT Pro 3\Virtual Drive 10\DC_ShellExt64.dll [2014-09-01] (Corel Corporation)
ContextMenuHandlers2_S-1-5-21-2403600405-3902123954-3795360202-1001: [RXDCExtSvr] -> {1F6DE925-8416-40D4-BC66-D69DB9D4360B} => C:\Program Files\Roxio Creator NXT Pro 3\Virtual Drive 10\DC_ShellExt64.dll [2014-09-01] (Corel Corporation)
ContextMenuHandlers6_S-1-5-21-2403600405-3902123954-3795360202-1001: [RXDCExtSvr] -> {1F6DE925-8416-40D4-BC66-D69DB9D4360B} => C:\Program Files\Roxio Creator NXT Pro 3\Virtual Drive 10\DC_ShellExt64.dll [2014-09-01] (Corel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0905BCD3-5D7E-410A-B0D1-59DE254399E8} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-08-02] (Microsoft Corporation)
Task: {09C626CF-B417-470E-A8C8-3DADC6CC80E8} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-07-03] (Microsoft Corporation)
Task: {1544BA8F-FD47-4059-99FE-1B0002284585} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2014-05-19] (Hewlett-Packard Development Company, L.P.)
Task: {1A52073D-7277-4DCA-B425-59BFED8DEE0D} - System32\Tasks\HPCeeScheduleForGary => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {1C73883D-66AD-4760-8D37-1327C514ADC8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-09-01] (HP Inc.)
Task: {1D0C8C59-E1E4-4746-A81C-71ECF3778CB3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {24D8A619-7B3B-43EC-8FF6-132521DA3B90} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {28BC9D05-2BA6-4736-9F46-841E522F9C31} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {2F98104A-E9F8-4DE6-B471-661DB27FEACF} - System32\Tasks\{46D752A8-C8E0-4EB9-B88A-4362C50D05BA} => C:\Windows\system32\pcalua.exe -a "C:\Dropbox\GLH Download\Diisplay Link\USB GRAPHIC DRIVER\Setup.exe" -d "C:\Dropbox\GLH Download\Diisplay Link\USB GRAPHIC DRIVER"
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {390EC0A0-0508-414E-8397-CE6F2E55BAC8} - System32\Tasks\{87AAFE95-9666-4966-95DB-465031E152A1} => C:\Windows\system32\pcalua.exe -a "C:\Dropbox\GLH Download\HP Drivers\HP ENVY Notebook - 17t-k200 CTO\sp68122.exe" -d "C:\Dropbox\GLH Download\HP Drivers\HP ENVY Notebook - 17t-k200 CTO"
Task: {44BB65C3-BDFD-40CB-A8B1-0D9169DFBCCF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-09-07] (Piriform Ltd)
Task: {54B3A259-91E7-4FCE-913A-155C562CC4C4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {57608FC3-4E98-4839-A0F2-69B328AED8B6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2017-08-02] (Microsoft Corporation)
Task: {67DFB3A8-D832-4E37-AEEA-08BBE2F211D6} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {6AA098F5-8984-4BE3-B770-2535E225B3EB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2403600405-3902123954-3795360202-1001UA => C:\Users\Gary\AppData\Local\Google\Update\GoogleUpdate.exe [2016-03-17] (Google Inc.)
Task: {75645D09-6CBE-4128-915F-95FC10E196D4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {768FD6CE-7091-4D2C-B2F9-58596E02BFD7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-11] (Google Inc.)
Task: {78562D46-AE01-40D8-8DAD-B7A0E76F17B0} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {7EC467EF-769A-413C-8CC8-E388D7B09897} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2403600405-3902123954-3795360202-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2015-07-27] (RealNetworks, Inc.)
Task: {838335FA-E476-450D-82C3-0068BFB011CF} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {853B3BC7-D49D-46B0-B3E5-37057984B84B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {8692774E-A22A-4C30-976E-4FCA459EE9E1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis Install => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {8E354C81-F39D-412E-A39D-1E5495B77ECC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2403600405-3902123954-3795360202-1001UA1d258aadab2aa69 => C:\Users\Gary\AppData\Local\Google\Update\GoogleUpdate.exe [2016-03-17] (Google Inc.)
Task: {963A4F4D-BAD3-4F65-8DC2-25DF890A32FA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2017-08-02] (Microsoft Corporation)
Task: {9888A3C4-D416-4E8C-891C-5A9D0A6C4031} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-09-13] (Microsoft Corporation)
Task: {9A4A2615-06B6-4626-BF30-80E2E658DA44} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2017-09-11] (Siber Systems)
Task: {9EC59B4F-6F76-4EBC-9BC6-CCE83F3E08C9} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-10-06] (Dropbox, Inc.)
Task: {A27AC42E-C563-409C-B77D-48194FED25DB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {A5CF4B9E-A65C-429A-90DB-960CA5E66064} - System32\Tasks\HPCustParticipation HP Officejet 7500 E910 => C:\Program Files\HP\HP Officejet 7500 E910\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {A92CA300-4903-431B-8CDD-65E89C297951} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2403600405-3902123954-3795360202-1001Core => C:\Users\Gary\AppData\Local\Google\Update\GoogleUpdate.exe [2016-03-17] (Google Inc.)
Task: {AE7F142E-94B5-422C-BA70-6A5BC697E402} - System32\Tasks\{79F3B84A-7FC8-43A2-BFCE-80182DDD1827} => C:\Windows\system32\pcalua.exe -a "E:\USB GRAPHIC DRIVER\Setup.exe" -d "E:\USB GRAPHIC DRIVER"
Task: {AEAA2163-E0C4-4BC8-9A60-F9792655538B} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2403600405-3902123954-3795360202-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2015-07-27] (RealNetworks, Inc.)
Task: {B08F337E-3634-49DC-98B8-5FEAA2239EEB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-11] (Google Inc.)
Task: {B26DE0AC-5DA2-49CC-AE00-758CF1EF4346} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-10-06] (Dropbox, Inc.)
Task: {B8C0BCF4-E6B2-452E-AEEA-2756B52539AE} - System32\Tasks\GoogleUpdateTaskMachineUA1d0a4ad71dde5b6 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-11] (Google Inc.)
Task: {BD05E207-34FE-4585-95CF-9BACD0276866} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-07-03] (Microsoft Corporation)
Task: {BE390BC6-199E-4DD8-867A-A6B6AFB7F8F8} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [2016-07-05] ()
Task: {C05122D1-DBD7-46EA-9E10-A49B9EF9FEAB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2403600405-3902123954-3795360202-1001Core1d258aadaa8e4d5 => C:\Users\Gary\AppData\Local\Google\Update\GoogleUpdate.exe [2016-03-17] (Google Inc.)
Task: {CB2B6229-AC39-4A88-A322-2E0EAE38391D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-08-14] (HP Inc.)
Task: {CE902053-D431-48CD-B575-CC6C4A1FA49B} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {D25E54F2-7893-462E-80F4-F79E9A881E8F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {D5FBF8DB-B7C5-48CD-9AFA-55364D5565C5} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {D6FD3D7A-93FB-45EC-B132-5766FB39920D} - System32\Tasks\Open URL by RoboForm => C:\WINDOWS\system32\rundll32.exe url.dll,FileProtocolHandler "hxxps://www.roboform.com/test-pass.html?aaa=KICMKJKJPMHMIMMJNJLJCNJMOMLMKJCNLMLMLJMJCNHMMJGMJMCNKJJJNMOMNMMMNJJMKJNJKMPMJNJICMHMCNLMCNOMFMOMOMCNKMLMPMCNOMKMPMJMMMFMPMCNPMCNOMKMPMJMMMCNNMJNPICMOMFMEKMICNJJCKFMHMNMNMJNHICMMJBJKJLIMJJNBJCMILOJNIGIJNKJCMJNNICMJNDJCMKJBJJNMJC (the data entry has 52 more characters).
Task: {DA84EFA7-618C-416B-AF56-849819D6CBE6} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2403600405-3902123954-3795360202-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2015-07-27] (RealNetworks, Inc.)
Task: {DE9F974F-1818-419E-8D9A-9D366F2CD49F} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {F0D8D181-B2F8-4D1C-BC71-C9E549C605C1} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-09-14] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2403600405-3902123954-3795360202-1001Core.job => C:\Users\Gary\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2403600405-3902123954-3795360202-1001UA.job => C:\Users\Gary\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForGary.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

glhglh · Sep 21, 2017

Addition 3:

