Solved Wife's computer slow and conflicted (I assume)

G

glhglh

Posts: 701   +0
Frst 1:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-10-2015
Ran by betty (administrator) on BETTYSLAPTOP (29-12-2016 15:43:32)
Running from C:\Users\betty\Desktop\Virus
Loaded Profiles: betty (Available Profiles: UpdatusUser & betty)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BERNINA International AG) C:\Program Files (x86)\BERNINA\UCS\UniversalCommunicationServer.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Validity Sensors, Inc.) C:\Windows\System32\valWBFPolicyService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
Failed to access process -> Memory Compression
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.PORTFOLIOCENTER\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\Common\SpeechRuntime.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVE.EXE
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Box, Inc.) C:\Program Files\Box\Box Sync\BoxSync.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Box, Inc.) C:\Users\betty\AppData\Local\Box\Box Edit\Box Edit.exe
(Box, Inc.) C:\Users\betty\AppData\Local\Box\Box Local Com Server\Box Local Com Service.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(HP Inc.) C:\Program Files\HP\HP OfficeJet Pro 8720\Bin\ScanToPCActivationApp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Installer Technology Co.) C:\Program Files (x86)\Your_Updater\Your_Updater.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(HP Inc.) C:\Program Files\HP\HP OfficeJet Pro 8720\Bin\HPNetworkCommunicatorCom.exe
(Microsoft Corporation) C:\Windows\splwow64.exe

==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [401896 2016-11-01] ()
HKLM\...\Run: [BoxSync] => C:\Program Files\Box\Box Sync\BoxSync.exe [6450920 2016-09-15] (Box, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-01-07] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1804616 2015-09-06] (NVIDIA Corporation)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-10-01] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-09-09] (Apple Inc.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-08-16] (IDT, Inc.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-04-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [654088 2015-02-17] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3776824 2015-03-17] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 2015\Acrobat\Acrotray.exe [1866936 2016-10-01] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
HKLM-x32\...\Run: [Your_Updater] => C:\Program Files (x86)\Your_Updater\Your_Updater.exe [4197376 2016-09-28] (Installer Technology Co.)
HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1720584 2015-02-08] (CyberLink Corp.)
HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat 2015\Acrobat\AdobeCollabSync.exe [882872 2016-10-01] (Adobe Systems Incorporated)
HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\Run: [LaserAppUpdate] => C:\Program Files (x86)\Laser App Enterprise\uformagent.exe [1345696 2015-03-17] (Laser App Software Inc.)
HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [602880 2015-06-01] (NETGEAR Inc.)
HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\Run: [Zoom] => [X]
HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\Run: [Box Edit] => C:\Users\betty\AppData\Local\Box\Box Edit\Box Edit.exe [919280 2016-08-15] (Box, Inc.)
HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\Run: [Box Local Com Server] => C:\Users\betty\AppData\Local\Box\Box Local Com Server\Box Local Com Service.exe [121072 2016-08-15] (Box, Inc.)
HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110376 2016-10-13] (Siber Systems)
HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\Run: [HP OfficeJet Pro 8720 (NET)] => C:\Program Files\HP\HP OfficeJet Pro 8720\Bin\ScanToPCActivationApp.exe [3736584 2015-08-31] (HP Inc.)
HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\Run: [84170B6E5D572F906ED7D9B0BCB9879B5F0A771D._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [935768 2016-12-07] (Google Inc.)
HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\MountPoints2: {5553e59e-fc3d-11e3-825b-806e6f6e6963} - "E:\Setup.exe"
ShellIconOverlayIdentifiers: [ BoxSyncFileLocked] -> {2a607da5-abe8-358e-a881-c0f5faf2d3a5} => C:\WINDOWS\system32\mscoree.dll [2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ BoxSyncFileLockedByOther] -> {f7d2951f-0b6b-346c-99ec-69cffc30a364} => C:\WINDOWS\system32\mscoree.dll [2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ BoxSyncNotSynced] -> {5ea95e3d-3e46-3812-b03c-49785fa67d41} => C:\WINDOWS\system32\mscoree.dll [2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ BoxSyncProblem] -> {a88b7184-bfa1-3d14-8efb-2225df9699bc} => C:\WINDOWS\system32\mscoree.dll [2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ BoxSyncSynced] -> {c89f9943-8f58-3eca-bd55-a658f53b2f48} => C:\WINDOWS\system32\mscoree.dll [2016-07-16] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2015-07-02]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2015-07-02]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2015-07-02]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2015\QBW32.EXE (Intuit Inc.)
Startup: C:\Users\betty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneDrive for Business.lnk [2015-08-26]
ShortcutTarget: OneDrive for Business.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVE.EXE (Microsoft Corporation)
Startup: C:\Users\betty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-07-14]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{145518f7-fc80-414c-8b8a-ae2922a335e9}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{e9b4875d-8166-464d-b3c1-e2c842fb95ec}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT14/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKU\S-1-5-21-223588219-2138284121-77307795-1002\Software\Microsoft\Internet Explorer\Main,Start Page =
HKU\S-1-5-21-223588219-2138284121-77307795-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKU\S-1-5-21-223588219-2138284121-77307795-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.nytimes.com/?WT.z_jog=1
hxxp://www.msn.com/
SearchScopes: HKLM -> {6A1DE76A-BA2E-4191-AB59-4E8D3C3BAB2E} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-223588219-2138284121-77307795-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=U270DF&PC=U270&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-223588219-2138284121-77307795-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=U270DF&PC=U270&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-223588219-2138284121-77307795-1002 -> {AD551F51-A315-4FF4-BF1F-7FDEA2FA7672} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-12-09] (Microsoft Corporation)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2016-10-13] (Siber Systems Inc.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\x64\AcroIEFavStub.dll [2015-10-24] (Adobe Systems Incorporated)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-09] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\x64\AcroIEFavStub.dll [2015-10-24] (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-12-09] (Microsoft Corporation)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2016-10-13] (Siber Systems Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-19] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\AcroIEFavStub.dll [2015-10-24] (Adobe Systems Incorporated)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-12-09] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-19] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\AcroIEFavStub.dll [2015-10-24] (Adobe Systems Incorporated)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2016-10-13] (Siber Systems Inc.)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\x64\AcroIEFavStub.dll [2015-10-24] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2016-10-13] (Siber Systems Inc.)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\AcroIEFavStub.dll [2015-10-24] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-223588219-2138284121-77307795-1002 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2016-10-13] (Siber Systems Inc.)
Toolbar: HKU\S-1-5-21-223588219-2138284121-77307795-1002 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\x64\AcroIEFavStub.dll [2015-10-24] (Adobe Systems Incorporated)
Handler-x32: intu-help-qb8 - {CD17C364-2EC8-4929-91A9-C4839A20E909} - C:\Program Files (x86)\Intuit\QuickBooks 2015\HelpAsyncPluggableProtocol.dll [2016-06-23] (Intuit, Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-09] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-09] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-09] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-09] (Microsoft Corporation)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\SysWOW64\mscoree.dll [2016-07-16] (Microsoft Corporation)
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll [2016-07-16] (Microsoft Corporation)
Handler-x32: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll [2016-07-16] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\betty\AppData\Roaming\Mozilla\Firefox\Profiles\db0wk1yf.default
FF SelectedSearchEngine: Yahoo powered search
FF SearchEngineOrder.1: Yahoo powered search
FF DefaultSearchEngine: Yahoo powered search
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-13] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-13] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll [2013-06-26] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-09] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-09] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-19] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-12-09] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-09] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 2015\Acrobat\Air\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems)
FF Plugin HKU\S-1-5-21-223588219-2138284121-77307795-1002: @citrixonline.com/appdetectorplugin -> C:\Users\betty\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-08-27] (Citrix Online)
FF Plugin HKU\S-1-5-21-223588219-2138284121-77307795-1002: @ringcentral.com/RingCentralMeetingsPlugin -> C:\Users\betty\AppData\Roaming\RingCentralMeetings\bin\nprcmsplugin.dll [2016-06-23] (Zoom Video Communications, Inc. and RingCentral Inc.)
FF Plugin HKU\S-1-5-21-223588219-2138284121-77307795-1002: @zoom.us/ZoomVideoPlugin -> C:\Users\betty\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2016-06-20] (Zoom Video Communications, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\betty\AppData\Roaming\mozilla\plugins\npatgpc.dll [2016-02-18] (Cisco WebEx LLC)
FF SearchPlugin: C:\Users\betty\AppData\Roaming\Mozilla\Firefox\Profiles\db0wk1yf.default\searchplugins\Yahoo powered search.xml [2016-12-26]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 2015\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat DC - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 2015\Acrobat\Browser\WCFirefoxExtn [2015-07-13]
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi
FF Extension: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi [2015-09-10]
FF HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi
Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.quantumonline.com/login.cfm","hxxp://www.nytimes.com/","hxxp://www.economist.com/","hxxp://www.wsj.com/articles/SB10001424052702304906704579115403444093932?cb=logged0.2999436145182699","hxxps://si2.schwabinstitutional.com/SI2/SecAdmin/Logon.aspx","hxxp://www.msn.com/"
CHR DefaultSearchURL: Default -> hxxps://www.bing.com/search?q={searchTerms}&PC=U316&FORM=CHROMN
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultNewTabURL: Default -> hxxps://www.bing.com/chrome/newtab
CHR DefaultSuggestURL: Default -> hxxps://www.bing.com/osjson.aspx?query={searchTerms}&language={language}&PC=U316
CHR Profile: C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-28]
CHR Extension: (Google Docs) - C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-28]
CHR Extension: (Google Drive) - C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-28]
CHR Extension: (YouTube) - C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-28]
CHR Extension: (Honey) - C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2016-12-28]
CHR Extension: (Google Search) - C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-28]
CHR Extension: (Adobe Acrobat) - C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2015-07-28]
CHR Extension: (Google Sheets) - C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-28]
CHR Extension: (Wealthbox CRM for Chrome) - C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfolmcgcpjajpdafphkikldogpjkfnbc [2016-06-14]
CHR Extension: (Cisco WebEx Extension) - C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2016-06-21]
CHR Extension: (Cube Time & Expense Tracking) - C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\lenheondoadkgoodcgmcijcoiahhemch [2015-07-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-28]
CHR Extension: (StartMeeting.com Extension) - C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnedppabchbjaplcbjpbkcjhpmfdhpin [2016-01-11]
CHR Extension: (Email Access) - C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\piffljpodgadkdfopgnoailbecjbaink [2016-08-22]
CHR Extension: (Gmail) - C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-28]
CHR Extension: (Chrome Media Router) - C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-07]
CHR Extension: (RoboForm Password Manager) - C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2015-07-29]
CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2015-06-20]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2015-06-20]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2218712 2016-12-13] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-08-05] (Apple Inc.)
S3 BoxSyncUpdateService; C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [36240 2016-02-26] (Box, Inc.)
S2 CDPUserSvc; C:\Windows\System32\CDPUserSvc.dll [339456 2016-11-11] (Microsoft Corporation)
R2 CDPUserSvc_5264c; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
R2 CDPUserSvc_5264c; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2946304 2016-12-09] (Microsoft Corporation)
S3 FrameServer; C:\Windows\system32\FrameServer.dll [805888 2016-11-02] (Microsoft Corporation)
S3 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [608520 2015-02-17] (Hewlett-Packard Development Company, L.P.)
S3 HvHost; C:\Windows\System32\hvhostsvc.dll [67584 2016-07-16] (Microsoft Corporation)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [373744 2016-11-01] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-09] (Intel Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-08-29] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-09] (Intel Corporation)
S3 MessagingService; C:\Windows\System32\MessagingService.dll [52224 2016-07-16] (Microsoft Corporation)
S3 MessagingService_5264c; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
S3 MessagingService_5264c; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
R2 MSSQL$PORTFOLIOCENTER; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.PORTFOLIOCENTER\MSSQL\Binn\sqlservr.exe [43130032 2015-03-29] (Microsoft Corporation)
S3 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2015-06-01] (NETGEAR)
U2 OneSyncSvc_5264c; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
U2 OneSyncSvc_5264c; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
S3 PimIndexMaintenanceSvc_5264c; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
S3 PimIndexMaintenanceSvc_5264c; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2016-06-23] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2015-03-17] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2015-03-17] (Intuit Inc.) [File not signed]
S3 RmSvc; C:\Windows\System32\RMapi.dll [140800 2016-09-15] (Microsoft Corporation)
S4 shpamsvc; C:\Windows\system32\Windows.SharedPC.AccountManager.dll [161792 2016-07-16] (Microsoft Corporation)
S4 SQLAgent$PORTFOLIOCENTER; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.PORTFOLIOCENTER\MSSQL\Binn\SQLAGENT.EXE [381104 2015-03-29] (Microsoft Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-08-16] (IDT, Inc.) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [260704 2016-09-02] (Synaptics Incorporated)
S3 TieringEngineService; C:\Windows\system32\TieringEngineService.exe [287744 2016-07-16] (Microsoft Corporation)
R3 TimeBrokerSvc; C:\Windows\System32\TimeBrokerServer.dll [177664 2016-07-16] (Microsoft Corporation)
S4 tzautoupdate; C:\Windows\system32\tzautoupdate.dll [95232 2016-10-01] (Microsoft Corporation)
S3 UnistoreSvc_5264c; C:\WINDOWS\System32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
S3 UnistoreSvc_5264c; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
R2 UniversalCommunicationServer; C:\Program Files (x86)\BERNINA\UCS\UniversalCommunicationServer.exe [90496 2013-05-02] (BERNINA International AG)
S3 UserDataSvc_5264c; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
S3 UserDataSvc_5264c; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [32768 2013-08-01] (Validity Sensors, Inc.) [File not signed]
S3 vmicrdv; C:\Windows\System32\icsvcext.dll [349696 2016-09-15] (Microsoft Corporation)
S3 vmicvss; C:\Windows\System32\icsvcext.dll [349696 2016-09-15] (Microsoft Corporation)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [83456 2016-10-01] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S3 wisvc; C:\Windows\system32\flightsettings.dll [635904 2016-11-02] (Microsoft Corporation)
S3 WpnUserService; C:\Windows\System32\WpnUserService.dll [74240 2016-07-16] (Microsoft Corporation)
S3 WpnUserService_5264c; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
S3 WpnUserService_5264c; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
 
Frst 2:

===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AcpiDev; C:\Windows\System32\drivers\AcpiDev.sys [18432 2016-07-16] (Microsoft Corporation)
S3 applockerfltr; C:\Windows\System32\drivers\applockerfltr.sys [15360 2016-07-16] (Microsoft Corporation)
S0 b06bdrv; C:\Windows\System32\drivers\bxvbda.sys [533856 2016-07-16] (QLogic Corporation)
S3 bcmfn; C:\Windows\System32\drivers\bcmfn.sys [9728 2016-07-16] (Windows (R) Win 7 DDK provider)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [249856 2016-09-15] (Microsoft Corporation)
S3 cht4iscsi; C:\Windows\System32\drivers\cht4sx64.sys [346976 2016-07-16] (Chelsio Communications)
S3 cht4vbd; C:\Windows\System32\drivers\cht4vx64.sys [2104160 2016-07-16] (Chelsio Communications)
R2 clreg; C:\Windows\System32\drivers\registry.sys [70144 2016-07-16] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
S3 hvservice; C:\Windows\System32\drivers\hvservice.sys [73568 2016-10-01] (Microsoft Corporation)
S3 iagpio; C:\Windows\System32\drivers\iagpio.sys [33280 2016-07-16] (Intel(R) Corporation)
S3 iai2c; C:\Windows\System32\drivers\iai2c.sys [81408 2016-07-16] (Intel(R) Corporation)
S3 iaLPSS2i_GPIO2; C:\Windows\System32\drivers\iaLPSS2i_GPIO2.sys [64512 2016-07-16] (Intel Corporation)
S3 iaLPSS2i_I2C; C:\Windows\System32\drivers\iaLPSS2i_I2C.sys [176384 2016-07-16] (Intel Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [349960 2016-07-12] (Intel Corporation)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-08] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-08] ()
S3 IndirectKmd; C:\Windows\System32\drivers\IndirectKmd.sys [35840 2016-07-16] (Microsoft Corporation)
R0 iorate; C:\Windows\System32\drivers\iorate.sys [48992 2016-11-02] (Microsoft Corporation)
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-07] ()
S0 megasas2i; C:\Windows\System32\drivers\MegaSas2i.sys [64352 2016-10-05] (Avago Technologies)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-09] (Intel Corporation)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NETwNb64; C:\Windows\System32\drivers\Netwbw02.sys [3506464 2015-09-16] (Intel Corporation)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2015-08-18] (CACE Technologies, Inc.)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nvhmwu.inf_amd64_dbb067faa566eee8\nvlddmkm.sys [13754936 2016-09-12] (NVIDIA Corporation)
S0 percsas2i; C:\Windows\System32\drivers\percsas2i.sys [58720 2016-07-16] (Avago Technologies)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [751632 2015-05-14] (Realsil Semiconductor Corporation)
S0 scmbus; C:\Windows\System32\drivers\scmbus.sys [88416 2016-07-16] (Microsoft Corporation)
S3 scmdisk0101; C:\Windows\System32\drivers\scmdisk0101.sys [123904 2016-07-16] (Microsoft Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-08-01] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [71264 2016-09-02] (Synaptics Incorporated)
S3 UcmTcpciCx0101; C:\Windows\System32\Drivers\UcmTcpciCx.sys [108544 2016-07-16] (Microsoft Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [45568 2016-07-16] (Microsoft Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Apple, Inc.) [File not signed]
S3 vmgid; C:\Windows\System32\drivers\vmgid.sys [10240 2016-07-16] (Microsoft Corporation)
R0 volume; C:\Windows\System32\drivers\volume.sys [16224 2016-07-16] (Microsoft Corporation)
R2 wcifs; C:\Windows\system32\drivers\wcifs.sys [119648 2016-09-15] (Microsoft Corporation)
R2 wcnfs; C:\Windows\system32\drivers\wcnfs.sys [66560 2016-07-16] (Microsoft Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\Windows\system32\DRIVERS\WirelessButtonDriver64.sys [31840 2016-03-24] (HP)
R3 WirelessKeyboardFilter; C:\Windows\System32\drivers\WirelessKeyboardFilter.sys [49896 2016-07-22] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
NETSVC: shpamsvc -> C:\Windows\system32\Windows.SharedPC.AccountManager.dll (Microsoft Corporation)
NETSVC: WpnService -> C:\Windows\system32\WpnService.dll (Microsoft Corporation)
NETSVC: wisvc -> C:\Windows\system32\flightsettings.dll (Microsoft Corporation)
 
Frst 3:

