Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

3 trojans and some viruses detected [Solved]

Started by madhartigan , Jan 14 2017 01:45 PM

  • This topic is locked This topic is locked
20 replies to this topic

#1 madhartigan

madhartigan

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 14 January 2017 - 01:45 PM

Hi there!

 

Thank you, in advance, for any help anyone chooses to offer.

 

I have a laptop that, once Windows had booted up and I tried to run Windows, I would try to run Chrome and it would immediately show "not responding" in the title bar.

 

I have since performed a clean boot and run ClamWin on it.  I'm not sure whether it repaired anything, but it showed 11 viruses and 3 trojans.

 

I can supply that log file if needed.

Here are both the aswMBR log file and the FRST log files:

Thank you very much to anyone who may be able to help.



aswMBR - 

 

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2017-01-14 10:10:59
-----------------------------
10:10:59.750    OS Version: Windows x64 6.2.9200 
10:10:59.750    Number of processors: 2 586 0x170A
10:10:59.766    ComputerName: ASUSP50IJ-PC  UserName: bruce
10:11:00.234    Initialize success
10:11:00.234    VM: initialized successfully
10:11:00.234    VM: Intel CPU virtualization not supported 
10:14:17.159    AVAST engine defs: 17010903
10:17:51.955    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
10:17:51.970    Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
10:17:52.127    Disk 0 MBR read successfully
10:17:52.142    Disk 0 MBR scan
10:17:52.174    Disk 0 Windows 7 default MBR code
10:17:52.189    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        99550 MB offset 2048
10:17:52.221    Disk 0 Partition 2 00     27 Hidden NTFS WinRE NTFS          450 MB offset 203880448
10:17:52.314    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       205242 MB offset 204802048
10:17:52.486    Disk 0 scanning C:\WINDOWS\system32\drivers
10:18:19.728    Service scanning
10:19:21.634    Modules scanning
10:19:21.649    Disk 0 trace - called modules:
10:19:21.696    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll 
10:19:21.712    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffff8f85b62ff690]
10:19:21.728    3 CLASSPNP.SYS[fffff80980e25efb] -> nt!IofCallDriver -> [0xffff8f85b6220e40]
10:19:21.743    5 ACPI.sys[fffff8097feb4571] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xffff8f85b507c050]
10:19:22.634    AVAST engine scan C:\
12:05:51.158    File: C:\Users\bruce\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\jbkceikmmebhmgcjiemejoaeholbnnjl\10.11.21.5_0\plugins\ConduitChromeApiPlugin.dll  **INFECTED** Win32:SearchProtect-BZ [Adw]
14:29:27.690    Disk 0 statistics 23818538/0/0 @ 1.61 MB/s
14:29:27.705    Scan finished successfully
14:30:18.294    Disk 0 MBR has been saved successfully to "F:\MBR.dat"
14:30:18.356    The log file has been saved successfully to "F:\aswMBR.txt"
 
 
 