==================== Loaded Modules (Whitelisted) ==============

2013-10-16 02:13 - 2013-10-16 02:13 - 000457960 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
2016-09-01 18:12 - 2016-09-01 18:12 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-07-13 20:50 - 2017-07-13 20:50 - 001354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-01-22 01:04 - 2014-01-22 01:04 - 000022760 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
2013-08-02 18:23 - 2013-08-02 18:23 - 000032888 _____ () C:\Program Files\UCT\HDR Express 2\HDRExpress2Service.exe
2014-10-23 07:12 - 2014-10-23 07:12 - 000032784 _____ () C:\Program Files\UCT\HDR Express 3\HDRExpress3Service.exe
2015-07-26 11:45 - 2015-06-09 20:55 - 000179200 _____ () C:\PostgreSQL\9.3\bin\LIBPQ.dll
2017-05-09 21:07 - 2017-05-01 13:51 - 000133752 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-07-26 11:45 - 2014-02-05 02:16 - 001336832 _____ () C:\PostgreSQL\9.3\bin\libxml2.dll
2012-07-05 19:47 - 2012-07-05 19:47 - 000185488 _____ () C:\Program Files\Roxio\Roxio Burn\RB_ContextMenu64.dll
2017-03-18 13:58 - 2017-03-18 13:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-18 13:59 - 2017-03-18 19:31 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-09-13 20:42 - 2017-09-13 20:42 - 000020480 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.16410.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2017-09-13 20:42 - 2017-09-13 20:42 - 029621760 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.16410.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-08-14 18:35 - 2017-08-14 18:43 - 000358912 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.16410.0_x64__8wekyb3d8bbwe\Microsoft.Photos.AGM.Native.Windows.dll
2017-08-14 18:35 - 2017-08-14 18:43 - 002536448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.16410.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2017-09-13 20:42 - 2017-09-13 20:42 - 020305920 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.16410.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2017-08-14 18:35 - 2017-08-14 18:43 - 002415104 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.16410.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2017-09-13 20:42 - 2017-09-13 20:42 - 003028992 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.16410.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2017-05-23 17:25 - 2017-05-23 17:25 - 003139496 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.16410.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-06-06 17:17 - 2017-06-06 17:18 - 000046080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.16410.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll
2017-08-14 18:35 - 2017-08-14 18:43 - 001370112 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.16410.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2017-05-13 13:21 - 2017-01-29 06:55 - 008930504 _____ () C:\Program Files\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll
2017-03-15 20:13 - 2017-04-14 01:58 - 002271520 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2014-01-22 01:04 - 2014-01-22 01:04 - 003322600 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\BEngine.dll
2014-01-22 01:04 - 2014-01-22 01:04 - 000524520 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\TRREngine.dll
2014-01-22 01:04 - 2014-01-22 01:04 - 000108776 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\Logging.dll
2017-09-20 12:03 - 2017-09-20 04:28 - 000771904 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2017-09-20 12:03 - 2017-09-20 04:28 - 001804608 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2017-09-20 12:03 - 2017-09-20 04:28 - 000100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2017-09-20 12:03 - 2017-09-20 04:28 - 000018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2017-09-20 12:03 - 2017-09-20 04:30 - 000020800 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2017-09-20 12:03 - 2017-09-20 04:28 - 000035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2017-09-20 12:03 - 2017-09-20 04:28 - 000694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-09-20 12:03 - 2017-09-20 04:29 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-09-20 12:03 - 2017-09-20 04:28 - 000130512 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2017-09-20 12:03 - 2017-09-20 04:29 - 001856848 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-09-20 12:03 - 2017-09-20 04:29 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-09-20 12:03 - 2017-09-20 04:28 - 000145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-09-20 12:03 - 2017-09-20 04:28 - 000116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2017-09-20 12:03 - 2017-09-20 04:28 - 000105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2017-09-20 12:03 - 2017-09-20 04:30 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-09-20 12:03 - 2017-09-20 04:29 - 000062784 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-09-20 12:03 - 2017-09-20 04:28 - 000024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2017-09-20 12:03 - 2017-09-20 04:29 - 000040248 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2017-09-20 12:03 - 2017-09-20 04:28 - 000020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2017-09-20 12:03 - 2017-09-20 04:28 - 000124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2017-09-20 12:03 - 2017-09-20 04:28 - 000116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2017-09-20 12:03 - 2017-09-20 04:28 - 000392656 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-09-20 12:03 - 2017-09-20 04:30 - 000392512 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2017-09-20 12:03 - 2017-09-20 04:30 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-09-20 12:03 - 2017-09-20 04:28 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2017-09-20 12:03 - 2017-09-20 04:28 - 000175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2017-09-20 12:03 - 2017-09-20 04:28 - 000030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2017-09-20 12:03 - 2017-09-20 04:28 - 000043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2017-09-20 12:03 - 2017-09-20 04:28 - 000026056 _____ () C:\Program Files (x86)\Dropbox\Client\win32job.pyd
2017-09-20 12:03 - 2017-09-20 04:28 - 000048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2017-09-20 12:03 - 2017-09-20 04:28 - 000057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2017-09-20 12:03 - 2017-09-20 04:29 - 000021824 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-09-20 12:03 - 2017-09-20 04:30 - 000023368 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.pyd
2017-09-20 12:03 - 2017-09-20 04:29 - 000022856 _____ () C:\Program Files (x86)\Dropbox\Client\crashpad.compiled._Crashpad.pyd
2017-09-20 12:03 - 2017-09-20 04:30 - 000066392 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2017-09-20 12:03 - 2017-09-20 04:29 - 001796920 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2017-09-20 12:03 - 2017-09-20 04:28 - 000084424 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-09-20 12:03 - 2017-09-20 04:29 - 001956152 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-09-20 12:03 - 2017-09-20 04:29 - 003859264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-09-20 12:03 - 2017-09-20 04:29 - 000154440 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-09-20 12:03 - 2017-09-20 04:29 - 000521024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-09-20 12:03 - 2017-09-20 04:29 - 000045888 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineCore.pyd
2017-09-20 12:03 - 2017-09-20 04:29 - 000042304 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-09-20 12:03 - 2017-09-20 04:29 - 000131384 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-09-20 12:03 - 2017-09-20 04:29 - 000218944 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-09-20 12:03 - 2017-09-20 04:29 - 000204096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-09-20 12:03 - 2017-09-20 04:30 - 000025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-09-20 12:03 - 2017-09-20 04:28 - 000060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-09-20 12:03 - 2017-09-20 04:30 - 000054608 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-09-20 12:03 - 2017-09-20 04:28 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-09-20 12:03 - 2017-09-20 04:30 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-09-20 12:03 - 2017-09-20 04:30 - 000069968 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2017-09-20 12:03 - 2017-09-20 04:28 - 000028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-09-20 12:03 - 2017-09-20 04:30 - 000022360 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-09-20 12:03 - 2017-09-20 04:30 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-09-20 12:03 - 2017-09-20 04:30 - 000022360 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2017-09-20 12:03 - 2017-09-20 04:29 - 000027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-09-20 12:03 - 2017-09-20 04:28 - 000349128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-09-20 12:03 - 2017-09-20 04:29 - 000101184 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
2017-09-20 12:03 - 2017-09-20 04:30 - 000023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-09-20 12:03 - 2017-09-20 04:29 - 000025424 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-09-20 12:03 - 2017-09-20 04:28 - 000036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-09-20 12:03 - 2017-09-20 04:29 - 000032600 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2017-09-20 12:03 - 2017-09-20 04:28 - 000293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2017-09-20 12:03 - 2017-09-20 04:29 - 000181056 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-09-20 12:03 - 2017-09-20 04:30 - 000030536 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2017-09-20 12:03 - 2017-09-20 04:29 - 000024368 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.DLL
2017-09-20 12:03 - 2017-09-20 04:29 - 001638200 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-09-20 12:03 - 2017-09-20 04:30 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-09-20 12:03 - 2017-09-20 04:29 - 000545080 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2017-09-20 12:03 - 2017-09-20 04:29 - 000359224 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2017-09-20 12:03 - 2017-09-20 04:29 - 000038208 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngine.pyd

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Gary\Desktop\여보세요 - Vol II - Number 4 Page 04b.jpg:com.dropbox.attributes [168]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 06:25 - 2015-09-03 16:46 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2403600405-3902123954-3795360202-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "RealTimes.lnk"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Fitbit Connect"
HKLM\...\StartupApproved\Run32: => "RealDownloader"
HKLM\...\StartupApproved\Run32: => "TkBellExe"
HKU\S-1-5-21-2403600405-3902123954-3795360202-1001\...\StartupApproved\Run: => "TranscodingService"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{7F3F88C0-D5C3-4CA6-AE9F-BDC263582664}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{C932D6DF-1CDE-44C7-8E20-8889FAF3F9DF}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{0F0B9CDD-ADE8-4264-B272-D4BED45B820D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9277631C-685B-4083-85E3-D3B7780D4656}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9BBEC4F1-4473-4D8B-BF2E-307C3BFF48AC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A445BB5E-2934-4868-B176-6451D911B4C2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CB9C301A-171C-4EFE-BD9A-CE4DABC0494E}] => (Allow) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [{45E885AA-3D01-4283-A093-AE711D466823}] => (Allow) LPort=31931
FirewallRules: [{B892C506-015B-4E58-94A5-5976CFB4676D}] => (Allow) LPort=14714
FirewallRules: [{3327B8AE-A797-4A24-86FD-5B21E0ECF9B5}] => (Allow) LPort=12972
FirewallRules: [{3EF27F4F-1234-4365-9D6A-CBE58618BA9C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{B46064F0-05DF-4147-888C-333F5E815ADD}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{1405E44C-4B99-43B3-83B0-C51CA5F17006}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{370AB519-58A1-464D-A4D8-A777E9377353}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{9AED6C73-2073-41C0-8281-EEF4A5D72F14}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{C9ED27B9-65C1-4B8E-9B0D-9D8DF83ED9BC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{DAE26D6E-52DF-4F44-AA83-3E3903B9F4CF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{ED2EBC66-59FA-4279-9618-2AD583CFAB75}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A466DAA7-3DE8-4428-AF37-9C3DE8660735}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D15EA9B2-51F5-4F57-8CFF-86D087A0C210}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{979D3FB7-69B4-433F-AAD2-06512B098569}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{B1BA00FF-8A42-4E80-A7E2-65B085A131D6}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{FC39DE04-1C0F-4066-A602-E12D9E7E5BFB}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{527EB002-761F-4113-B729-FACF6942D673}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{E75EE417-3208-4027-9587-18A1B6D85AF3}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{1A30C1BB-B8E0-47D6-94C0-F666BE7FED56}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{0B58255A-F40E-4AF2-B8C5-F2CFCABBDDEB}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{E0FCEE66-C4CD-4E9F-9C76-B7C24EB80D94}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPSOCKSVC.exe
FirewallRules: [TCP Query User{8A44E6BF-5D5F-4C21-85DC-221E7C7D4775}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [UDP Query User{2DCDCBA4-0712-4CD6-87AB-054882C18B5E}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [{6F2F73B1-EF2F-4FDB-8F87-2DEEB96149C9}] => (Allow) C:\Program Files\HP\HP Officejet 7500 E910\bin\FaxApplications.exe
FirewallRules: [{12B8787D-32A5-4328-8FEA-6248A9FDD75D}] => (Allow) C:\Program Files\HP\HP Officejet 7500 E910\bin\DigitalWizards.exe
FirewallRules: [{60EDDB7E-E701-421A-A8F5-E761C0F6C80E}] => (Allow) C:\Program Files\HP\HP Officejet 7500 E910\bin\SendAFax.exe
FirewallRules: [{68F73BB5-5EB7-4A0B-88DE-559B33D4A441}] => (Allow) C:\Program Files\HP\HP Officejet 7500 E910\Bin\DeviceSetup.exe
FirewallRules: [{BDED6DD7-0FF7-4C00-B09F-91AF508231BF}] => (Allow) C:\Program Files\HP\HP Officejet 7500 E910\Bin\HPNetworkCommunicator.exe
FirewallRules: [{98E01767-9A16-4F3E-9DCE-81F1EB848408}] => (Allow) C:\Program Files\HP\HP Officejet 7500 E910\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{A9CA5D57-597E-4B24-B79B-048CB5F76B15}] => (Allow) %ProgramFiles% (x86)\PokerTracker 4\PokerTracker4.exe
FirewallRules: [TCP Query User{6D5B8819-DABA-4BE4-AF77-AF1BA5B3DBC8}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [UDP Query User{491826F9-0590-4C4C-91D7-6138E50AD40F}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [{2D6F0D1C-91B7-4C07-859C-1C28ED6CFD5E}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{2A979658-CED4-4192-BD42-7EF1F8FC1C41}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [TCP Query User{6FF7DBD6-8D0E-48B5-819D-74B418F5CB3A}C:\program files (x86)\tivo\desktop\tivoserver.exe] => (Allow) C:\program files (x86)\tivo\desktop\tivoserver.exe
FirewallRules: [UDP Query User{16E766E6-CBBD-4DB7-B978-21FA9DC8BC37}C:\program files (x86)\tivo\desktop\tivoserver.exe] => (Allow) C:\program files (x86)\tivo\desktop\tivoserver.exe
FirewallRules: [{A67EB6A1-35E2-43C3-9DE4-6B6AF4D1329B}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{2BC2771D-042E-48CA-8F78-105D21C1B0A1}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{28411F5C-9277-4E3B-8B2C-983791460E8F}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [TCP Query User{6EA43F74-431E-45F8-AFD7-DAFA5817B514}C:\program files (x86)\hewlett-packard\hp support solutions\modules\hpdevicedetection3.exe] => (Allow) C:\program files (x86)\hewlett-packard\hp support solutions\modules\hpdevicedetection3.exe
FirewallRules: [UDP Query User{3A467139-BA04-4553-B90D-4305F4378C84}C:\program files (x86)\hewlett-packard\hp support solutions\modules\hpdevicedetection3.exe] => (Allow) C:\program files (x86)\hewlett-packard\hp support solutions\modules\hpdevicedetection3.exe
FirewallRules: [{F7AD1D15-7B73-4E21-86EA-75D530EC7892}] => (Allow) C:\Program Files (x86)\Audials\Audials 12\Audials.exe
FirewallRules: [{98504642-AC52-4845-B440-2AE78E723AC8}] => (Allow) C:\Program Files (x86)\Audials\Audials 2016\Audials.exe
FirewallRules: [{C407692F-0D35-4716-9169-72D80E6C137B}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{FBCF7607-A7A1-426D-9D4E-8959534F682F}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{28D64EC5-BA25-4C86-9035-0B1EDE5B436D}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{04A39A04-58C9-4116-9257-737619655841}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{0D8B61E8-DC80-4968-B00D-6EC77B791D0C}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

glhglh · Sep 21, 2017

Addition 4:

==================== Restore Points =========================

06-09-2017 16:58:42 Scheduled Checkpoint
13-09-2017 21:25:33 Windows Update
13-09-2017 21:26:53 Windows Update

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (09/20/2017 10:49:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.15063.608, time stamp: 0x324c3bf4
Faulting module name: TextInputFramework.dll, version: 10.0.15063.502, time stamp: 0xcfc381c4
Exception code: 0xc0000005
Fault offset: 0x00038b9b
Faulting process id: 0x1dd8
Faulting application start time: 0x01d3329cfc824f96
Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Faulting module path: C:\WINDOWS\System32\TextInputFramework.dll
Report Id: 1b055732-9866-49e6-92aa-b89fbd30721e
Faulting package full name:
Faulting package-relative application ID:

Error: (09/20/2017 04:43:59 PM) (Source: MsiInstaller) (EventID: 1018) (User: GLH-HP-I7)
Description: The application 'DisplayLink Core Software' cannot be installed because it is not compatible with this version of Windows. Contact the application vendor for an update.

Error: (09/20/2017 04:43:59 PM) (Source: MsiInstaller) (EventID: 1018) (User: GLH-HP-I7)
Description: The application 'DisplayLink Core Software' cannot be installed because it is not compatible with this version of Windows. Contact the application vendor for an update.