==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-12-29 15:32 - 2016-12-29 15:32 - 00000363 _____ C:\Users\betty\Desktop\Control Panel - Shortcut.lnk
2016-12-28 17:53 - 2016-12-28 17:53 - 00000017 _____ C:\Users\betty\AppData\Local\resmon.resmoncfg
2016-12-26 21:27 - 2016-12-26 21:27 - 00001127 _____ C:\Users\Public\Desktop\Your_Updater.lnk
2016-12-26 21:27 - 2016-12-26 21:27 - 00000000 ____D C:\Users\betty\AppData\Roaming\YourUpdater
2016-12-26 21:27 - 2016-12-26 21:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Your_Updater
2016-12-26 21:27 - 2016-12-26 21:27 - 00000000 ____D C:\Program Files (x86)\Your_Updater
2016-12-26 21:26 - 2016-12-28 13:44 - 00000000 ____D C:\WINDOWS\system32\SSL
2016-12-26 21:26 - 2016-12-26 21:26 - 00000000 ____D C:\Program Files\ba2f628bfbf08a1bd58912883563d2b4
2016-12-26 21:25 - 2016-12-26 21:27 - 00000000 ____D C:\Program Files (x86)\UpdateFiles
2016-12-26 21:25 - 2016-12-26 21:25 - 00138848 _____ () C:\Users\betty\Downloads\SoftwareUpdater (1).exe
2016-12-26 21:24 - 2016-12-26 21:25 - 00000000 ____D C:\Program Files (x86)\ONetSetup
2016-12-26 21:24 - 2016-12-26 21:24 - 00138848 _____ () C:\Users\betty\Downloads\SoftwareUpdater.exe
2016-12-26 18:29 - 2016-12-26 18:29 - 00000000 ___HD C:\OneDriveTemp
2016-12-26 16:04 - 2016-12-26 16:05 - 00517548 _____ C:\WINDOWS\Minidump\122616-30375-01.dmp
2016-12-26 16:04 - 2016-12-26 16:04 - 00000000 ____D C:\WINDOWS\Minidump
2016-12-21 10:54 - 2016-12-21 10:55 - 24210704 _____ (LogMeIn, Inc.) C:\Users\betty\Downloads\join.me.exe
2016-12-21 10:54 - 2016-12-21 10:55 - 16090896 _____ (LogMeIn, Inc.) C:\Users\betty\Downloads\join.me (1).exe
2016-12-21 10:50 - 2016-12-21 10:50 - 00000212 _____ C:\Users\betty\BullseyeCoverageError.txt
2016-12-21 10:50 - 2016-12-21 10:50 - 00000000 ____D C:\Users\betty\AppData\Local\join.me
2016-12-20 12:01 - 2016-12-20 12:01 - 00006045 _____ C:\Users\betty\Downloads\equity_screener_data.csv
2016-12-20 11:57 - 2016-12-20 11:57 - 00028585 _____ C:\Users\betty\Documents\Position Export.xlsx
2016-12-20 10:26 - 2016-12-21 10:58 - 00357584 _____ C:\Users\betty\Downloads\Two_Page_Portfolio_Overview_w_Market_Exposure_6fBvbrx (1).xlsx
2016-12-20 10:10 - 2016-12-20 10:10 - 00411555 _____ C:\Users\betty\Downloads\Two_Page_Portfolio_Overview_w_Market_Exposure_6fBvbrx.xlsx
2016-12-20 08:08 - 2016-12-20 08:08 - 00004126 _____ C:\Users\betty\Downloads\404.htm
2016-12-16 09:43 - 2016-12-16 09:43 - 00044856 _____ C:\Users\betty\Downloads\2016 May Hardware and Software.xlsx
2016-12-16 07:24 - 2016-12-16 07:24 - 01718968 _____ C:\WINDOWS\f0f604b6558d8809ceba72db0334155f.exe
2016-12-15 22:01 - 2016-12-15 22:01 - 00001782 _____ C:\Users\betty\Downloads\SecretGarden9780062062956.acsm
2016-12-15 09:56 - 2016-12-20 11:49 - 00141001 _____ C:\Users\betty\Downloads\One_Page_Equity_Tear_Sheet_AGjMwuY.xlsx
2016-12-15 09:54 - 2016-12-15 09:55 - 00000000 ____D C:\Users\betty\AppData\Roaming\YCharts
2016-12-15 09:54 - 2016-12-15 09:54 - 00000000 ____D C:\Program Files (x86)\YChartsExcel
2016-12-15 09:53 - 2016-12-15 09:54 - 01138688 _____ C:\Users\betty\Downloads\ycharts_excel_v312_x86_Release.msi
2016-12-14 17:31 - 2016-12-09 02:11 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-12-14 17:31 - 2016-12-09 02:01 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-12-14 17:31 - 2016-12-09 02:01 - 01503544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-12-14 17:31 - 2016-12-09 02:01 - 00861024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-12-14 17:31 - 2016-12-09 02:00 - 00106896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2016-12-14 17:31 - 2016-12-09 01:59 - 02166752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-12-14 17:31 - 2016-12-09 01:59 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-12-14 17:31 - 2016-12-09 01:57 - 06668040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-12-14 17:31 - 2016-12-09 01:57 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-12-14 17:31 - 2016-12-09 01:56 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-12-14 17:31 - 2016-12-09 01:52 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-12-14 17:31 - 2016-12-09 01:52 - 01415752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2016-12-14 17:31 - 2016-12-09 01:51 - 00117240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2016-12-14 17:31 - 2016-12-09 01:41 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll
2016-12-14 17:31 - 2016-12-09 01:40 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2016-12-14 17:31 - 2016-12-09 01:36 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2016-12-14 17:31 - 2016-12-09 01:34 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-12-14 17:31 - 2016-12-09 01:34 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2016-12-14 17:31 - 2016-12-09 01:32 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2016-12-14 17:31 - 2016-12-09 01:31 - 03689984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-12-14 17:31 - 2016-12-09 01:31 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-12-14 17:31 - 2016-12-09 01:31 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-12-14 17:31 - 2016-12-09 01:30 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-12-14 17:31 - 2016-12-09 01:30 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-12-14 17:31 - 2016-12-09 01:28 - 03306496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-12-14 17:31 - 2016-12-09 01:27 - 19417088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-12-14 17:31 - 2016-12-09 01:23 - 12177920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-12-14 17:31 - 2016-12-09 01:20 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-12-14 17:31 - 2016-12-09 01:20 - 03198464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2016-12-14 17:31 - 2016-12-09 01:18 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-12-14 17:31 - 2016-12-09 01:18 - 02138112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-12-14 17:31 - 2016-12-09 01:18 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-12-14 17:31 - 2016-12-09 01:17 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2016-12-14 17:31 - 2016-12-09 01:17 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2016-12-14 17:31 - 2016-12-09 01:16 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-12-14 17:31 - 2016-12-09 01:16 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-12-14 17:31 - 2016-12-09 01:16 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-12-14 17:31 - 2016-12-09 01:15 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-12-14 17:31 - 2016-12-09 01:15 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-12-14 17:31 - 2016-12-09 01:15 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll
2016-12-14 17:31 - 2016-12-09 00:54 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-12-14 17:26 - 2016-12-09 02:32 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-12-14 17:26 - 2016-12-09 02:27 - 00172528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2016-12-14 17:26 - 2016-12-09 02:20 - 01738560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-12-14 17:26 - 2016-12-09 02:19 - 01293152 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-12-14 17:26 - 2016-12-09 02:18 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-12-14 17:26 - 2016-12-09 02:15 - 08168000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-12-14 17:26 - 2016-12-09 02:15 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-12-14 17:26 - 2016-12-09 02:10 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-12-14 17:26 - 2016-12-09 01:45 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-12-14 17:26 - 2016-12-09 01:37 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-12-14 17:26 - 2016-12-09 01:36 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-12-14 17:26 - 2016-12-09 01:36 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2016-12-14 17:26 - 2016-12-09 01:33 - 03777536 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-12-14 17:26 - 2016-12-09 01:29 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-12-14 17:26 - 2016-12-09 01:27 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2016-12-14 17:26 - 2016-12-09 01:26 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-12-14 17:26 - 2016-12-09 01:22 - 02688512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-12-14 17:26 - 2016-12-09 01:22 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-12-14 17:26 - 2016-12-09 01:21 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-12-14 17:26 - 2016-12-09 01:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-12-14 17:26 - 2016-12-09 01:21 - 01512960 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-12-14 17:26 - 2016-12-09 01:20 - 00730624 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-12-14 17:26 - 2016-12-09 01:20 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-12-14 17:26 - 2016-12-09 01:19 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2016-12-14 17:25 - 2016-12-09 02:42 - 01637728 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-12-14 17:25 - 2016-12-09 02:42 - 00137568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-12-14 17:25 - 2016-12-09 02:34 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-12-14 17:25 - 2016-12-09 02:34 - 00894096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-12-14 17:25 - 2016-12-09 02:33 - 01354320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-12-14 17:25 - 2016-12-09 02:33 - 01173496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-12-14 17:25 - 2016-12-09 02:30 - 00377184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-12-14 17:25 - 2016-12-09 02:29 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-14 17:25 - 2016-12-09 02:28 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-12-14 17:25 - 2016-12-09 02:20 - 02677544 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-12-14 17:25 - 2016-12-09 02:20 - 02189664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-12-14 17:25 - 2016-12-09 02:20 - 00658784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-12-14 17:25 - 2016-12-09 02:20 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-12-14 17:25 - 2016-12-09 02:19 - 00168424 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2016-12-14 17:25 - 2016-12-09 02:18 - 02913144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-12-14 17:25 - 2016-12-09 02:18 - 01267512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-12-14 17:25 - 2016-12-09 02:18 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2016-12-14 17:25 - 2016-12-09 02:18 - 00989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2016-12-14 17:25 - 2016-12-09 02:18 - 00947552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2016-12-14 17:25 - 2016-12-09 02:18 - 00811872 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2016-12-14 17:25 - 2016-12-09 02:14 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-12-14 17:25 - 2016-12-09 02:14 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2016-12-14 17:25 - 2016-12-09 02:10 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2016-12-14 17:25 - 2016-12-09 02:09 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2016-12-14 17:25 - 2016-12-09 01:47 - 22563328 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-12-14 17:25 - 2016-12-09 01:45 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2016-12-14 17:25 - 2016-12-09 01:42 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-12-14 17:25 - 2016-12-09 01:41 - 00380928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2016-12-14 17:25 - 2016-12-09 01:38 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2016-12-14 17:25 - 2016-12-09 01:37 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-12-14 17:25 - 2016-12-09 01:37 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-12-14 17:25 - 2016-12-09 01:36 - 03059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-12-14 17:25 - 2016-12-09 01:36 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-12-14 17:25 - 2016-12-09 01:33 - 01589760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2016-12-14 17:25 - 2016-12-09 01:30 - 23677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-12-14 17:25 - 2016-12-09 01:28 - 01004544 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-12-14 17:25 - 2016-12-09 01:27 - 13084160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-12-14 17:25 - 2016-12-09 01:27 - 05114368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2016-12-14 17:25 - 2016-12-09 01:26 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-12-14 17:25 - 2016-12-09 01:25 - 00376832 _____ (Microsoft Corporation) C:\WINDOWS\system32\CryptoWinRT.dll
2016-12-14 17:25 - 2016-12-09 01:24 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-12-14 17:25 - 2016-12-09 01:22 - 02820096 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-12-14 17:25 - 2016-12-09 01:21 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2016-12-14 17:25 - 2016-12-09 01:20 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-12-14 17:25 - 2016-12-09 01:19 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-12-14 17:25 - 2016-12-09 01:19 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-12-14 17:25 - 2016-12-09 01:19 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-12-14 17:25 - 2016-12-09 01:19 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2016-12-13 09:22 - 2016-12-13 09:22 - 00003284 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2016-12-09 21:40 - 2016-12-09 21:40 - 00035815 _____ C:\Users\betty\Desktop\2014 Summary of gifts.xlsm
2016-12-09 13:36 - 2016-11-11 02:22 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-12-09 13:36 - 2016-11-11 02:14 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2016-12-09 13:36 - 2016-11-11 02:14 - 02186896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2016-12-09 13:36 - 2016-11-11 02:14 - 00603488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2016-12-09 13:36 - 2016-11-11 02:13 - 01886344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-12-09 13:36 - 2016-11-11 02:13 - 00352096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2016-12-09 13:36 - 2016-11-11 02:12 - 00128352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2016-12-09 13:36 - 2016-11-11 02:03 - 01069720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2016-12-09 13:36 - 2016-11-11 02:03 - 00266544 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-12-09 13:36 - 2016-11-11 02:02 - 02828376 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-12-09 13:36 - 2016-11-11 02:01 - 01859264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-12-09 13:36 - 2016-11-11 01:57 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-12-09 13:36 - 2016-11-11 01:56 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2016-12-09 13:36 - 2016-11-11 01:56 - 00424616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2016-12-09 13:36 - 2016-11-11 01:56 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-12-09 13:36 - 2016-11-11 01:56 - 00163752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTWorkQ.dll
2016-12-09 13:36 - 2016-11-11 01:29 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2016-12-09 13:36 - 2016-11-11 01:26 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2016-12-09 13:36 - 2016-11-11 01:26 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReportingCSP.dll
2016-12-09 13:36 - 2016-11-11 01:25 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2016-12-09 13:36 - 2016-11-11 01:25 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2016-12-09 13:36 - 2016-11-11 01:25 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-12-09 13:36 - 2016-11-11 01:24 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-12-09 13:36 - 2016-11-11 01:24 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2016-12-09 13:36 - 2016-11-11 01:24 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-12-09 13:36 - 2016-11-11 01:23 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\EAMProgressHandler.dll
2016-12-09 13:36 - 2016-11-11 01:22 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-12-09 13:36 - 2016-11-11 01:22 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\EDPCleanup.exe
2016-12-09 13:36 - 2016-11-11 01:21 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-12-09 13:36 - 2016-11-11 01:21 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2016-12-09 13:36 - 2016-11-11 01:21 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2016-12-09 13:36 - 2016-11-11 01:20 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2016-12-09 13:36 - 2016-11-11 01:20 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2016-12-09 13:36 - 2016-11-11 01:20 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2016-12-09 13:36 - 2016-11-11 01:20 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2016-12-09 13:36 - 2016-11-11 01:19 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2016-12-09 13:36 - 2016-11-11 01:19 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2016-12-09 13:36 - 2016-11-11 01:19 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-12-09 13:36 - 2016-11-11 01:19 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2016-12-09 13:36 - 2016-11-11 01:18 - 17188352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-12-09 13:36 - 2016-11-11 01:18 - 00967168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-12-09 13:36 - 2016-11-11 01:14 - 02104320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-12-09 13:36 - 2016-11-11 01:14 - 00615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2016-12-09 13:36 - 2016-11-11 01:13 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcuiu.dll
2016-12-09 13:36 - 2016-11-11 01:11 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-12-09 13:36 - 2016-11-11 01:11 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-12-09 13:36 - 2016-11-11 01:08 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2016-12-09 13:36 - 2016-11-11 01:07 - 00347648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2016-12-09 13:36 - 2016-11-11 01:06 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-12-09 13:36 - 2016-11-11 01:05 - 04136448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-12-09 13:36 - 2016-11-11 01:04 - 02800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\netshell.dll
2016-12-09 13:36 - 2016-11-11 01:04 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-12-09 13:36 - 2016-11-11 01:04 - 01232384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-12-09 13:36 - 2016-11-11 01:04 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-12-09 13:36 - 2016-11-11 01:04 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-12-09 13:36 - 2016-11-11 01:03 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2016-12-09 13:36 - 2016-11-10 23:49 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2016-12-09 13:36 - 2016-11-10 23:48 - 02277248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2016-12-09 13:36 - 2016-11-10 23:47 - 00527880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-12-09 13:36 - 2016-11-10 23:42 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-12-09 13:36 - 2016-11-10 23:42 - 01123912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-12-09 13:36 - 2016-11-10 23:42 - 00952416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-12-09 13:36 - 2016-11-10 23:42 - 00091936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfaudiocnv.dll
2016-12-09 13:36 - 2016-11-10 23:41 - 00157536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudStorageWizard.exe
2016-12-09 13:36 - 2016-11-10 23:38 - 01263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-12-09 13:36 - 2016-11-10 23:25 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-12-09 13:36 - 2016-11-10 23:25 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-12-09 13:36 - 2016-11-10 23:24 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-12-09 13:36 - 2016-11-10 23:23 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2016-12-09 13:36 - 2016-11-10 23:21 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-12-09 13:36 - 2016-11-10 23:19 - 01755136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll
2016-12-09 13:36 - 2016-11-10 23:19 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2016-12-09 13:36 - 2016-11-10 23:19 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2016-12-09 13:36 - 2016-11-10 23:18 - 02333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2016-12-09 13:36 - 2016-11-10 23:17 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe
2016-12-09 13:36 - 2016-11-10 23:15 - 01357824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2016-12-09 13:36 - 2016-11-10 23:15 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-12-09 13:36 - 2016-11-10 23:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2016-12-09 13:36 - 2016-11-10 23:10 - 06109184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-12-09 13:36 - 2016-11-10 23:09 - 05380608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-12-09 13:36 - 2016-11-10 23:09 - 00545280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2016-12-09 13:36 - 2016-11-10 23:06 - 02362880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2016-12-09 13:36 - 2016-11-10 23:06 - 02109952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2016-12-09 13:36 - 2016-11-10 23:06 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2016-12-09 13:36 - 2016-11-10 23:05 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-12-09 13:36 - 2016-11-10 23:05 - 03370496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2016-12-09 13:36 - 2016-11-10 23:04 - 02682880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll
2016-12-09 13:36 - 2016-11-10 23:04 - 01992704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-12-09 13:36 - 2016-11-10 23:04 - 00912896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2016-12-09 13:36 - 2016-11-10 23:04 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-12-09 13:36 - 2016-11-10 23:03 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-12-09 13:35 - 2016-11-11 02:15 - 00198856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-12-09 13:35 - 2016-11-11 02:15 - 00101216 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceReactivation.dll
2016-12-09 13:35 - 2016-11-11 02:13 - 02213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-12-09 13:35 - 2016-11-11 02:08 - 00142176 _____ (Microsoft Corporation) C:\WINDOWS\system32\migisol.dll
2016-12-09 13:35 - 2016-11-11 02:03 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2016-12-09 13:35 - 2016-11-11 02:02 - 00360040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-12-09 13:35 - 2016-11-11 02:01 - 07219672 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-12-09 13:35 - 2016-11-11 02:01 - 00637400 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-12-09 13:35 - 2016-11-11 02:00 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-12-09 13:35 - 2016-11-11 02:00 - 00223584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-12-09 13:35 - 2016-11-11 02:00 - 00219488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2016-12-09 13:35 - 2016-11-11 01:59 - 00433504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-12-09 13:35 - 2016-11-11 01:57 - 04130432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-12-09 13:35 - 2016-11-11 01:57 - 01473048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-12-09 13:35 - 2016-11-11 01:56 - 04673304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-12-09 13:35 - 2016-11-11 01:56 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-12-09 13:35 - 2016-11-11 01:56 - 00187520 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudStorageWizard.exe
2016-12-09 13:35 - 2016-11-11 01:56 - 00126568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfaudiocnv.dll
2016-12-09 13:35 - 2016-11-11 01:55 - 01600624 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-12-09 13:35 - 2016-11-11 01:55 - 00882680 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2016-12-09 13:35 - 2016-11-11 01:55 - 00743224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-12-09 13:35 - 2016-11-11 01:54 - 01418312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-12-09 13:35 - 2016-11-11 01:51 - 00454592 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2016-12-09 13:35 - 2016-11-11 01:31 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-12-09 13:35 - 2016-11-11 01:28 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-12-09 13:35 - 2016-11-11 01:28 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\CbtBackgroundManagerPolicy.dll
2016-12-09 13:35 - 2016-11-11 01:27 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2016-12-09 13:35 - 2016-11-11 01:27 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpremove.exe
2016-12-09 13:35 - 2016-11-11 01:26 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2016-12-09 13:35 - 2016-11-11 01:26 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\modem.sys
2016-12-09 13:35 - 2016-11-11 01:26 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgentc.exe
2016-12-09 13:35 - 2016-11-11 01:25 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRHelper.dll
2016-12-09 13:35 - 2016-11-11 01:25 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-12-09 13:35 - 2016-11-11 01:25 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-12-09 13:35 - 2016-11-11 01:25 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-12-09 13:35 - 2016-11-11 01:24 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-12-09 13:35 - 2016-11-11 01:24 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2016-12-09 13:35 - 2016-11-11 01:24 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-12-09 13:35 - 2016-11-11 01:24 - 00136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2016-12-09 13:35 - 2016-11-11 01:24 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2016-12-09 13:35 - 2016-11-11 01:23 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2016-12-09 13:35 - 2016-11-11 01:23 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2016-12-09 13:35 - 2016-11-11 01:23 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2016-12-09 13:35 - 2016-11-11 01:22 - 00489472 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-12-09 13:35 - 2016-11-11 01:22 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-12-09 13:35 - 2016-11-11 01:21 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-12-09 13:35 - 2016-11-11 01:21 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2016-12-09 13:35 - 2016-11-11 01:21 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-12-09 13:35 - 2016-11-11 01:20 - 00657920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2016-12-09 13:35 - 2016-11-11 01:20 - 00641024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2016-12-09 13:35 - 2016-11-11 01:20 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2016-12-09 13:35 - 2016-11-11 01:20 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-12-09 13:35 - 2016-11-11 01:20 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2016-12-09 13:35 - 2016-11-11 01:20 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2016-12-09 13:35 - 2016-11-11 01:20 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupugc.exe
2016-12-09 13:35 - 2016-11-11 01:20 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-12-09 13:35 - 2016-11-11 01:19 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-12-09 13:35 - 2016-11-11 01:19 - 00620544 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-12-09 13:35 - 2016-11-11 01:19 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-12-09 13:35 - 2016-11-11 01:19 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2016-12-09 13:35 - 2016-11-11 01:19 - 00388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2016-12-09 13:35 - 2016-11-11 01:19 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2016-12-09 13:35 - 2016-11-11 01:18 - 02084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
2016-12-09 13:35 - 2016-11-11 01:18 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
2016-12-09 13:35 - 2016-11-11 01:17 - 01220096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2016-12-09 13:35 - 2016-11-11 01:17 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-12-09 13:35 - 2016-11-11 01:17 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvSysprep.dll
2016-12-09 13:35 - 2016-11-11 01:16 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2016-12-09 13:35 - 2016-11-11 01:16 - 01477632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2016-12-09 13:35 - 2016-11-11 01:16 - 00560128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2016-12-09 13:35 - 2016-11-11 01:16 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-12-09 13:35 - 2016-11-11 01:16 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2016-12-09 13:35 - 2016-11-11 01:16 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2016-12-09 13:35 - 2016-11-11 01:15 - 00282624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-12-09 13:35 - 2016-11-11 01:15 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscinterop.dll
2016-12-09 13:35 - 2016-11-11 01:15 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManHTTPConfig.exe
2016-12-09 13:35 - 2016-11-11 01:14 - 07654400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-12-09 13:35 - 2016-11-11 01:14 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2016-12-09 13:35 - 2016-11-11 01:14 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppnp.dll
2016-12-09 13:35 - 2016-11-11 01:13 - 07812096 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-12-09 13:35 - 2016-11-11 01:13 - 00396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-12-09 13:35 - 2016-11-11 01:12 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcprx.dll
2016-12-09 13:35 - 2016-11-11 01:11 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2016-12-09 13:35 - 2016-11-11 01:11 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpoext.dll
2016-12-09 13:35 - 2016-11-11 01:09 - 01366016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2016-12-09 13:35 - 2016-11-11 01:09 - 00164352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialserver.dll
2016-12-09 13:35 - 2016-11-11 01:07 - 03441152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2016-12-09 13:35 - 2016-11-11 01:07 - 02953216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2016-12-09 13:35 - 2016-11-11 01:07 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-12-09 13:35 - 2016-11-11 01:07 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-12-09 13:35 - 2016-11-11 01:07 - 01691136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2016-12-09 13:35 - 2016-11-11 01:07 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-12-09 13:35 - 2016-11-11 01:07 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2016-12-09 13:35 - 2016-11-11 01:06 - 03400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll
2016-12-09 13:35 - 2016-11-11 01:06 - 00960000 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-12-09 13:35 - 2016-11-11 01:05 - 02852864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-12-09 13:35 - 2016-11-11 01:05 - 01779712 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-12-09 13:35 - 2016-11-11 01:05 - 01031680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-12-09 13:35 - 2016-11-11 01:05 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-12-09 13:35 - 2016-11-11 01:04 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2016-12-09 13:35 - 2016-11-11 01:04 - 02611200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2016-12-09 13:35 - 2016-11-11 01:04 - 02317312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-12-09 13:35 - 2016-11-11 01:04 - 01709056 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-12-09 13:35 - 2016-11-11 01:04 - 00691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2016-12-09 13:35 - 2016-11-11 01:04 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2016-12-09 13:35 - 2016-11-11 01:03 - 04708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-12-09 13:35 - 2016-11-11 01:03 - 02669056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-12-09 13:35 - 2016-11-11 01:03 - 02287616 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-12-09 13:35 - 2016-11-11 01:03 - 00905216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-12-09 13:35 - 2016-11-11 01:03 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-12-09 13:35 - 2016-11-11 01:03 - 00632320 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2016-12-09 13:35 - 2016-11-11 01:03 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-12-09 13:35 - 2016-11-11 01:03 - 00283648 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll
2016-12-09 13:35 - 2016-11-11 01:02 - 03542016 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-12-09 13:35 - 2016-11-11 01:02 - 01726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-12-09 13:35 - 2016-11-11 01:02 - 00936448 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-12-09 13:35 - 2016-11-11 00:39 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-12-09 13:35 - 2016-11-11 00:01 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2016-12-09 13:35 - 2016-11-11 00:01 - 01969912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll
2016-12-09 13:35 - 2016-11-11 00:01 - 00167848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2016-12-09 13:35 - 2016-11-11 00:00 - 01706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-12-09 13:35 - 2016-11-10 23:59 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-12-09 13:35 - 2016-11-10 23:54 - 00122208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\migisol.dll
2016-12-09 13:35 - 2016-11-10 23:49 - 00869848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2016-12-09 13:35 - 2016-11-10 23:49 - 00248480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2016-12-09 13:35 - 2016-11-10 23:47 - 05722832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-12-09 13:35 - 2016-11-10 23:47 - 01430720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-12-09 13:35 - 2016-11-10 23:42 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-12-09 13:35 - 2016-11-10 23:42 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2016-12-09 13:35 - 2016-11-10 23:42 - 00374448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2016-12-09 13:35 - 2016-11-10 23:42 - 00152416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTWorkQ.dll
2016-12-09 13:35 - 2016-11-10 23:41 - 04311736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-12-09 13:35 - 2016-11-10 23:28 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2016-12-09 13:35 - 2016-11-10 23:27 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetCfgNotifyObjectHost.exe
2016-12-09 13:35 - 2016-11-10 23:27 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-12-09 13:35 - 2016-11-10 23:26 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgentc.exe
2016-12-09 13:35 - 2016-11-10 23:24 - 00519168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2016-12-09 13:35 - 2016-11-10 23:24 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll
2016-12-09 13:35 - 2016-11-10 23:24 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2016-12-09 13:35 - 2016-11-10 23:23 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2016-12-09 13:35 - 2016-11-10 23:22 - 00505856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2016-12-09 13:35 - 2016-11-10 23:22 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
2016-12-09 13:35 - 2016-11-10 23:21 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-12-09 13:35 - 2016-11-10 23:21 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2016-12-09 13:35 - 2016-11-10 23:20 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-12-09 13:35 - 2016-11-10 23:20 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-12-09 13:35 - 2016-11-10 23:20 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2016-12-09 13:35 - 2016-11-10 23:19 - 13868544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-12-09 13:35 - 2016-11-10 23:19 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2016-12-09 13:35 - 2016-11-10 23:19 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-12-09 13:35 - 2016-11-10 23:19 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2016-12-09 13:35 - 2016-11-10 23:19 - 00114176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupugc.exe
2016-12-09 13:35 - 2016-11-10 23:18 - 01336320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
2016-12-09 13:35 - 2016-11-10 23:18 - 01196544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2016-12-09 13:35 - 2016-11-10 23:18 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2016-12-09 13:35 - 2016-11-10 23:18 - 00318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2016-12-09 13:35 - 2016-11-10 23:18 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscinterop.dll
2016-12-09 13:35 - 2016-11-10 23:17 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2016-12-09 13:35 - 2016-11-10 23:16 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-12-09 13:35 - 2016-11-10 23:15 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-12-09 13:35 - 2016-11-10 23:15 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2016-12-09 13:35 - 2016-11-10 23:14 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2016-12-09 13:35 - 2016-11-10 23:13 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-12-09 13:35 - 2016-11-10 23:12 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcuiu.dll
2016-12-09 13:35 - 2016-11-10 23:10 - 00746496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcprx.dll
2016-12-09 13:35 - 2016-11-10 23:08 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xolehlp.dll
2016-12-09 13:35 - 2016-11-10 23:06 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2016-12-09 13:35 - 2016-11-10 23:06 - 00400384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2016-12-09 13:35 - 2016-11-10 23:06 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxclu.dll
2016-12-09 13:35 - 2016-11-10 23:04 - 01595392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-12-09 13:35 - 2016-11-10 23:04 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2016-12-09 13:35 - 2016-11-10 23:03 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
2016-12-09 13:35 - 2016-11-10 23:03 - 02256384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-12-09 13:35 - 2016-11-10 23:03 - 01576448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-12-09 13:35 - 2016-11-10 23:03 - 01556480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-12-09 13:35 - 2016-11-10 23:03 - 00772608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2016-12-09 13:35 - 2016-11-10 23:03 - 00565248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2016-12-09 13:35 - 2016-11-10 23:02 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-12-02 08:51 - 2016-12-02 08:51 - 06822911 _____ (U.S. Department of the Treasury) C:\Users\betty\Downloads\sbwsetup (1).exe
2016-11-30 10:13 - 2016-12-10 20:30 - 00000000 _____ C:\Users\betty\Documents\HPOJ8720_Fax_Port
 
Frst 4:

==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-12-29 15:44 - 2016-08-20 10:46 - 00000000 ____D C:\Users\betty\Desktop\Virus
2016-12-29 15:44 - 2015-06-20 08:42 - 00000000 __RDO C:\Users\betty\OneDrive
2016-12-29 15:43 - 2016-08-20 10:44 - 00000000 ____D C:\FRST
2016-12-29 15:42 - 2016-10-01 09:24 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-12-29 15:42 - 2015-06-20 08:09 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2016-12-29 15:40 - 2016-10-02 10:48 - 00009060 _____ C:\WINDOWS\PFRO.log
2016-12-29 15:40 - 2016-10-01 09:57 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-12-29 15:40 - 2016-10-01 09:21 - 00918192 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-12-29 15:40 - 2015-06-29 05:53 - 00000358 _____ C:\WINDOWS\Tasks\HPCeeScheduleForbetty.job
2016-12-29 15:38 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\system32\sru
2016-12-29 15:38 - 2016-07-15 22:04 - 01310720 _____ C:\WINDOWS\system32\config\BBI
2016-12-29 15:37 - 2016-08-20 11:43 - 00000000 ____D C:\AdwCleaner
2016-12-29 15:37 - 2015-08-26 12:30 - 00000000 ___RD C:\Users\betty\OneDrive - The Hedrick Co-
2016-12-29 15:14 - 2015-06-24 14:26 - 00000000 ____D C:\ProgramData\flsplan
2016-12-29 14:04 - 2016-10-01 09:22 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-12-29 13:49 - 2014-06-24 21:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-12-29 13:40 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-12-28 19:32 - 2016-10-01 11:24 - 00000000 ____D C:\Users\betty\AppData\Local\Deployment
2016-12-28 18:27 - 2015-07-28 14:00 - 00002315 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-28 09:42 - 2016-10-01 09:57 - 00003250 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForbetty
2016-12-28 09:30 - 2016-10-01 09:30 - 00000000 ____D C:\Users\betty
2016-12-28 09:29 - 2015-06-20 12:18 - 00000000 ____D C:\Users\betty\Documents\Family Law Software
2016-12-26 20:31 - 2015-06-20 08:17 - 00000000 ____D C:\Users\betty\AppData\Local\Packages
2016-12-26 18:17 - 2015-06-20 08:19 - 00000000 ____D C:\Users\betty\Documents\Youcam
2016-12-26 16:09 - 2016-10-01 09:29 - 01384134 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-12-26 16:04 - 2015-10-20 14:47 - 1351643749 _____ C:\WINDOWS\MEMORY.DMP
2016-12-24 14:15 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\rescache
2016-12-23 11:57 - 2016-08-04 11:45 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-12-23 11:57 - 2015-08-27 10:03 - 00000684 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-223588219-2138284121-77307795-1002.job
2016-12-23 11:57 - 2015-08-27 10:03 - 00000588 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-223588219-2138284121-77307795-1002.job
2016-12-23 11:54 - 2016-07-16 03:47 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2016-12-23 11:53 - 2016-07-16 03:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-12-23 11:53 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2016-12-23 11:53 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-12-23 11:53 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\system32\sr-Latn-CS
2016-12-23 11:53 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-12-23 11:53 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-12-23 11:53 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-12-23 11:53 - 2016-07-15 22:04 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-12-23 11:53 - 2016-07-15 22:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-12-23 11:53 - 2016-07-15 22:04 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-12-23 11:53 - 2016-07-15 22:04 - 00000000 ____D C:\WINDOWS\servicing
2016-12-23 11:39 - 2016-07-16 03:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-12-22 12:00 - 2015-07-30 06:55 - 00000000 __HDC C:\ProgramData\{A4BCF67D-EA8B-46F0-B19D-90368494B7A3}
2016-12-20 11:48 - 2015-07-15 09:29 - 00017658 _____ C:\Users\betty\Documents\Position Export.csv
2016-12-16 13:41 - 2016-10-01 09:57 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-16 13:41 - 2016-10-01 09:57 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-14 18:43 - 2015-06-20 20:38 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-12-14 18:40 - 2015-06-20 20:37 - 135632432 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-12-13 10:21 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-12-13 10:21 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-12-13 09:22 - 2016-07-16 11:20 - 00002366 _____ C:\Users\betty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-12-12 10:39 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-12-11 15:56 - 2016-07-16 03:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-12-11 15:56 - 2016-07-16 03:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-09 13:23 - 2016-07-16 03:42 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-12-07 17:14 - 2015-06-29 12:37 - 00000000 ___RD C:\Users\betty\Box Sync
2016-12-07 16:11 - 2016-10-01 09:24 - 00029749 _____ C:\WINDOWS\setupact.log
2016-12-06 11:14 - 2016-02-18 10:52 - 00000000 ____D C:\Users\betty\AppData\LocalLow\WebEx
2016-12-06 10:01 - 2016-02-18 10:52 - 00000000 ____D C:\Users\betty\AppData\Local\WebEx
2016-12-06 10:01 - 2016-02-18 10:52 - 00000000 ____D C:\ProgramData\WebEx
2016-12-02 08:52 - 2015-12-18 10:42 - 00001162 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Savings Bond Wizard.lnk
2016-12-02 08:52 - 2015-12-18 10:42 - 00001156 _____ C:\Users\Public\Desktop\Savings Bond Wizard.lnk
2016-12-02 08:52 - 2015-12-18 10:42 - 00000000 ____D C:\Program Files (x86)\Savings Bond Wizard
2016-11-30 10:13 - 2016-11-28 16:49 - 00000000 ____D C:\Users\betty\AppData\Local\HP
==================== Files in the root of some directories =======
2016-01-14 16:57 - 2016-01-14 16:57 - 0002715 _____ () C:\Users\betty\AppData\Roaming\QBFileDrTool.log
2016-05-02 21:11 - 2016-05-02 21:14 - 1671526 _____ () C:\Users\betty\AppData\Roaming\qeinst.log
2016-03-29 08:39 - 2016-03-29 08:39 - 0000600 _____ () C:\Users\betty\AppData\Roaming\winscp.rnd
2016-12-28 17:53 - 2016-12-28 17:53 - 0000017 _____ () C:\Users\betty\AppData\Local\resmon.resmoncfg
2016-11-28 16:54 - 2016-11-28 16:54 - 0000057 _____ () C:\ProgramData\Ament.ini
Some files in TEMP:
====================
C:\Users\betty\AppData\Local\Temp\BullseyeCoverage-2-x86.dll
C:\Users\betty\AppData\Local\Temp\libeay32.dll
C:\Users\betty\AppData\Local\Temp\msvcr120.dll
C:\Users\betty\AppData\Local\Temp\RoboForm-Setup.exe
C:\Users\betty\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-12-22 10:11
==================== End of FRST.txt ============================
 
Addition 1:

Additional scan result of Farbar Recovery Scan Tool (x64) Version:04-10-2015
Ran by betty (2016-12-29 15:47:05)
Running from C:\Users\betty\Desktop\Virus
Windows 10 Home (X64) (2016-10-01 18:01:58)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
Administrator (S-1-5-21-223588219-2138284121-77307795-500 - Administrator - Disabled)
betty (S-1-5-21-223588219-2138284121-77307795-1002 - Administrator - Enabled) => C:\Users\betty
DefaultAccount (S-1-5-21-223588219-2138284121-77307795-503 - Limited - Disabled)
Guest (S-1-5-21-223588219-2138284121-77307795-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-223588219-2138284121-77307795-1001 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
(HKLM-x32\...\{B5FAD058-6C87-4902-9A03-DB744AD66263}) (Version: - )
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0E0F06755100}) (Version: 15.006.30244 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{29DB9165-5FC1-48F0-9188-26123F526848}) (Version: 5.0.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{5905C8CF-1C88-4478-A48E-4E458AD1BC7E}) (Version: 5.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D4D86CB2-2370-4691-8272-3869EDED6C64}) (Version: 10.0.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
BERNINA ARTlink 7 (HKLM-x32\...\{CA812D88-2139-4107-97B5-1B2D2A1DD04D}) (Version: 18.0.94.7011 - BERNINA)
BERNINA ARTlink 7 (x32 Version: 18.0.94.7011 - Wilcom) Hidden
BERNINA Universal Communication Server (HKLM-x32\...\{CF27C964-3902-4CA3-9C71-B0EAEB302AB5}) (Version: 1.27.70 - BERNINA)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Box Sync (HKLM\...\{5C15714C-1956-47D4-9C1D-452CC2C2C10B}) (Version: 4.0.7724.0 - Box, Inc.)
Box Sync (x32 Version: 4.0.6447.0 - Box Inc.) Hidden
Box Tools (HKLM-x32\...\{56647361-687B-452B-8999-6179125FFD63}) (Version: 3.2.10.1533 - Box)
Cisco WebEx Meetings (HKU\S-1-5-21-223588219-2138284121-77307795-1001\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Cisco WebEx Meetings (HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{DB014C85-A264-4BCA-A66F-6DD1FCF8EC36}) (Version: 1.0.335 - Citrix)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4.6515 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.9.4928 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.4.4824 - CyberLink Corp.)
CyberLink Power Media Player 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.6.5104 - CyberLink Corp.)
CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.5.6909 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.9.5009 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.4.3122 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.6.5011 - CyberLink Corp.)
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
EPSON WorkForce 645 Series Printer Uninstall (HKLM\...\EPSON WorkForce 645 Series) (Version: - SEIKO EPSON Corporation)
FreeMind (HKLM-x32\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 0.9.0 - )
GDR 4042 for SQL Server 2008 R2 (KB3045313) (HKLM-x32\...\KB3045313) (Version: 10.52.4042.0 - Microsoft Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GoToMeeting 7.14.1.4670 (HKU\S-1-5-21-223588219-2138284121-77307795-1001\...\GoToMeeting) (Version: 7.14.1.4670 - CitrixOnline)
GoToMeeting 7.28.0.6039 (HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\GoToMeeting) (Version: 7.28.0.6039 - CitrixOnline)
HP 3D DriveGuard (HKLM-x32\...\{13133E99-B0D5-4143-B832-AAD55C62A41C}) (Version: 6.0.19.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{59F8C5AA-91BD-423D-BF05-09A80F39898F}) (Version: 2.10.62 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{1154543C-D5D0-49BE-A004-82EE0A3746AE}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Dropbox Plugin (HKLM-x32\...\{3E261474-8DF2-463B-984E-0B6396F58D1C}) (Version: 36.0.39.57346 - HP)
HP Google Drive Plugin (HKLM-x32\...\{9469285B-AB76-434A-8533-2EE643318F2E}) (Version: 36.0.39.57346 - HP)
HP OfficeJet Pro 8720 Basic Device Software (HKLM\...\{98A7C54D-74EB-461C-8124-E78BF938401F}) (Version: 38.1.1881.57490 - HP Inc.)
HP OfficeJet Pro 8720 Help (HKLM-x32\...\{18E5A98E-E857-4087-AF73-4E6B9AB0A140}) (Version: 38.0.0 - HP)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7493.4758 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{D17A3B70-B75E-4C49-83D6-C17DDF65B35F}) (Version: 1.3.4 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{AED1C141-3AFC-47FE-AE90-C820AA60B103}) (Version: 2.2.5 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
I.R.I.S. OCR (HKLM-x32\...\{093C645A-294E-41E4-904C-DDF13DC47A27}) (Version: 12.3.6.12 - HP)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6491.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel(R) PRO/Wireless Driver (HKLM\...\{ac7ad2d7-04b3-460c-b370-07e3d3e3aa4e}) (Version: 17.01.0000.1697 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3368 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 3.0.1335.5) (HKLM\...\{302600C1-6BDF-4FD1-1307-148929CC1385}) (Version: 3.1.1307.0362 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
Intel(R) Smart Connect Technology (HKLM\...\{9B5FD763-5074-474C-B898-24567E6450C8}) (Version: 4.2.40.2439 - Intel Corporation)
iTunes (HKLM\...\{9946A4F7-E0FD-4A33-82D1-06CBFFBBB9F9}) (Version: 12.5.1.21 - Apple Inc.)
Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Laser App Enterprise (HKLM-x32\...\Laser App Enterprise) (Version: 10.0.0.50 - Laser App Software Inc.)
Laser App Enterprise (x32 Version: 10.0.0.54 - Laser App Software Inc.) Hidden
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.5.166.0 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.6965.2115 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\OneDriveSetup.exe) (Version: 17.3.6720.1207 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (HKLM-x32\...\Microsoft SQL Server 2008 R2) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{49860BCD-24D6-44C1-922E-AC12FE32234E}) (Version: 10.52.4042.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Setup (English) (HKLM-x32\...\{EFECC55D-7B0A-4D05-8487-CC2FD7C618A3}) (Version: 10.52.4042.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM-x32\...\{D441BD04-E548-4F8E-97A4-1B66135BAAA8}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server Browser (HKLM-x32\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{6E740973-8E71-42F9-A910-C18452E60450}) (Version: 9.00.3042.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft SQLXML 4.0 SP1 (HKLM\...\{70544B21-8A43-4A30-8F59-DC6F73A5EE9A}) (Version: 10.0.1600.60 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{CD5AAE18-1DF8-4D7B-8B99-9071D7D36126}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package (HKLM-x32\...\Microsoft Visual J# 2.0 Redistributable Package) (Version: - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Mozilla Firefox 40.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.4.12.00 - NETGEAR Inc.)
novaPDF v7 (novaPDF 7.4 printer) (HKLM\...\novaPDF v7_is1) (Version: - Softland)
NVIDIA Graphics Driver 359.37 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 359.37 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0927 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0927 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6965.2115 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6965.2115 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6965.2115 - Microsoft Corporation) Hidden
Pinger (HKLM-x32\...\Pinger 1.1.1.2) (Version: 1.1.1.2 - Pinger Inc.)
Pinger (x32 Version: 1.1.1.2 - Pinger Inc.) Hidden
PortfolioCenter (HKLM-x32\...\InstallShield_{5B0F5755-7BE9-42AF-9AFC-F424C8E67C1C}) (Version: 5.10.100.2 - Schwab Performance Technologies)
PortfolioCenter (x32 Version: 5.10.100.2 - Schwab Performance Technologies) Hidden
PortfolioCenter Database Components (HKLM-x32\...\InstallShield_{D06C26DA-AC5F-43E7-A687-34D4CA83017B}) (Version: 5.10.100.2 - Schwab Performance Technologies)
PortfolioCenter Database Components (x32 Version: 5.10.100.2 - Schwab Performance Technologies) Hidden
PortfolioCenter Management Console (HKLM-x32\...\InstallShield_{4268D342-1374-490F-B277-BADAE5A0EE21}) (Version: 5.10.100.2 - Schwab Performance Technologies)
PortfolioCenter Management Console (x32 Version: 5.10.100.2 - Schwab Performance Technologies) Hidden
Quarterly Express Plus (HKLM-x32\...\{1F9C45EB-9D92-472C-A940-4206E9012A25}) (Version: 2.0.73 - Lewis Software Associates LLC)
QuickBooks (x32 Version: 25.0.4010.2506 - Intuit Inc.) Hidden
QuickBooks Pro 2015 (HKLM-x32\...\{8F02EFA1-8F5E-4E47-A6B5-D99E4FE90271}) (Version: 25.0.4006.2506 - Intuit Inc.)
QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21239 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.19.726.2013 - Realtek)
Retriever for the Desktop (HKLM-x32\...\{9FF80FBE-980E-4A42-B338-B1304958A84C}) (Version: 2.0.1 - Redtail Technology)
RingCentral Meetings (HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\RingCentralMeetings) (Version: 4.2 - Zoom Video Communications, Inc. and RingCentral Inc.)
RoboForm 7-9-22-2 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-22-2 - Siber Systems)
RogueKiller version 12 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12 - Adlice Software)
Savings Bond Wizard (HKLM-x32\...\{566DBD89-9955-4024-9384-A6301C8C6584}) (Version: 5.0 - U.S. Department of the Treasury)
Schwab Data Delivery (HKU\S-1-5-21-223588219-2138284121-77307795-1001\...\ebb9ba9810bf3c43) (Version: 1.10.2930.114 - Charles Schwab - Schwab Data Delivery)
Schwab Data Delivery (HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\ebb9ba9810bf3c43) (Version: 1.10.2930.114 - Charles Schwab - Schwab Data Delivery)
Service Pack 2 for SQL Server 2008 R2 (KB2630458) (HKLM-x32\...\KB2630458) (Version: 10.52.4000.0 - Microsoft Corporation)
Social2Search (HKLM\...\ba2f628bfbf08a1bd58912883563d2b4) (Version: 11.12.1.194 (i1.0) - Social2Search)
SQL Server 2008 R2 SP2 Common Files (x32 Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Services (x32 Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Shared (x32 Version: 10.52.4000.0 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (x32 Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SupportCalc-FD
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.2.4.10 - Synaptics Incorporated)
Validity WBF DDK (HKLM\...\{21498212-1146-4540-8A81-6A1328BA19F2}) (Version: 4.5.228.0 - Validity Sensors, Inc.)
VC12X64Redist (HKLM\...\{B573CC21-AE24-4BC5-9B0B-15CF29A3F982}) (Version: 1.00.0000 - Intuit Inc.)
VC12X86Redist (HKLM-x32\...\{EA9886ED-21F8-4867-A049-CE6817291EE6}) (Version: 1.00.0000 - Intuit Inc.)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17332 - Microsoft Corporation)
WinSCP 5.7.7 (HKLM-x32\...\winscp3_is1) (Version: 5.7.7 - Martin Prikryl)
YCharts Excel (HKLM-x32\...\{B937CE83-D945-4965-B16E-D056A16EA848}) (Version: 3.12 - YChartsExcel)
Your_Updater (HKLM-x32\...\Your_Updater) (Version: 1.0.1.7 - Installer Technology ©)
Zoom (HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\ZoomUMX) (Version: 3.5 - Zoom Video Communications, Inc.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-223588219-2138284121-77307795-1002_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\betty\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-223588219-2138284121-77307795-1002_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\betty\AppData\Local\Citrix\GoToMeeting\5174\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
==================== Restore Points =========================
09-12-2016 14:47:29 Windows Update
14-12-2016 18:39:31 Windows Update
23-12-2016 11:24:27 Windows Update
28-12-2016 17:49:02 Removed 8x8 - Virtual Office
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 05:25 - 2013-08-22 05:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {03896D04-23AB-4F74-A27D-B1B71EE41E2C} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\MDMMaintenenceTask => C:\Windows\system32\MDMAgent.exe [2016-07-16] (Microsoft Corporation)
Task: {04DA6EFD-403C-4227-BDF0-CDA4116D1C48} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {05857F16-DEC8-4F81-9995-FBF5DDE84926} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-12-10] (Microsoft Corporation)
Task: {0BA38480-425F-4C44-8BB4-F61566A8BA1F} - \WPD\SqmUpload_S-1-5-21-223588219-2138284121-77307795-1002 -> No File <==== ATTENTION
Task: {0E5600BF-76EB-4E8D-8702-76A0EB30CF33} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {10B382ED-4288-4F57-BDC6-2F2BE8F4E44D} - System32\Tasks\Microsoft\XblGameSave\XblGameSaveTask => C:\Windows\System32\XblGameSaveTask.exe [2016-07-16] (Microsoft Corporation)
Task: {11EF8237-224D-4CF9-9039-61D08754EA5D} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => C:\Windows\system32\compattelrunner.exe [2016-10-14] (Microsoft Corporation)
Task: {12F35D5A-573E-45E8-974D-E6FCD3E5F9B8} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {1646D405-68E3-4DF5-B807-159AA9242768} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {16DEA092-FB0C-40D0-AE20-0536BECC21D9} - System32\Tasks\Microsoft\Windows\EDP\EDP App Launch Task
Task: {184784E2-6ACB-4154-BD0F-A955BE13F177} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePolicyChange
Task: {1B65DD58-D16B-45E8-BEB4-94D7E4D64DF7} - System32\Tasks\Microsoft\Windows\EDP\EDP Auth Task
Task: {1CA37E8F-D53E-441C-B50D-A0A88CCF7761} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {20150925-6776-4145-9C57-CA7A6A3DBF4A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-09] (Microsoft Corporation)
Task: {29C66C6F-559C-4214-8E19-C60BE727F846} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2016-10-13] (Siber Systems)
Task: {2EE62CD7-0836-4AD3-AAEF-046CD2D5CCAB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-28] (Google Inc.)
Task: {31886F67-C1B9-442F-9C4B-3C12A90406C2} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-223588219-2138284121-77307795-1002 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe
Task: {36AF7D2E-0911-4109-AB21-4D5AB58E414A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {3FD1C5A9-8AE8-4F6C-98BD-8B6999716AF7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-28] (Google Inc.)
Task: {4287C823-61F0-4D4A-A80C-319A86315CFC} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2015-02-11] (CyberLink Corp.)
Task: {43DF67E8-D733-48FA-98F2-4E6D341E4A79} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattelrunner.exe [2016-10-14] (Microsoft Corporation)
Task: {449F729D-9452-4456-9F63-590BC4315B16} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-07-08] (Microsoft Corporation)
Task: {44F3566F-FA14-431B-BEDD-A68EEC4C946B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {463A71F6-403B-4726-A543-AA8C5E5B994D} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2016-09-02] (Synaptics Incorporated)
Task: {50A84C6C-CA56-4FE5-BE06-67CCF7B68879} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-12-10] (Microsoft Corporation)
Task: {51B7FB15-4DCB-400E-9A98-10E802F21FB3} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceScreenOnOff
Task: {52AC6F9F-F94F-4DE9-AB50-EC5ADA951A3D} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\betty\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {5654DFBB-E797-4758-B9A0-8BAE94A91F1D} - System32\Tasks\Microsoft\Windows\DUSM\dusmtask => C:\Windows\System32\dusmtask.exe [2016-07-16] (Microsoft Corporation)
Task: {5A9799A6-5778-4060-8F06-9C29F8071FF3} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {5F920B7C-53A5-4790-B516-C97B29085B2A} - System32\Tasks\{A5CFEB52-4F2C-42F7-AEB5-60B765FFCB04} => pcalua.exe -a E:\AutorunPro.EXE -d E:\
Task: {5FAAF530-ED1B-4F7B-AD7B-1694AA0B202B} - System32\Tasks\Microsoft\Windows\CertificateServicesClient\CryptoPolicyTask
Task: {6232090F-3BD0-4E1F-960B-78CBA797F685} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\HandleWnsCommand
Task: {626238E5-DF44-4CC4-91CB-FB5D1410B1D6} - System32\Tasks\OneDrive Standalone Update Task v2 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {66FFA64F-55F4-4B37-83F7-616642C470DC} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {6B1AE720-1359-4B9E-9C0F-60167361EF01} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefreshTask
Task: {6C14A00B-F2EE-4A5A-AA09-49D2FBED077D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {6D1C0035-5CAD-4340-A533-D63C9853BCC9} - System32\Tasks\Microsoft\Windows\Storage Tiers Management\Storage Tiers Management Initialization
Task: {6E8AE752-C5D2-4B34-B351-338B4370A342} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\HandleCommand
Task: {70331D46-364E-4004-8E19-20DF101F809F} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {769C3E6C-962C-405D-BEB6-458C1A7B89F0} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {7AC5E1E2-2FD3-40CD-8842-88CE53A3609C} - System32\Tasks\Microsoft\Windows\DiskFootprint\StorageSense
Task: {7BA6D234-5C21-4490-93F7-021B37541682} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-09] (Microsoft Corporation)
Task: {7E0BC64A-77D9-460A-9079-2DDED7623608} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/test-pass.h...MKMGMFMOMPMJNFICMGJLJKJBJLIGJLIGJKJMIBNKJHIKJ"
Task: {808E67F7-DA20-49BE-BD8F-B9D2EBE5A880} - System32\Tasks\HPCeeScheduleForbetty => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {871BC7E8-A199-4DC7-9B42-33774EEAA82A} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {8D791FAA-0257-4EBC-A6DD-74E842528806} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceSettingChange
Task: {93530F71-A1CD-4B5E-9203-F287862A50B6} - System32\Tasks\Microsoft\Windows\ErrorDetails\ErrorDetailsUpdate
Task: {97B535C9-F465-42B2-8EBC-6903EA0510A3} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceManagerTask => C:\Windows\system32\spaceman.exe [2016-09-15] (Microsoft Corporation)
Task: {9851188E-AC07-4F36-BA28-6D00BB2C9C46} - System32\Tasks\Microsoft\Windows\Device Information\Device => C:\Windows\system32\devicecensus.exe [2016-10-14] (Microsoft Corporation)
Task: {98CEC015-2D11-47A4-B439-A8B7B55645DB} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-07-08] (Microsoft Corporation)
Task: {9B4A664C-F225-4F50-AD74-616D3EA8D8F2} - System32\Tasks\Microsoft\XblGameSave\XblGameSaveTaskLogon => C:\Windows\System32\XblGameSaveTask.exe [2016-07-16] (Microsoft Corporation)
Task: {A0A8CED6-CD18-4070-8BC7-87511501CC00} - System32\Tasks\Microsoft\Windows\License Manager\TempSignedLicenseExchange
Task: {AFE3A458-E934-4696-A3BA-C9642CF20B85} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {B320E058-C6FA-413F-876B-0C9B4428AE66} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic6
Task: {B6EE76B2-4F82-4E15-9345-C867A29CBAD0} - System32\Tasks\Microsoft\Windows\Speech\SpeechModelDownloadTask => C:\Windows\system32\speech_onecore\common\SpeechModelDownload.exe [2016-10-01] (Microsoft Corporation)
Task: {BDDEF317-2692-422F-AEA2-FFD67DC7CEA3} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterUserDevice
Task: {BE49FBBF-6B74-41A6-898A-9F9AB2417670} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-06-07] (Hewlett-Packard Development Company, L.P.)
Task: {C125018F-0B81-4B64-B7DC-0E01220E5D0E} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceAccountChange
Task: {C319EAA0-0A1A-450E-90B4-4A981B1D4FB4} - System32\Tasks\Microsoft\Windows\ErrorDetails\EnableErrorDetailsUpdate
Task: {C6271A45-8199-40FA-A614-FCD8AAA1ADCE} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-07-08] (Microsoft Corporation)
Task: {C6B2579B-4962-4D12-883D-BBD420573A6C} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic1
Task: {C9F66A60-62D7-4B39-8C29-7E15B4931353} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {CC636E49-0109-402B-A40B-A37C29069A95} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\LocateCommandUserSession
Task: {D19A2726-897E-4F7D-9CE4-0773B449CE9E} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceConnectedToNetwork
Task: {D394BE25-2E16-45D4-AAB2-3E8861A09351} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitorToastTask
Task: {D3C4106A-D511-42C6-9716-465644534C87} - System32\Tasks\microsoft\windows\applicationdata\appuriverifierinstall => C:\Windows\system32\AppHostRegistrationVerifier.exe [2016-07-16] (Microsoft Corporation)
Task: {D6DB8BB8-5E2A-4129-92A0-1D1B2F73A507} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-07-08] (Microsoft Corporation)
Task: {D941F53F-7907-4FBE-B1E7-69EBD5B3A5D8} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceLocationRightsChange
Task: {DD459294-B7FE-4008-885A-C10DDCB512DC} - System32\Tasks\Laser App Enterprise Updates => C:\Windows\Installer\Laser App Enterprise Updates for All Users.lnk [2016-05-19] ()
Task: {DDA65DF6-7AF2-4B2D-8B55-7C2BB1B00483} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-12-10] (Microsoft Corporation)
Task: {DDAECFC0-67E3-4062-BF25-CD685F73B394} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\IntegrityCheck
Task: {DDE2BD27-80A5-44FF-B3B9-46B959C25D15} - System32\Tasks\Microsoft\Windows\Management\Provisioning\Logon => C:\Windows\system32\ProvTool.exe [2016-10-01] (Microsoft Corporation)
Task: {E5C83277-BB34-4D95-AAD9-EC18971BFFAA} - System32\Tasks\G2MUploadTask-S-1-5-21-223588219-2138284121-77307795-1002 => C:\Users\betty\AppData\Local\Citrix\GoToMeeting\5174\g2mupload.exe [2016-07-03] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {E7174266-9D34-43E9-BD52-A30CD4F189B2} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-13] (Adobe Systems Incorporated)
Task: {E7B04252-97CA-42C6-9920-F58B76B2C3E1} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic24
Task: {E9940121-595A-4142-B581-52E469484D86} - System32\Tasks\G2MUpdateTask-S-1-5-21-223588219-2138284121-77307795-1002 => C:\Users\betty\AppData\Local\Citrix\GoToMeeting\5174\g2mupdate.exe [2016-07-03] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {EA9BAA00-6604-4A27-8A73-AFA65F0EE1B3} - System32\Tasks\Microsoft\Windows\SharedPC\Account Cleanup => Rundll32.exe %windir%\System32\Windows.SharedPC.AccountManager.dll,StartMaintenance
Task: {ECEDC57D-8965-4EB1-BD6F-84791D928E23} - System32\Tasks\microsoft\windows\applicationdata\appuriverifierdaily => C:\Windows\system32\AppHostRegistrationVerifier.exe [2016-07-16] (Microsoft Corporation)
Task: {F293A269-9B73-4379-B42D-39BEC48E64B7} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {F8C493D4-FFC3-4916-BEB0-9E22EF901E4C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {FCA5A718-C48D-48B8-9774-33B605E86BD8} - System32\Tasks\SDD_PC Download => Iexplore.exe https://si2.schwabinstitutional.com/sdd/Schwab.SI.SI2Desktop.Container.application?SCHEDULE=YES
Task: {FDE3119D-56B2-466C-9D87-6C0F791D14C2} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2015-07-08] (Microsoft)
 
Addition 2:

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-223588219-2138284121-77307795-1002.job => C:\Users\betty\AppData\Local\Citrix\GoToMeeting\6039\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-223588219-2138284121-77307795-1002.job => C:\Users\betty\AppData\Local\Citrix\GoToMeeting\6039\g2mupload.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForbetty.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\Laser App Enterprise Updates.job => C:\Windows\Installer\Laser App Enterprise Updates for All Users.lnk
Task: C:\WINDOWS\Tasks\SDD_Daily.job => C:\PROGRA~1\INTERN~1\iexplore.exe`https:/si2.schwabinstitutional.com/sdd/
Task: C:\WINDOWS\Tasks\SDD_PC Download.job => C:\PROGRA~1\INTERN~1\iexplore.exe`https:/si2.schwabinstitutional.com/sdd/
==================== Loaded Modules (Whitelisted) ==============
2016-07-16 03:42 - 2016-07-16 03:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-14 17:25 - 2016-12-09 02:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-10-01 09:25 - 2016-08-01 04:54 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-09-01 17:12 - 2016-09-01 17:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-09-01 17:12 - 2016-09-01 17:12 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-12-14 17:25 - 2016-12-09 02:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-12-13 09:22 - 2016-12-13 09:22 - 01678560 _____ () C:\Users\betty\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\amd64\ClientTelemetry.dll
2016-07-03 17:49 - 2016-12-09 15:33 - 08919752 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-10-01 10:15 - 2016-10-01 10:15 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-12-14 17:26 - 2016-12-09 01:41 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-11-14 08:27 - 2016-11-02 02:21 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-14 08:26 - 2016-11-02 02:15 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-14 08:27 - 2016-11-02 02:14 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-11-14 08:27 - 2016-11-02 02:15 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-11-14 08:27 - 2016-11-02 02:16 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-14 08:27 - 2016-11-02 02:17 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-05-27 14:50 - 2016-11-01 22:05 - 00401896 _____ () C:\WINDOWS\system32\igfxTray.exe
2016-11-14 08:27 - 2016-11-02 02:13 - 00114176 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Dss.BackgroundTask.dll
2016-09-15 14:46 - 2016-09-15 14:46 - 01158032 _____ () C:\Program Files\Box\Box Sync\_hashlib.pyd
2016-09-15 14:46 - 2016-09-15 14:46 - 00053648 _____ () C:\Program Files\Box\Box Sync\_socket.pyd
2016-09-15 14:46 - 2016-09-15 14:46 - 01751952 _____ () C:\Program Files\Box\Box Sync\_ssl.pyd
2016-09-15 14:45 - 2016-09-15 14:45 - 00134544 _____ () C:\Program Files\Box\Box Sync\win32api.pyd
2015-02-19 14:10 - 2015-02-19 14:10 - 00137728 _____ () C:\Program Files\Box\Box Sync\pywintypes27.dll
2015-02-19 14:10 - 2015-02-19 14:10 - 00503808 _____ () C:\Program Files\Box\Box Sync\pythoncom27.dll
2016-09-15 14:46 - 2016-09-15 14:46 - 00118160 _____ () C:\Program Files\Box\Box Sync\_ctypes.pyd
2016-09-15 14:46 - 2016-09-15 14:46 - 00050576 _____ () C:\Program Files\Box\Box Sync\_psutil_windows.pyd
2016-09-15 14:45 - 2016-09-15 14:45 - 00695696 _____ () C:\Program Files\Box\Box Sync\unicodedata.pyd
2016-09-15 14:45 - 2016-09-15 14:45 - 00009616 _____ () C:\Program Files\Box\Box Sync\clr.pyd
2016-09-15 14:45 - 2016-09-15 14:45 - 00033168 _____ () C:\Program Files\Box\Box Sync\ujson.pyd
2016-09-15 14:45 - 2016-09-15 14:45 - 00016784 _____ () C:\Program Files\Box\Box Sync\select.pyd
2016-09-15 14:46 - 2016-09-15 14:46 - 00172944 _____ () C:\Program Files\Box\Box Sync\_elementtree.pyd
2016-09-15 14:45 - 2016-09-15 14:45 - 00170384 _____ () C:\Program Files\Box\Box Sync\pyexpat.pyd
2016-09-15 14:45 - 2016-09-15 14:45 - 00444816 _____ () C:\Program Files\Box\Box Sync\win32com.shell.shell.pyd
2016-09-15 14:45 - 2016-09-15 14:45 - 00029072 _____ () C:\Program Files\Box\Box Sync\win32event.pyd
2016-09-15 14:45 - 2016-09-15 14:45 - 00155536 _____ () C:\Program Files\Box\Box Sync\win32file.pyd
2016-09-15 14:46 - 2016-09-15 14:46 - 00065424 _____ () C:\Program Files\Box\Box Sync\_sqlite3.pyd
2016-09-15 14:45 - 2016-09-15 14:45 - 00142224 _____ () C:\Program Files\Box\Box Sync\win32security.pyd
2016-09-15 14:45 - 2016-09-15 14:45 - 00050064 _____ () C:\Program Files\Box\Box Sync\win32process.pyd
2016-09-15 14:45 - 2016-09-15 14:45 - 00036752 _____ () C:\Program Files\Box\Box Sync\win32cred.pyd
2016-09-15 14:45 - 2016-09-15 14:45 - 00036240 _____ () C:\Program Files\Box\Box Sync\Crypto.Cipher._AES.pyd
2016-09-15 14:45 - 2016-09-15 14:45 - 00014224 _____ () C:\Program Files\Box\Box Sync\Crypto.Util.strxor.pyd
2016-09-15 14:45 - 2016-09-15 14:45 - 00016784 _____ () C:\Program Files\Box\Box Sync\Crypto.Random.OSRNG.winrandom.pyd
2016-09-15 14:45 - 2016-09-15 14:45 - 00017296 _____ () C:\Program Files\Box\Box Sync\Crypto.Util._counter.pyd
2013-08-09 22:11 - 2013-08-09 22:11 - 00607744 _____ () C:\WINDOWS\system32\spool\DRIVERS\x64\3\JobCapsA.DLL
2016-07-03 17:49 - 2016-12-09 14:47 - 08919752 _____ () C:\Program Files (x86)\Microsoft Office\Root\Office16\1033\GrooveIntlResource.dll
2016-12-13 09:22 - 2016-12-13 09:22 - 01244376 _____ () C:\Users\betty\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\ClientTelemetry.dll
2014-06-24 22:18 - 2013-08-09 04:25 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Program Files\ba2f628bfbf08a1bd58912883563d2b4:Win32App_1
AlternateDataStreams: C:\Program Files\Bonjour:Win32App_1
AlternateDataStreams: C:\Program Files\IDT:Win32App_1
AlternateDataStreams: C:\Program Files\iTunes:Win32App_1
AlternateDataStreams: C:\Program Files\Microsoft Mouse and Keyboard Center:Win32App_1
AlternateDataStreams: C:\Program Files\Microsoft Silverlight:Win32App_1
AlternateDataStreams: C:\Program Files\Microsoft SQL Server:Win32App_1
AlternateDataStreams: C:\Program Files\RogueKiller:Win32App_1
AlternateDataStreams: C:\Program Files\SQLXML 4.0:Win32App_1
AlternateDataStreams: C:\Program Files\Validity Sensors:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Apple Software Update:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\BERNINA:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Bonjour:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\FreeMind:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Hewlett-Packard:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\HPConnectedMusic:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Laser App Enterprise:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Microsoft Office:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Microsoft SQL Server:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Mozilla Firefox:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Pinger:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Savings Bond Wizard:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Schwab Performance Technologies:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\SQLXML 4.0:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\WinSCP:Win32App_1
AlternateDataStreams: C:\WINDOWS\SysWOW64\Adobe:Win32App_1
AlternateDataStreams: C:\ProgramData\HP:Win32App_1
AlternateDataStreams: C:\ProgramData\Intuit:Win32App_1
AlternateDataStreams: C:\ProgramData\regid.1991-06.com.microsoft:Win32App_1
AlternateDataStreams: C:\Users\betty\OneDrive:ms-properties
AlternateDataStreams: C:\Users\betty\Downloads\Re Client.eml:OECustomProperty
AlternateDataStreams: C:\Users\betty\Downloads\WIN_20150929_113427.jpg:ms-properties
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52} => ""="Firmware"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SpbCx.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\uefi.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52} => ""="Firmware"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-223588219-2138284121-77307795-1001\...\advisorbriefcase.com -> hxxps://www.advisorbriefcase.com
IE trusted site: HKU\S-1-5-21-223588219-2138284121-77307795-1001\...\sharepoint.com -> hxxps://hedrickcodotcom.sharepoint.com