FRST - 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-01-2017
Ran by bruce (administrator) on ASUSP50IJ-PC (14-01-2017 14:32:58)
Running from F:\
Loaded Profiles: bruce (Available Profiles: bruce)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
() C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
() C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_15_6\mcapexe.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\2.3.253.0\McCSPServiceHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(SanDisk Corporation) C:\Users\bruce\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
(Dropbox, Inc.) C:\Users\bruce\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(ASUS) C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.474\SSScheduler.exe
(Dropbox, Inc.) C:\Users\bruce\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(PortableApps.com) F:\PortableApps\PortableApps.com\PortableAppsPlatform.exe
(Intel Security) C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242696 2015-10-07] (ELAN Microelectronics Corp.)
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [3242696 2015-10-07] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-11-01] (Apple Inc.)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [6859392 2009-08-17] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [170624 2009-08-19] (ASUS)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2244096 2009-07-13] (VIA)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [Google Desktop Search] => C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [30192 2011-02-24] (Google)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-10-05] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595992 2016-05-20] (Oracle Corporation)
HKU\S-1-5-21-3677484834-1582494324-1908912837-1000\...\Run: [SansaDispatch] => C:\Users\bruce\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [1465616 2014-07-19] (SanDisk Corporation)
HKU\S-1-5-21-3677484834-1582494324-1908912837-1000\...\Run: [Dropbox Update] => C:\Users\bruce\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-16] (Dropbox, Inc.)
HKU\S-1-5-21-3677484834-1582494324-1908912837-1000\...\Run: [GoogleChromeAutoLaunch_2826B3ABEE4F5A7A466A806D64AA8669] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [935768 2016-12-08] (Google Inc.)
HKU\S-1-5-21-3677484834-1582494324-1908912837-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23818360 2016-11-30] (Google)
HKU\S-1-5-21-3677484834-1582494324-1908912837-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9288408 2016-12-06] (Piriform Ltd)
HKU\S-1-5-21-3677484834-1582494324-1908912837-1000\...\RunOnce: [Uninstall C:\Users\bruce\AppData\Local\Microsoft\OneDrive\17.3.6386.0412_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\bruce\AppData\Local\Microsoft\OneDrive\17.3.6386.0412_1\amd64"
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\bruce\AppData\Roaming\Dropbox\bin\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\bruce\AppData\Roaming\Dropbox\bin\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\bruce\AppData\Roaming\Dropbox\bin\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\bruce\AppData\Roaming\Dropbox\bin\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\bruce\AppData\Roaming\Dropbox\bin\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\bruce\AppData\Roaming\Dropbox\bin\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\bruce\AppData\Roaming\Dropbox\bin\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\bruce\AppData\Roaming\Dropbox\bin\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install SafeKey IE RunOnce.lnk [2015-01-08]
ShortcutTarget: Install SafeKey IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (McAfee)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-12-20]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.474\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\bruce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2017-01-10]
ShortcutTarget: Dropbox.lnk -> C:\Users\bruce\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1bf3c3fa-a7d3-4900-aa5b-f67749e86fa7}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{42e3064b-4e27-4187-b672-396de0cfc114}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{4864f3a4-c147-45d5-a397-742ced98cc9e}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3677484834-1582494324-1908912837-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3677484834-1582494324-1908912837-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/
HKU\S-1-5-21-3677484834-1582494324-1908912837-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKU\S-1-5-21-3677484834-1582494324-1908912837-1000 -> DefaultScope {E293979B-493B-4AFB-B85B-9FAD1FA239A9} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US0D20150108&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3677484834-1582494324-1908912837-1000 -> {70D46D94-BF1E-45ED-B567-48701376298E} URL = hxxp://127.0.0.1:4664/search&s=EKBJ-9xRDQ5tzhbdkvSjuPSXCyQ?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3677484834-1582494324-1908912837-1000 -> {E293979B-493B-4AFB-B85B-9FAD1FA239A9} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US0D20150108&p={searchTerms}
BHO: McAfee SafeKey Vault -> {9DB059B3-DD36-4a55-846C-59BE42A1202A} -> C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll [2015-01-08] (McAfee)
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-01-09] (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-06-27] (Oracle Corporation)
BHO-x32: McAfee SafeKey Vault -> {9DB059B3-DD36-4a55-846C-59BE42A1202A} -> C:\Program Files (x86)\SafeKey\LPToolbar.dll [2015-01-08] (McAfee)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-01-09] (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-27] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM - McAfee SafeKey - {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll [2015-01-08] (McAfee)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - McAfee SafeKey - {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar.dll [2015-01-08] (McAfee)
Toolbar: HKU\S-1-5-21-3677484834-1582494324-1908912837-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-01-09] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-01-09] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-01-09] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-01-09] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2016-12-21] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2016-12-21] (McAfee, Inc.)
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-01-14]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2017-01-12] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-10] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-12-21] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-10] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-27] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-12-21] ()