Error: (09/20/2017 02:48:17 PM) (Source: ESENT) (EventID: 104) (User: )
Description: qmgr.dll (44576) QmgrDatabaseInstance: The database engine stopped the instance (0) with error (-1090).

Internal Timing Sequence:
[1] 0.000004 +J(0)
[2] 0.000016 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)
[3] 0.000002 +J(0)
[4] 0.000004 +J(0)
[5] 0.0 +J(0)
[6] 0.000064 +J(0) +M(C:0K, Fs:2, WS:-24K # 0K, PF:-32K # 0K, P:-32K)
[7] -
[8] 0.000005 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)
[9] 0.004821 +J(0) +M(C:0K, Fs:4, WS:-28K # 0K, PF:-36K # 0K, P:-36K)
[10] -
[11] 0.000035 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)
[12] -
[13] 0.000076 +J(0) +M(C:0K, Fs:0, WS:-4K # 0K, PF:-4K # 0K, P:-4K)
[14] 0.002107 +J(0)
[15] 0.000051 +J(0) +M(C:0K, Fs:0, WS:-8K # 0K, PF:-12K # 0K, P:-12K)
[16] 0.000008 +J(0).

Error: (09/20/2017 02:48:17 PM) (Source: ESENT) (EventID: 471) (User: )
Description: qmgr.dll (44576) QmgrDatabaseInstance: Unable to rollback operation #-75 on database C:\ProgramData\Microsoft\Network\Downloader\qmgr.db. Error: -510. All future database updates will be rejected.

Error: (09/20/2017 02:48:17 PM) (Source: ESENT) (EventID: 492) (User: )
Description: qmgr.dll (44576) QmgrDatabaseInstance: The logfile sequence in "C:\ProgramData\Microsoft\Network\Downloader\" has been halted due to a fatal error. No further updates are possible for the databases that use this logfile sequence. Please correct the problem and restart or restore from backup.

Error: (09/20/2017 02:48:17 PM) (Source: ESENT) (EventID: 413) (User: )
Description: qmgr.dll (44576) QmgrDatabaseInstance: Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

Error: (09/20/2017 02:48:17 PM) (Source: ESENT) (EventID: 488) (User: )
Description: qmgr.dll (44576) QmgrDatabaseInstance: An attempt to create the file "C:\ProgramData\Microsoft\Network\Downloader\edbtmp.log" failed with system error 80 (0x00000050): "The file exists. ". The create file operation will fail with error -1814 (0xfffff8ea).

Error: (09/20/2017 01:26:57 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.15063.608 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: f180

Start Time: 01d3318ab64cd811

Termination Time: 26

Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Report Id: c10bbc95-4aae-47a5-8732-fdb22ca360bc

Faulting package full name:

Faulting package-relative application ID:

Error: (09/20/2017 12:23:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1125

System errors:
=============
Error: (09/15/2017 09:07:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP Support Solutions Framework Service service terminated unexpectedly. It has done this 1 time(s).

Error: (09/13/2017 10:28:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The RealPlayer Update Service service terminated unexpectedly. It has done this 1 time(s).

Error: (09/13/2017 10:21:51 PM) (Source: DCOM) (EventID: 10001) (User: GLH-HP-I7)
Description: Unable to start a DCOM Server: Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy!CortanaUI as Unavailable/Unavailable. The error:
"15616"
Happened while starting this command:
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca

Error: (09/13/2017 10:21:48 PM) (Source: DCOM) (EventID: 10001) (User: GLH-HP-I7)
Description: Unable to start a DCOM Server: Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy!CortanaUI as Unavailable/Unavailable. The error:
"15616"
Happened while starting this command:
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca

Error: (09/13/2017 10:20:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The App Readiness service terminated unexpectedly. It has done this 1 time(s).

Error: (09/13/2017 10:19:49 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (09/13/2017 10:19:49 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (09/13/2017 10:03:17 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {B91D5831-B1BD-4608-8198-D72E155020F7} did not register with DCOM within the required timeout.

Error: (09/13/2017 09:58:38 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the RoxWatch15 service to connect.

Error: (09/13/2017 09:58:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ZeroConfigService service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

CodeIntegrity:
===================================
Date: 2017-09-20 22:45:27.644
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-09-20 22:45:27.642
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-09-20 22:43:06.460
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-09-20 22:43:06.452
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-09-20 22:41:58.599
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-09-20 22:41:58.596
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-09-20 22:41:18.944
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-09-20 22:41:18.942
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-09-20 22:38:32.016
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-09-20 22:38:32.013
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-5500U CPU @ 2.40GHz
Percentage of memory in use: 30%
Total physical RAM: 16306.27 MB
Available physical RAM: 11278.21 MB
Total Virtual: 18738.27 MB
Available Virtual: 9076.87 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:903.22 GB) (Free:284.61 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:26.38 GB) (Free:2.95 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 7B11232F)

Partition: GPT.

==================== End of Addition.txt ============================

glhglh · Sep 21, 2017

# AdwCleaner 7.0.2.1 - Logfile created on Thu Sep 21 06:10:11 2017
# Updated on 2017/29/08 by Malwarebytes
# Running on Windows 10 Home (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

No malicious folders deleted.

***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\cloudfront.net
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\d10lpsik1i8c69.cloudfront.net
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\d2m2wsoho8qq12.cloudfront.net
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\d3l3lkinz3f56t.cloudfront.net

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
:

refetch files deleted
::IE policies deleted
::Chrome policies deleted
::Additional Actions: 0

*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [3100 B] - [2016/10/22 23:55:8]
C:/AdwCleaner/AdwCleaner[C2].txt - [1640 B] - [2016/10/23 0:2:54]
C:/AdwCleaner/AdwCleaner[C3].txt - [1946 B] - [2017/3/16 2:34:40]
C:/AdwCleaner/AdwCleaner[C4].txt - [2165 B] - [2017/5/11 2:8:2]
C:/AdwCleaner/AdwCleaner[S0].txt - [1398 B] - [2015/6/13 4:19:6]
C:/AdwCleaner/AdwCleaner[S1].txt - [1201 B] - [2015/7/18 18:2:14]
C:/AdwCleaner/AdwCleaner[S2].txt - [3009 B] - [2016/10/22 23:52:42]
C:/AdwCleaner/AdwCleaner[S3].txt - [1739 B] - [2016/10/23 0:2:39]
C:/AdwCleaner/AdwCleaner[S4].txt - [1731 B] - [2016/10/23 0:8:25]
C:/AdwCleaner/AdwCleaner[S5].txt - [1964 B] - [2017/3/16 0:52:45]
C:/AdwCleaner/AdwCleaner[S6].txt - [1937 B] - [2017/3/17 2:45:37]
C:/AdwCleaner/AdwCleaner[S7].txt - [2183 B] - [2017/5/11 2:7:28]
C:/AdwCleaner/AdwCleaner[S8].txt - [2197 B] - [2017/9/21 6:7:23]

########## EOF - C:\AdwCleaner\AdwCleaner[C4].txt ##########

glhglh · Sep 21, 2017

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 9/20/17
Scan Time: 11:29 PM
Logfile:
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.103
Update Package Version: 1.0.2852
License: Free

-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: GLH-HP-I7\Gary

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 434275
Time Elapsed: 12 min, 35 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Disabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

(end)

Broni · Sep 21, 2017

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

====================================

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

Close all the running programs
Double click on downloaded setup.exe file to install the program.
Click on Start Scan button.
Click on another Start Scan button.
Wait until the Status box shows Scan Finished
Click on Remove Selected.
Wait until the Status box shows Deleting Finished.
Click on Report and copy/paste the content of the Notepad into your next reply.
RKreport.txt could also be found on your desktop.
If more than one log is produced post all logs.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

glhglh · Sep 22, 2017

RogueKiller V12.11.16.0 (x64) [Sep 18 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.15063) 64 bits version
Started in : Normal mode
User : Gary [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 09/21/2017 18:19:28 (Duration : 01:09:40)
Switches : -refid

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 4 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2403600405-3902123954-3795360202-1001\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.nytimes.com/?WT.z_jog=1&hF=f&vS=undefined -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2403600405-3902123954-3795360202-1001\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.nytimes.com/?WT.z_jog=1&hF=f&vS=undefined -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2403600405-3902123954-3795360202-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2403600405-3902123954-3795360202-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][Chrome:Config] Default [SecurePrefs] : session.startup_urls [http://www.nytimes.com/?WT.z_jog=1|...l=en|http://sellers.alibris.com/ops/index.cfm] -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST1000LM014-1EJ164-SSHD +++++
--- User ---
[MBR] 053768b0ac0f3622304d399de7b938a9
[BSP] 4e058b38c8e0b857edf29e8ef8f6d429 : Empty MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 650 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 1333248 | Size: 260 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1865728 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 2127872 | Size: 924896 MB
4 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 1896316928 | Size: 911 MB
5 - [SYSTEM] Basic data partition | Offset (sectors): 1898182656 | Size: 27017 MB
User = LL1 ... OK
User = LL2 ... OK

glhglh · Sep 22, 2017

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Home x64
Ran by Gary (Administrator) on Fri 09/22/2017 at 14:59:44.80
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 1

Successfully deleted: C:\ProgramData\mntemp (File)

Registry: 1

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 09/22/2017 at 15:01:49.20
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Broni · Sep 22, 2017

Two other logs?

glhglh · Sep 22, 2017

None of the items were checked. should I check them all?

glhglh · Sep 22, 2017

RogueKiller V12.11.16.0 (x64) [Sep 18 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.15063) 64 bits version
Started in : Normal mode
User : Gary [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 09/22/2017 19:49:28 (Duration : 01:08:02)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 4 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2403600405-3902123954-3795360202-1001\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.nytimes.com/?WT.z_jog=1&hF=f&vS=undefined -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2403600405-3902123954-3795360202-1001\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.nytimes.com/?WT.z_jog=1&hF=f&vS=undefined -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2403600405-3902123954-3795360202-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Replaced (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2403600405-3902123954-3795360202-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Replaced (1)

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][Chrome:Config] Default [SecurePrefs] : session.startup_urls [http://www.nytimes.com/?WT.z_jog=1|...l=en|http://sellers.alibris.com/ops/index.cfm] -> Deleted

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST1000LM014-1EJ164-SSHD +++++
--- User ---
[MBR] 053768b0ac0f3622304d399de7b938a9
[BSP] 4e058b38c8e0b857edf29e8ef8f6d429 : Empty MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 650 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 1333248 | Size: 260 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1865728 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 2127872 | Size: 924896 MB
4 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 1896316928 | Size: 911 MB
5 - [SYSTEM] Basic data partition | Offset (sectors): 1898182656 | Size: 27017 MB
User = LL1 ... OK
User = LL2 ... OK

glhglh · Sep 23, 2017

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Home x64
Ran by Gary (Administrator) on Fri 09/22/2017 at 21:00:29.15
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 0

Registry: 0

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 09/22/2017 at 21:02:39.76
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

???

two scans *rk & JRT, and two logs, are there more logs?

glhglh · Sep 23, 2017

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Home x64
Ran by Gary (Administrator) on Fri 09/22/2017 at 21:00:29.15
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 0

Registry: 0

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 09/22/2017 at 21:02:39.76
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Broni · Sep 23, 2017

Malwarebytes log?

glhglh · Sep 25, 2017

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 9/25/17
Scan Time: 1:08 PM
Logfile: mbam.txt
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.103
Update Package Version: 1.0.2884
License: Free

-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: GLH-HP-I7\Gary

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 435121
Time Elapsed: 10 min, 49 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Disabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

(end)