==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-223588219-2138284121-77307795-1001\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-223588219-2138284121-77307795-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\betty\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\StartupFolder: => "Intuit Data Protect.lnk"
HKLM\...\StartupApproved\StartupFolder: => "QuickBooks_Standard_21.lnk"
HKLM\...\StartupApproved\StartupFolder: => "QuickBooks Update Agent.lnk"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Intuit SyncManager"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-223588219-2138284121-77307795-1001\...\StartupApproved\Run: => "Adobe Acrobat Synchronizer"
HKU\S-1-5-21-223588219-2138284121-77307795-1001\...\StartupApproved\Run: => "LaserAppUpdate"
HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\StartupApproved\StartupFolder: => "OneDrive for Business.lnk"
HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\StartupApproved\Run: => "Power2GoExpress8"
HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\StartupApproved\Run: => "Adobe Acrobat Synchronizer"
HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\StartupApproved\Run: => "LaserAppUpdate"
HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\StartupApproved\Run: => "NETGEARGenie"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [WirelessDisplay-Infra-In-TCP] => (Allow) %systemroot%\system32\CastSrv.exe
FirewallRules: [{9B12FE77-02C5-46A3-9C8F-3C9B9F7CE515}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{D4A4AA59-C111-4F56-B5ED-13B36CF928C1}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{ACF3E387-B502-41A5-99FF-7177FE02E1AA}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{EC85DAE3-E32D-47D4-B3D6-98C4D3E4B713}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{6221AAF7-721A-419C-BB6A-B16956125A14}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{CF4DC541-160E-4E99-91E8-89D26AEC5842}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{5282447E-3236-4FC5-9F50-933B28C3187D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{5F7832E1-8124-4843-A440-12B61B8DE9C2}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{BBD25918-7FDA-48F4-A9AB-E1A9FB6BB7B1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B1CB5C1D-288E-47FB-84DD-A2FC747786C8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5FB37F94-1AB9-4710-AB32-CC93DBD1FF04}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A464823E-37E9-4E88-A7BD-13F77ACF05E0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A8229529-7EB0-42CA-B69E-151ACA79EC9F}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{81F83299-2998-42C7-B391-6C15DD7B7AE8}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{91F36541-D98A-4C8B-9C83-139FE92B6584}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{551A9F90-9743-4FC7-A2E7-DC209E6C80B3}] => (Allow) c:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{5C66F09C-B614-4474-B1A3-3A96012E575C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{1BDD8A01-38ED-40A0-8588-180D82C6CD00}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{CC23F4CA-C3C9-44FE-B51B-49B654D923C0}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{68715254-D5D0-4079-BECD-023BA0D888AA}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{A08B0C0C-5C38-4B68-875E-4B57C060149B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{3B311D07-DD3D-4B44-9F65-070DCA777746}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{5CA5085F-54BD-4296-9209-88D3C14CCDC7}] => (Allow) C:\Program Files (x86)\Schwab Performance Technologies\PortfolioCenter\PCServerManager.exe
FirewallRules: [{23B78644-F036-4A51-84A5-3554E9732779}] => (Allow) C:\Program Files (x86)\Schwab Performance Technologies\PortfolioCenter\PCServerManager.exe
FirewallRules: [{2BB3A8B2-D9E1-481E-93C4-CF5BBE29CDCE}] => (Allow) C:\Program Files (x86)\Schwab Performance Technologies\PortfolioCenter\PCExportWizard.exe
FirewallRules: [{F29E9B67-F210-40CB-BE74-28ADBDD38766}] => (Allow) C:\Program Files (x86)\Schwab Performance Technologies\PortfolioCenter\PCExportWizard.exe
FirewallRules: [{6D37C88C-CEC2-4F1D-A627-ADD479004029}] => (Allow) C:\Program Files (x86)\Schwab Performance Technologies\PortfolioCenter\PortfolioCenter.exe
FirewallRules: [{B4CFE49C-771A-46B0-8168-52462D2F48AF}] => (Allow) C:\Program Files (x86)\Schwab Performance Technologies\PortfolioCenter\PortfolioCenter.exe
FirewallRules: [{9B45EC6D-2C98-467F-8C10-D11AB8BBE462}] => (Allow) C:\Program Files (x86)\Microsoft SQL Server\100\Shared\SqlWtsn.exe
FirewallRules: [{3D4606F7-6EE5-49C1-8966-8C2E588014C8}] => (Allow) C:\Program Files (x86)\Microsoft SQL Server\100\Shared\SqlWtsn.exe
FirewallRules: [{C7818641-4995-47BA-B593-E9F29AF6C68D}] => (Allow) C:\Program Files (x86)\Microsoft SQL Server\100\Setup Bootstrap\SQLServer2008R2\x86\LandingPage.exe
FirewallRules: [{5D0E1531-FBD5-4B0F-B4D4-DF426BD4B11E}] => (Allow) C:\Program Files (x86)\Microsoft SQL Server\100\Setup Bootstrap\SQLServer2008R2\x86\LandingPage.exe
FirewallRules: [{4E028E3B-D38B-4AFB-8418-7D14DCEB2CF6}] => (Allow) C:\Program Files (x86)\Microsoft SQL Server\100\Setup Bootstrap\Release\x86\LandingPage.exe
FirewallRules: [{A5D99608-25AA-4151-AAA7-E168715F5A8C}] => (Allow) C:\Program Files (x86)\Microsoft SQL Server\100\Setup Bootstrap\Release\x86\LandingPage.exe
FirewallRules: [{51D6C454-6900-4A97-8F25-26E09F04F64D}] => (Allow) C:\Program Files (x86)\Microsoft SQL Server\100\Setup Bootstrap\Release\x86\LandingPage.exe
FirewallRules: [{C986018C-71FE-4886-B503-77F0608109AB}] => (Allow) C:\Program Files (x86)\Microsoft SQL Server\100\Setup Bootstrap\Release\x86\LandingPage.exe
FirewallRules: [{7C2F2CD7-5A09-48D9-87D4-17EFDAFA3E91}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2EFD157C-DF4E-4FFB-A133-63EC921CF676}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C19B5AA0-38AD-443D-BA9F-BE314EC41F75}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [TCP Query User{90897F2F-47DB-445B-A935-A0F6CC7AF767}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [UDP Query User{71655A4E-98DB-4C05-B9E3-CDB6571CBAA9}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [TCP Query User{02966D7E-E33A-44B9-B8DE-FBC3C897A2E9}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [UDP Query User{ED5DB793-956E-4302-AEAB-627DA905452F}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [TCP Query User{AE2B5981-B06D-4177-9EAA-D6626C1C7DDF}C:\program files (x86)\lewis software associates llc\quarterly express plus\quarterly express plus.exe] => (Allow) C:\program files (x86)\lewis software associates llc\quarterly express plus\quarterly express plus.exe
FirewallRules: [UDP Query User{C5594EED-EAB7-4274-8C5E-FC00D8A34DE8}C:\program files (x86)\lewis software associates llc\quarterly express plus\quarterly express plus.exe] => (Allow) C:\program files (x86)\lewis software associates llc\quarterly express plus\quarterly express plus.exe
FirewallRules: [{6B4806DC-C9D3-4D8D-AC70-EC1CB22CA3E4}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{441C4E5C-D05C-4D8F-B4ED-154D98975024}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [TCP Query User{5387E399-7E6F-4066-A019-3BD24C4035B6}C:\program files (x86)\8x8 virtual office\8x8 - virtual office\8x8 - virtual office.exe] => (Allow) C:\program files (x86)\8x8 virtual office\8x8 - virtual office\8x8 - virtual office.exe
FirewallRules: [UDP Query User{B37F94C6-DA9F-4500-8F3A-67816F841981}C:\program files (x86)\8x8 virtual office\8x8 - virtual office\8x8 - virtual office.exe] => (Allow) C:\program files (x86)\8x8 virtual office\8x8 - virtual office\8x8 - virtual office.exe
FirewallRules: [{E615CB42-1809-4C57-853F-CE7AA967B6E2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D0796EE4-C656-485C-A7F8-F9C8443D0A8F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8721A7BB-6150-4E02-9085-C7038D97C937}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8F13CD30-13C2-46C1-8C95-CAADD3B3541B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{66B6362B-2031-4600-90B7-F735668928A9}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{3B81CC12-09E4-4770-9180-B32E76BBAFFF}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{99C51ABB-EB76-4720-8401-B4CEB81EFE78}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{F5455B45-47EA-44BE-9A72-95B139AA9679}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{D19C0562-58DF-456A-9D41-2A16BFAFFD72}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{012E242B-BCF4-4AC4-9E2D-C9C7C108FB62}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe
FirewallRules: [{35C4ED33-0392-42E7-8FAC-A7EB08CC4548}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe
FirewallRules: [{EE01684B-508F-4B31-A57A-66C9F4439C85}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe
FirewallRules: [{2FC451CB-F8C0-49C3-BCD3-84C1399D4A28}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe
FirewallRules: [{C05AA4B3-27A0-4383-AA16-745A51632D71}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{938D7396-B109-432D-B0D5-575ED12A9D80}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{F022DA75-77D5-4AA7-957E-0FB4395E32E9}] => (Allow) C:\Users\betty\AppData\Local\Temp\7zS125F\HP.EasyStart.exe
FirewallRules: [{01132AEC-FB3E-4FE2-A502-BC73AC8FAB82}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8720\bin\FaxApplications.exe
FirewallRules: [{D8A56197-B17A-4943-ABD2-EBFDFEF4EB3B}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8720\bin\DigitalWizards.exe
FirewallRules: [{9EC00D50-BAB7-4BCC-9A04-8A6A30164E1D}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8720\bin\SendAFax.exe
FirewallRules: [{88F930E3-C0A2-476D-9C42-176B5CD33E19}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8720\bin\FaxPrinterUtility.exe
FirewallRules: [{FCA46394-63F7-45C8-8B5D-FA2143A08B89}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8720\Bin\DeviceSetup.exe
FirewallRules: [{0F4CDFF6-92B3-45F0-A91B-31AA1E611D10}] => (Allow) LPort=5357
FirewallRules: [{64829415-C344-49B1-A429-E49810C96715}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8720\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{BB9AB998-9309-4EFA-8532-4DCCC47B1DA7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================
Application errors:
==================
Error: (12/29/2016 03:44:34 PM) (Source: SharpShell) (EventID: 0) (User: )
Description: System.NullReferenceException: Object reference not set to an instance of an object.
at IconOverlayClient.BoxIconOverlay.CreateClient()
at IconOverlayClient.BoxIconOverlay.CanShowOverlay(String path, FILE_ATTRIBUTE attributes)
at SharpShell.SharpIconOverlayHandler.SharpIconOverlayHandler.SharpShell.Interop.IShellIconOverlayIdentifier.IsMemberOf(String pwszPath, FILE_ATTRIBUTE dwAttrib)
Error: (12/29/2016 03:44:34 PM) (Source: SharpShell) (EventID: 0) (User: )
Description: LockedIconOverlay: IsMemberOf: An exception occured when determining whether to show the overlay for 'C:\Users\betty\Box Sync\Hedco Operations\Forms and Templates\Estate Planning'.
Error: (12/29/2016 03:44:34 PM) (Source: SharpShell) (EventID: 0) (User: )
Description: System.NullReferenceException: Object reference not set to an instance of an object.
at IconOverlayClient.BoxIconOverlay.CanShowOverlay(String path, FILE_ATTRIBUTE attributes)
at SharpShell.SharpIconOverlayHandler.SharpIconOverlayHandler.SharpShell.Interop.IShellIconOverlayIdentifier.IsMemberOf(String pwszPath, FILE_ATTRIBUTE dwAttrib)
Error: (12/29/2016 03:44:34 PM) (Source: SharpShell) (EventID: 0) (User: )
Description: LockedByOtherIconOverlay: IsMemberOf: An exception occured when determining whether to show the overlay for 'C:\Users\betty\Box Sync\Clients\Carlyle Reuven and Wendy 071213C\Carlye Reuven and Wendy INTERNAL\Investments'.
Error: (12/29/2016 03:44:26 PM) (Source: SharpShell) (EventID: 0) (User: )
Description: System.NullReferenceException: Object reference not set to an instance of an object.
at IconOverlayClient.BoxIconOverlay.CreateClient()
at IconOverlayClient.BoxIconOverlay.CanShowOverlay(String path, FILE_ATTRIBUTE attributes)
at SharpShell.SharpIconOverlayHandler.SharpIconOverlayHandler.SharpShell.Interop.IShellIconOverlayIdentifier.IsMemberOf(String pwszPath, FILE_ATTRIBUTE dwAttrib)
Error: (12/29/2016 03:44:26 PM) (Source: SharpShell) (EventID: 0) (User: )
Description: LockedIconOverlay: IsMemberOf: An exception occured when determining whether to show the overlay for 'C:\Users\betty\Box Sync\Hedco Operations\Compliance\Due Diligence\Fixed Income'.
Error: (12/29/2016 03:38:18 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Explorer.EXE
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0000005, exception address 00007FF67E2C8732
Error: (12/29/2016 02:43:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MsoSync.exe, version: 16.0.6965.2115, time stamp: 0x584975a2
Faulting module name: KERNELBASE.dll, version: 10.0.14393.479, time stamp: 0x58256d37
Exception code: 0xc06d007e
Fault offset: 0x000da832
Faulting process id: 0xbbf8
Faulting application start time: 0xMsoSync.exe0
Faulting application path: MsoSync.exe1
Faulting module path: MsoSync.exe2
Report Id: MsoSync.exe3
Faulting package full name: MsoSync.exe4
Faulting package-relative application ID: MsoSync.exe5
Error: (12/29/2016 02:43:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GROOVE.EXE, version: 16.0.6965.2115, time stamp: 0x58497a15
Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x58256ca0
Exception code: 0xc0000005
Fault offset: 0x0003ff33
Faulting process id: 0x9e14
Faulting application start time: 0xGROOVE.EXE0
Faulting application path: GROOVE.EXE1
Faulting module path: GROOVE.EXE2
Report Id: GROOVE.EXE3
Faulting package full name: GROOVE.EXE4
Faulting package-relative application ID: GROOVE.EXE5
Error: (12/29/2016 01:50:18 PM) (Source: Outlook) (EventID: 35) (User: )
Description: Failed to determine if the store is in the crawl scope (error=0x8007041d).

System errors:
=============
Error: (12/29/2016 03:44:41 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}
Error: (12/29/2016 03:41:43 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}{F72671A9-012C-4725-9D2F-2A4D32D65169}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
Error: (12/29/2016 03:37:58 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056
Error: (12/29/2016 03:37:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ba2f628bfbf08a1bd58912883563d2b4 service terminated unexpectedly. It has done this 1 time(s).
Error: (12/29/2016 03:37:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
Error: (12/29/2016 03:37:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
Error: (12/29/2016 03:37:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Office ClickToRun Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
Error: (12/29/2016 03:37:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Universal Communication Server service terminated unexpectedly. It has done this 6 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Error: (12/29/2016 03:37:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
Error: (12/29/2016 03:37:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP Software Framework Service service terminated unexpectedly. It has done this 1 time(s).

CodeIntegrity:
===================================
Date: 2016-12-29 15:38:23.353
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-12-29 15:38:23.352
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-12-29 15:38:23.350
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-12-29 15:38:06.949
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-12-29 15:38:06.929
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-12-29 15:37:51.756
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-12-29 15:37:51.754
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-12-29 15:37:51.753
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-12-29 15:37:51.645
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-12-29 15:37:51.475
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-4710MQ CPU @ 2.50GHz
Percentage of memory in use: 18%
Total physical RAM: 16316.02 MB
Available physical RAM: 13230.45 MB
Total Virtual: 61372.02 MB
Available Virtual: 58175.74 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:903.43 GB) (Free:750.61 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:26.2 GB) (Free:2.6 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive e: (HP OJ8720) (CDROM) (Total:0.58 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 1E1F4777)
Partition: GPT.
==================== End of Addition.txt ============================
 
Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==================================

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
redtarget.gif
Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
redtarget.gif
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.


redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
Rogue Killer:

RogueKiller V12.9.0.0 (x64) [Dec 26 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 10 (10.0.14393) 64 bits version
Started in : Normal mode
User : betty [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 12/29/2016 19:17:17 (Duration : 00:55:46)
¤¤¤ Processes : 1 ¤¤¤
[VT.not-a-virus:AdWare.Win32.AdAgent.ako] Your_Updater.exe(8444) -- C:\Program Files (x86)\Your_Updater\Your_Updater.exe[-] -> Killed [TermProc]
¤¤¤ Registry : 5 ¤¤¤
[Root.Wajam|PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-223588219-2138284121-77307795-1001\Software\WajIEnhance -> Deleted
[Root.Wajam|PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-223588219-2138284121-77307795-1001\Software\WajIEnhance -> Deleted
[VT.not-a-virus:AdWare.Win32.AdAgent.ako] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Your_Updater : C:\Program Files (x86)\Your_Updater\Your_Updater.exe [-] -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {6221AAF7-721A-419C-BB6A-B16956125A14} : v2.22|Action=Allow|Active=TRUE|Dir=Out|App=%LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe|Name=HP Connected Music Spotify Helper| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {CF4DC541-160E-4E99-91E8-89D26AEC5842} : v2.22|Action=Allow|Active=TRUE|Dir=In|App=%LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe|Name=HP Connected Music Spotify Helper| [x] -> Not selected
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 1 ¤¤¤
[Root.Wajam][Folder] C:\Program Files\ba2f628bfbf08a1bd58912883563d2b4 -> Deleted
[Root.Wajam][File] C:\Program Files\ba2f628bfbf08a1bd58912883563d2b4\184ac407aa0c8a6d21f61f00a9c04651.ico -> Deleted
[Root.Wajam][File] C:\Program Files\ba2f628bfbf08a1bd58912883563d2b4\27ef331435f1f7f7deb65e8ebf43c4db\184ac407aa0c8a6d21f61f00a9c04651.ico -> Deleted
[Root.Wajam][File] C:\Program Files\ba2f628bfbf08a1bd58912883563d2b4\27ef331435f1f7f7deb65e8ebf43c4db\6dfc1148f2b05dc5ef598ba2e334e27d.ico -> Deleted
[Root.Wajam][File] C:\Program Files\ba2f628bfbf08a1bd58912883563d2b4\27ef331435f1f7f7deb65e8ebf43c4db\9b04de5071cab4348927d301586c157a.ico -> Deleted
[Root.Wajam][Folder] C:\Program Files\ba2f628bfbf08a1bd58912883563d2b4\27ef331435f1f7f7deb65e8ebf43c4db -> Deleted
[Root.Wajam][File] C:\Program Files\ba2f628bfbf08a1bd58912883563d2b4\4c12dd412eff437d79d523cdc9e9322b.exe -> Deleted
[Root.Wajam][File] C:\Program Files\ba2f628bfbf08a1bd58912883563d2b4\bd1ecd9008eb39f07da79772567b87f7 -> Deleted
[Root.Wajam][File] C:\Program Files\ba2f628bfbf08a1bd58912883563d2b4\f0f604b6558d8809ceba72db0334155f.exe -> Deleted
[Root.Wajam][File] C:\Program Files\ba2f628bfbf08a1bd58912883563d2b4\f178cc1ad1f84f145b3a81db5201489d.exe -> Deleted
¤¤¤ WMI : 0 ¤¤¤
¤¤¤ Hosts File : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
¤¤¤ Web browsers : 6 ¤¤¤
[PUP.Gen0][Chrome:Addon] Default : Honey [bmnlcjabgnpnenekpadlanbbkooimhnj] -> Not selected
[PUM.SearchEngine][Firefox:Config] db0wk1yf.default : user_pref("browser.search.selectedEngine", "Yahoo powered search"); -> Not selected
[PUM.SearchEngine][Firefox:Config] db0wk1yf.default : user_pref("browser.search.defaultenginename", "Yahoo powered search"); -> Not selected
[PUM.SearchPage][Chrome:Config] Default [SecurePrefs] : default_search_provider_data.template_url_data.keyword [bing.com] -> Not selected
[PUM.SearchPage][Chrome:Config] Default [SecurePrefs] : default_search_provider_data.template_url_data.url [https://www.bing.com/search?q={searchTerms}&PC=U316&FORM=CHROMN] -> Not selected
[PUM.SearchPage][Chrome:Config] Default [SecurePrefs] : default_search_provider_data.template_url_data.suggestions_url [https://www.bing.com/osjson.aspx?query={searchTerms}&language={language}&PC=U316] -> Not selected
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: HGST HTS541010A9E680 +++++
--- User ---
[MBR] fd9c45f893067b4140b808bdc8664c76
[BSP] f5d2fdebf049248a4e68d20ee572f3c3 : Empty MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 650 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 1333248 | Size: 260 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1865728 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 2127872 | Size: 925110 MB
4 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 1896755200 | Size: 884 MB
5 - [SYSTEM] Basic data partition | Offset (sectors): 1898565632 | Size: 26830 MB
User = LL1 ... OK
User = LL2 ... OK


Malware scan in process.
 
MWB:

Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 12/29/16
Scan Time: 10:20 PM
Logfile: MWB.txt
Administrator: Yes
-Software Information-
Version: 3.0.5.1299
Components Version: 1.0.43
Update Package Version: 1.0.890
License: Trial
-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: BETTYSLAPTOP\betty
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 452598
Time Elapsed: 5 min, 6 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
-Scan Details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 1
PUP.Optional.Social2Search.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ba2f628bfbf08a1bd58912883563d2b4, Delete-on-Reboot, [17837], [261569],1.0.890
Registry Value: 1
PUP.Optional.Social2Search.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ba2f628bfbf08a1bd58912883563d2b4|DISPLAYNAME, Delete-on-Reboot, [17837], [261569],1.0.890
Data Stream: 0
(No malicious items detected)
Folder: 0
(No malicious items detected)
File: 2
Trojan.Agent.Trace, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\.URL, Delete-on-Reboot, [2964], [247762],1.0.890
PUP.Optional.RelevantKnowledge, C:\USERS\BETTY\APPDATA\LOCAL\TEMP\CSM7F3C.TMP, Delete-on-Reboot, [1468], [294396],1.0.890
Physical Sector: 0
(No malicious items detected)

(end)
 
Adware:

# AdwCleaner v6.041 - Logfile created 29/12/2016 at 22:42:57
# Updated on 16/12/2016 by Malwarebytes
# Database : 2016-12-29.2 [Local]
# Operating System : Windows 10 Home (X64)
# Username : betty - BETTYSLAPTOP
# Running from : C:\Users\betty\Desktop\Virus\adwcleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

*************************
:: "Tracing" keys deleted
:: Winsock settings cleared
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [1666 Bytes] - [20/08/2016 12:06:29]
C:\AdwCleaner\AdwCleaner[C2].txt - [5041 Bytes] - [29/12/2016 15:37:54]
C:\AdwCleaner\AdwCleaner[C3].txt - [899 Bytes] - [29/12/2016 22:42:57]
C:\AdwCleaner\AdwCleaner[S0].txt - [3424 Bytes] - [20/08/2016 12:03:18]
C:\AdwCleaner\AdwCleaner[S1].txt - [4179 Bytes] - [29/12/2016 15:35:59]
C:\AdwCleaner\AdwCleaner[S2].txt - [1437 Bytes] - [29/12/2016 22:42:42]
########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [1190 Bytes] ##########

the adware cleaner I ran before I started the protocol was full of the things that have been deleted.

jrt next
 
JTR:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 10 Home x64
Ran by betty (Administrator) on Thu 12/29/2016 at 22:51:32.92
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


File System: 3
Successfully deleted: C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj (Folder)
Successfully deleted: C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bmnlcjabgnpnenekpadlanbbkooimhnj (Folder)
Successfully deleted: C:\Users\betty\AppData\Roaming\Mozilla\Firefox\Profiles\db0wk1yf.default\searchplugins\Yahoo powered search.xml (File)

Registry: 0


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 12/29/2016 at 22:55:28.92
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double click to run it.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 
Frst 1:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-10-2015
Ran by betty (administrator) on BETTYSLAPTOP (30-12-2016 22:04:10)
Running from C:\Users\betty\Desktop\Virus
Loaded Profiles: UpdatusUser & betty (Available Profiles: UpdatusUser & betty)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.PORTFOLIOCENTER\MSSQL\Binn\sqlservr.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Validity Sensors, Inc.) C:\Windows\System32\valWBFPolicyService.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
Failed to access process -> Memory Compression
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Box, Inc.) C:\Users\betty\AppData\Local\Box\Box Edit\Box Edit.exe
(Box, Inc.) C:\Users\betty\AppData\Local\Box\Box Local Com Server\Box Local Com Service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\Common\SpeechRuntime.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVE.EXE
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(BERNINA International AG) C:\Program Files (x86)\BERNINA\UCS\UniversalCommunicationServer.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 2015\Acrobat\acrotray.exe

==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [401896 2016-11-01] ()
HKLM\...\Run: [BoxSync] => C:\Program Files\Box\Box Sync\BoxSync.exe [6450920 2016-09-15] (Box, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-01-07] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1804616 2015-09-06] (NVIDIA Corporation)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-10-01] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-09-09] (Apple Inc.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-08-16] (IDT, Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-04-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [654088 2015-02-17] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3776824 2015-03-17] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 2015\Acrobat\Acrotray.exe [1866936 2016-10-01] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
HKU\S-1-5-21-223588219-2138284121-77307795-1001\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1720584 2015-02-08] (CyberLink Corp.)
HKU\S-1-5-21-223588219-2138284121-77307795-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat 2015\Acrobat\AdobeCollabSync.exe [882872 2016-10-01] (Adobe Systems Incorporated)
HKU\S-1-5-21-223588219-2138284121-77307795-1001\...\Run: [LaserAppUpdate] => C:\Program Files (x86)\Laser App Enterprise\uformagent.exe [1345696 2015-03-17] (Laser App Software Inc.)
HKU\S-1-5-21-223588219-2138284121-77307795-1001\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [602880 2015-06-01] (NETGEAR Inc.)
HKU\S-1-5-21-223588219-2138284121-77307795-1001\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110376 2016-10-13] (Siber Systems)
HKU\S-1-5-21-223588219-2138284121-77307795-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHVA.EXE [239488 2011-04-24] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-223588219-2138284121-77307795-1001\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1720584 2015-02-08] (CyberLink Corp.)
HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat 2015\Acrobat\AdobeCollabSync.exe [882872 2016-10-01] (Adobe Systems Incorporated)
HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\Run: [LaserAppUpdate] => C:\Program Files (x86)\Laser App Enterprise\uformagent.exe [1345696 2015-03-17] (Laser App Software Inc.)
HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [602880 2015-06-01] (NETGEAR Inc.)
HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\Run: [Zoom] => [X]
HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\Run: [Box Edit] => C:\Users\betty\AppData\Local\Box\Box Edit\Box Edit.exe [919280 2016-08-15] (Box, Inc.)
HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\Run: [Box Local Com Server] => C:\Users\betty\AppData\Local\Box\Box Local Com Server\Box Local Com Service.exe [121072 2016-08-15] (Box, Inc.)
HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110376 2016-10-13] (Siber Systems)
HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\Run: [HP OfficeJet Pro 8720 (NET)] => C:\Program Files\HP\HP OfficeJet Pro 8720\Bin\ScanToPCActivationApp.exe [3736584 2015-08-31] (HP Inc.)
HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\Run: [84170B6E5D572F906ED7D9B0BCB9879B5F0A771D._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [935768 2016-12-07] (Google Inc.)
HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\MountPoints2: {5553e59e-fc3d-11e3-825b-806e6f6e6963} - "E:\Setup.exe"
ShellIconOverlayIdentifiers: [ BoxSyncFileLocked] -> {2a607da5-abe8-358e-a881-c0f5faf2d3a5} => C:\WINDOWS\system32\mscoree.dll [2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ BoxSyncFileLockedByOther] -> {f7d2951f-0b6b-346c-99ec-69cffc30a364} => C:\WINDOWS\system32\mscoree.dll [2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ BoxSyncNotSynced] -> {5ea95e3d-3e46-3812-b03c-49785fa67d41} => C:\WINDOWS\system32\mscoree.dll [2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ BoxSyncProblem] -> {a88b7184-bfa1-3d14-8efb-2225df9699bc} => C:\WINDOWS\system32\mscoree.dll [2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ BoxSyncSynced] -> {c89f9943-8f58-3eca-bd55-a658f53b2f48} => C:\WINDOWS\system32\mscoree.dll [2016-07-16] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2015-07-02]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2015-07-02]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2015-07-02]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2015\QBW32.EXE (Intuit Inc.)
Startup: C:\Users\betty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneDrive for Business.lnk [2015-08-26]
ShortcutTarget: OneDrive for Business.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVE.EXE (Microsoft Corporation)
Startup: C:\Users\betty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-07-14]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{145518f7-fc80-414c-8b8a-ae2922a335e9}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{e9b4875d-8166-464d-b3c1-e2c842fb95ec}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT14/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKU\S-1-5-21-223588219-2138284121-77307795-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
HKU\S-1-5-21-223588219-2138284121-77307795-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKU\S-1-5-21-223588219-2138284121-77307795-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.nytimes.com/?WT.z_jog=1
hxxp://www.msn.com/
HKU\S-1-5-21-223588219-2138284121-77307795-1002\Software\Microsoft\Internet Explorer\Main,Start Page =
HKU\S-1-5-21-223588219-2138284121-77307795-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKU\S-1-5-21-223588219-2138284121-77307795-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.nytimes.com/?WT.z_jog=1
hxxp://www.msn.com/
SearchScopes: HKLM -> {6A1DE76A-BA2E-4191-AB59-4E8D3C3BAB2E} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-223588219-2138284121-77307795-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=U270DF&PC=U270&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-223588219-2138284121-77307795-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=U270DF&PC=U270&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-223588219-2138284121-77307795-1001 -> {6A1DE76A-BA2E-4191-AB59-4E8D3C3BAB2E} URL =
SearchScopes: HKU\S-1-5-21-223588219-2138284121-77307795-1001 -> {AD551F51-A315-4FF4-BF1F-7FDEA2FA7672} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-223588219-2138284121-77307795-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=U270DF&PC=U270&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-223588219-2138284121-77307795-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=U270DF&PC=U270&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-223588219-2138284121-77307795-1002 -> {AD551F51-A315-4FF4-BF1F-7FDEA2FA7672} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-12-09] (Microsoft Corporation)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2016-10-13] (Siber Systems Inc.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\x64\AcroIEFavStub.dll [2015-10-24] (Adobe Systems Incorporated)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-09] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\x64\AcroIEFavStub.dll [2015-10-24] (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-12-09] (Microsoft Corporation)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2016-10-13] (Siber Systems Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-19] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\AcroIEFavStub.dll [2015-10-24] (Adobe Systems Incorporated)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-12-09] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-19] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\AcroIEFavStub.dll [2015-10-24] (Adobe Systems Incorporated)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2016-10-13] (Siber Systems Inc.)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\x64\AcroIEFavStub.dll [2015-10-24] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2016-10-13] (Siber Systems Inc.)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\AcroIEFavStub.dll [2015-10-24] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-223588219-2138284121-77307795-1001 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2016-10-13] (Siber Systems Inc.)
Toolbar: HKU\S-1-5-21-223588219-2138284121-77307795-1001 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\x64\AcroIEFavStub.dll [2015-10-24] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-223588219-2138284121-77307795-1002 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2016-10-13] (Siber Systems Inc.)
Toolbar: HKU\S-1-5-21-223588219-2138284121-77307795-1002 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\x64\AcroIEFavStub.dll [2015-10-24] (Adobe Systems Incorporated)
Handler-x32: intu-help-qb8 - {CD17C364-2EC8-4929-91A9-C4839A20E909} - C:\Program Files (x86)\Intuit\QuickBooks 2015\HelpAsyncPluggableProtocol.dll [2016-06-23] (Intuit, Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-09] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-09] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-09] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-09] (Microsoft Corporation)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\SysWOW64\mscoree.dll [2016-07-16] (Microsoft Corporation)
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll [2016-07-16] (Microsoft Corporation)
Handler-x32: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll [2016-07-16] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\betty\AppData\Roaming\Mozilla\Firefox\Profiles\db0wk1yf.default
FF SelectedSearchEngine: Yahoo powered search
FF SearchEngineOrder.1: Yahoo powered search
FF DefaultSearchEngine: Yahoo powered search
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-13] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-13] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll [2013-06-26] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-09] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-09] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-19] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-12-09] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-09] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 2015\Acrobat\Air\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems)
FF Plugin HKU\S-1-5-21-223588219-2138284121-77307795-1002: @citrixonline.com/appdetectorplugin -> C:\Users\betty\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-08-27] (Citrix Online)
FF Plugin HKU\S-1-5-21-223588219-2138284121-77307795-1002: @ringcentral.com/RingCentralMeetingsPlugin -> C:\Users\betty\AppData\Roaming\RingCentralMeetings\bin\nprcmsplugin.dll [2016-06-23] (Zoom Video Communications, Inc. and RingCentral Inc.)
FF Plugin HKU\S-1-5-21-223588219-2138284121-77307795-1002: @zoom.us/ZoomVideoPlugin -> C:\Users\betty\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2016-06-20] (Zoom Video Communications, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\betty\AppData\Roaming\mozilla\plugins\npatgpc.dll [2016-02-18] (Cisco WebEx LLC)
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 2015\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat DC - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 2015\Acrobat\Browser\WCFirefoxExtn [2015-07-13]
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi
FF Extension: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi [2015-09-10]
FF HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi
Chrome:
=======
CHR StartupUrls: Default -> "chrome://newtab/","hxxps://si2.schwabinstitutional.com/SI2/SecAdmin/Logon.aspx?to=%2fSI2%2fHome%2fdefault.aspx%3f1gABAAABANYAGgAAAAAaAAU%253d%26subtab%3dServiceRequests","hxxp://www.nytimes.com/","hxxps://www.bloomberg.com/","hxxp://www.wsj.com/","hxxps://www.washingtonpost.com/","hxxp://www.economist.com/"
CHR DefaultSearchURL: Default -> hxxps://www.bing.com/search?q={searchTerms}&PC=U316&FORM=CHROMN
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultNewTabURL: Default -> hxxps://www.bing.com/chrome/newtab
CHR DefaultSuggestURL: Default -> hxxps://www.bing.com/osjson.aspx?query={searchTerms}&language={language}&PC=U316
CHR Profile: C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-28]
CHR Extension: (Google Docs) - C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-28]
CHR Extension: (Google Drive) - C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-28]
CHR Extension: (YouTube) - C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-28]
CHR Extension: (Honey) - C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2016-12-30]
CHR Extension: (Google Search) - C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-28]
CHR Extension: (Adobe Acrobat) - C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2015-07-28]
CHR Extension: (Google Sheets) - C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-28]
CHR Extension: (Wealthbox CRM for Chrome) - C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfolmcgcpjajpdafphkikldogpjkfnbc [2016-06-14]
CHR Extension: (Cisco WebEx Extension) - C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2016-06-21]
CHR Extension: (Cube Time & Expense Tracking) - C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\lenheondoadkgoodcgmcijcoiahhemch [2015-07-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-28]
CHR Extension: (StartMeeting.com Extension) - C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnedppabchbjaplcbjpbkcjhpmfdhpin [2016-01-11]
CHR Extension: (Email Access) - C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\piffljpodgadkdfopgnoailbecjbaink [2016-08-22]
CHR Extension: (Gmail) - C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-28]
CHR Extension: (Chrome Media Router) - C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-07]
CHR Extension: (RoboForm Password Manager) - C:\Users\betty\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2015-07-29]
CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2015-06-20]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2015-06-20]
 
Frst 2:

==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2218712 2016-12-13] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-08-05] (Apple Inc.)
S3 BoxSyncUpdateService; C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [36240 2016-02-26] (Box, Inc.)
S2 CDPUserSvc; C:\Windows\System32\CDPUserSvc.dll [339456 2016-11-11] (Microsoft Corporation)
R2 CDPUserSvc_1a6971; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
R2 CDPUserSvc_1a6971; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2946304 2016-12-09] (Microsoft Corporation)
S3 FrameServer; C:\Windows\system32\FrameServer.dll [805888 2016-11-02] (Microsoft Corporation)
S3 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [608520 2015-02-17] (Hewlett-Packard Development Company, L.P.)
S3 HvHost; C:\Windows\System32\hvhostsvc.dll [67584 2016-07-16] (Microsoft Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [373744 2016-11-01] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-09] (Intel Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-08-29] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-09] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
S3 MessagingService; C:\Windows\System32\MessagingService.dll [52224 2016-07-16] (Microsoft Corporation)
S3 MessagingService_1a6971; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
S3 MessagingService_1a6971; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
R2 MSSQL$PORTFOLIOCENTER; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.PORTFOLIOCENTER\MSSQL\Binn\sqlservr.exe [43130032 2015-03-29] (Microsoft Corporation)
S3 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2015-06-01] (NETGEAR)
R2 OneSyncSvc_1a6971; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
R2 OneSyncSvc_1a6971; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
R3 PimIndexMaintenanceSvc_1a6971; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
R3 PimIndexMaintenanceSvc_1a6971; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2016-06-23] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2015-03-17] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2015-03-17] (Intuit Inc.) [File not signed]
R3 RmSvc; C:\Windows\System32\RMapi.dll [140800 2016-09-15] (Microsoft Corporation)
S4 shpamsvc; C:\Windows\system32\Windows.SharedPC.AccountManager.dll [161792 2016-07-16] (Microsoft Corporation)
S4 SQLAgent$PORTFOLIOCENTER; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.PORTFOLIOCENTER\MSSQL\Binn\SQLAGENT.EXE [381104 2015-03-29] (Microsoft Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-08-16] (IDT, Inc.) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [260704 2016-09-02] (Synaptics Incorporated)
S3 TieringEngineService; C:\Windows\system32\TieringEngineService.exe [287744 2016-07-16] (Microsoft Corporation)
R3 TimeBrokerSvc; C:\Windows\System32\TimeBrokerServer.dll [177664 2016-07-16] (Microsoft Corporation)
S4 tzautoupdate; C:\Windows\system32\tzautoupdate.dll [95232 2016-10-01] (Microsoft Corporation)
R3 UnistoreSvc_1a6971; C:\WINDOWS\System32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
R3 UnistoreSvc_1a6971; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
R2 UniversalCommunicationServer; C:\Program Files (x86)\BERNINA\UCS\UniversalCommunicationServer.exe [90496 2013-05-02] (BERNINA International AG)
R3 UserDataSvc_1a6971; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
R3 UserDataSvc_1a6971; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [32768 2013-08-01] (Validity Sensors, Inc.) [File not signed]
S3 vmicrdv; C:\Windows\System32\icsvcext.dll [349696 2016-09-15] (Microsoft Corporation)
S3 vmicvss; C:\Windows\System32\icsvcext.dll [349696 2016-09-15] (Microsoft Corporation)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [83456 2016-10-01] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S3 wisvc; C:\Windows\system32\flightsettings.dll [635904 2016-11-02] (Microsoft Corporation)
S3 WpnUserService; C:\Windows\System32\WpnUserService.dll [74240 2016-07-16] (Microsoft Corporation)
S3 WpnUserService_1a6971; C:\WINDOWS\system32\svchost.exe [44496 2016-07-16] (Microsoft Corporation)
S3 WpnUserService_1a6971; C:\WINDOWS\SysWOW64\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AcpiDev; C:\Windows\System32\drivers\AcpiDev.sys [18432 2016-07-16] (Microsoft Corporation)
S3 applockerfltr; C:\Windows\System32\drivers\applockerfltr.sys [15360 2016-07-16] (Microsoft Corporation)
S0 b06bdrv; C:\Windows\System32\drivers\bxvbda.sys [533856 2016-07-16] (QLogic Corporation)
S3 bcmfn; C:\Windows\System32\drivers\bcmfn.sys [9728 2016-07-16] (Windows (R) Win 7 DDK provider)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [249856 2016-09-15] (Microsoft Corporation)
S3 cht4iscsi; C:\Windows\System32\drivers\cht4sx64.sys [346976 2016-07-16] (Chelsio Communications)
S3 cht4vbd; C:\Windows\System32\drivers\cht4vx64.sys [2104160 2016-07-16] (Chelsio Communications)
R2 clreg; C:\Windows\System32\drivers\registry.sys [70144 2016-07-16] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77416 2016-12-14] ()
S3 hvservice; C:\Windows\System32\drivers\hvservice.sys [73568 2016-10-01] (Microsoft Corporation)
S3 iagpio; C:\Windows\System32\drivers\iagpio.sys [33280 2016-07-16] (Intel(R) Corporation)
S3 iai2c; C:\Windows\System32\drivers\iai2c.sys [81408 2016-07-16] (Intel(R) Corporation)
S3 iaLPSS2i_GPIO2; C:\Windows\System32\drivers\iaLPSS2i_GPIO2.sys [64512 2016-07-16] (Intel Corporation)
S3 iaLPSS2i_I2C; C:\Windows\System32\drivers\iaLPSS2i_I2C.sys [176384 2016-07-16] (Intel Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [349960 2016-07-12] (Intel Corporation)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-08] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-08] ()
S3 IndirectKmd; C:\Windows\System32\drivers\IndirectKmd.sys [35840 2016-07-16] (Microsoft Corporation)
R0 iorate; C:\Windows\System32\drivers\iorate.sys [48992 2016-11-02] (Microsoft Corporation)
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-07] ()
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [176064 2016-12-29] (Malwarebytes)
S3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2016-12-29] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [250816 2016-12-29] (Malwarebytes)
S0 megasas2i; C:\Windows\System32\drivers\MegaSas2i.sys [64352 2016-10-05] (Avago Technologies)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-09] (Intel Corporation)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NETwNb64; C:\Windows\System32\drivers\Netwbw02.sys [3506464 2015-09-16] (Intel Corporation)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2015-08-18] (CACE Technologies, Inc.)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nvhmwu.inf_amd64_dbb067faa566eee8\nvlddmkm.sys [13754936 2016-09-12] (NVIDIA Corporation)
S0 percsas2i; C:\Windows\System32\drivers\percsas2i.sys [58720 2016-07-16] (Avago Technologies)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [751632 2015-05-14] (Realsil Semiconductor Corporation)
S0 scmbus; C:\Windows\System32\drivers\scmbus.sys [88416 2016-07-16] (Microsoft Corporation)
S3 scmdisk0101; C:\Windows\System32\drivers\scmdisk0101.sys [123904 2016-07-16] (Microsoft Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-08-01] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [71264 2016-09-02] (Synaptics Incorporated)
S3 UcmTcpciCx0101; C:\Windows\System32\Drivers\UcmTcpciCx.sys [108544 2016-07-16] (Microsoft Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [45568 2016-07-16] (Microsoft Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Apple, Inc.) [File not signed]
S3 vmgid; C:\Windows\System32\drivers\vmgid.sys [10240 2016-07-16] (Microsoft Corporation)
R0 volume; C:\Windows\System32\drivers\volume.sys [16224 2016-07-16] (Microsoft Corporation)
R2 wcifs; C:\Windows\system32\drivers\wcifs.sys [119648 2016-09-15] (Microsoft Corporation)
R2 wcnfs; C:\Windows\system32\drivers\wcnfs.sys [66560 2016-07-16] (Microsoft Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\Windows\system32\DRIVERS\WirelessButtonDriver64.sys [31840 2016-03-24] (HP)
R3 WirelessKeyboardFilter; C:\Windows\System32\drivers\WirelessKeyboardFilter.sys [49896 2016-07-22] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
NETSVC: shpamsvc -> C:\Windows\system32\Windows.SharedPC.AccountManager.dll (Microsoft Corporation)
NETSVC: WpnService -> C:\Windows\system32\WpnService.dll (Microsoft Corporation)
NETSVC: wisvc -> C:\Windows\system32\flightsettings.dll (Microsoft Corporation)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-12-29 22:37 - 2016-12-29 22:37 - 00000000 ___HD C:\OneDriveTemp
2016-12-29 22:29 - 2016-12-29 22:29 - 54199488 _____ (Malwarebytes ) C:\Users\betty\Downloads\mb3-setup-consumer-3.0.5.1299.exe
2016-12-29 22:16 - 2016-12-29 22:44 - 00250816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-12-29 22:16 - 2016-12-29 22:44 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-12-29 22:16 - 2016-12-29 22:17 - 01663040 _____ (Malwarebytes) C:\Users\betty\Downloads\JRT (2).exe
2016-12-29 22:16 - 2016-12-29 22:17 - 01663040 _____ (Malwarebytes) C:\Users\betty\Downloads\JRT (1).exe
2016-12-29 22:16 - 2016-12-29 22:17 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2016-12-29 22:16 - 2016-12-29 22:16 - 00176064 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2016-12-29 22:16 - 2016-12-29 22:16 - 00102856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2016-12-29 22:16 - 2016-12-29 22:16 - 00001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2016-12-29 22:16 - 2016-12-29 22:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2016-12-29 22:15 - 2016-12-29 22:15 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-12-29 22:15 - 2016-12-29 22:15 - 00000000 ____D C:\Program Files\Malwarebytes
2016-12-29 22:15 - 2016-12-14 12:55 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2016-12-29 19:13 - 2016-12-29 19:14 - 01663040 _____ (Malwarebytes) C:\Users\betty\Desktop\JRT.exe
2016-12-29 19:11 - 2016-12-29 19:11 - 34575032 _____ (Adlice Software ) C:\Users\betty\Downloads\setup (2).exe
2016-12-29 16:10 - 2016-12-29 16:10 - 00002259 _____ C:\WINDOWS\epplauncher.mif
2016-12-29 15:32 - 2016-12-29 15:32 - 00000363 _____ C:\Users\betty\Desktop\Control Panel - Shortcut.lnk
2016-12-28 17:53 - 2016-12-28 17:53 - 00000017 _____ C:\Users\betty\AppData\Local\resmon.resmoncfg
2016-12-26 21:27 - 2016-12-26 21:27 - 00001127 _____ C:\Users\Public\Desktop\Your_Updater.lnk
2016-12-26 21:27 - 2016-12-26 21:27 - 00000000 ____D C:\Users\betty\AppData\Roaming\YourUpdater
2016-12-26 21:27 - 2016-12-26 21:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Your_Updater
2016-12-26 21:27 - 2016-12-26 21:27 - 00000000 ____D C:\Program Files (x86)\Your_Updater
2016-12-26 21:26 - 2016-12-28 13:44 - 00000000 ____D C:\WINDOWS\system32\SSL
2016-12-26 21:25 - 2016-12-26 21:27 - 00000000 ____D C:\Program Files (x86)\UpdateFiles
2016-12-26 21:25 - 2016-12-26 21:25 - 00138848 _____ () C:\Users\betty\Downloads\SoftwareUpdater (1).exe
2016-12-26 21:24 - 2016-12-26 21:25 - 00000000 ____D C:\Program Files (x86)\ONetSetup
2016-12-26 21:24 - 2016-12-26 21:24 - 00138848 _____ () C:\Users\betty\Downloads\SoftwareUpdater.exe
2016-12-26 16:04 - 2016-12-26 16:05 - 00517548 _____ C:\WINDOWS\Minidump\122616-30375-01.dmp
2016-12-26 16:04 - 2016-12-26 16:04 - 00000000 ____D C:\WINDOWS\Minidump
2016-12-21 10:54 - 2016-12-21 10:55 - 24210704 _____ (LogMeIn, Inc.) C:\Users\betty\Downloads\join.me.exe
2016-12-21 10:54 - 2016-12-21 10:55 - 16090896 _____ (LogMeIn, Inc.) C:\Users\betty\Downloads\join.me (1).exe
2016-12-21 10:50 - 2016-12-21 10:50 - 00000212 _____ C:\Users\betty\BullseyeCoverageError.txt
2016-12-21 10:50 - 2016-12-21 10:50 - 00000000 ____D C:\Users\betty\AppData\Local\join.me
2016-12-20 12:01 - 2016-12-20 12:01 - 00006045 _____ C:\Users\betty\Downloads\equity_screener_data.csv
2016-12-20 11:57 - 2016-12-20 11:57 - 00028585 _____ C:\Users\betty\Documents\Position Export.xlsx
2016-12-20 10:26 - 2016-12-21 10:58 - 00357584 _____ C:\Users\betty\Downloads\Two_Page_Portfolio_Overview_w_Market_Exposure_6fBvbrx (1).xlsx
2016-12-20 10:10 - 2016-12-20 10:10 - 00411555 _____ C:\Users\betty\Downloads\Two_Page_Portfolio_Overview_w_Market_Exposure_6fBvbrx.xlsx
2016-12-20 08:08 - 2016-12-20 08:08 - 00004126 _____ C:\Users\betty\Downloads\404.htm
2016-12-16 09:43 - 2016-12-16 09:43 - 00044856 _____ C:\Users\betty\Downloads\2016 May Hardware and Software.xlsx
2016-12-16 07:24 - 2016-12-16 07:24 - 01718968 _____ C:\WINDOWS\f0f604b6558d8809ceba72db0334155f.exe
2016-12-15 22:01 - 2016-12-15 22:01 - 00001782 _____ C:\Users\betty\Downloads\SecretGarden9780062062956.acsm
2016-12-15 09:56 - 2016-12-20 11:49 - 00141001 _____ C:\Users\betty\Downloads\One_Page_Equity_Tear_Sheet_AGjMwuY.xlsx
2016-12-15 09:54 - 2016-12-15 09:55 - 00000000 ____D C:\Users\betty\AppData\Roaming\YCharts
2016-12-15 09:54 - 2016-12-15 09:54 - 00000000 ____D C:\Program Files (x86)\YChartsExcel
2016-12-15 09:53 - 2016-12-15 09:54 - 01138688 _____ C:\Users\betty\Downloads\ycharts_excel_v312_x86_Release.msi
2016-12-14 17:31 - 2016-12-09 02:11 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-12-14 17:31 - 2016-12-09 02:01 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-12-14 17:31 - 2016-12-09 02:01 - 01503544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-12-14 17:31 - 2016-12-09 02:01 - 00861024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-12-14 17:31 - 2016-12-09 02:00 - 00106896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2016-12-14 17:31 - 2016-12-09 01:59 - 02166752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-12-14 17:31 - 2016-12-09 01:59 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-12-14 17:31 - 2016-12-09 01:57 - 06668040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-12-14 17:31 - 2016-12-09 01:57 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-12-14 17:31 - 2016-12-09 01:56 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-12-14 17:31 - 2016-12-09 01:52 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-12-14 17:31 - 2016-12-09 01:52 - 01415752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2016-12-14 17:31 - 2016-12-09 01:51 - 00117240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2016-12-14 17:31 - 2016-12-09 01:41 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll
2016-12-14 17:31 - 2016-12-09 01:40 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2016-12-14 17:31 - 2016-12-09 01:36 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2016-12-14 17:31 - 2016-12-09 01:34 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-12-14 17:31 - 2016-12-09 01:34 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2016-12-14 17:31 - 2016-12-09 01:32 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2016-12-14 17:31 - 2016-12-09 01:31 - 03689984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-12-14 17:31 - 2016-12-09 01:31 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-12-14 17:31 - 2016-12-09 01:31 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-12-14 17:31 - 2016-12-09 01:30 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-12-14 17:31 - 2016-12-09 01:30 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-12-14 17:31 - 2016-12-09 01:28 - 03306496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-12-14 17:31 - 2016-12-09 01:27 - 19417088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-12-14 17:31 - 2016-12-09 01:23 - 12177920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-12-14 17:31 - 2016-12-09 01:20 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-12-14 17:31 - 2016-12-09 01:20 - 03198464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2016-12-14 17:31 - 2016-12-09 01:18 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-12-14 17:31 - 2016-12-09 01:18 - 02138112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-12-14 17:31 - 2016-12-09 01:18 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-12-14 17:31 - 2016-12-09 01:17 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2016-12-14 17:31 - 2016-12-09 01:17 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2016-12-14 17:31 - 2016-12-09 01:16 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-12-14 17:31 - 2016-12-09 01:16 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-12-14 17:31 - 2016-12-09 01:16 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-12-14 17:31 - 2016-12-09 01:15 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-12-14 17:31 - 2016-12-09 01:15 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-12-14 17:31 - 2016-12-09 01:15 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll
2016-12-14 17:31 - 2016-12-09 00:54 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-12-14 17:26 - 2016-12-09 02:32 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-12-14 17:26 - 2016-12-09 02:27 - 00172528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2016-12-14 17:26 - 2016-12-09 02:20 - 01738560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-12-14 17:26 - 2016-12-09 02:19 - 01293152 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-12-14 17:26 - 2016-12-09 02:18 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-12-14 17:26 - 2016-12-09 02:15 - 08168000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-12-14 17:26 - 2016-12-09 02:15 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-12-14 17:26 - 2016-12-09 02:10 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-12-14 17:26 - 2016-12-09 01:45 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-12-14 17:26 - 2016-12-09 01:37 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-12-14 17:26 - 2016-12-09 01:36 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-12-14 17:26 - 2016-12-09 01:36 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2016-12-14 17:26 - 2016-12-09 01:33 - 03777536 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-12-14 17:26 - 2016-12-09 01:29 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-12-14 17:26 - 2016-12-09 01:27 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2016-12-14 17:26 - 2016-12-09 01:26 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-12-14 17:26 - 2016-12-09 01:22 - 02688512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-12-14 17:26 - 2016-12-09 01:22 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-12-14 17:26 - 2016-12-09 01:21 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-12-14 17:26 - 2016-12-09 01:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-12-14 17:26 - 2016-12-09 01:21 - 01512960 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-12-14 17:26 - 2016-12-09 01:20 - 00730624 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-12-14 17:26 - 2016-12-09 01:20 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-12-14 17:26 - 2016-12-09 01:19 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2016-12-14 17:25 - 2016-12-09 02:42 - 01637728 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-12-14 17:25 - 2016-12-09 02:42 - 00137568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-12-14 17:25 - 2016-12-09 02:34 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-12-14 17:25 - 2016-12-09 02:34 - 00894096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-12-14 17:25 - 2016-12-09 02:33 - 01354320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-12-14 17:25 - 2016-12-09 02:33 - 01173496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-12-14 17:25 - 2016-12-09 02:30 - 00377184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-12-14 17:25 - 2016-12-09 02:29 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-14 17:25 - 2016-12-09 02:28 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-12-14 17:25 - 2016-12-09 02:20 - 02677544 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-12-14 17:25 - 2016-12-09 02:20 - 02189664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-12-14 17:25 - 2016-12-09 02:20 - 00658784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-12-14 17:25 - 2016-12-09 02:20 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-12-14 17:25 - 2016-12-09 02:19 - 00168424 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2016-12-14 17:25 - 2016-12-09 02:18 - 02913144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-12-14 17:25 - 2016-12-09 02:18 - 01267512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-12-14 17:25 - 2016-12-09 02:18 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2016-12-14 17:25 - 2016-12-09 02:18 - 00989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2016-12-14 17:25 - 2016-12-09 02:18 - 00947552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2016-12-14 17:25 - 2016-12-09 02:18 - 00811872 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2016-12-14 17:25 - 2016-12-09 02:14 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-12-14 17:25 - 2016-12-09 02:14 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2016-12-14 17:25 - 2016-12-09 02:10 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2016-12-14 17:25 - 2016-12-09 02:09 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2016-12-14 17:25 - 2016-12-09 01:47 - 22563328 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-12-14 17:25 - 2016-12-09 01:45 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2016-12-14 17:25 - 2016-12-09 01:42 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-12-14 17:25 - 2016-12-09 01:41 - 00380928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2016-12-14 17:25 - 2016-12-09 01:38 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2016-12-14 17:25 - 2016-12-09 01:37 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-12-14 17:25 - 2016-12-09 01:37 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-12-14 17:25 - 2016-12-09 01:36 - 03059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-12-14 17:25 - 2016-12-09 01:36 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-12-14 17:25 - 2016-12-09 01:33 - 01589760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2016-12-14 17:25 - 2016-12-09 01:30 - 23677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-12-14 17:25 - 2016-12-09 01:28 - 01004544 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-12-14 17:25 - 2016-12-09 01:27 - 13084160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-12-14 17:25 - 2016-12-09 01:27 - 05114368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2016-12-14 17:25 - 2016-12-09 01:26 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-12-14 17:25 - 2016-12-09 01:25 - 00376832 _____ (Microsoft Corporation) C:\WINDOWS\system32\CryptoWinRT.dll
2016-12-14 17:25 - 2016-12-09 01:24 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-12-14 17:25 - 2016-12-09 01:22 - 02820096 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-12-14 17:25 - 2016-12-09 01:21 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2016-12-14 17:25 - 2016-12-09 01:20 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-12-14 17:25 - 2016-12-09 01:19 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-12-14 17:25 - 2016-12-09 01:19 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-12-14 17:25 - 2016-12-09 01:19 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-12-14 17:25 - 2016-12-09 01:19 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2016-12-13 09:22 - 2016-12-13 09:22 - 00003284 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2016-12-09 21:40 - 2016-12-09 21:40 - 00035815 _____ C:\Users\betty\Desktop\2014 Summary of gifts.xlsm
2016-12-09 13:36 - 2016-11-11 02:22 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-12-09 13:36 - 2016-11-11 02:14 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2016-12-09 13:36 - 2016-11-11 02:14 - 02186896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2016-12-09 13:36 - 2016-11-11 02:14 - 00603488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2016-12-09 13:36 - 2016-11-11 02:13 - 01886344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-12-09 13:36 - 2016-11-11 02:13 - 00352096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2016-12-09 13:36 - 2016-11-11 02:12 - 00128352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2016-12-09 13:36 - 2016-11-11 02:03 - 01069720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2016-12-09 13:36 - 2016-11-11 02:03 - 00266544 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-12-09 13:36 - 2016-11-11 02:02 - 02828376 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-12-09 13:36 - 2016-11-11 02:01 - 01859264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-12-09 13:36 - 2016-11-11 01:57 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-12-09 13:36 - 2016-11-11 01:56 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2016-12-09 13:36 - 2016-11-11 01:56 - 00424616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2016-12-09 13:36 - 2016-11-11 01:56 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-12-09 13:36 - 2016-11-11 01:56 - 00163752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTWorkQ.dll
2016-12-09 13:36 - 2016-11-11 01:29 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2016-12-09 13:36 - 2016-11-11 01:26 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2016-12-09 13:36 - 2016-11-11 01:26 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReportingCSP.dll
2016-12-09 13:36 - 2016-11-11 01:25 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2016-12-09 13:36 - 2016-11-11 01:25 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2016-12-09 13:36 - 2016-11-11 01:25 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-12-09 13:36 - 2016-11-11 01:24 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-12-09 13:36 - 2016-11-11 01:24 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2016-12-09 13:36 - 2016-11-11 01:24 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-12-09 13:36 - 2016-11-11 01:23 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\EAMProgressHandler.dll
2016-12-09 13:36 - 2016-11-11 01:22 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-12-09 13:36 - 2016-11-11 01:22 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\EDPCleanup.exe
2016-12-09 13:36 - 2016-11-11 01:21 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-12-09 13:36 - 2016-11-11 01:21 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2016-12-09 13:36 - 2016-11-11 01:21 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2016-12-09 13:36 - 2016-11-11 01:20 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2016-12-09 13:36 - 2016-11-11 01:20 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2016-12-09 13:36 - 2016-11-11 01:20 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2016-12-09 13:36 - 2016-11-11 01:20 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2016-12-09 13:36 - 2016-11-11 01:19 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2016-12-09 13:36 - 2016-11-11 01:19 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2016-12-09 13:36 - 2016-11-11 01:19 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-12-09 13:36 - 2016-11-11 01:19 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2016-12-09 13:36 - 2016-11-11 01:18 - 17188352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-12-09 13:36 - 2016-11-11 01:18 - 00967168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-12-09 13:36 - 2016-11-11 01:14 - 02104320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-12-09 13:36 - 2016-11-11 01:14 - 00615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2016-12-09 13:36 - 2016-11-11 01:13 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcuiu.dll
2016-12-09 13:36 - 2016-11-11 01:11 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-12-09 13:36 - 2016-11-11 01:11 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-12-09 13:36 - 2016-11-11 01:08 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2016-12-09 13:36 - 2016-11-11 01:07 - 00347648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2016-12-09 13:36 - 2016-11-11 01:06 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-12-09 13:36 - 2016-11-11 01:05 - 04136448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-12-09 13:36 - 2016-11-11 01:04 - 02800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\netshell.dll
2016-12-09 13:36 - 2016-11-11 01:04 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-12-09 13:36 - 2016-11-11 01:04 - 01232384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-12-09 13:36 - 2016-11-11 01:04 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-12-09 13:36 - 2016-11-11 01:04 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-12-09 13:36 - 2016-11-11 01:03 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2016-12-09 13:36 - 2016-11-10 23:49 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2016-12-09 13:36 - 2016-11-10 23:48 - 02277248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2016-12-09 13:36 - 2016-11-10 23:47 - 00527880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-12-09 13:36 - 2016-11-10 23:42 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-12-09 13:36 - 2016-11-10 23:42 - 01123912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-12-09 13:36 - 2016-11-10 23:42 - 00952416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-12-09 13:36 - 2016-11-10 23:42 - 00091936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfaudiocnv.dll
2016-12-09 13:36 - 2016-11-10 23:41 - 00157536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudStorageWizard.exe
2016-12-09 13:36 - 2016-11-10 23:38 - 01263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-12-09 13:36 - 2016-11-10 23:25 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-12-09 13:36 - 2016-11-10 23:25 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-12-09 13:36 - 2016-11-10 23:24 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-12-09 13:36 - 2016-11-10 23:23 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2016-12-09 13:36 - 2016-11-10 23:21 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-12-09 13:36 - 2016-11-10 23:19 - 01755136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll
2016-12-09 13:36 - 2016-11-10 23:19 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2016-12-09 13:36 - 2016-11-10 23:19 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2016-12-09 13:36 - 2016-11-10 23:18 - 02333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2016-12-09 13:36 - 2016-11-10 23:17 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe
2016-12-09 13:36 - 2016-11-10 23:15 - 01357824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2016-12-09 13:36 - 2016-11-10 23:15 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-12-09 13:36 - 2016-11-10 23:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2016-12-09 13:36 - 2016-11-10 23:10 - 06109184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-12-09 13:36 - 2016-11-10 23:09 - 05380608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-12-09 13:36 - 2016-11-10 23:09 - 00545280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2016-12-09 13:36 - 2016-11-10 23:06 - 02362880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2016-12-09 13:36 - 2016-11-10 23:06 - 02109952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2016-12-09 13:36 - 2016-11-10 23:06 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2016-12-09 13:36 - 2016-11-10 23:05 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-12-09 13:36 - 2016-11-10 23:05 - 03370496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2016-12-09 13:36 - 2016-11-10 23:04 - 02682880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll
2016-12-09 13:36 - 2016-11-10 23:04 - 01992704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-12-09 13:36 - 2016-11-10 23:04 - 00912896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2016-12-09 13:36 - 2016-11-10 23:04 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-12-09 13:36 - 2016-11-10 23:03 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-12-09 13:35 - 2016-11-11 02:15 - 00198856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-12-09 13:35 - 2016-11-11 02:15 - 00101216 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceReactivation.dll
2016-12-09 13:35 - 2016-11-11 02:13 - 02213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-12-09 13:35 - 2016-11-11 02:08 - 00142176 _____ (Microsoft Corporation) C:\WINDOWS\system32\migisol.dll
2016-12-09 13:35 - 2016-11-11 02:03 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2016-12-09 13:35 - 2016-11-11 02:02 - 00360040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-12-09 13:35 - 2016-11-11 02:01 - 07219672 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-12-09 13:35 - 2016-11-11 02:01 - 00637400 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-12-09 13:35 - 2016-11-11 02:00 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-12-09 13:35 - 2016-11-11 02:00 - 00223584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-12-09 13:35 - 2016-11-11 02:00 - 00219488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2016-12-09 13:35 - 2016-11-11 01:59 - 00433504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-12-09 13:35 - 2016-11-11 01:57 - 04130432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-12-09 13:35 - 2016-11-11 01:57 - 01473048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-12-09 13:35 - 2016-11-11 01:56 - 04673304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-12-09 13:35 - 2016-11-11 01:56 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-12-09 13:35 - 2016-11-11 01:56 - 00187520 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudStorageWizard.exe
2016-12-09 13:35 - 2016-11-11 01:56 - 00126568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfaudiocnv.dll
2016-12-09 13:35 - 2016-11-11 01:55 - 01600624 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-12-09 13:35 - 2016-11-11 01:55 - 00882680 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2016-12-09 13:35 - 2016-11-11 01:55 - 00743224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-12-09 13:35 - 2016-11-11 01:54 - 01418312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-12-09 13:35 - 2016-11-11 01:51 - 00454592 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2016-12-09 13:35 - 2016-11-11 01:31 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-12-09 13:35 - 2016-11-11 01:28 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-12-09 13:35 - 2016-11-11 01:28 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\CbtBackgroundManagerPolicy.dll
2016-12-09 13:35 - 2016-11-11 01:27 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2016-12-09 13:35 - 2016-11-11 01:27 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpremove.exe
2016-12-09 13:35 - 2016-11-11 01:26 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2016-12-09 13:35 - 2016-11-11 01:26 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\modem.sys
2016-12-09 13:35 - 2016-11-11 01:26 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgentc.exe
2016-12-09 13:35 - 2016-11-11 01:25 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRHelper.dll
2016-12-09 13:35 - 2016-11-11 01:25 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-12-09 13:35 - 2016-11-11 01:25 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-12-09 13:35 - 2016-11-11 01:25 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-12-09 13:35 - 2016-11-11 01:24 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-12-09 13:35 - 2016-11-11 01:24 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2016-12-09 13:35 - 2016-11-11 01:24 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-12-09 13:35 - 2016-11-11 01:24 - 00136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2016-12-09 13:35 - 2016-11-11 01:24 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2016-12-09 13:35 - 2016-11-11 01:23 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2016-12-09 13:35 - 2016-11-11 01:23 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2016-12-09 13:35 - 2016-11-11 01:23 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2016-12-09 13:35 - 2016-11-11 01:22 - 00489472 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-12-09 13:35 - 2016-11-11 01:22 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-12-09 13:35 - 2016-11-11 01:21 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-12-09 13:35 - 2016-11-11 01:21 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2016-12-09 13:35 - 2016-11-11 01:21 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-12-09 13:35 - 2016-11-11 01:20 - 00657920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2016-12-09 13:35 - 2016-11-11 01:20 - 00641024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2016-12-09 13:35 - 2016-11-11 01:20 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2016-12-09 13:35 - 2016-11-11 01:20 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-12-09 13:35 - 2016-11-11 01:20 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2016-12-09 13:35 - 2016-11-11 01:20 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2016-12-09 13:35 - 2016-11-11 01:20 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupugc.exe
2016-12-09 13:35 - 2016-11-11 01:20 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-12-09 13:35 - 2016-11-11 01:19 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-12-09 13:35 - 2016-11-11 01:19 - 00620544 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-12-09 13:35 - 2016-11-11 01:19 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-12-09 13:35 - 2016-11-11 01:19 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2016-12-09 13:35 - 2016-11-11 01:19 - 00388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2016-12-09 13:35 - 2016-11-11 01:19 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2016-12-09 13:35 - 2016-11-11 01:18 - 02084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
 