Broni · Sep 25, 2017

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

Double click to run it.
Make sure you checkmark Addition.txt box.
Press Scan button.
Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

glhglh · Sep 27, 2017

Frst 1:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-09-2017
Ran by Gary (administrator) on GLH-HP-I7 (26-09-2017 22:15:13)
Running from C:\Users\Gary\Desktop\Virus Files
Loaded Profiles: Gary (Available Profiles: Gary)
Platform: Windows 10 Home Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(HP) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(arvato digital services llc) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
() C:\Program Files\UCT\HDR Express 2\HDRExpress2Service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
() C:\Program Files\UCT\HDR Express 3\HDRExpress3Service.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hp\HP System Event\HPWMISVC.exe
(PostgreSQL Global Development Group) C:\PostgreSQL\9.3\bin\pg_ctl.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(PostgreSQL Global Development Group) C:\PostgreSQL\9.3\bin\postgres.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(PostgreSQL Global Development Group) C:\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\PostgreSQL\9.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\PostgreSQL\9.3\bin\postgres.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 7500 E910\Bin\ScanToPCActivationApp.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hp\HP System Event\HPMSGSVC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11708.1001.26.0_x64__8wekyb3d8bbwe\WinStore.App.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.16410.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17072.16431.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon-x64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Siber Systems Inc.) C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome-nm-host.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8497368 2015-08-14] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2473800 2014-09-08] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-07-14] (Apple Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3481912 2017-09-20] (Dropbox, Inc.)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [653576 2015-06-29] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [286784 2015-08-13] (RealNetworks, Inc.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [127528 2015-07-08] (Hewlett-Packard Company)
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [324976 2010-05-21] (Flexera Software, Inc.)
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Roxio Creator NXT Pro 3\Common\RoxWatchTray15.exe [295112 2014-09-26] (Corel Corporation)
HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [714992 2016-07-05] ()
HKU\S-1-5-21-2403600405-3902123954-3795360202-1001\...\Run: [HP Officejet 7500 E910 (NET)] => C:\Program Files\HP\HP Officejet 7500 E910\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2403600405-3902123954-3795360202-1001\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [603392 2015-08-26] (NETGEAR Inc.)
HKU\S-1-5-21-2403600405-3902123954-3795360202-1001\...\Run: [Google Update] => C:\Users\Gary\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-04-27] (Google Inc.)
HKU\S-1-5-21-2403600405-3902123954-3795360202-1001\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110376 2017-09-11] (Siber Systems)
HKU\S-1-5-21-2403600405-3902123954-3795360202-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Mystify.scr [150016 2017-03-18] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2015-08-13]
ShortcutTarget: RealTimes.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6edd252c-d2b6-4b01-8e0f-90f2a5c271d4}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp13.msn.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp13.msn.com
HKU\S-1-5-21-2403600405-3902123954-3795360202-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.nytimes.com/?WT.z_jog=1&hF=f&vS=undefined
HKU\S-1-5-21-2403600405-3902123954-3795360202-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2015-07-27] (RealDownloader)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2017-09-24] (Microsoft Corporation)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2017-09-11] (Siber Systems Inc.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-25] (Google Inc.)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-09-24] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2015-07-27] (RealDownloader)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2017-09-24] (Microsoft Corporation)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2017-09-11] (Siber Systems Inc.)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-07-25] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-25] (Google Inc.)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2017-09-24] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2017-09-11] (Siber Systems Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-25] (Google Inc.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2017-09-11] (Siber Systems Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-25] (Google Inc.)
Toolbar: HKU\S-1-5-21-2403600405-3902123954-3795360202-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-25] (Google Inc.)
Toolbar: HKU\S-1-5-21-2403600405-3902123954-3795360202-1001 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2017-09-11] (Siber Systems Inc.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-24] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-09-24] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-24] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-09-24] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-24] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-09-24] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-24] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-09-24] (Microsoft Corporation)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_130.dll [2017-09-14] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-09-24] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_130.dll [2017-09-14] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-09-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2017-09-24] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=18.0.2.59 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2015-08-13] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=18.0.2.59 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2015-08-13] (RealTimes)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-08-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2403600405-3902123954-3795360202-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin HKU\S-1-5-21-2403600405-3902123954-3795360202-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Gary\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxps://www.nytimes.com/","hxxps://www.facebook.com/donald.kumler/posts/10212734508309480?notif_id=1506484341157046&notif_t=close_friend_activity","hxxps://translate.google.com/?hl=en"
CHR Profile: C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default [2017-09-26]
CHR Extension: (Google Slides) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-11]
CHR Extension: (Google Docs) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-11]
CHR Extension: (Google Drive) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Cast) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2016-03-25]
CHR Extension: (Google Search) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Google Sheets) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-11]
CHR Extension: (Google Docs Offline) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
CHR Extension: (HP Network Check Launcher) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkfpchpiljkaemlpmpebnglgkomamfeo [2017-03-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-06]
CHR Extension: (Gmail) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-11]
CHR Extension: (Chrome Media Router) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-21]
CHR Extension: (RoboForm Password Manager) - C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2017-09-06]
CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2016-04-10]
CHR HKLM-x32\...\Chrome\Extension: [jkfpchpiljkaemlpmpebnglgkomamfeo] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2016-04-10]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269; C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [457960 2013-10-16] ()
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
S3 becldr3Service; C:\Program Files\BCL Technologies\easyConverter SDK 3\Common\becldr.exe [263168 2013-07-03] () [File not signed]
R2 BOT4Service; C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe [22760 2014-01-22] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4122824 2017-09-08] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-10-06] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-10-06] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51016 2017-09-20] (Dropbox, Inc.)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5738528 2014-11-07] (Fitbit, Inc.) [File not signed]
R2 HDRExpress2Service; C:\Program Files\UCT\HDR Express 2\HDRExpress2Service.exe [32888 2013-08-02] ()
R2 HDRExpress3Service; C:\Program Files\UCT\HDR Express 3\HDRExpress3Service.exe [32784 2014-10-23] ()
R2 hpsrv; C:\WINDOWS\system32\Hpservice.exe [38728 2016-10-12] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [321896 2017-07-06] (HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [602888 2015-06-29] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-23] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373720 2017-04-28] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation)
R2 jhi_service; C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223008 2015-07-06] (Intel Corporation)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-10-28] ()
S3 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2015-08-26] (NETGEAR)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-01] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-08] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19438920 2014-09-08] (NVIDIA Corporation)
R2 postgresql-x64-9.3; C:\PostgreSQL\9.3\bin\pg_ctl.exe [90624 2015-06-09] (PostgreSQL Global Development Group) [File not signed]
R2 PSI_SVC_2; c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2013-09-13] (arvato digital services llc)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)
S2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [32880 2015-07-27] ()
R2 RealTimes Desktop Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1115736 2015-08-13] (RealNetworks, Inc.)
S3 RoxMediaDB15; C:\Program Files (x86)\Roxio Creator NXT Pro 3\Common\RoxMediaDB15.exe [1097928 2014-09-26] (Corel Corporation)
S2 RoxWatch15; C:\Program Files (x86)\Roxio Creator NXT Pro 3\Common\RoxWatch15.exe [342216 2014-09-26] (Corel Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [294616 2015-08-14] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [266848 2016-12-27] (Synaptics Incorporated)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [44544 2015-03-03] (Synaptics Incorporated) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-19] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3831712 2015-10-28] (Intel® Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Accelerometer; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [56128 2016-10-12] (HP)
S3 aswTap; C:\WINDOWS\system32\DRIVERS\aswTap.sys [44640 2014-09-05] (The OpenVPN Project)
R0 hpdskflt; C:\WINDOWS\System32\DRIVERS\hpdskflt.sys [42312 2016-10-12] (HP)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [230656 2017-03-09] (Intel Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251832 2017-09-20] (Malwarebytes)
R1 MpKsl395030fb; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C117CFA7-4BF5-4D9D-86EE-FF2479108B35}\MpKsl395030fb.sys [44928 2017-09-25] (Microsoft Corporation)
R1 MpKsla00bebaf; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C117CFA7-4BF5-4D9D-86EE-FF2479108B35}\MpKsla00bebaf.sys [44928 2017-09-25] (Microsoft Corporation)
R1 MpKsla3a7c0d9; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BB846200-1AC7-4339-A10F-2EFBA1204BB4}\MpKsla3a7c0d9.sys [44928 2017-09-26] (Microsoft Corporation)
R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3509512 2015-11-05] (Intel Corporation)
R2 NPF; C:\WINDOWS\system32\drivers\npf.sys [35344 2015-10-14] (CACE Technologies, Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvhmwu.inf_amd64_a2527a6474fd95b3\nvlddmkm.sys [14456920 2017-05-18] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-09-08] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
R0 PxHlpa64; C:\WINDOWS\System32\drivers\PxHlpa64.sys [56336 2013-07-19] (Corel Corporation)
R1 RrNetCapFilterDriver; C:\WINDOWS\system32\DRIVERS\RrNetCapFilterDriver.sys [25256 2015-07-29] (Audials AG)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [886528 2015-08-14] (Realtek )
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [751632 2015-05-14] (Realsil Semiconductor Corporation)
R0 Sahdad64; C:\WINDOWS\System32\Drivers\Sahdad64.sys [28304 2013-10-16] (Corel Corporation)
R0 Saibad64; C:\WINDOWS\System32\Drivers\Saibad64.sys [20112 2013-10-16] (Corel Corporation)
R1 SaibVdAd64; C:\WINDOWS\System32\Drivers\SaibVdAd64.sys [27792 2013-10-16] (Corel Corporation)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [30448 2014-06-16] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [72792 2016-12-27] (Synaptics Incorporated)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30384 2015-06-23] (HP Inc.)
R3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [49896 2016-07-22] (Microsoft Corporation)