Frst 3:

2016-12-09 13:35 - 2016-11-11 01:18 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
2016-12-09 13:35 - 2016-11-11 01:17 - 01220096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2016-12-09 13:35 - 2016-11-11 01:17 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-12-09 13:35 - 2016-11-11 01:17 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvSysprep.dll
2016-12-09 13:35 - 2016-11-11 01:16 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2016-12-09 13:35 - 2016-11-11 01:16 - 01477632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2016-12-09 13:35 - 2016-11-11 01:16 - 00560128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2016-12-09 13:35 - 2016-11-11 01:16 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-12-09 13:35 - 2016-11-11 01:16 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2016-12-09 13:35 - 2016-11-11 01:16 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2016-12-09 13:35 - 2016-11-11 01:15 - 00282624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-12-09 13:35 - 2016-11-11 01:15 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscinterop.dll
2016-12-09 13:35 - 2016-11-11 01:15 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManHTTPConfig.exe
2016-12-09 13:35 - 2016-11-11 01:14 - 07654400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-12-09 13:35 - 2016-11-11 01:14 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2016-12-09 13:35 - 2016-11-11 01:14 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppnp.dll
2016-12-09 13:35 - 2016-11-11 01:13 - 07812096 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-12-09 13:35 - 2016-11-11 01:13 - 00396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-12-09 13:35 - 2016-11-11 01:12 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcprx.dll
2016-12-09 13:35 - 2016-11-11 01:11 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2016-12-09 13:35 - 2016-11-11 01:11 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpoext.dll
2016-12-09 13:35 - 2016-11-11 01:09 - 01366016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2016-12-09 13:35 - 2016-11-11 01:09 - 00164352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialserver.dll
2016-12-09 13:35 - 2016-11-11 01:07 - 03441152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2016-12-09 13:35 - 2016-11-11 01:07 - 02953216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2016-12-09 13:35 - 2016-11-11 01:07 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-12-09 13:35 - 2016-11-11 01:07 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-12-09 13:35 - 2016-11-11 01:07 - 01691136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2016-12-09 13:35 - 2016-11-11 01:07 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-12-09 13:35 - 2016-11-11 01:07 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2016-12-09 13:35 - 2016-11-11 01:06 - 03400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll
2016-12-09 13:35 - 2016-11-11 01:06 - 00960000 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-12-09 13:35 - 2016-11-11 01:05 - 02852864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-12-09 13:35 - 2016-11-11 01:05 - 01779712 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-12-09 13:35 - 2016-11-11 01:05 - 01031680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-12-09 13:35 - 2016-11-11 01:05 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-12-09 13:35 - 2016-11-11 01:04 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2016-12-09 13:35 - 2016-11-11 01:04 - 02611200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2016-12-09 13:35 - 2016-11-11 01:04 - 02317312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-12-09 13:35 - 2016-11-11 01:04 - 01709056 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-12-09 13:35 - 2016-11-11 01:04 - 00691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2016-12-09 13:35 - 2016-11-11 01:04 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2016-12-09 13:35 - 2016-11-11 01:03 - 04708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-12-09 13:35 - 2016-11-11 01:03 - 02669056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-12-09 13:35 - 2016-11-11 01:03 - 02287616 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-12-09 13:35 - 2016-11-11 01:03 - 00905216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-12-09 13:35 - 2016-11-11 01:03 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-12-09 13:35 - 2016-11-11 01:03 - 00632320 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2016-12-09 13:35 - 2016-11-11 01:03 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-12-09 13:35 - 2016-11-11 01:03 - 00283648 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll
2016-12-09 13:35 - 2016-11-11 01:02 - 03542016 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-12-09 13:35 - 2016-11-11 01:02 - 01726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-12-09 13:35 - 2016-11-11 01:02 - 00936448 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-12-09 13:35 - 2016-11-11 00:39 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-12-09 13:35 - 2016-11-11 00:01 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2016-12-09 13:35 - 2016-11-11 00:01 - 01969912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll
2016-12-09 13:35 - 2016-11-11 00:01 - 00167848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2016-12-09 13:35 - 2016-11-11 00:00 - 01706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-12-09 13:35 - 2016-11-10 23:59 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-12-09 13:35 - 2016-11-10 23:54 - 00122208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\migisol.dll
2016-12-09 13:35 - 2016-11-10 23:49 - 00869848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2016-12-09 13:35 - 2016-11-10 23:49 - 00248480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2016-12-09 13:35 - 2016-11-10 23:47 - 05722832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-12-09 13:35 - 2016-11-10 23:47 - 01430720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-12-09 13:35 - 2016-11-10 23:42 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-12-09 13:35 - 2016-11-10 23:42 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2016-12-09 13:35 - 2016-11-10 23:42 - 00374448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2016-12-09 13:35 - 2016-11-10 23:42 - 00152416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTWorkQ.dll
2016-12-09 13:35 - 2016-11-10 23:41 - 04311736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-12-09 13:35 - 2016-11-10 23:28 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2016-12-09 13:35 - 2016-11-10 23:27 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetCfgNotifyObjectHost.exe
2016-12-09 13:35 - 2016-11-10 23:27 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-12-09 13:35 - 2016-11-10 23:26 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgentc.exe
2016-12-09 13:35 - 2016-11-10 23:24 - 00519168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2016-12-09 13:35 - 2016-11-10 23:24 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll
2016-12-09 13:35 - 2016-11-10 23:24 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2016-12-09 13:35 - 2016-11-10 23:23 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2016-12-09 13:35 - 2016-11-10 23:22 - 00505856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2016-12-09 13:35 - 2016-11-10 23:22 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
2016-12-09 13:35 - 2016-11-10 23:21 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-12-09 13:35 - 2016-11-10 23:21 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2016-12-09 13:35 - 2016-11-10 23:20 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-12-09 13:35 - 2016-11-10 23:20 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-12-09 13:35 - 2016-11-10 23:20 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2016-12-09 13:35 - 2016-11-10 23:19 - 13868544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-12-09 13:35 - 2016-11-10 23:19 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2016-12-09 13:35 - 2016-11-10 23:19 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-12-09 13:35 - 2016-11-10 23:19 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2016-12-09 13:35 - 2016-11-10 23:19 - 00114176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupugc.exe
2016-12-09 13:35 - 2016-11-10 23:18 - 01336320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
2016-12-09 13:35 - 2016-11-10 23:18 - 01196544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2016-12-09 13:35 - 2016-11-10 23:18 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2016-12-09 13:35 - 2016-11-10 23:18 - 00318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2016-12-09 13:35 - 2016-11-10 23:18 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscinterop.dll
2016-12-09 13:35 - 2016-11-10 23:17 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2016-12-09 13:35 - 2016-11-10 23:16 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-12-09 13:35 - 2016-11-10 23:15 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-12-09 13:35 - 2016-11-10 23:15 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2016-12-09 13:35 - 2016-11-10 23:14 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2016-12-09 13:35 - 2016-11-10 23:13 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-12-09 13:35 - 2016-11-10 23:12 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcuiu.dll
2016-12-09 13:35 - 2016-11-10 23:10 - 00746496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcprx.dll
2016-12-09 13:35 - 2016-11-10 23:08 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xolehlp.dll
2016-12-09 13:35 - 2016-11-10 23:06 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2016-12-09 13:35 - 2016-11-10 23:06 - 00400384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2016-12-09 13:35 - 2016-11-10 23:06 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxclu.dll
2016-12-09 13:35 - 2016-11-10 23:04 - 01595392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-12-09 13:35 - 2016-11-10 23:04 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2016-12-09 13:35 - 2016-11-10 23:03 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
2016-12-09 13:35 - 2016-11-10 23:03 - 02256384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-12-09 13:35 - 2016-11-10 23:03 - 01576448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-12-09 13:35 - 2016-11-10 23:03 - 01556480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-12-09 13:35 - 2016-11-10 23:03 - 00772608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2016-12-09 13:35 - 2016-11-10 23:03 - 00565248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2016-12-09 13:35 - 2016-11-10 23:02 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-12-02 08:51 - 2016-12-02 08:51 - 06822911 _____ (U.S. Department of the Treasury) C:\Users\betty\Downloads\sbwsetup (1).exe
2016-11-30 10:13 - 2016-12-10 20:30 - 00000000 _____ C:\Users\betty\Documents\HPOJ8720_Fax_Port
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-12-30 22:04 - 2016-08-20 10:46 - 00000000 ____D C:\Users\betty\Desktop\Virus
2016-12-30 22:04 - 2016-08-20 10:44 - 00000000 ____D C:\FRST
2016-12-30 22:03 - 2015-06-20 08:09 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2016-12-30 22:02 - 2015-06-20 12:29 - 00000000 ____D C:\Users\betty\AppData\Local\CrashDumps
2016-12-30 22:01 - 2016-10-01 09:22 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-12-30 21:09 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\system32\sru
2016-12-30 19:57 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-12-30 18:44 - 2015-06-20 08:42 - 00000000 __RDO C:\Users\betty\OneDrive
2016-12-30 08:58 - 2016-10-01 11:24 - 00000000 ____D C:\Users\betty\AppData\Local\Deployment
2016-12-29 22:55 - 2016-08-20 13:23 - 00000988 _____ C:\Users\betty\Desktop\JRT.txt
2016-12-29 22:47 - 2016-10-01 09:24 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-12-29 22:46 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-12-29 22:43 - 2016-10-01 09:57 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-12-29 22:43 - 2016-07-15 22:04 - 01310720 _____ C:\WINDOWS\system32\config\BBI
2016-12-29 22:42 - 2016-08-20 11:43 - 00000000 ____D C:\AdwCleaner
2016-12-29 22:42 - 2015-06-20 08:19 - 00000000 ____D C:\Users\betty\Documents\Youcam
2016-12-29 22:36 - 2016-10-01 09:29 - 01403680 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-12-29 22:13 - 2016-08-20 15:21 - 00000000 ____D C:\ProgramData\RogueKiller
2016-12-29 22:12 - 2016-08-20 15:21 - 00000000 ____D C:\Program Files\RogueKiller
2016-12-29 20:12 - 2013-08-22 07:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-12-29 19:17 - 2016-08-20 15:22 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2016-12-29 19:12 - 2016-08-20 15:21 - 00000906 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2016-12-29 19:12 - 2016-08-20 15:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-12-29 15:40 - 2016-10-02 10:48 - 00009060 _____ C:\WINDOWS\PFRO.log
2016-12-29 15:40 - 2016-10-01 09:21 - 00918192 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-12-29 15:40 - 2015-06-29 05:53 - 00000358 _____ C:\WINDOWS\Tasks\HPCeeScheduleForbetty.job
2016-12-29 15:37 - 2015-08-26 12:30 - 00000000 ___RD C:\Users\betty\OneDrive - The Hedrick Co-
2016-12-29 15:14 - 2015-06-24 14:26 - 00000000 ____D C:\ProgramData\flsplan
2016-12-29 13:49 - 2014-06-24 21:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-12-28 18:27 - 2015-07-28 14:00 - 00002315 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-28 09:42 - 2016-10-01 09:57 - 00003250 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForbetty
2016-12-28 09:30 - 2016-10-01 09:30 - 00000000 ____D C:\Users\betty
2016-12-28 09:29 - 2015-06-20 12:18 - 00000000 ____D C:\Users\betty\Documents\Family Law Software
2016-12-26 20:31 - 2015-06-20 08:17 - 00000000 ____D C:\Users\betty\AppData\Local\Packages
2016-12-26 16:04 - 2015-10-20 14:47 - 1351643749 _____ C:\WINDOWS\MEMORY.DMP
2016-12-24 14:15 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\rescache
2016-12-23 11:57 - 2016-08-04 11:45 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-12-23 11:57 - 2015-08-27 10:03 - 00000684 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-223588219-2138284121-77307795-1002.job
2016-12-23 11:57 - 2015-08-27 10:03 - 00000588 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-223588219-2138284121-77307795-1002.job
2016-12-23 11:54 - 2016-07-16 03:47 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2016-12-23 11:53 - 2016-07-16 03:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-12-23 11:53 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2016-12-23 11:53 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-12-23 11:53 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\system32\sr-Latn-CS
2016-12-23 11:53 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-12-23 11:53 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-12-23 11:53 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-12-23 11:53 - 2016-07-15 22:04 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-12-23 11:53 - 2016-07-15 22:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-12-23 11:53 - 2016-07-15 22:04 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-12-23 11:53 - 2016-07-15 22:04 - 00000000 ____D C:\WINDOWS\servicing
2016-12-23 11:39 - 2016-07-16 03:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-12-22 12:00 - 2015-07-30 06:55 - 00000000 __HDC C:\ProgramData\{A4BCF67D-EA8B-46F0-B19D-90368494B7A3}
2016-12-20 11:48 - 2015-07-15 09:29 - 00017658 _____ C:\Users\betty\Documents\Position Export.csv
2016-12-16 13:41 - 2016-10-01 09:57 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-16 13:41 - 2016-10-01 09:57 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-14 18:43 - 2015-06-20 20:38 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-12-14 18:40 - 2015-06-20 20:37 - 135632432 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-12-13 10:21 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-12-13 10:21 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-12-13 09:22 - 2016-07-16 11:20 - 00002366 _____ C:\Users\betty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-12-12 10:39 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-12-11 15:56 - 2016-07-16 03:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-12-11 15:56 - 2016-07-16 03:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-09 13:23 - 2016-07-16 03:42 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-12-07 17:14 - 2015-06-29 12:37 - 00000000 ___RD C:\Users\betty\Box Sync
2016-12-07 16:11 - 2016-10-01 09:24 - 00029749 _____ C:\WINDOWS\setupact.log
2016-12-06 11:14 - 2016-02-18 10:52 - 00000000 ____D C:\Users\betty\AppData\LocalLow\WebEx
2016-12-06 10:01 - 2016-02-18 10:52 - 00000000 ____D C:\Users\betty\AppData\Local\WebEx
2016-12-06 10:01 - 2016-02-18 10:52 - 00000000 ____D C:\ProgramData\WebEx
2016-12-02 08:52 - 2015-12-18 10:42 - 00001162 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Savings Bond Wizard.lnk
2016-12-02 08:52 - 2015-12-18 10:42 - 00001156 _____ C:\Users\Public\Desktop\Savings Bond Wizard.lnk
2016-12-02 08:52 - 2015-12-18 10:42 - 00000000 ____D C:\Program Files (x86)\Savings Bond Wizard
2016-11-30 10:13 - 2016-11-28 16:49 - 00000000 ____D C:\Users\betty\AppData\Local\HP
==================== Files in the root of some directories =======
2016-01-14 16:57 - 2016-01-14 16:57 - 0002715 _____ () C:\Users\betty\AppData\Roaming\QBFileDrTool.log
2016-05-02 21:11 - 2016-05-02 21:14 - 1671526 _____ () C:\Users\betty\AppData\Roaming\qeinst.log
2016-03-29 08:39 - 2016-03-29 08:39 - 0000600 _____ () C:\Users\betty\AppData\Roaming\winscp.rnd
2016-12-28 17:53 - 2016-12-28 17:53 - 0000017 _____ () C:\Users\betty\AppData\Local\resmon.resmoncfg
2016-11-28 16:54 - 2016-11-28 16:54 - 0000057 _____ () C:\ProgramData\Ament.ini
Some files in TEMP:
====================
C:\Users\betty\AppData\Local\Temp\BullseyeCoverage-2-x86.dll
C:\Users\betty\AppData\Local\Temp\dllnt_dump.dll
C:\Users\betty\AppData\Local\Temp\libeay32.dll
C:\Users\betty\AppData\Local\Temp\msvcr120.dll
C:\Users\betty\AppData\Local\Temp\RoboForm-Setup.exe
C:\Users\betty\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-12-22 10:11
 
Addition 1:
Additional scan result of Farbar Recovery Scan Tool (x64) Version:04-10-2015
Ran by betty (2016-12-30 22:05:23)
Running from C:\Users\betty\Desktop\Virus
Windows 10 Home (X64) (2016-10-01 18:01:58)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
Administrator (S-1-5-21-223588219-2138284121-77307795-500 - Administrator - Disabled)
betty (S-1-5-21-223588219-2138284121-77307795-1002 - Administrator - Enabled) => C:\Users\betty
DefaultAccount (S-1-5-21-223588219-2138284121-77307795-503 - Limited - Disabled)
Guest (S-1-5-21-223588219-2138284121-77307795-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-223588219-2138284121-77307795-1001 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
(HKLM-x32\...\{B5FAD058-6C87-4902-9A03-DB744AD66263}) (Version: - )
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0E0F06755100}) (Version: 15.006.30244 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{29DB9165-5FC1-48F0-9188-26123F526848}) (Version: 5.0.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{5905C8CF-1C88-4478-A48E-4E458AD1BC7E}) (Version: 5.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D4D86CB2-2370-4691-8272-3869EDED6C64}) (Version: 10.0.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
BERNINA ARTlink 7 (HKLM-x32\...\{CA812D88-2139-4107-97B5-1B2D2A1DD04D}) (Version: 18.0.94.7011 - BERNINA)
BERNINA ARTlink 7 (x32 Version: 18.0.94.7011 - Wilcom) Hidden
BERNINA Universal Communication Server (HKLM-x32\...\{CF27C964-3902-4CA3-9C71-B0EAEB302AB5}) (Version: 1.27.70 - BERNINA)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Box Sync (HKLM\...\{5C15714C-1956-47D4-9C1D-452CC2C2C10B}) (Version: 4.0.7724.0 - Box, Inc.)
Box Sync (x32 Version: 4.0.6447.0 - Box Inc.) Hidden
Box Tools (HKLM-x32\...\{56647361-687B-452B-8999-6179125FFD63}) (Version: 3.2.10.1533 - Box)
Cisco WebEx Meetings (HKU\S-1-5-21-223588219-2138284121-77307795-1001\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Cisco WebEx Meetings (HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{DB014C85-A264-4BCA-A66F-6DD1FCF8EC36}) (Version: 1.0.335 - Citrix)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4.6515 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.9.4928 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.4.4824 - CyberLink Corp.)
CyberLink Power Media Player 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.6.5104 - CyberLink Corp.)
CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.5.6909 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.9.5009 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.4.3122 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.6.5011 - CyberLink Corp.)
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
EPSON WorkForce 645 Series Printer Uninstall (HKLM\...\EPSON WorkForce 645 Series) (Version: - SEIKO EPSON Corporation)
FreeMind (HKLM-x32\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 0.9.0 - )
GDR 4042 for SQL Server 2008 R2 (KB3045313) (HKLM-x32\...\KB3045313) (Version: 10.52.4042.0 - Microsoft Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GoToMeeting 7.14.1.4670 (HKU\S-1-5-21-223588219-2138284121-77307795-1001\...\GoToMeeting) (Version: 7.14.1.4670 - CitrixOnline)
GoToMeeting 7.28.0.6039 (HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\GoToMeeting) (Version: 7.28.0.6039 - CitrixOnline)
HP 3D DriveGuard (HKLM-x32\...\{13133E99-B0D5-4143-B832-AAD55C62A41C}) (Version: 6.0.19.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{59F8C5AA-91BD-423D-BF05-09A80F39898F}) (Version: 2.10.62 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{1154543C-D5D0-49BE-A004-82EE0A3746AE}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Dropbox Plugin (HKLM-x32\...\{3E261474-8DF2-463B-984E-0B6396F58D1C}) (Version: 36.0.39.57346 - HP)
HP Google Drive Plugin (HKLM-x32\...\{9469285B-AB76-434A-8533-2EE643318F2E}) (Version: 36.0.39.57346 - HP)
HP OfficeJet Pro 8720 Basic Device Software (HKLM\...\{98A7C54D-74EB-461C-8124-E78BF938401F}) (Version: 38.1.1881.57490 - HP Inc.)
HP OfficeJet Pro 8720 Help (HKLM-x32\...\{18E5A98E-E857-4087-AF73-4E6B9AB0A140}) (Version: 38.0.0 - HP)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7493.4758 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{D17A3B70-B75E-4C49-83D6-C17DDF65B35F}) (Version: 1.3.4 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{AED1C141-3AFC-47FE-AE90-C820AA60B103}) (Version: 2.2.5 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
I.R.I.S. OCR (HKLM-x32\...\{093C645A-294E-41E4-904C-DDF13DC47A27}) (Version: 12.3.6.12 - HP)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6491.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel(R) PRO/Wireless Driver (HKLM\...\{ac7ad2d7-04b3-460c-b370-07e3d3e3aa4e}) (Version: 17.01.0000.1697 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3368 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 3.0.1335.5) (HKLM\...\{302600C1-6BDF-4FD1-1307-148929CC1385}) (Version: 3.1.1307.0362 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
Intel(R) Smart Connect Technology (HKLM\...\{9B5FD763-5074-474C-B898-24567E6450C8}) (Version: 4.2.40.2439 - Intel Corporation)
iTunes (HKLM\...\{9946A4F7-E0FD-4A33-82D1-06CBFFBBB9F9}) (Version: 12.5.1.21 - Apple Inc.)
Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Laser App Enterprise (HKLM-x32\...\Laser App Enterprise) (Version: 10.0.0.50 - Laser App Software Inc.)
Laser App Enterprise (x32 Version: 10.0.0.54 - Laser App Software Inc.) Hidden
Malwarebytes version 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes)
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.5.166.0 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.6965.2115 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\OneDriveSetup.exe) (Version: 17.3.6720.1207 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (HKLM-x32\...\Microsoft SQL Server 2008 R2) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{49860BCD-24D6-44C1-922E-AC12FE32234E}) (Version: 10.52.4042.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Setup (English) (HKLM-x32\...\{EFECC55D-7B0A-4D05-8487-CC2FD7C618A3}) (Version: 10.52.4042.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM-x32\...\{D441BD04-E548-4F8E-97A4-1B66135BAAA8}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server Browser (HKLM-x32\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{6E740973-8E71-42F9-A910-C18452E60450}) (Version: 9.00.3042.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft SQLXML 4.0 SP1 (HKLM\...\{70544B21-8A43-4A30-8F59-DC6F73A5EE9A}) (Version: 10.0.1600.60 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{CD5AAE18-1DF8-4D7B-8B99-9071D7D36126}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package (HKLM-x32\...\Microsoft Visual J# 2.0 Redistributable Package) (Version: - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Mozilla Firefox 40.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.4.12.00 - NETGEAR Inc.)
novaPDF v7 (novaPDF 7.4 printer) (HKLM\...\novaPDF v7_is1) (Version: - Softland)
NVIDIA Graphics Driver 359.37 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 359.37 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0927 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0927 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6965.2115 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6965.2115 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6965.2115 - Microsoft Corporation) Hidden
Pinger (HKLM-x32\...\Pinger 1.1.1.2) (Version: 1.1.1.2 - Pinger Inc.)
Pinger (x32 Version: 1.1.1.2 - Pinger Inc.) Hidden
PortfolioCenter (HKLM-x32\...\InstallShield_{5B0F5755-7BE9-42AF-9AFC-F424C8E67C1C}) (Version: 5.10.100.2 - Schwab Performance Technologies)
PortfolioCenter (x32 Version: 5.10.100.2 - Schwab Performance Technologies) Hidden
PortfolioCenter Database Components (HKLM-x32\...\InstallShield_{D06C26DA-AC5F-43E7-A687-34D4CA83017B}) (Version: 5.10.100.2 - Schwab Performance Technologies)
PortfolioCenter Database Components (x32 Version: 5.10.100.2 - Schwab Performance Technologies) Hidden
PortfolioCenter Management Console (HKLM-x32\...\InstallShield_{4268D342-1374-490F-B277-BADAE5A0EE21}) (Version: 5.10.100.2 - Schwab Performance Technologies)
PortfolioCenter Management Console (x32 Version: 5.10.100.2 - Schwab Performance Technologies) Hidden
Quarterly Express Plus (HKLM-x32\...\{1F9C45EB-9D92-472C-A940-4206E9012A25}) (Version: 2.0.73 - Lewis Software Associates LLC)
QuickBooks (x32 Version: 25.0.4010.2506 - Intuit Inc.) Hidden
QuickBooks Pro 2015 (HKLM-x32\...\{8F02EFA1-8F5E-4E47-A6B5-D99E4FE90271}) (Version: 25.0.4006.2506 - Intuit Inc.)
QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21239 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.19.726.2013 - Realtek)
Retriever for the Desktop (HKLM-x32\...\{9FF80FBE-980E-4A42-B338-B1304958A84C}) (Version: 2.0.1 - Redtail Technology)
RingCentral Meetings (HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\RingCentralMeetings) (Version: 4.2 - Zoom Video Communications, Inc. and RingCentral Inc.)
RoboForm 7-9-22-2 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-22-2 - Siber Systems)
RogueKiller version 12.9.0.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.9.0.0 - Adlice Software)
Savings Bond Wizard (HKLM-x32\...\{566DBD89-9955-4024-9384-A6301C8C6584}) (Version: 5.0 - U.S. Department of the Treasury)
Schwab Data Delivery (HKU\S-1-5-21-223588219-2138284121-77307795-1001\...\ebb9ba9810bf3c43) (Version: 1.10.2930.114 - Charles Schwab - Schwab Data Delivery)
Schwab Data Delivery (HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\ebb9ba9810bf3c43) (Version: 1.10.2930.114 - Charles Schwab - Schwab Data Delivery)
Service Pack 2 for SQL Server 2008 R2 (KB2630458) (HKLM-x32\...\KB2630458) (Version: 10.52.4000.0 - Microsoft Corporation)
SQL Server 2008 R2 SP2 Common Files (x32 Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Services (x32 Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Shared (x32 Version: 10.52.4000.0 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (x32 Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SupportCalc-FD
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.2.4.10 - Synaptics Incorporated)
Validity WBF DDK (HKLM\...\{21498212-1146-4540-8A81-6A1328BA19F2}) (Version: 4.5.228.0 - Validity Sensors, Inc.)
VC12X64Redist (HKLM\...\{B573CC21-AE24-4BC5-9B0B-15CF29A3F982}) (Version: 1.00.0000 - Intuit Inc.)
VC12X86Redist (HKLM-x32\...\{EA9886ED-21F8-4867-A049-CE6817291EE6}) (Version: 1.00.0000 - Intuit Inc.)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17332 - Microsoft Corporation)
WinSCP 5.7.7 (HKLM-x32\...\winscp3_is1) (Version: 5.7.7 - Martin Prikryl)
YCharts Excel (HKLM-x32\...\{B937CE83-D945-4965-B16E-D056A16EA848}) (Version: 3.12 - YChartsExcel)
Your_Updater (HKLM-x32\...\Your_Updater) (Version: 1.0.1.7 - Installer Technology ©)
Zoom (HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\ZoomUMX) (Version: 3.5 - Zoom Video Communications, Inc.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-223588219-2138284121-77307795-1002_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\betty\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-223588219-2138284121-77307795-1002_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\betty\AppData\Local\Citrix\GoToMeeting\5174\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
==================== Restore Points =========================
09-12-2016 14:47:29 Windows Update
14-12-2016 18:39:31 Windows Update
23-12-2016 11:24:27 Windows Update
28-12-2016 17:49:02 Removed 8x8 - Virtual Office
29-12-2016 22:51:48 JRT Pre-Junkware Removal
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 05:25 - 2013-08-22 05:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
Addition 2:

==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {03896D04-23AB-4F74-A27D-B1B71EE41E2C} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\MDMMaintenenceTask => C:\Windows\system32\MDMAgent.exe [2016-07-16] (Microsoft Corporation)
Task: {04DA6EFD-403C-4227-BDF0-CDA4116D1C48} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {05857F16-DEC8-4F81-9995-FBF5DDE84926} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-12-10] (Microsoft Corporation)
Task: {0BA38480-425F-4C44-8BB4-F61566A8BA1F} - \WPD\SqmUpload_S-1-5-21-223588219-2138284121-77307795-1002 -> No File <==== ATTENTION
Task: {0E5600BF-76EB-4E8D-8702-76A0EB30CF33} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {10B382ED-4288-4F57-BDC6-2F2BE8F4E44D} - System32\Tasks\Microsoft\XblGameSave\XblGameSaveTask => C:\Windows\System32\XblGameSaveTask.exe [2016-07-16] (Microsoft Corporation)
Task: {11EF8237-224D-4CF9-9039-61D08754EA5D} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => C:\Windows\system32\compattelrunner.exe [2016-10-14] (Microsoft Corporation)
Task: {12F35D5A-573E-45E8-974D-E6FCD3E5F9B8} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {1646D405-68E3-4DF5-B807-159AA9242768} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {16DEA092-FB0C-40D0-AE20-0536BECC21D9} - System32\Tasks\Microsoft\Windows\EDP\EDP App Launch Task
Task: {184784E2-6ACB-4154-BD0F-A955BE13F177} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePolicyChange
Task: {1B65DD58-D16B-45E8-BEB4-94D7E4D64DF7} - System32\Tasks\Microsoft\Windows\EDP\EDP Auth Task
Task: {1CA37E8F-D53E-441C-B50D-A0A88CCF7761} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {20150925-6776-4145-9C57-CA7A6A3DBF4A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-09] (Microsoft Corporation)
Task: {29C66C6F-559C-4214-8E19-C60BE727F846} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2016-10-13] (Siber Systems)
Task: {2EE62CD7-0836-4AD3-AAEF-046CD2D5CCAB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-28] (Google Inc.)
Task: {31886F67-C1B9-442F-9C4B-3C12A90406C2} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-223588219-2138284121-77307795-1002 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe
Task: {36AF7D2E-0911-4109-AB21-4D5AB58E414A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {3FD1C5A9-8AE8-4F6C-98BD-8B6999716AF7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-28] (Google Inc.)
Task: {4287C823-61F0-4D4A-A80C-319A86315CFC} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2015-02-11] (CyberLink Corp.)
Task: {43DF67E8-D733-48FA-98F2-4E6D341E4A79} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattelrunner.exe [2016-10-14] (Microsoft Corporation)
Task: {449F729D-9452-4456-9F63-590BC4315B16} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-07-08] (Microsoft Corporation)
Task: {44F3566F-FA14-431B-BEDD-A68EEC4C946B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {463A71F6-403B-4726-A543-AA8C5E5B994D} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2016-09-02] (Synaptics Incorporated)
Task: {50A84C6C-CA56-4FE5-BE06-67CCF7B68879} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-12-10] (Microsoft Corporation)
Task: {51B7FB15-4DCB-400E-9A98-10E802F21FB3} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceScreenOnOff
Task: {52AC6F9F-F94F-4DE9-AB50-EC5ADA951A3D} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\betty\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {5654DFBB-E797-4758-B9A0-8BAE94A91F1D} - System32\Tasks\Microsoft\Windows\DUSM\dusmtask => C:\Windows\System32\dusmtask.exe [2016-07-16] (Microsoft Corporation)
Task: {5A9799A6-5778-4060-8F06-9C29F8071FF3} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {5F920B7C-53A5-4790-B516-C97B29085B2A} - System32\Tasks\{A5CFEB52-4F2C-42F7-AEB5-60B765FFCB04} => pcalua.exe -a E:\AutorunPro.EXE -d E:\
Task: {5FAAF530-ED1B-4F7B-AD7B-1694AA0B202B} - System32\Tasks\Microsoft\Windows\CertificateServicesClient\CryptoPolicyTask
Task: {6232090F-3BD0-4E1F-960B-78CBA797F685} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\HandleWnsCommand
Task: {626238E5-DF44-4CC4-91CB-FB5D1410B1D6} - System32\Tasks\OneDrive Standalone Update Task v2 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {66FFA64F-55F4-4B37-83F7-616642C470DC} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {6B1AE720-1359-4B9E-9C0F-60167361EF01} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefreshTask
Task: {6C14A00B-F2EE-4A5A-AA09-49D2FBED077D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {6D1C0035-5CAD-4340-A533-D63C9853BCC9} - System32\Tasks\Microsoft\Windows\Storage Tiers Management\Storage Tiers Management Initialization
Task: {6E8AE752-C5D2-4B34-B351-338B4370A342} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\HandleCommand
Task: {70331D46-364E-4004-8E19-20DF101F809F} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {769C3E6C-962C-405D-BEB6-458C1A7B89F0} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {7AC5E1E2-2FD3-40CD-8842-88CE53A3609C} - System32\Tasks\Microsoft\Windows\DiskFootprint\StorageSense
Task: {7BA6D234-5C21-4490-93F7-021B37541682} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-09] (Microsoft Corporation)
Task: {7E0BC64A-77D9-460A-9079-2DDED7623608} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/test-pass.h...MKMGMFMOMPMJNFICMGJLJKJBJLIGJLIGJKJMIBNKJHIKJ"
Task: {808E67F7-DA20-49BE-BD8F-B9D2EBE5A880} - System32\Tasks\HPCeeScheduleForbetty => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {871BC7E8-A199-4DC7-9B42-33774EEAA82A} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {8D791FAA-0257-4EBC-A6DD-74E842528806} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceSettingChange
Task: {93530F71-A1CD-4B5E-9203-F287862A50B6} - System32\Tasks\Microsoft\Windows\ErrorDetails\ErrorDetailsUpdate
Task: {97B535C9-F465-42B2-8EBC-6903EA0510A3} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceManagerTask => C:\Windows\system32\spaceman.exe [2016-09-15] (Microsoft Corporation)
Task: {9851188E-AC07-4F36-BA28-6D00BB2C9C46} - System32\Tasks\Microsoft\Windows\Device Information\Device => C:\Windows\system32\devicecensus.exe [2016-10-14] (Microsoft Corporation)
Task: {98CEC015-2D11-47A4-B439-A8B7B55645DB} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-07-08] (Microsoft Corporation)
Task: {9B4A664C-F225-4F50-AD74-616D3EA8D8F2} - System32\Tasks\Microsoft\XblGameSave\XblGameSaveTaskLogon => C:\Windows\System32\XblGameSaveTask.exe [2016-07-16] (Microsoft Corporation)
Task: {A0A8CED6-CD18-4070-8BC7-87511501CC00} - System32\Tasks\Microsoft\Windows\License Manager\TempSignedLicenseExchange
Task: {AFE3A458-E934-4696-A3BA-C9642CF20B85} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {B320E058-C6FA-413F-876B-0C9B4428AE66} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic6
Task: {B6EE76B2-4F82-4E15-9345-C867A29CBAD0} - System32\Tasks\Microsoft\Windows\Speech\SpeechModelDownloadTask => C:\Windows\system32\speech_onecore\common\SpeechModelDownload.exe [2016-10-01] (Microsoft Corporation)
Task: {BDDEF317-2692-422F-AEA2-FFD67DC7CEA3} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterUserDevice
Task: {BE49FBBF-6B74-41A6-898A-9F9AB2417670} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-06-07] (Hewlett-Packard Development Company, L.P.)
Task: {C125018F-0B81-4B64-B7DC-0E01220E5D0E} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceAccountChange
Task: {C319EAA0-0A1A-450E-90B4-4A981B1D4FB4} - System32\Tasks\Microsoft\Windows\ErrorDetails\EnableErrorDetailsUpdate
Task: {C6271A45-8199-40FA-A614-FCD8AAA1ADCE} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-07-08] (Microsoft Corporation)
Task: {C6B2579B-4962-4D12-883D-BBD420573A6C} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic1
Task: {C9F66A60-62D7-4B39-8C29-7E15B4931353} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {CC636E49-0109-402B-A40B-A37C29069A95} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\LocateCommandUserSession
Task: {D19A2726-897E-4F7D-9CE4-0773B449CE9E} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceConnectedToNetwork
Task: {D394BE25-2E16-45D4-AAB2-3E8861A09351} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitorToastTask
Task: {D3C4106A-D511-42C6-9716-465644534C87} - System32\Tasks\microsoft\windows\applicationdata\appuriverifierinstall => C:\Windows\system32\AppHostRegistrationVerifier.exe [2016-07-16] (Microsoft Corporation)
Task: {D6DB8BB8-5E2A-4129-92A0-1D1B2F73A507} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-07-08] (Microsoft Corporation)
Task: {D941F53F-7907-4FBE-B1E7-69EBD5B3A5D8} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceLocationRightsChange
Task: {DD459294-B7FE-4008-885A-C10DDCB512DC} - System32\Tasks\Laser App Enterprise Updates => C:\Windows\Installer\Laser App Enterprise Updates for All Users.lnk [2016-05-19] ()
Task: {DDA65DF6-7AF2-4B2D-8B55-7C2BB1B00483} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-12-10] (Microsoft Corporation)
Task: {DDAECFC0-67E3-4062-BF25-CD685F73B394} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\IntegrityCheck
Task: {DDE2BD27-80A5-44FF-B3B9-46B959C25D15} - System32\Tasks\Microsoft\Windows\Management\Provisioning\Logon => C:\Windows\system32\ProvTool.exe [2016-10-01] (Microsoft Corporation)
Task: {E5C83277-BB34-4D95-AAD9-EC18971BFFAA} - System32\Tasks\G2MUploadTask-S-1-5-21-223588219-2138284121-77307795-1002 => C:\Users\betty\AppData\Local\Citrix\GoToMeeting\5174\g2mupload.exe [2016-07-03] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {E7174266-9D34-43E9-BD52-A30CD4F189B2} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-13] (Adobe Systems Incorporated)
Task: {E7B04252-97CA-42C6-9920-F58B76B2C3E1} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePeriodic24
Task: {E9940121-595A-4142-B581-52E469484D86} - System32\Tasks\G2MUpdateTask-S-1-5-21-223588219-2138284121-77307795-1002 => C:\Users\betty\AppData\Local\Citrix\GoToMeeting\5174\g2mupdate.exe [2016-07-03] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {EA9BAA00-6604-4A27-8A73-AFA65F0EE1B3} - System32\Tasks\Microsoft\Windows\SharedPC\Account Cleanup => Rundll32.exe %windir%\System32\Windows.SharedPC.AccountManager.dll,StartMaintenance
Task: {ECEDC57D-8965-4EB1-BD6F-84791D928E23} - System32\Tasks\microsoft\windows\applicationdata\appuriverifierdaily => C:\Windows\system32\AppHostRegistrationVerifier.exe [2016-07-16] (Microsoft Corporation)
Task: {F293A269-9B73-4379-B42D-39BEC48E64B7} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {F8C493D4-FFC3-4916-BEB0-9E22EF901E4C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {FCA5A718-C48D-48B8-9774-33B605E86BD8} - System32\Tasks\SDD_PC Download => Iexplore.exe https://si2.schwabinstitutional.com/sdd/Schwab.SI.SI2Desktop.Container.application?SCHEDULE=YES
Task: {FDE3119D-56B2-466C-9D87-6C0F791D14C2} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2015-07-08] (Microsoft)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-223588219-2138284121-77307795-1002.job => C:\Users\betty\AppData\Local\Citrix\GoToMeeting\6039\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-223588219-2138284121-77307795-1002.job => C:\Users\betty\AppData\Local\Citrix\GoToMeeting\6039\g2mupload.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForbetty.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\Laser App Enterprise Updates.job => C:\Windows\Installer\Laser App Enterprise Updates for All Users.lnk
Task: C:\WINDOWS\Tasks\SDD_Daily.job => C:\PROGRA~1\INTERN~1\iexplore.exe`https:/si2.schwabinstitutional.com/sdd/
Task: C:\WINDOWS\Tasks\SDD_PC Download.job => C:\PROGRA~1\INTERN~1\iexplore.exe`https:/si2.schwabinstitutional.com/sdd/
==================== Loaded Modules (Whitelisted) ==============
2016-09-01 17:12 - 2016-09-01 17:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-09-01 17:12 - 2016-09-01 17:12 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-12-29 22:15 - 2016-12-14 12:55 - 02259232 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2016-07-16 03:42 - 2016-07-16 03:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-14 17:25 - 2016-12-09 02:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-14 17:25 - 2016-12-09 02:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-12-13 09:22 - 2016-12-13 09:22 - 01678560 _____ () C:\Users\betty\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\amd64\ClientTelemetry.dll
2016-07-03 17:49 - 2016-12-09 15:33 - 08919752 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-11-14 08:27 - 2016-11-02 02:21 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-14 08:26 - 2016-11-02 02:15 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-14 08:27 - 2016-11-02 02:14 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-11-14 08:27 - 2016-11-02 02:15 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-11-14 08:27 - 2016-11-02 02:16 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-14 08:27 - 2016-11-02 02:17 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-10-01 10:15 - 2016-10-01 10:15 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-12-14 17:26 - 2016-12-09 01:41 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2014-06-24 22:18 - 2013-08-09 04:25 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2016-07-03 17:49 - 2016-12-09 14:47 - 08919752 _____ () C:\Program Files (x86)\Microsoft Office\Root\Office16\1033\GrooveIntlResource.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Program Files\Bonjour:Win32App_1
AlternateDataStreams: C:\Program Files\IDT:Win32App_1
AlternateDataStreams: C:\Program Files\iTunes:Win32App_1
AlternateDataStreams: C:\Program Files\Microsoft Mouse and Keyboard Center:Win32App_1
AlternateDataStreams: C:\Program Files\Microsoft Silverlight:Win32App_1
AlternateDataStreams: C:\Program Files\Microsoft SQL Server:Win32App_1
AlternateDataStreams: C:\Program Files\RogueKiller:Win32App_1
AlternateDataStreams: C:\Program Files\SQLXML 4.0:Win32App_1
AlternateDataStreams: C:\Program Files\Validity Sensors:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Apple Software Update:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\BERNINA:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Bonjour:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\FreeMind:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Hewlett-Packard:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\HPConnectedMusic:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Laser App Enterprise:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Microsoft Office:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Microsoft SQL Server:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Mozilla Firefox:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Pinger:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Savings Bond Wizard:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Schwab Performance Technologies:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\SQLXML 4.0:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\WinSCP:Win32App_1
AlternateDataStreams: C:\WINDOWS\SysWOW64\Adobe:Win32App_1
AlternateDataStreams: C:\ProgramData\HP:Win32App_1
AlternateDataStreams: C:\ProgramData\Intuit:Win32App_1
AlternateDataStreams: C:\ProgramData\regid.1991-06.com.microsoft:Win32App_1
AlternateDataStreams: C:\Users\betty\OneDrive:ms-properties
AlternateDataStreams: C:\Users\betty\Downloads\Re Client.eml:OECustomProperty
AlternateDataStreams: C:\Users\betty\Downloads\WIN_20150929_113427.jpg:ms-properties
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52} => ""="Firmware"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SpbCx.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\uefi.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52} => ""="Firmware"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-223588219-2138284121-77307795-1001\...\advisorbriefcase.com -> hxxps://www.advisorbriefcase.com
IE trusted site: HKU\S-1-5-21-223588219-2138284121-77307795-1001\...\sharepoint.com -> hxxps://hedrickcodotcom.sharepoint.com

==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-223588219-2138284121-77307795-1001\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-223588219-2138284121-77307795-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\betty\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\StartupFolder: => "Intuit Data Protect.lnk"
HKLM\...\StartupApproved\StartupFolder: => "QuickBooks_Standard_21.lnk"
HKLM\...\StartupApproved\StartupFolder: => "QuickBooks Update Agent.lnk"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Intuit SyncManager"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-223588219-2138284121-77307795-1001\...\StartupApproved\Run: => "Adobe Acrobat Synchronizer"
HKU\S-1-5-21-223588219-2138284121-77307795-1001\...\StartupApproved\Run: => "LaserAppUpdate"
HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\StartupApproved\StartupFolder: => "OneDrive for Business.lnk"
HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\StartupApproved\Run: => "Power2GoExpress8"
HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\StartupApproved\Run: => "Adobe Acrobat Synchronizer"
HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\StartupApproved\Run: => "LaserAppUpdate"
HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\StartupApproved\Run: => "NETGEARGenie"
 
Addition 3:

==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [WirelessDisplay-Infra-In-TCP] => (Allow) %systemroot%\system32\CastSrv.exe
FirewallRules: [{9B12FE77-02C5-46A3-9C8F-3C9B9F7CE515}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{D4A4AA59-C111-4F56-B5ED-13B36CF928C1}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{ACF3E387-B502-41A5-99FF-7177FE02E1AA}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{EC85DAE3-E32D-47D4-B3D6-98C4D3E4B713}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{6221AAF7-721A-419C-BB6A-B16956125A14}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{CF4DC541-160E-4E99-91E8-89D26AEC5842}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{5282447E-3236-4FC5-9F50-933B28C3187D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{5F7832E1-8124-4843-A440-12B61B8DE9C2}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{BBD25918-7FDA-48F4-A9AB-E1A9FB6BB7B1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B1CB5C1D-288E-47FB-84DD-A2FC747786C8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5FB37F94-1AB9-4710-AB32-CC93DBD1FF04}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A464823E-37E9-4E88-A7BD-13F77ACF05E0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A8229529-7EB0-42CA-B69E-151ACA79EC9F}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{81F83299-2998-42C7-B391-6C15DD7B7AE8}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{91F36541-D98A-4C8B-9C83-139FE92B6584}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{551A9F90-9743-4FC7-A2E7-DC209E6C80B3}] => (Allow) c:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{5C66F09C-B614-4474-B1A3-3A96012E575C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{1BDD8A01-38ED-40A0-8588-180D82C6CD00}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{CC23F4CA-C3C9-44FE-B51B-49B654D923C0}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{68715254-D5D0-4079-BECD-023BA0D888AA}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{A08B0C0C-5C38-4B68-875E-4B57C060149B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{3B311D07-DD3D-4B44-9F65-070DCA777746}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{5CA5085F-54BD-4296-9209-88D3C14CCDC7}] => (Allow) C:\Program Files (x86)\Schwab Performance Technologies\PortfolioCenter\PCServerManager.exe
FirewallRules: [{23B78644-F036-4A51-84A5-3554E9732779}] => (Allow) C:\Program Files (x86)\Schwab Performance Technologies\PortfolioCenter\PCServerManager.exe
FirewallRules: [{2BB3A8B2-D9E1-481E-93C4-CF5BBE29CDCE}] => (Allow) C:\Program Files (x86)\Schwab Performance Technologies\PortfolioCenter\PCExportWizard.exe
FirewallRules: [{F29E9B67-F210-40CB-BE74-28ADBDD38766}] => (Allow) C:\Program Files (x86)\Schwab Performance Technologies\PortfolioCenter\PCExportWizard.exe
FirewallRules: [{6D37C88C-CEC2-4F1D-A627-ADD479004029}] => (Allow) C:\Program Files (x86)\Schwab Performance Technologies\PortfolioCenter\PortfolioCenter.exe
FirewallRules: [{B4CFE49C-771A-46B0-8168-52462D2F48AF}] => (Allow) C:\Program Files (x86)\Schwab Performance Technologies\PortfolioCenter\PortfolioCenter.exe
FirewallRules: [{9B45EC6D-2C98-467F-8C10-D11AB8BBE462}] => (Allow) C:\Program Files (x86)\Microsoft SQL Server\100\Shared\SqlWtsn.exe
FirewallRules: [{3D4606F7-6EE5-49C1-8966-8C2E588014C8}] => (Allow) C:\Program Files (x86)\Microsoft SQL Server\100\Shared\SqlWtsn.exe
FirewallRules: [{C7818641-4995-47BA-B593-E9F29AF6C68D}] => (Allow) C:\Program Files (x86)\Microsoft SQL Server\100\Setup Bootstrap\SQLServer2008R2\x86\LandingPage.exe
FirewallRules: [{5D0E1531-FBD5-4B0F-B4D4-DF426BD4B11E}] => (Allow) C:\Program Files (x86)\Microsoft SQL Server\100\Setup Bootstrap\SQLServer2008R2\x86\LandingPage.exe
FirewallRules: [{4E028E3B-D38B-4AFB-8418-7D14DCEB2CF6}] => (Allow) C:\Program Files (x86)\Microsoft SQL Server\100\Setup Bootstrap\Release\x86\LandingPage.exe
FirewallRules: [{A5D99608-25AA-4151-AAA7-E168715F5A8C}] => (Allow) C:\Program Files (x86)\Microsoft SQL Server\100\Setup Bootstrap\Release\x86\LandingPage.exe
FirewallRules: [{51D6C454-6900-4A97-8F25-26E09F04F64D}] => (Allow) C:\Program Files (x86)\Microsoft SQL Server\100\Setup Bootstrap\Release\x86\LandingPage.exe
FirewallRules: [{C986018C-71FE-4886-B503-77F0608109AB}] => (Allow) C:\Program Files (x86)\Microsoft SQL Server\100\Setup Bootstrap\Release\x86\LandingPage.exe
FirewallRules: [{7C2F2CD7-5A09-48D9-87D4-17EFDAFA3E91}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2EFD157C-DF4E-4FFB-A133-63EC921CF676}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C19B5AA0-38AD-443D-BA9F-BE314EC41F75}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [TCP Query User{90897F2F-47DB-445B-A935-A0F6CC7AF767}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [UDP Query User{71655A4E-98DB-4C05-B9E3-CDB6571CBAA9}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [TCP Query User{02966D7E-E33A-44B9-B8DE-FBC3C897A2E9}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [UDP Query User{ED5DB793-956E-4302-AEAB-627DA905452F}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [TCP Query User{AE2B5981-B06D-4177-9EAA-D6626C1C7DDF}C:\program files (x86)\lewis software associates llc\quarterly express plus\quarterly express plus.exe] => (Allow) C:\program files (x86)\lewis software associates llc\quarterly express plus\quarterly express plus.exe
FirewallRules: [UDP Query User{C5594EED-EAB7-4274-8C5E-FC00D8A34DE8}C:\program files (x86)\lewis software associates llc\quarterly express plus\quarterly express plus.exe] => (Allow) C:\program files (x86)\lewis software associates llc\quarterly express plus\quarterly express plus.exe
FirewallRules: [{6B4806DC-C9D3-4D8D-AC70-EC1CB22CA3E4}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{441C4E5C-D05C-4D8F-B4ED-154D98975024}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [TCP Query User{5387E399-7E6F-4066-A019-3BD24C4035B6}C:\program files (x86)\8x8 virtual office\8x8 - virtual office\8x8 - virtual office.exe] => (Allow) C:\program files (x86)\8x8 virtual office\8x8 - virtual office\8x8 - virtual office.exe
FirewallRules: [UDP Query User{B37F94C6-DA9F-4500-8F3A-67816F841981}C:\program files (x86)\8x8 virtual office\8x8 - virtual office\8x8 - virtual office.exe] => (Allow) C:\program files (x86)\8x8 virtual office\8x8 - virtual office\8x8 - virtual office.exe
FirewallRules: [{E615CB42-1809-4C57-853F-CE7AA967B6E2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D0796EE4-C656-485C-A7F8-F9C8443D0A8F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8721A7BB-6150-4E02-9085-C7038D97C937}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8F13CD30-13C2-46C1-8C95-CAADD3B3541B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{66B6362B-2031-4600-90B7-F735668928A9}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{3B81CC12-09E4-4770-9180-B32E76BBAFFF}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{99C51ABB-EB76-4720-8401-B4CEB81EFE78}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{F5455B45-47EA-44BE-9A72-95B139AA9679}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{D19C0562-58DF-456A-9D41-2A16BFAFFD72}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{012E242B-BCF4-4AC4-9E2D-C9C7C108FB62}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe
FirewallRules: [{35C4ED33-0392-42E7-8FAC-A7EB08CC4548}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe
FirewallRules: [{EE01684B-508F-4B31-A57A-66C9F4439C85}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe
FirewallRules: [{2FC451CB-F8C0-49C3-BCD3-84C1399D4A28}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe
FirewallRules: [{C05AA4B3-27A0-4383-AA16-745A51632D71}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{938D7396-B109-432D-B0D5-575ED12A9D80}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{F022DA75-77D5-4AA7-957E-0FB4395E32E9}] => (Allow) C:\Users\betty\AppData\Local\Temp\7zS125F\HP.EasyStart.exe
FirewallRules: [{01132AEC-FB3E-4FE2-A502-BC73AC8FAB82}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8720\bin\FaxApplications.exe
FirewallRules: [{D8A56197-B17A-4943-ABD2-EBFDFEF4EB3B}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8720\bin\DigitalWizards.exe
FirewallRules: [{9EC00D50-BAB7-4BCC-9A04-8A6A30164E1D}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8720\bin\SendAFax.exe
FirewallRules: [{88F930E3-C0A2-476D-9C42-176B5CD33E19}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8720\bin\FaxPrinterUtility.exe
FirewallRules: [{FCA46394-63F7-45C8-8B5D-FA2143A08B89}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8720\Bin\DeviceSetup.exe
FirewallRules: [{0F4CDFF6-92B3-45F0-A91B-31AA1E611D10}] => (Allow) LPort=5357
FirewallRules: [{64829415-C344-49B1-A429-E49810C96715}] => (Allow) C:\Program Files\HP\HP OfficeJet Pro 8720\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{BB9AB998-9309-4EFA-8532-4DCCC47B1DA7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================
Application errors:
==================
Error: (12/30/2016 10:03:21 PM) (Source: SharpShell) (EventID: 0) (User: )
Description: System.NullReferenceException: Object reference not set to an instance of an object.
at IconOverlayClient.BoxIconOverlay.CreateClient()
at IconOverlayClient.BoxIconOverlay.CanShowOverlay(String path, FILE_ATTRIBUTE attributes)
at SharpShell.SharpIconOverlayHandler.SharpIconOverlayHandler.SharpShell.Interop.IShellIconOverlayIdentifier.IsMemberOf(String pwszPath, FILE_ATTRIBUTE dwAttrib)
Error: (12/30/2016 10:03:21 PM) (Source: SharpShell) (EventID: 0) (User: )
Description: NotSyncedIconOverlay: IsMemberOf: An exception occured when determining whether to show the overlay for 'C:\Users\betty\Box Sync\Clients\FLS\Voya Kimberly'.
Error: (12/30/2016 10:02:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: microsoftedgecp.exe, version: 11.0.14393.82, time stamp: 0x57a55786
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x2be8
Faulting application start time: 0xmicrosoftedgecp.exe0
Faulting application path: microsoftedgecp.exe1
Faulting module path: microsoftedgecp.exe2
Report Id: microsoftedgecp.exe3
Faulting package full name: microsoftedgecp.exe4
Faulting package-relative application ID: microsoftedgecp.exe5
Error: (12/30/2016 10:02:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: microsoftedgecp.exe, version: 11.0.14393.82, time stamp: 0x57a55786
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x1430
Faulting application start time: 0xmicrosoftedgecp.exe0
Faulting application path: microsoftedgecp.exe1
Faulting module path: microsoftedgecp.exe2
Report Id: microsoftedgecp.exe3
Faulting package full name: microsoftedgecp.exe4
Faulting package-relative application ID: microsoftedgecp.exe5
Error: (12/30/2016 10:02:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: microsoftedgecp.exe, version: 11.0.14393.82, time stamp: 0x57a55786
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x2be8
Faulting application start time: 0xmicrosoftedgecp.exe0
Faulting application path: microsoftedgecp.exe1
Faulting module path: microsoftedgecp.exe2
Report Id: microsoftedgecp.exe3
Faulting package full name: microsoftedgecp.exe4
Faulting package-relative application ID: microsoftedgecp.exe5
Error: (12/30/2016 10:02:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: microsoftedgecp.exe, version: 11.0.14393.82, time stamp: 0x57a55786
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x1430
Faulting application start time: 0xmicrosoftedgecp.exe0
Faulting application path: microsoftedgecp.exe1
Faulting module path: microsoftedgecp.exe2
Report Id: microsoftedgecp.exe3
Faulting package full name: microsoftedgecp.exe4
Faulting package-relative application ID: microsoftedgecp.exe5
Error: (12/30/2016 10:02:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: microsoftedgecp.exe, version: 11.0.14393.82, time stamp: 0x57a55786
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x2be8
Faulting application start time: 0xmicrosoftedgecp.exe0
Faulting application path: microsoftedgecp.exe1
Faulting module path: microsoftedgecp.exe2
Report Id: microsoftedgecp.exe3
Faulting package full name: microsoftedgecp.exe4
Faulting package-relative application ID: microsoftedgecp.exe5
Error: (12/30/2016 10:02:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: microsoftedgecp.exe, version: 11.0.14393.82, time stamp: 0x57a55786
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x1430
Faulting application start time: 0xmicrosoftedgecp.exe0
Faulting application path: microsoftedgecp.exe1
Faulting module path: microsoftedgecp.exe2
Report Id: microsoftedgecp.exe3
Faulting package full name: microsoftedgecp.exe4
Faulting package-relative application ID: microsoftedgecp.exe5
Error: (12/30/2016 10:02:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: microsoftedgecp.exe, version: 11.0.14393.82, time stamp: 0x57a55786
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x2be8
Faulting application start time: 0xmicrosoftedgecp.exe0
Faulting application path: microsoftedgecp.exe1
Faulting module path: microsoftedgecp.exe2
Report Id: microsoftedgecp.exe3
Faulting package full name: microsoftedgecp.exe4
Faulting package-relative application ID: microsoftedgecp.exe5
Error: (12/30/2016 10:02:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: microsoftedgecp.exe, version: 11.0.14393.82, time stamp: 0x57a55786
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x2be8
Faulting application start time: 0xmicrosoftedgecp.exe0
Faulting application path: microsoftedgecp.exe1
Faulting module path: microsoftedgecp.exe2
Report Id: microsoftedgecp.exe3
Faulting package full name: microsoftedgecp.exe4
Faulting package-relative application ID: microsoftedgecp.exe5

System errors:
=============
Error: (12/30/2016 09:36:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Universal Communication Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Error: (12/30/2016 09:00:47 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}
Error: (12/30/2016 03:25:28 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
Error: (12/29/2016 10:50:08 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}
Error: (12/29/2016 10:47:34 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}
Error: (12/29/2016 10:47:08 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}{F72671A9-012C-4725-9D2F-2A4D32D65169}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
Error: (12/29/2016 10:46:45 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Sync Host_5d5ad service terminated with the following error:
%%5
Error: (12/29/2016 10:46:39 PM) (Source: DCOM) (EventID: 10010) (User: BETTYSLAPTOP)
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Error: (12/29/2016 10:46:38 PM) (Source: DCOM) (EventID: 10010) (User: BETTYSLAPTOP)
Description: {260EB9DE-5CBE-4BFF-A99A-3710AF55BF1E}
Error: (12/29/2016 10:46:38 PM) (Source: DCOM) (EventID: 10010) (User: BETTYSLAPTOP)
Description: {260EB9DE-5CBE-4BFF-A99A-3710AF55BF1E}

CodeIntegrity:
===================================
Date: 2016-12-30 10:17:55.681
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-12-30 10:17:55.680
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-12-30 10:08:39.070
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\DriverStore\FileRepository\nvhmwu.inf_amd64_dbb067faa566eee8\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-12-30 02:22:13.401
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-12-30 02:22:13.400
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-12-30 02:21:08.087
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-12-30 02:21:08.086
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-12-29 22:53:46.967
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-12-29 22:53:46.966
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-12-29 22:53:46.285
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-4710MQ CPU @ 2.50GHz
Percentage of memory in use: 28%
Total physical RAM: 16316.02 MB
Available physical RAM: 11615.3 MB
Total Virtual: 61372.02 MB
Available Virtual: 56504.35 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:903.43 GB) (Free:750.72 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:26.2 GB) (Free:2.6 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive e: (HP OJ8720) (CDROM) (Total:0.58 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 1E1F4777)
Partition: GPT.
==================== End of Addition.txt ============================
 
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    5.2 KB · Views: 1
fixlog:

Fix result of Farbar Recovery Scan Tool (x64) Version:04-10-2015
Ran by betty (2016-12-31 16:37:31) Run:1
Running from C:\Users\betty\Desktop\Virus
Loaded Profiles: UpdatusUser & betty (Available Profiles: UpdatusUser & betty)
Boot Mode: Normal
==============================================
fixlist content:
*****************
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\Run: [Zoom] => [X]
HKU\S-1-5-21-223588219-2138284121-77307795-1002\...\MountPoints2: {5553e59e-fc3d-11e3-825b-806e6f6e6963} - "E:\Setup.exe"
SearchScopes: HKU\S-1-5-21-223588219-2138284121-77307795-1001 -> {6A1DE76A-BA2E-4191-AB59-4E8D3C3BAB2E} URL =
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
2016-01-14 16:57 - 2016-01-14 16:57 - 0002715 _____ () C:\Users\betty\AppData\Roaming\QBFileDrTool.log
2016-05-02 21:11 - 2016-05-02 21:14 - 1671526 _____ () C:\Users\betty\AppData\Roaming\qeinst.log
2016-03-29 08:39 - 2016-03-29 08:39 - 0000600 _____ () C:\Users\betty\AppData\Roaming\winscp.rnd
2016-12-28 17:53 - 2016-12-28 17:53 - 0000017 _____ () C:\Users\betty\AppData\Local\resmon.resmoncfg
2016-11-28 16:54 - 2016-11-28 16:54 - 0000057 _____ () C:\ProgramData\Ament.ini
C:\Users\betty\AppData\Local\Temp\BullseyeCoverage-2-x86.dll
C:\Users\betty\AppData\Local\Temp\dllnt_dump.dll
C:\Users\betty\AppData\Local\Temp\libeay32.dll
C:\Users\betty\AppData\Local\Temp\msvcr120.dll
C:\Users\betty\AppData\Local\Temp\RoboForm-Setup.exe
C:\Users\betty\AppData\Local\Temp\sqlite3.dll
Task: {0BA38480-425F-4C44-8BB4-F61566A8BA1F} - \WPD\SqmUpload_S-1-5-21-223588219-2138284121-77307795-1002 -> No File <==== ATTENTION
Task: {0E5600BF-76EB-4E8D-8702-76A0EB30CF33} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {12F35D5A-573E-45E8-974D-E6FCD3E5F9B8} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {1646D405-68E3-4DF5-B807-159AA9242768} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {1CA37E8F-D53E-441C-B50D-A0A88CCF7761} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {36AF7D2E-0911-4109-AB21-4D5AB58E414A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {44F3566F-FA14-431B-BEDD-A68EEC4C946B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {5A9799A6-5778-4060-8F06-9C29F8071FF3} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {66FFA64F-55F4-4B37-83F7-616642C470DC} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {6C14A00B-F2EE-4A5A-AA09-49D2FBED077D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {70331D46-364E-4004-8E19-20DF101F809F} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {769C3E6C-962C-405D-BEB6-458C1A7B89F0} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {871BC7E8-A199-4DC7-9B42-33774EEAA82A} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {AFE3A458-E934-4696-A3BA-C9642CF20B85} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {C9F66A60-62D7-4B39-8C29-7E15B4931353} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {F293A269-9B73-4379-B42D-39BEC48E64B7} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
AlternateDataStreams: C:\Program Files\Bonjour:Win32App_1
AlternateDataStreams: C:\Program Files\IDT:Win32App_1
AlternateDataStreams: C:\Program Files\iTunes:Win32App_1
AlternateDataStreams: C:\Program Files\Microsoft Mouse and Keyboard Center:Win32App_1
AlternateDataStreams: C:\Program Files\Microsoft Silverlight:Win32App_1
AlternateDataStreams: C:\Program Files\Microsoft SQL Server:Win32App_1
AlternateDataStreams: C:\Program Files\RogueKiller:Win32App_1
AlternateDataStreams: C:\Program Files\SQLXML 4.0:Win32App_1
AlternateDataStreams: C:\Program Files\Validity Sensors:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Apple Software Update:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\BERNINA:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Bonjour:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\FreeMind:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Hewlett-Packard:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\HPConnectedMusic:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Laser App Enterprise:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Microsoft Office:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Microsoft SQL Server:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Mozilla Firefox:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Pinger:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Savings Bond Wizard:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Schwab Performance Technologies:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\SQLXML 4.0:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\WinSCP:Win32App_1
AlternateDataStreams: C:\WINDOWS\SysWOW64\Adobe:Win32App_1
AlternateDataStreams: C:\ProgramData\HP:Win32App_1
AlternateDataStreams: C:\ProgramData\Intuit:Win32App_1
AlternateDataStreams: C:\ProgramData\regid.1991-06.com.microsoft:Win32App_1
AlternateDataStreams: C:\Users\betty\OneDrive:ms-properties
AlternateDataStreams: C:\Users\betty\Downloads\Re Client.eml:OECustomProperty
AlternateDataStreams: C:\Users\betty\Downloads\WIN_20150929_113427.jpg:ms-properties
*****************
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-21-223588219-2138284121-77307795-1002\Software\Microsoft\Windows\CurrentVersion\Run\\Zoom => value removed successfully
"HKU\S-1-5-21-223588219-2138284121-77307795-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5553e59e-fc3d-11e3-825b-806e6f6e6963}" => key removed successfully
HKCR\CLSID\{5553e59e-fc3d-11e3-825b-806e6f6e6963} => key not found.
"HKU\S-1-5-21-223588219-2138284121-77307795-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1DE76A-BA2E-4191-AB59-4E8D3C3BAB2E}" => key removed successfully
HKCR\CLSID\{6A1DE76A-BA2E-4191-AB59-4E8D3C3BAB2E} => key not found.
ibtsiva => Unable to stop service.
ibtsiva => service removed successfully
C:\Users\betty\AppData\Roaming\QBFileDrTool.log => moved successfully
C:\Users\betty\AppData\Roaming\qeinst.log => moved successfully
C:\Users\betty\AppData\Roaming\winscp.rnd => moved successfully
C:\Users\betty\AppData\Local\resmon.resmoncfg => moved successfully
C:\ProgramData\Ament.ini => moved successfully
C:\Users\betty\AppData\Local\Temp\BullseyeCoverage-2-x86.dll => moved successfully
C:\Users\betty\AppData\Local\Temp\dllnt_dump.dll => moved successfully
C:\Users\betty\AppData\Local\Temp\libeay32.dll => moved successfully
C:\Users\betty\AppData\Local\Temp\msvcr120.dll => moved successfully
C:\Users\betty\AppData\Local\Temp\RoboForm-Setup.exe => moved successfully
C:\Users\betty\AppData\Local\Temp\sqlite3.dll => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0BA38480-425F-4C44-8BB4-F61566A8BA1F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0BA38480-425F-4C44-8BB4-F61566A8BA1F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-223588219-2138284121-77307795-1002" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0E5600BF-76EB-4E8D-8702-76A0EB30CF33}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0E5600BF-76EB-4E8D-8702-76A0EB30CF33}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{12F35D5A-573E-45E8-974D-E6FCD3E5F9B8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{12F35D5A-573E-45E8-974D-E6FCD3E5F9B8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1646D405-68E3-4DF5-B807-159AA9242768}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1646D405-68E3-4DF5-B807-159AA9242768}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\rundetector" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1CA37E8F-D53E-441C-B50D-A0A88CCF7761}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1CA37E8F-D53E-441C-B50D-A0A88CCF7761}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{36AF7D2E-0911-4109-AB21-4D5AB58E414A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{36AF7D2E-0911-4109-AB21-4D5AB58E414A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{44F3566F-FA14-431B-BEDD-A68EEC4C946B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{44F3566F-FA14-431B-BEDD-A68EEC4C946B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5A9799A6-5778-4060-8F06-9C29F8071FF3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5A9799A6-5778-4060-8F06-9C29F8071FF3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{66FFA64F-55F4-4B37-83F7-616642C470DC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{66FFA64F-55F4-4B37-83F7-616642C470DC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6C14A00B-F2EE-4A5A-AA09-49D2FBED077D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6C14A00B-F2EE-4A5A-AA09-49D2FBED077D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{70331D46-364E-4004-8E19-20DF101F809F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{70331D46-364E-4004-8E19-20DF101F809F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{769C3E6C-962C-405D-BEB6-458C1A7B89F0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{769C3E6C-962C-405D-BEB6-458C1A7B89F0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{871BC7E8-A199-4DC7-9B42-33774EEAA82A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{871BC7E8-A199-4DC7-9B42-33774EEAA82A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AFE3A458-E934-4696-A3BA-C9642CF20B85}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AFE3A458-E934-4696-A3BA-C9642CF20B85}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C9F66A60-62D7-4B39-8C29-7E15B4931353}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C9F66A60-62D7-4B39-8C29-7E15B4931353}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-Weekend" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F293A269-9B73-4379-B42D-39BEC48E64B7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F293A269-9B73-4379-B42D-39BEC48E64B7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
C:\Program Files\Bonjour => ":Win32App_1" ADS removed successfully.
C:\Program Files\IDT => ":Win32App_1" ADS removed successfully.
C:\Program Files\iTunes => ":Win32App_1" ADS removed successfully.
C:\Program Files\Microsoft Mouse and Keyboard Center => ":Win32App_1" ADS removed successfully.
C:\Program Files\Microsoft Silverlight => ":Win32App_1" ADS removed successfully.
C:\Program Files\Microsoft SQL Server => ":Win32App_1" ADS removed successfully.
C:\Program Files\RogueKiller => ":Win32App_1" ADS removed successfully.
C:\Program Files\SQLXML 4.0 => ":Win32App_1" ADS removed successfully.
C:\Program Files\Validity Sensors => ":Win32App_1" ADS removed successfully.
C:\Program Files (x86)\Apple Software Update => ":Win32App_1" ADS removed successfully.
C:\Program Files (x86)\BERNINA => ":Win32App_1" ADS removed successfully.
C:\Program Files (x86)\Bonjour => ":Win32App_1" ADS removed successfully.
C:\Program Files (x86)\FreeMind => ":Win32App_1" ADS removed successfully.
C:\Program Files (x86)\Hewlett-Packard => ":Win32App_1" ADS removed successfully.
C:\Program Files (x86)\HPConnectedMusic => ":Win32App_1" ADS removed successfully.
C:\Program Files (x86)\Laser App Enterprise => ":Win32App_1" ADS removed successfully.
C:\Program Files (x86)\Microsoft Office => ":Win32App_1" ADS removed successfully.
C:\Program Files (x86)\Microsoft SQL Server => ":Win32App_1" ADS removed successfully.
C:\Program Files (x86)\Mozilla Firefox => ":Win32App_1" ADS removed successfully.
C:\Program Files (x86)\Pinger => ":Win32App_1" ADS removed successfully.
C:\Program Files (x86)\Savings Bond Wizard => ":Win32App_1" ADS removed successfully.
C:\Program Files (x86)\Schwab Performance Technologies => ":Win32App_1" ADS removed successfully.
C:\Program Files (x86)\SQLXML 4.0 => ":Win32App_1" ADS removed successfully.
C:\Program Files (x86)\WinSCP => ":Win32App_1" ADS removed successfully.
C:\WINDOWS\SysWOW64\Adobe => ":Win32App_1" ADS removed successfully.
C:\ProgramData\HP => ":Win32App_1" ADS removed successfully.
C:\ProgramData\Intuit => ":Win32App_1" ADS removed successfully.
C:\ProgramData\regid.1991-06.com.microsoft => ":Win32App_1" ADS removed successfully.
"C:\Users\betty\OneDrive" => ":ms-properties" ADS not found.
C:\Users\betty\Downloads\Re Client.eml => ":OECustomProperty" ADS removed successfully.
C:\Users\betty\Downloads\WIN_20150929_113427.jpg => ":ms-properties" ADS removed successfully.

The system needed a reboot..
==== End of Fixlog 16:37:38 ====
 
Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.


redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


redtarget.gif
Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
 
Another malware scan:

Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 12/31/16
Scan Time: 4:47 PM
Logfile:
Administrator: Yes
-Software Information-
Version: 3.0.5.1299
Components Version: 1.0.43
Update Package Version: 1.0.901
License: Trial
-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: BETTYSLAPTOP\betty
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 452824
Time Elapsed: 6 min, 40 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
-Scan Details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 0
(No malicious items detected)
Registry Value: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 0
(No malicious items detected)
File: 0
(No malicious items detected)
Physical Sector: 0
(No malicious items detected)

(end)
 
Results of screen317's Security Check version 1.014 --- 12/23/15
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
`````````Anti-malware/Other Utilities Check:`````````
Java 8 Update 73
Java version 32-bit out of Date!
Adobe Flash Player 24.0.0.186
Mozilla Firefox 40.0.3 Firefox out of Date!
Google Chrome (55.0.2883.87)
Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSMpEng.exe
Malwarebytes Anti-Malware mbamservice.exe
betty Desktop Virus SecurityCheck.exe
Malwarebytes Anti-Malware mbamtray.exe
Windows Defender MSASCuiL.exe
Windows Defender MpCmdRun.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
 
fss:
Farbar Service Scanner Version: 27-01-2016
Ran by betty (administrator) on 31-12-2016 at 17:13:39
Running from "C:\Users\betty\Desktop\Virus"
Microsoft Windows 10 Home (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
Firewall Disabled Policy:
==================

System Restore:
============
System Restore Policy:
========================

Security Center:
============

Windows Update:
============
Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****
 
Getting user folders.
Stopping running processes.
Emptying Temp folders.
User: All Users
User: betty
->Temp folder emptied: 1398555406 bytes
->Temporary Internet Files folder emptied: 187536986 bytes
->Java cache emptied: 542386 bytes
->FireFox cache emptied: 101257168 bytes
->Google Chrome cache emptied: 417446930 bytes
->Flash cache emptied: 9046 bytes
User: Default
->Temp folder emptied: 110 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default.migrated
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 33057238 bytes
Emptying RecycleBin. Do not interrupt.
RecycleBin emptied: 69865267 bytes
Process complete!
Total Files Cleaned = 2,106.00 mb
 
You must log in or register to reply here.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
784
uber_beetle
uber_beetle
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni

Latest posts

Back