glhglh · Sep 27, 2017

Frist 2

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-26 21:23 - 2017-09-26 21:23 - 000064569 _____ C:\WINDOWS\SysWOW64\rsslogs.20170926212329
2017-09-26 13:25 - 2017-09-26 21:23 - 000582353 _____ C:\WINDOWS\SysWOW64\rsslogs.20170926132437
2017-09-26 13:23 - 2017-09-26 13:24 - 002096396 _____ C:\WINDOWS\Minidump\092617-22781-01.dmp
2017-09-25 21:34 - 2017-09-25 21:34 - 000099844 _____ C:\WINDOWS\SysWOW64\rsslogs.20170925213454
2017-09-25 13:56 - 2017-09-25 13:56 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2017-09-25 13:36 - 2017-09-25 21:34 - 000581887 _____ C:\WINDOWS\SysWOW64\rsslogs.20170925133550
2017-09-25 07:11 - 2017-09-25 07:11 - 000232713 _____ C:\WINDOWS\SysWOW64\rsslogs.20170925071038
2017-09-24 07:11 - 2017-09-25 07:11 - 001149963 _____ C:\WINDOWS\SysWOW64\rsslogs.20170924071038
2017-09-23 09:52 - 2017-09-24 07:11 - 001459322 _____ C:\WINDOWS\SysWOW64\rsslogs.20170923095136
2017-09-22 15:01 - 2017-09-22 21:02 - 000000554 _____ C:\Users\Gary\Desktop\JRT.txt
2017-09-22 14:55 - 2017-09-23 09:52 - 000514200 _____ C:\WINDOWS\SysWOW64\rsslogs.20170922145407
2017-09-21 19:26 - 2017-09-21 19:26 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-09-21 18:18 - 2017-09-22 19:47 - 000000940 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-09-21 17:22 - 2017-09-22 14:55 - 000362990 _____ C:\WINDOWS\SysWOW64\rsslogs.20170921172145
2017-09-20 23:12 - 2017-09-21 17:22 - 000041413 _____ C:\WINDOWS\SysWOW64\rsslogs.20170920231125
2017-09-20 12:04 - 2017-09-20 12:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-09-20 11:59 - 2017-09-20 23:09 - 000788175 _____ C:\WINDOWS\SysWOW64\rsslogs.20170920115903
2017-09-20 04:28 - 2017-09-20 04:28 - 000051016 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-09-20 04:28 - 2017-09-20 04:28 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-09-20 04:28 - 2017-09-20 04:28 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-09-20 04:28 - 2017-09-20 04:28 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-09-19 13:21 - 2017-09-20 11:59 - 000571273 _____ C:\WINDOWS\SysWOW64\rsslogs.20170919132012
2017-09-18 05:57 - 2017-09-19 13:21 - 001145070 _____ C:\WINDOWS\SysWOW64\rsslogs.20170918055727
2017-09-17 11:13 - 2017-09-18 05:57 - 001369106 _____ C:\WINDOWS\SysWOW64\rsslogs.20170917111229
2017-09-16 12:52 - 2017-09-17 11:13 - 000020716 _____ C:\WINDOWS\SysWOW64\rsslogs.20170916125123
2017-09-15 13:29 - 2017-09-16 12:52 - 000582012 _____ C:\WINDOWS\SysWOW64\rsslogs.20170915132856
2017-09-14 05:58 - 2017-09-15 13:29 - 001168286 _____ C:\WINDOWS\SysWOW64\rsslogs.20170914055724
2017-09-13 21:22 - 2017-09-04 22:30 - 000287648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-09-13 21:22 - 2017-09-04 22:21 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-09-13 21:22 - 2017-09-04 22:18 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-09-13 21:22 - 2017-09-04 22:16 - 000546208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-09-13 21:22 - 2017-09-04 22:12 - 001409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-09-13 21:22 - 2017-09-04 22:12 - 001292880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-09-13 21:22 - 2017-09-04 22:12 - 000627080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-09-13 21:22 - 2017-09-04 22:12 - 000081176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2017-09-13 21:22 - 2017-09-04 22:11 - 002675104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-09-13 21:22 - 2017-09-04 21:53 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-09-13 21:22 - 2017-09-04 21:52 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-09-13 21:22 - 2017-09-04 21:50 - 004330920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll
2017-09-13 21:22 - 2017-09-04 21:46 - 004471888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-09-13 21:22 - 2017-09-04 21:45 - 005821496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-09-13 21:22 - 2017-09-04 21:45 - 002476712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-09-13 21:22 - 2017-09-04 21:45 - 002166808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-09-13 21:22 - 2017-09-04 21:45 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-09-13 21:22 - 2017-09-04 21:45 - 000085784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialUIBroker.exe
2017-09-13 21:22 - 2017-09-04 21:44 - 000569264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2017-09-13 21:22 - 2017-09-04 21:43 - 000611096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-09-13 21:22 - 2017-09-04 21:43 - 000359560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-09-13 21:22 - 2017-09-04 21:43 - 000280480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-09-13 21:22 - 2017-09-04 21:43 - 000169376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-09-13 21:22 - 2017-09-04 21:43 - 000042456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbs.dll
2017-09-13 21:22 - 2017-09-04 21:42 - 002330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-09-13 21:22 - 2017-09-04 21:42 - 000703056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-09-13 21:22 - 2017-09-04 21:42 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-09-13 21:22 - 2017-09-04 21:42 - 000291904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
2017-09-13 21:22 - 2017-09-04 21:42 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-09-13 21:22 - 2017-09-04 21:41 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-09-13 21:22 - 2017-09-04 21:41 - 006761560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-09-13 21:22 - 2017-09-04 21:41 - 004671832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-09-13 21:22 - 2017-09-04 21:41 - 001106904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2017-09-13 21:22 - 2017-09-04 21:41 - 001013912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2017-09-13 21:22 - 2017-09-04 21:40 - 000052768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2017-09-13 21:22 - 2017-09-04 21:37 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-09-13 21:22 - 2017-09-04 21:28 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2017-09-13 21:22 - 2017-09-04 21:28 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\buttonconverter.sys
2017-09-13 21:22 - 2017-09-04 21:27 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-09-13 21:22 - 2017-09-04 21:27 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2017-09-13 21:22 - 2017-09-04 21:26 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-09-13 21:22 - 2017-09-04 21:26 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-09-13 21:22 - 2017-09-04 21:26 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2017-09-13 21:22 - 2017-09-04 21:26 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2017-09-13 21:22 - 2017-09-04 21:26 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-09-13 21:22 - 2017-09-04 21:25 - 013844480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-09-13 21:22 - 2017-09-04 21:25 - 001448960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-09-13 21:22 - 2017-09-04 21:25 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-09-13 21:22 - 2017-09-04 21:25 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-09-13 21:22 - 2017-09-04 21:24 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-09-13 21:22 - 2017-09-04 21:24 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcrecovery.dll
2017-09-13 21:22 - 2017-09-04 21:24 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-09-13 21:22 - 2017-09-04 21:23 - 020509184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-09-13 21:22 - 2017-09-04 21:23 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2017-09-13 21:22 - 2017-09-04 21:23 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-09-13 21:22 - 2017-09-04 21:22 - 000742912 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2017-09-13 21:22 - 2017-09-04 21:22 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2017-09-13 21:22 - 2017-09-04 21:22 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2017-09-13 21:22 - 2017-09-04 21:22 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2017-09-13 21:22 - 2017-09-04 21:22 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-09-13 21:22 - 2017-09-04 21:22 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-09-13 21:22 - 2017-09-04 21:22 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-09-13 21:22 - 2017-09-04 21:21 - 006728704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-09-13 21:22 - 2017-09-04 21:21 - 001178624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2017-09-13 21:22 - 2017-09-04 21:21 - 000408576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2017-09-13 21:22 - 2017-09-04 21:21 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll
2017-09-13 21:22 - 2017-09-04 21:21 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2017-09-13 21:22 - 2017-09-04 21:21 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-09-13 21:22 - 2017-09-04 21:21 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.exe
2017-09-13 21:22 - 2017-09-04 21:20 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-09-13 21:22 - 2017-09-04 21:20 - 000370176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-09-13 21:22 - 2017-09-04 21:19 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-09-13 21:22 - 2017-09-04 21:19 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-09-13 21:22 - 2017-09-04 21:19 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.dll
2017-09-13 21:22 - 2017-09-04 21:19 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2017-09-13 21:22 - 2017-09-04 21:19 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput.dll
2017-09-13 21:22 - 2017-09-04 21:19 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-09-13 21:22 - 2017-09-04 21:19 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-09-13 21:22 - 2017-09-04 21:18 - 000524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2017-09-13 21:22 - 2017-09-04 21:18 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2017-09-13 21:22 - 2017-09-04 21:18 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-09-13 21:22 - 2017-09-04 21:18 - 000452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasplap.dll
2017-09-13 21:22 - 2017-09-04 21:18 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-09-13 21:22 - 2017-09-04 21:18 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput8.dll
2017-09-13 21:22 - 2017-09-04 21:18 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasman.dll
2017-09-13 21:22 - 2017-09-04 21:17 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-09-13 21:22 - 2017-09-04 21:17 - 008207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-09-13 21:22 - 2017-09-04 21:17 - 000918528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2017-09-13 21:22 - 2017-09-04 21:17 - 000852480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasgcw.dll
2017-09-13 21:22 - 2017-09-04 21:17 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2017-09-13 21:22 - 2017-09-04 21:17 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2017-09-13 21:22 - 2017-09-04 21:16 - 005961728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-09-13 21:22 - 2017-09-04 21:16 - 000844288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2017-09-13 21:22 - 2017-09-04 21:16 - 000563200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2017-09-13 21:22 - 2017-09-04 21:16 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-09-13 21:22 - 2017-09-04 21:16 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-09-13 21:22 - 2017-09-04 21:16 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll
2017-09-13 21:22 - 2017-09-04 21:15 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-09-13 21:22 - 2017-09-04 21:15 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-09-13 21:22 - 2017-09-04 21:15 - 000657408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-09-13 21:22 - 2017-09-04 21:15 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-09-13 21:22 - 2017-09-04 21:15 - 000430592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-09-13 21:22 - 2017-09-04 21:15 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll
2017-09-13 21:22 - 2017-09-04 21:14 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-09-13 21:22 - 2017-09-04 21:14 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-09-13 21:22 - 2017-09-04 21:14 - 000754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-09-13 21:22 - 2017-09-04 21:14 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-09-13 21:22 - 2017-09-04 21:14 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2017-09-13 21:22 - 2017-09-04 21:13 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-09-13 21:22 - 2017-09-04 21:13 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-09-13 21:22 - 2017-09-04 21:12 - 006265856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-09-13 21:22 - 2017-09-04 21:12 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-09-13 21:22 - 2017-09-04 21:12 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-09-13 21:22 - 2017-09-04 21:12 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-09-13 21:22 - 2017-09-04 21:11 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-09-13 21:22 - 2017-09-04 21:11 - 003654656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-09-13 21:22 - 2017-09-04 21:11 - 001463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-09-13 21:22 - 2017-09-04 21:11 - 001355264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2017-09-13 21:22 - 2017-09-04 21:11 - 001060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2017-09-13 21:22 - 2017-09-04 21:11 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-09-13 21:22 - 2017-09-04 21:11 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-09-13 21:22 - 2017-09-04 21:10 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-09-13 21:22 - 2017-09-04 21:10 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-09-13 21:22 - 2017-09-04 21:10 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-09-13 21:22 - 2017-09-04 21:10 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthHFSrv.dll
2017-09-13 21:22 - 2017-09-04 21:06 - 000221696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
2017-09-13 21:22 - 2017-09-04 21:06 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-09-13 21:22 - 2017-09-04 21:04 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RstrtMgr.dll
2017-09-13 21:22 - 2017-09-04 21:04 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2017-09-13 21:21 - 2017-09-04 22:31 - 001596592 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-09-13 21:21 - 2017-09-04 22:31 - 001346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-09-13 21:21 - 2017-09-04 22:31 - 001147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-09-13 21:21 - 2017-09-04 22:31 - 001024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-09-13 21:21 - 2017-09-04 22:31 - 000821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-09-13 21:21 - 2017-09-04 22:31 - 000750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-09-13 21:21 - 2017-09-04 22:31 - 000115792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2017-09-13 21:21 - 2017-09-04 22:27 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-09-13 21:21 - 2017-09-04 22:27 - 000136096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-09-13 21:21 - 2017-09-04 22:26 - 008319904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-09-13 21:21 - 2017-09-04 22:26 - 001930840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-09-13 21:21 - 2017-09-04 22:25 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-09-13 21:21 - 2017-09-04 22:25 - 000159648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2017-09-13 21:21 - 2017-09-04 22:24 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-09-13 21:21 - 2017-09-04 22:24 - 000519584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2017-09-13 21:21 - 2017-09-04 22:23 - 004462120 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
2017-09-13 21:21 - 2017-09-04 22:23 - 001242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-09-13 21:21 - 2017-09-04 22:20 - 001057824 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2017-09-13 21:21 - 2017-09-04 22:19 - 004848960 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-09-13 21:21 - 2017-09-04 22:19 - 002443168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-09-13 21:21 - 2017-09-04 22:18 - 007326128 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-09-13 21:21 - 2017-09-04 22:18 - 005477096 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-09-13 21:21 - 2017-09-04 22:18 - 002972552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2017-09-13 21:21 - 2017-09-04 22:18 - 002647224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-09-13 21:21 - 2017-09-04 22:18 - 001668344 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2017-09-13 21:21 - 2017-09-04 22:18 - 000685512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2017-09-13 21:21 - 2017-09-04 22:18 - 000212384 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-09-13 21:21 - 2017-09-04 22:17 - 000316320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-09-13 21:21 - 2017-09-04 22:16 - 001320344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-09-13 21:21 - 2017-09-04 22:16 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-09-13 21:21 - 2017-09-04 22:16 - 000724200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-09-13 21:21 - 2017-09-04 22:16 - 000715168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-09-13 21:21 - 2017-09-04 22:16 - 000410168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-09-13 21:21 - 2017-09-04 22:16 - 000228256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-09-13 21:21 - 2017-09-04 22:16 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-09-13 21:21 - 2017-09-04 22:16 - 000049720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbs.dll
2017-09-13 21:21 - 2017-09-04 22:15 - 003116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-09-13 21:21 - 2017-09-04 22:15 - 000871448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-09-13 21:21 - 2017-09-04 22:15 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-09-13 21:21 - 2017-09-04 22:15 - 000381824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2017-09-13 21:21 - 2017-09-04 22:15 - 000257440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-09-13 21:21 - 2017-09-04 22:14 - 021352656 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-09-13 21:21 - 2017-09-04 22:14 - 007907344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-09-13 21:21 - 2017-09-04 22:14 - 004708504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-09-13 21:21 - 2017-09-04 22:14 - 001146176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2017-09-13 21:21 - 2017-09-04 22:14 - 000958664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2017-09-13 21:21 - 2017-09-04 22:14 - 000254176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-09-13 21:21 - 2017-09-04 22:14 - 000094624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-09-13 21:21 - 2017-09-04 22:13 - 001619816 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-09-13 21:21 - 2017-09-04 22:13 - 000064680 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2017-09-13 21:21 - 2017-09-04 22:11 - 000610720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2017-09-13 21:21 - 2017-09-04 22:11 - 000387936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-09-13 21:21 - 2017-09-04 21:53 - 001620880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-09-13 21:21 - 2017-09-04 21:45 - 023679488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-09-13 21:21 - 2017-09-04 21:31 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-09-13 21:21 - 2017-09-04 21:30 - 001639936 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-09-13 21:21 - 2017-09-04 21:30 - 001275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-09-13 21:21 - 2017-09-04 21:30 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-09-13 21:21 - 2017-09-04 21:30 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-09-13 21:21 - 2017-09-04 21:30 - 000447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-09-13 21:21 - 2017-09-04 21:30 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-09-13 21:21 - 2017-09-04 21:30 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-09-13 21:21 - 2017-09-04 21:30 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrvext.dll
2017-09-13 21:21 - 2017-09-04 21:30 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-09-13 21:21 - 2017-09-04 21:29 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrPS.dll
2017-09-13 21:21 - 2017-09-04 21:28 - 017371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-09-13 21:21 - 2017-09-04 21:28 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-09-13 21:21 - 2017-09-04 21:27 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-09-13 21:21 - 2017-09-04 21:27 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\CfgSPCellular.dll
2017-09-13 21:21 - 2017-09-04 21:27 - 000131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAPNCsp.dll
2017-09-13 21:21 - 2017-09-04 21:27 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-09-13 21:21 - 2017-09-04 21:27 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\datamarketsvc.dll
2017-09-13 21:21 - 2017-09-04 21:27 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2017-09-13 21:21 - 2017-09-04 21:27 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-09-13 21:21 - 2017-09-04 21:26 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2017-09-13 21:21 - 2017-09-04 21:26 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\csplte.dll
2017-09-13 21:21 - 2017-09-04 21:26 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2017-09-13 21:21 - 2017-09-04 21:26 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2017-09-13 21:21 - 2017-09-04 21:26 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-09-13 21:21 - 2017-09-04 21:26 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.exe
2017-09-13 21:21 - 2017-09-04 21:26 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnpinst.exe
2017-09-13 21:21 - 2017-09-04 21:25 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-09-13 21:21 - 2017-09-04 21:25 - 000527872 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-09-13 21:21 - 2017-09-04 21:25 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-09-13 21:21 - 2017-09-04 21:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-09-13 21:21 - 2017-09-04 21:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nsiproxy.sys
2017-09-13 21:21 - 2017-09-04 21:24 - 000457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2017-09-13 21:21 - 2017-09-04 21:24 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\tpmvsc.dll
2017-09-13 21:21 - 2017-09-04 21:24 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.dll
2017-09-13 21:21 - 2017-09-04 21:24 - 000334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-09-13 21:21 - 2017-09-04 21:24 - 000274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2017-09-13 21:21 - 2017-09-04 21:24 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput.dll
2017-09-13 21:21 - 2017-09-04 21:24 - 000109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2017-09-13 21:21 - 2017-09-04 21:23 - 000739840 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2017-09-13 21:21 - 2017-09-04 21:23 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-09-13 21:21 - 2017-09-04 21:23 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-09-13 21:21 - 2017-09-04 21:23 - 000305152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2017-09-13 21:21 - 2017-09-04 21:23 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-09-13 21:21 - 2017-09-04 21:23 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2017-09-13 21:21 - 2017-09-04 21:23 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasman.dll
2017-09-13 21:21 - 2017-09-04 21:22 - 023684608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-09-13 21:21 - 2017-09-04 21:22 - 000556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-09-13 21:21 - 2017-09-04 21:22 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-09-13 21:21 - 2017-09-04 21:22 - 000477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasplap.dll
2017-09-13 21:21 - 2017-09-04 21:22 - 000413184 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2017-09-13 21:21 - 2017-09-04 21:22 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-09-13 21:21 - 2017-09-04 21:22 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll

glhglh · Sep 27, 2017

2017-09-13 21:21 - 2017-09-04 21:22 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-09-13 21:21 - 2017-09-04 21:22 - 000213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput8.dll
2017-09-13 21:21 - 2017-09-04 21:22 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetpp.dll
2017-09-13 21:21 - 2017-09-04 21:21 - 001051136 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2017-09-13 21:21 - 2017-09-04 21:21 - 000946688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasgcw.dll
2017-09-13 21:21 - 2017-09-04 21:21 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2017-09-13 21:21 - 2017-09-04 21:21 - 000691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2017-09-13 21:21 - 2017-09-04 21:21 - 000422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-09-13 21:21 - 2017-09-04 21:20 - 007337472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-09-13 21:21 - 2017-09-04 21:20 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-09-13 21:21 - 2017-09-04 21:20 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-09-13 21:21 - 2017-09-04 21:20 - 000546816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-09-13 21:21 - 2017-09-04 21:20 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-09-13 21:21 - 2017-09-04 21:20 - 000282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2017-09-13 21:21 - 2017-09-04 21:20 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-09-13 21:21 - 2017-09-04 21:19 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-09-13 21:21 - 2017-09-04 21:19 - 001085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-09-13 21:21 - 2017-09-04 21:19 - 001028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-09-13 21:21 - 2017-09-04 21:19 - 000996864 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2017-09-13 21:21 - 2017-09-04 21:19 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-09-13 21:21 - 2017-09-04 21:19 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-09-13 21:21 - 2017-09-04 21:19 - 000243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2017-09-13 21:21 - 2017-09-04 21:18 - 012801536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-09-13 21:21 - 2017-09-04 21:18 - 004175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-09-13 21:21 - 2017-09-04 21:18 - 002078720 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-09-13 21:21 - 2017-09-04 21:18 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-09-13 21:21 - 2017-09-04 21:18 - 000921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2017-09-13 21:21 - 2017-09-04 21:18 - 000874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-09-13 21:21 - 2017-09-04 21:18 - 000864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-09-13 21:21 - 2017-09-04 21:18 - 000832000 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe
2017-09-13 21:21 - 2017-09-04 21:18 - 000803328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-09-13 21:21 - 2017-09-04 21:18 - 000752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-09-13 21:21 - 2017-09-04 21:18 - 000564736 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2017-09-13 21:21 - 2017-09-04 21:18 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-09-13 21:21 - 2017-09-04 21:18 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-09-13 21:21 - 2017-09-04 21:18 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-09-13 21:21 - 2017-09-04 21:18 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-09-13 21:21 - 2017-09-04 21:17 - 002765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-09-13 21:21 - 2017-09-04 21:17 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-09-13 21:21 - 2017-09-04 21:17 - 001397760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-09-13 21:21 - 2017-09-04 21:17 - 000757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2017-09-13 21:21 - 2017-09-04 21:16 - 002805248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-09-13 21:21 - 2017-09-04 21:16 - 002680320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2017-09-13 21:21 - 2017-09-04 21:16 - 000440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll
2017-09-13 21:21 - 2017-09-04 21:16 - 000397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2017-09-13 21:21 - 2017-09-04 21:15 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-09-13 21:21 - 2017-09-04 21:15 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-09-13 21:21 - 2017-09-04 21:15 - 003059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-09-13 21:21 - 2017-09-04 21:15 - 002503680 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-09-13 21:21 - 2017-09-04 21:15 - 002055680 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-09-13 21:21 - 2017-09-04 21:15 - 001736704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2017-09-13 21:21 - 2017-09-04 21:15 - 001460224 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-09-13 21:21 - 2017-09-04 21:15 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-09-13 21:21 - 2017-09-04 21:15 - 001143296 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-09-13 21:21 - 2017-09-04 21:15 - 001077248 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-09-13 21:21 - 2017-09-04 21:15 - 000706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-09-13 21:21 - 2017-09-04 21:15 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-09-13 21:21 - 2017-09-04 21:15 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-09-13 21:21 - 2017-09-04 21:14 - 011887104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-09-13 21:21 - 2017-09-04 21:14 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-09-13 21:21 - 2017-09-04 21:14 - 002445824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-09-13 21:21 - 2017-09-04 21:14 - 002177024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2017-09-13 21:21 - 2017-09-04 21:14 - 002006528 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2017-09-13 21:21 - 2017-09-04 21:14 - 001657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2017-09-13 21:21 - 2017-09-04 21:14 - 001583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-09-13 21:21 - 2017-09-04 21:14 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-09-13 21:21 - 2017-09-04 21:14 - 000827904 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-09-13 21:21 - 2017-09-04 21:14 - 000810496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-09-13 21:21 - 2017-09-04 21:13 - 002009600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-09-13 21:21 - 2017-09-04 21:13 - 001802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-09-13 21:21 - 2017-09-04 21:13 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-09-13 21:21 - 2017-09-04 21:12 - 002153984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2017-09-13 21:21 - 2017-09-04 21:11 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2017-09-13 21:21 - 2017-09-04 21:09 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
2017-09-13 21:21 - 2017-09-04 21:07 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RstrtMgr.dll
2017-09-13 21:21 - 2017-09-04 21:07 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-09-13 21:21 - 2017-09-04 21:06 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-09-13 21:21 - 2017-08-31 22:55 - 000031932 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-09-13 21:15 - 2017-09-13 21:15 - 000002856 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2017-09-13 21:15 - 2017-09-13 21:15 - 000000904 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-09-13 21:15 - 2017-09-13 21:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-09-13 21:15 - 2017-09-13 21:15 - 000000000 ____D C:\Program Files\CCleaner
2017-09-13 20:25 - 2017-09-26 13:23 - 1319462300 _____ C:\WINDOWS\MEMORY.DMP
2017-09-13 20:25 - 2017-09-26 13:23 - 000000000 ____D C:\WINDOWS\Minidump
2017-09-13 20:25 - 2017-09-13 20:27 - 001982660 _____ C:\WINDOWS\Minidump\091317-20703-01.dmp
2017-09-02 14:30 - 2017-09-26 21:45 - 000003236 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForGary
2017-09-02 14:30 - 2017-09-26 21:45 - 000000348 _____ C:\WINDOWS\Tasks\HPCeeScheduleForGary.job
2017-08-28 10:09 - 2017-08-28 10:09 - 000001863 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-08-28 10:09 - 2017-08-28 10:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-08-28 10:08 - 2017-08-28 10:09 - 000000000 ____D C:\Program Files\iTunes
2017-08-28 10:08 - 2017-08-28 10:08 - 000000000 ____D C:\Program Files\iPod

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-26 22:15 - 2016-02-28 16:13 - 000000000 ____D C:\FRST
2017-09-26 22:15 - 2016-02-28 15:59 - 000000000 ____D C:\Users\Gary\Desktop\Virus Files
2017-09-26 22:14 - 2017-05-09 21:02 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-09-26 19:45 - 2017-05-09 21:41 - 000004154 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{7448B62C-9E8A-4939-9545-ED4482A418AD}
2017-09-26 13:42 - 2017-03-18 14:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-09-26 13:42 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-09-26 13:41 - 2015-06-13 19:36 - 000000000 ____D C:\Program Files\Microsoft Office
2017-09-26 13:31 - 2017-05-09 21:07 - 001355112 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-09-26 13:26 - 2017-05-09 21:09 - 000000000 ____D C:\Users\Gary
2017-09-26 13:26 - 2017-05-09 21:06 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-09-26 13:26 - 2015-06-11 17:05 - 000000000 __SHD C:\Users\Gary\IntelGraphicsProfiles
2017-09-26 13:24 - 2017-05-09 21:07 - 000000000 ____D C:\ProgramData\NVIDIA
2017-09-26 13:23 - 2017-05-09 21:41 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-09-26 13:23 - 2017-05-09 21:07 - 000000000 ____D C:\ProgramData\Validity
2017-09-25 19:23 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-09-25 19:23 - 2017-03-18 14:01 - 000000000 ____D C:\WINDOWS\INF
2017-09-25 13:58 - 2017-03-18 14:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-09-25 13:56 - 2017-03-18 14:03 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-09-25 13:36 - 2017-05-09 21:02 - 000574888 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-09-22 19:47 - 2017-03-16 17:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-09-22 19:47 - 2017-03-16 17:21 - 000000000 ____D C:\Program Files\RogueKiller
2017-09-22 15:03 - 2015-11-04 19:52 - 000000000 ____D C:\Users\Gary\AppData\Local\CrashDumps
2017-09-21 18:19 - 2017-03-16 17:36 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-09-21 17:23 - 2015-06-11 18:56 - 000002313 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-09-20 23:28 - 2017-03-15 20:13 - 000251832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-09-20 23:26 - 2015-06-12 21:17 - 000000000 ____D C:\AdwCleaner
2017-09-20 23:10 - 2017-03-18 04:40 - 002097152 _____ C:\WINDOWS\system32\config\BBI
2017-09-20 12:04 - 2014-11-12 00:46 - 000000000 ____D C:\Program Files (x86)\Dropbox
2017-09-17 11:21 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\rescache
2017-09-14 21:25 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-09-14 21:25 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-09-14 14:30 - 2015-06-11 17:50 - 000000000 ___RD C:\Dropbox
2017-09-13 22:20 - 2015-06-11 23:43 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-09-13 21:55 - 2017-03-18 14:03 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-09-13 21:55 - 2017-03-18 14:03 - 000000000 ___SD C:\WINDOWS\system32\F12
2017-09-13 21:55 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2017-09-13 21:55 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-09-13 21:55 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\system32\setup
2017-09-13 21:55 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-09-13 21:55 - 2017-03-18 14:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-09-13 21:55 - 2017-03-18 14:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-09-13 21:41 - 2015-06-11 21:43 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-09-13 21:37 - 2015-06-11 21:43 - 138202976 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-09-13 21:36 - 2017-03-18 13:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-09-11 13:37 - 2015-06-11 17:05 - 000000000 ____D C:\Users\Gary\AppData\Local\Packages
2017-09-11 11:52 - 2015-06-11 17:36 - 000000924 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2017-09-11 11:52 - 2015-06-11 17:36 - 000000920 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2017-09-11 11:47 - 2017-05-09 21:41 - 000004202 _____ C:\WINDOWS\System32\Tasks\Open URL by RoboForm
2017-09-11 11:47 - 2017-05-09 21:41 - 000003678 _____ C:\WINDOWS\System32\Tasks\Run RoboForm TaskBar Icon
2017-09-11 11:47 - 2016-04-10 14:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
2017-09-11 11:47 - 2015-06-11 19:03 - 000000000 ____D C:\Users\Gary\AppData\Roaming\RoboForm
2017-09-06 16:31 - 2015-07-20 10:29 - 000000000 ____D C:\Program Files (x86)\PlayersOnly
2017-09-06 15:33 - 2015-07-22 14:30 - 000000000 ____D C:\Program Files (x86)\PokerTracker 4
2017-09-02 08:15 - 2017-03-18 14:06 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-09-02 08:15 - 2017-03-18 14:06 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-08-31 15:22 - 2017-05-09 21:41 - 000003984 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2017-08-31 15:22 - 2017-05-09 21:41 - 000003752 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore

==================== Files in the root of some directories =======

2017-03-30 16:11 - 2017-03-30 16:11 - 000004995 _____ () C:\ProgramData\flwjycbm.bab
2017-07-04 18:32 - 2017-07-04 18:33 - 000000369 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

Some files in TEMP:
====================
2017-09-21 18:19 - 2017-09-04 22:26 - 001930840 _____ (Microsoft Corporation) C:\Users\Gary\AppData\Local\Temp\dllnt_dump.dll
2017-07-02 14:26 - 2017-07-02 14:26 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo1128716736120984894.dll
2017-08-20 13:52 - 2017-08-20 13:52 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo1185994884251480055.dll
2017-07-15 12:01 - 2017-07-15 12:01 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo1491096867797644175.dll
2017-06-05 12:29 - 2017-06-05 12:29 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo153054027379585416.dll
2017-05-29 18:28 - 2017-05-29 18:28 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo1561345372663756916.dll
2017-07-21 19:38 - 2017-07-21 19:38 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo2024714246969511761.dll
2017-07-25 13:38 - 2017-07-25 13:38 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo2472413089026195962.dll
2017-06-22 18:43 - 2017-06-22 18:43 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo2502458910472016515.dll
2017-06-07 10:13 - 2017-06-07 10:13 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo2538183489741080225.dll
2017-07-24 12:35 - 2017-07-24 12:35 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo258110524934299212.dll
2017-07-02 12:09 - 2017-07-02 12:09 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo2974122502050258248.dll
2017-07-09 11:44 - 2017-07-09 11:44 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo2979912673764321384.dll
2017-07-13 13:06 - 2017-07-13 13:06 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo3054743838578008087.dll
2017-05-20 13:40 - 2017-05-20 13:40 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo3245360875198374731.dll
2017-07-27 15:39 - 2017-07-27 15:39 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo3388391011747693981.dll
2017-05-22 18:15 - 2017-05-22 18:15 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo3434674155159723301.dll
2017-05-29 11:23 - 2017-05-29 11:23 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo3579157665354429070.dll
2017-07-02 19:24 - 2017-07-02 19:24 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo3618998181673647516.dll
2017-09-06 15:36 - 2017-09-06 15:36 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo3727372090349535255.dll
2017-05-27 12:26 - 2017-05-27 12:26 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo3743427441832958526.dll
2017-06-01 14:02 - 2017-06-01 14:02 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo3961472310719402037.dll
2017-05-23 17:22 - 2017-05-23 17:22 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo4399265340766192970.dll
2017-07-06 13:49 - 2017-07-06 13:49 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo4559334740244096220.dll
2017-05-22 15:00 - 2017-05-22 15:00 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo4939372026009556110.dll
2017-07-16 11:25 - 2017-07-16 11:25 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo5379308313281628998.dll
2017-08-20 14:55 - 2017-08-20 14:55 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo5549117569092789258.dll
2017-07-22 14:28 - 2017-07-22 14:28 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo5589061492157912847.dll
2017-07-03 14:54 - 2017-07-03 14:54 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo561815919147524134.dll
2017-07-06 13:02 - 2017-07-06 13:02 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo5627761532422515662.dll
2017-07-22 11:14 - 2017-07-22 11:14 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo5990592677599352364.dll
2017-09-06 15:32 - 2017-09-06 15:32 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo6032715703456542523.dll
2017-07-08 13:26 - 2017-07-08 13:26 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo6130993628735843944.dll
2017-07-16 15:54 - 2017-07-16 15:54 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo6276048343441141411.dll
2017-05-27 18:21 - 2017-05-27 18:21 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo633435002992961525.dll
2017-07-21 11:21 - 2017-07-21 11:21 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo6380050904439228569.dll
2017-07-05 19:42 - 2017-07-05 19:42 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo6405406407824816842.dll
2017-07-09 15:50 - 2017-07-09 15:50 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo6436310274419385548.dll
2017-07-22 14:27 - 2017-07-22 14:27 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo6500777139135593071.dll
2017-07-16 17:56 - 2017-07-16 17:56 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo6583595737629943818.dll
2017-07-11 20:03 - 2017-07-11 20:03 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo6881982614050675614.dll
2017-05-26 15:27 - 2017-05-26 15:27 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo6890264939196049150.dll
2017-05-21 16:15 - 2017-05-21 16:15 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo7072223947755728673.dll
2017-05-28 19:05 - 2017-05-28 19:05 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo7451802377285235743.dll
2017-07-17 15:33 - 2017-07-17 15:33 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo7494978754685569551.dll
2017-07-20 16:32 - 2017-07-20 16:32 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo7588198512604405414.dll
2017-07-17 15:25 - 2017-07-17 15:25 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo7642839192522625626.dll
2017-07-15 17:17 - 2017-07-15 17:17 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo7694872152620873824.dll
2017-07-25 17:01 - 2017-07-25 17:01 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo7830584707698594227.dll
2017-07-19 17:26 - 2017-07-19 17:26 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo7870615670175668938.dll
2017-05-20 16:43 - 2017-05-20 16:43 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo7963567259217866278.dll
2017-05-20 12:00 - 2017-05-20 12:00 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo7965225033155851332.dll
2017-07-14 17:27 - 2017-07-14 17:27 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo8256362640445354082.dll
2017-07-14 15:54 - 2017-07-14 15:54 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo8551694538777191730.dll
2017-06-05 15:55 - 2017-06-05 15:55 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo8735167331746754159.dll
2017-07-04 13:20 - 2017-07-04 13:20 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo8891460120144130369.dll
2017-07-17 15:35 - 2017-07-17 15:35 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo903048273976466746.dll
2017-05-25 14:38 - 2017-05-25 14:38 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo9057561928707003808.dll
2017-07-11 16:08 - 2017-07-11 16:08 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo9085320885667089679.dll
2017-05-11 14:15 - 2017-05-11 14:15 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo9222431378436618685.dll
2017-05-28 12:51 - 2017-05-28 12:51 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo988009505613204984.dll
2017-07-11 15:05 - 2017-07-11 15:05 - 000046080 ____N () C:\Users\Gary\AppData\Local\Temp\javasysmo99119825588414507.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-09-25 13:49

==================== End of FRST.txt ============================

glhglh · Sep 27, 2017

Addition 1

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-09-2017
Ran by Gary (26-09-2017 22:16:15)
Running from C:\Users\Gary\Desktop\Virus Files
Windows 10 Home Version 1703 (X64) (2017-05-10 04:55:32)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2403600405-3902123954-3795360202-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2403600405-3902123954-3795360202-503 - Limited - Disabled)
Gary (S-1-5-21-2403600405-3902123954-3795360202-1001 - Administrator - Enabled) => C:\Users\Gary
Guest (S-1-5-21-2403600405-3902123954-3795360202-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2403600405-3902123954-3795360202-1003 - Limited - Enabled)
postgres (S-1-5-21-2403600405-3902123954-3795360202-1004 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.130 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.7.1 64-bit (HKLM\...\{BC86B82C-8C0E-4408-9AC1-6B0F2D636963}) (Version: 5.7.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.22) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.22 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
AmericasCardroom (HKLM-x32\...\296836EA-EF3A-4C36-8C13-3A6C1DB2D4BE) (Version: 16.6 - IGSoft)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 382.05 - NVIDIA Corporation) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{D2FE6376-E549-4F63-A2C5-CA24DA035DE4}) (Version: 5.6 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{BB109E24-EE90-485B-A28B-ADDEFB40540B}) (Version: 5.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Audials (HKLM-x32\...\{ACA1302B-490F-439F-AACD-10D63E64C17F}) (Version: 12.1.6800.0 - Audials AG)
Audials (HKLM-x32\...\{B7ED0A74-E78B-4F71-A9E2-10D960F50AF4}) (Version: 14.1.8400.0 - Audials AG)
BCL easyConverter SDK 3 (Word Version) 64 (HKLM\...\{350CC85B-CA59-4F85-909D-8E4CDBF532FA}) (Version: 3.0.64 - BCL Technologies)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.34 - Piriform)
ChromecastApp (HKU\S-1-5-21-2403600405-3902123954-3795360202-1001\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1693.0 - Google Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Contents (HKLM-x32\...\{C8A4DA60-6A94-4627-B7C9-DB6223D531FE}) (Version: 1.0.0.93 - Corel Corporation) Hidden
Corel FastFlick (HKLM-x32\...\_{10EC8494-8A92-49D8-9677-2483EB01F7F1}) (Version: 1.0.0.93 - Corel Corporation)
Corel PaintShop Pro X6 (HKLM-x32\...\_{166D1CB6-DD8A-40DD-9E25-4D31D2D6DE4D}) (Version: 16.2.0.20 - Corel Corporation)
Corel PaintShop Pro X6 (HKLM-x32\...\{161AB62E-65D6-46E5-B3D8-2AC15D3B920B}) (Version: 16.2.0.20 - Corel Corporation) Hidden
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.8.0.203 - Corel Inc.)
Creator NXT 3 Content (HKLM-x32\...\{246D31A0-7B8A-41EA-8E31-33C2F2F26B53}) (Version: 16.0.004 - Roxio) Hidden
Dazzle Video Capture DVC100 X64 Driver 1.06 (HKLM-x32\...\{BFF23267-1D19-444E-93E2-E5059BE805EA}) (Version: 1.06.0000 - Pinnacle) Hidden
DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
DisplayLink Core Software (HKLM\...\{65B2569D-303B-41EC-B38C-0934963BC3AD}) (Version: 7.7.60366.0 - DisplayLink Corp.)
DisplayLink Graphics (HKLM\...\{DB8324FA-E972-454B-B039-E911D568BD56}) (Version: 7.7.59032.0 - DisplayLink Corp.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 36.3.19 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.63.1 - Dropbox, Inc.) Hidden
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Evernote v. 5.5.3 (HKLM-x32\...\{B1A0F908-1448-11E4-8684-00163E98E7D0}) (Version: 5.5.3.4236 - Evernote Corp.)
Family Tree Maker 2014 (HKLM\...\{39EF38DF-2727-4C09-A165-FD3B87BA3AE9}) (Version: 22.0.207 - Ancestry.com, Inc.) Hidden
Family Tree Maker 2014 (HKLM-x32\...\Family Tree Maker 2014) (Version: 22.0.207 - Ancestry.com, Inc.)
Fitbit Connect (HKLM-x32\...\{E54705FB-98A6-4C03-B2DC-D8C3B5486DCD}) (Version: 2.0.0.6512 - Fitbit Inc.)
GoldWave v5.70 (HKLM-x32\...\GoldWave v5.70) (Version: 5.70 - GoldWave Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
HDR Express 3 (HKLM-x32\...\HDR Express 3) (Version: 3.0.0.11677 - Unified Color Technologies)
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM-x32\...\{E8D0E2B8-B64B-44BC-8E01-00DDACBDF78A}) (Version: 6.0.28.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{ADE2F6A7-E7BD-4955-BD66-30903B223DDF}) (Version: 2.20.41 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{C203E224-E4BE-4210-9D30-EB6571ACA1F9}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Officejet 7500 E910 Basic Device Software (HKLM\...\{7CF50183-026B-418D-A26C-A254290BD824}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 7500 E910 Help (HKLM-x32\...\{24DC9885-E759-4BD2-8A20-D4AC509A7FDE}) (Version: 140.0.93.93 - Hewlett Packard)
HP Officejet 7500 E910 Product Improvement Study (HKLM\...\{CC9F7DAB-5F9B-43B1-882C-1CC2A231EF40}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7745.4851 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.4.19.3 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.7.27.15 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{8B4EE87E-6D40-4C91-B5E8-0DC77DC412F1}) (Version: 1.4.1 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{EFA01423-3857-468C-B7B6-F30AA08E50BC}) (Version: 1.1.5.1 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
ICA (HKLM-x32\...\{10EC8494-8A92-49D8-9677-2483EB01F7F1}) (Version: 1.0.0.93 - Corel Corporation) Hidden
ICA (HKLM-x32\...\{166D1CB6-DD8A-40DD-9E25-4D31D2D6DE4D}) (Version: 16.2.0.20 - Corel Corporation) Hidden
Image Composite Editor (HKLM\...\{92AB5708-1AAA-4B1B-A8D5-45CF3AD77519}) (Version: 2.0.3 - Microsoft Corporation)
Intel(R) Chipset Device Software (HKLM-x32\...\{60c073df-e736-4210-9c3a-5fc2b651cef3}) (Version: 10.1.1.7 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1156 - Intel Corporation)
Intel(R) PRO/Wireless Driver (HKLM\...\{9f63698a-6f92-4dd3-be96-6a75e3672dae}) (Version: 18.30.0000.3514 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4549 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{7224B7CE-196C-4E2A-A1AE-1D7BF259FD36}) (Version: 3.4.1942 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{5BBC7722-E4D9-4406-A8B9-1E11A23B9EAF}) (Version: 5.0.32.0 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{A501AF33-9AEA-4703-BC2F-D4B86458899D}) (Version: 17.1.1531.1764 - Intel Corporation)
IPM_PSP_COM (HKLM-x32\...\{164D34E1-0271-4960-8A26-E8990A302DB1}) (Version: 16.2.0.20 - Corel Corporation) Hidden
IPM_PSP_COM64 (HKLM\...\{1678F86C-889D-4198-8249-F4625058256B}) (Version: 16.2.0.20 - Corel Corporation) Hidden
IPM_VS_Pro (HKLM-x32\...\{126FB9B0-85B6-476A-AF26-BE008D8DFC53}) (Version: 1.0 - Corel Corporation) Hidden
iTunes (HKLM\...\{02F95875-9527-49CC-B32F-970ADAEBD1EF}) (Version: 12.6.2.20 - Apple Inc.)
iZotope Music & Speech Cleaner (HKLM-x32\...\iZotope Music & Speech Cleaner_is1) (Version: 1.00 - iZotope, Inc.)
LifeScan USB Device Driver vSL2.0 (Driver Removal) (HKLM-x32\...\LFSVCOMM&10C4&85A7) (Version: - LifeScan Inc)
Living Cookbook 2015 (HKLM-x32\...\{1DA632BA-F963-4B97-A2B6-50F9003A13B8}) (Version: 5.0.85 - Radium Technologies) Hidden
Living Cookbook 2015 (HKLM-x32\...\Living Cookbook 2015) (Version: 5.0.85 - Radium Technologies, Inc.)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Meter Drivers for OneTouch(R) Software (HKLM-x32\...\{A2C173E1-FB29-4B31-8ED6-CBEE8025E00A}) (Version: 1.10.0.0 - LifeScan) Hidden
Meter Drivers for OneTouch(R) Software (HKLM-x32\...\{B28470A5-F73F-432C-8066-05BA652AA5D1}) (Version: 1.9.1.0 - LifeScan) Hidden
Meter Drivers for OneTouch(R) Software v1.10.0.0 (HKLM-x32\...\InstallShield_{A2C173E1-FB29-4B31-8ED6-CBEE8025E00A}) (Version: 1.10.0.0 - LifeScan)
Microlife BPA 3.2.5A (HKLM-x32\...\{B52161A2-B3BB-429A-9A57-A74CAB6185C7}) (Version: 3.2.5A - Microlife) Hidden
Microlife BPA 3.2.5A (HKLM-x32\...\InstallShield_{B52161A2-B3BB-429A-9A57-A74CAB6185C7}) (Version: 3.2.5A - Microlife)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.8201.2193 - Microsoft Corporation)
Microsoft Office 365 ProPlus - ko-kr (HKLM\...\O365ProPlusRetail - ko-kr) (Version: 16.0.8201.2193 - Microsoft Corporation)
Microsoft Office 언어 교정 도구 2013 - 한국어 (HKLM\...\{90150000-001F-0412-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Napster (HKU\S-1-5-21-2403600405-3902123954-3795360202-1001\...\5d01cae694a4998b) (Version: 6.17.55.0 - Rhapsody International Inc.)
NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.4.16.00 - NETGEAR Inc.)
NVIDIA GeForce Experience 2.1.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.2 - NVIDIA Corporation)
NVIDIA Graphics Driver 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 382.05 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.8201.2193 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.8201.2193 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.8201.2075 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0412-1000-0000000FF1CE}) (Version: 16.0.8201.2075 - Microsoft Corporation) Hidden
OneTouch Software (HKLM-x32\...\{82FEBE5D-61EC-4365-A213-2B278780945E}) (Version: - )
PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 11.0 - PlotSoft LLC)
PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.3.0 - Prolific Technology INC)
Players Only (HKU\S-1-5-21-2403600405-3902123954-3795360202-1001\...\Players Only) (Version: 5.0 - )
PokerTracker 4 (remove only) (HKLM-x32\...\PokerTracker4) (Version: - )
PostgreSQL 9.3 (HKLM\...\PostgreSQL 9.3) (Version: 9.3 - PostgreSQL Global Development Group)
PSPPContent (HKLM-x32\...\{162BD2D6-6C63-41A7-8151-93188450D36A}) (Version: 16.2.0.20 - Corel Corporation) Hidden
PSPPHelp (HKLM-x32\...\{16346B2A-87BC-407C-9D6B-72A4D21ABF03}) (Version: 16.2.0.20 - Corel Corporation) Hidden
PSPPro64 (HKLM\...\{16582334-495C-4F1C-A66B-3BFD8866B674}) (Version: 16.2.0.20 - Corel Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
RBVirtualFolder64Inst (HKLM\...\{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}) (Version: 1.00.0000 - Roxio, Inc.) Hidden
RealDownloader (HKLM-x32\...\{13743594-F75E-491E-9EFF-203C8F8DF705}) (Version: 18.1.4.144 - RealNetworks) Hidden
RealDownloader (HKLM-x32\...\{B0235718-21E0-4A90-A42F-9C64C1B531CD}) (Version: 18.0.2.56 - RealNetworks, Inc.) Hidden
RealDownloader (HKLM-x32\...\{f05bfa4b-0c78-4a3e-aa74-8c220b4a7782}) (Version: 18.1.4.144 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM-x32\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM\...\{21E47F47-C9A7-4454-BA48-388327B0EA00}) (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM-x32\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.273.55 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7553 - Realtek Semiconductor Corp.)
RealTimes (RealPlayer) (HKLM-x32\...\RealPlayer 18.0) (Version: 18.0.2 - RealNetworks)
RealUpgrade 1.1 (HKLM-x32\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden
RoboForm 8-4-1-1 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 8-4-1-1 - Siber Systems)
RogueKiller version 12.11.16.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.16.0 - Adlice Software)
Roxio Creator NXT 3 Content (HKLM-x32\...\{2DF5BF6E-D32C-4B81-9012-F62B58AFF819}) (Version: 1.0.4.0 - Roxio)
Roxio Creator NXT Pro 3 (HKLM-x32\...\{7B4B9450-39C8-454A-AA2D-6548EE4D21EB}) (Version: 16.0.50.1 - Roxio)
Roxio Virtual Drive x64 (HKLM\...\{632DCE79-2711-4B07-BB89-DA763E96840C}) (Version: 1.00.0000 - Roxio, Inc.) Hidden
Setup (HKLM-x32\...\{16006EE1-DDB7-4E5F-8696-9FEF32C0151A}) (Version: 16.2.0.20 - Corel Corporation) Hidden
Setup (HKLM-x32\...\{F2BACD4C-71F0-487C-AC11-247833494E52}) (Version: 1.0.0.93 - Corel Corporation) Hidden
Share (HKLM-x32\...\{4AA35E5E-F12E-4CC9-92CD-049AF647841B}) (Version: 1.0.0.93 - Corel Corporation) Hidden
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 3.1.200 - NVIDIA Corporation) Hidden
SmartSound Common Data (HKLM-x32\...\{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.) Hidden
SmartSound Common Data (HKLM-x32\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.)
SmartSound Sonicfire Pro 5.8 (HKLM-x32\...\{E5184D41-7796-4127-BBE4-46993F9FAAF3}) (Version: 5.8.0 - SmartSound Software Inc.) Hidden
SmartSound Sonicfire Pro 5.8 (HKLM-x32\...\InstallShield_{E5184D41-7796-4127-BBE4-46993F9FAAF3}) (Version: 5.8.0 - SmartSound Software Inc.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.6 - Sophos Limited)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.11.45 - Synaptics Incorporated)
Synaptics WBF DDK (HKLM\...\{963DDEF5-52CF-4313-81D9-B186B89C0A57}) (Version: 4.5.289.0 - Synaptics)
UpdateService (HKLM-x32\...\{E3AE96D6-E196-45B4-AF62-2B41998B9E37}) (Version: 1.0.0 - RealNetworks, Inc.) Hidden
VCDS Release 14.10.2 (HKLM-x32\...\VCDS Release) (Version: 14.10.2 - Ross-Tech)
Video Downloader (HKLM-x32\...\{8B6202FD-3790-4DD4-B343-51736F7FF4E5}) (Version: 1.2.0 - RealNetworks) Hidden
VSClassic (HKLM-x32\...\{3342D238-E332-43BB-B406-C6EE82273708}) (Version: 1.0.0.93 - Corel Corporation) Hidden
VSPro (HKLM-x32\...\{6AA550DB-4863-44C7-863F-4F4C7D13649F}) (Version: 1.0.0.93 - Corel Corporation) Hidden
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
Windows Driver Package - Ross-Tech HIDClass (02/13/2014 6.3.0.2) (HKLM\...\5E356C0921BECEC7743BAC21F6B7A5775044AFC0) (Version: 02/13/2014 6.3.0.2 - Ross-Tech)
Windows Driver Package - Ross-Tech USB Driver Package (05/12/2014 2.10.00) (HKLM\...\88B02C4BD09AA7910C55C4E74BE8F036244B5CF9) (Version: 05/12/2014 2.10.00 - Ross-Tech)

Solved Something hanging up IE

Posts: 701 +0

Posts: 701 +0

Posts: 701 +0

Posts: 701 +0

Posts: 701 +0

Posts: 701 +0

Posts: 701 +0

Posts: 701 +0

Posts: 701 +0

Posts: 701 +0

Posts: 56,041 +516

Posts: 701 +0

Posts: 701 +0

Posts: 56,041 +516

Posts: 701 +0

Posts: 701 +0

Posts: 701 +0

Posts: 701 +0

Posts: 56,041 +516

Posts: 701 +0

Posts: 56,041 +516

Posts: 701 +0

Posts: 701 +0

Posts: 701 +0

Posts: 701 +0

Similar threads