FF Plugin-x32: @mcafee.com/MVT -> C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll [2014-12-08] (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=1.1.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default [2017-01-14]
CHR Extension: (McAfee SafeKey) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\agbnjankikoaabjkmfbaceggjliabkbn [2017-01-13]
CHR Extension: (Google Docs) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-13]
CHR Extension: (Google Drive) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-13]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2017-01-13]
CHR Extension: (Google Docs Offline) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-13]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-01-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-13]
CHR Extension: (Gmail) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-13]
CHR Extension: (Chrome Media Router) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-13]
CHR Profile: C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default backup [2017-01-14] <==== ATTENTION
CHR Extension: (Google Drive) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default backup\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-14]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default backup\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2016-11-25]
CHR Extension: (Full Screen Weather) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default backup\Extensions\fkkaebihfmbofclegkcfkkemepfehibg [2015-05-12]
CHR Extension: (Google Docs Offline) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default backup\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default backup\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-02-14]
CHR Extension: (EasyDocMerge) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default backup\Extensions\mabloidgodmbnmnhoenmhlcjkfelomgp [2016-09-30]
CHR Extension: (Plants vs Zombies) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default backup\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina [2012-12-23]
CHR Extension: (RadioRage) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default backup\Extensions\nmhnimmlenjeaagdfpheikljicikpgjj [2016-10-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default backup\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Chrome Media Router) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default backup\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-15]
CHR Extension: (Canvas Rider) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default backup\Extensions\poknhlcknimnnbfcombaooklofipaibk [2015-05-09]
CHR Profile: C:\Users\bruce\AppData\Local\Google\Chrome\User Data\System Profile [2017-01-14]
CHR Extension: (Google Slides) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-10]
CHR Extension: (McAfee SafeKey) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\agbnjankikoaabjkmfbaceggjliabkbn [2015-07-10]
CHR Extension: (Google Docs) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-10]
CHR Extension: (Google Drive) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-10]
CHR Extension: (YouTube) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-10]
CHR Extension: (Google Search) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-10]
CHR Extension: (Google Sheets) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-10]
CHR Extension: (SiteAdvisor) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-07-10]
CHR Extension: (Mapit 1) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\jbkceikmmebhmgcjiemejoaeholbnnjl [2015-07-10] [UpdateUrl: hxxp://autoupdate.chromewebtb.conduit-services.com/sb/?productId=CT3008660&extensionData=\u003Cextension_data>] <==== ATTENTION
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-10]
CHR Extension: (Google Wallet) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-10]
CHR Extension: (Gmail) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-10]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-06-20]
CHR HKU\S-1-5-21-3677484834-1582494324-1908912837-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\bruce\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2016-02-14]
CHR HKU\S-1-5-21-3677484834-1582494324-1908912837-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jbkceikmmebhmgcjiemejoaeholbnnjl] - C:\Users\bruce\AppData\Local\CRE\jbkceikmmebhmgcjiemejoaeholbnnjl.crx <not found>
CHR HKU\S-1-5-21-3677484834-1582494324-1908912837-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [agbnjankikoaabjkmfbaceggjliabkbn] - C:\Program Files (x86)\SafeKey\lpchrome.crx [2014-11-29]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-06-20]
CHR HKLM-x32\...\Chrome\Extension: [jbkceikmmebhmgcjiemejoaeholbnnjl] - C:\Users\bruce\AppData\Local\CRE\jbkceikmmebhmgcjiemejoaeholbnnjl.crx <not found>
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 0243741484400473mcinstcleanup; C:\WINDOWS\TEMP\024374~1.EXE [883024 2017-01-14] (McAfee, Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () [File not signed]
R3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1701840 2016-12-08] (Intel Security)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [144072 2015-10-07] (ELAN Microelectronics Corp.)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2011-02-24] (Macrovision Europe Ltd.) [File not signed]
R2 FlipShare Service; C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe [460144 2011-05-06] ()
R2 FlipShareServer; C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [1085440 2011-05-06] () [File not signed]
S3 GoogleDesktopManager-051210-111108; C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [30192 2011-02-24] (Google)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [188352 2017-01-09] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_6\McApExe.exe [989632 2016-12-06] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.474\McCHSvc.exe [329480 2016-12-14] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.3.253.0\\McCSPServiceHost.exe [2053568 2016-11-16] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [1342904 2016-12-15] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [241040 2016-11-14] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [383032 2016-11-14] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [342768 2016-11-14] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1465840 2016-12-22] (McAfee, Inc.)
S3 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1104304 2016-11-15] (Intel Security, Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)
R2 VIAKaraokeService; C:\WINDOWS\system32\viakaraokesrv.exe [36504 2015-06-22] (VIA Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [88456 2016-11-18] (McAfee, Inc.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [216704 2016-08-02] (McAfee, Inc.)
R3 kbfiltr; C:\WINDOWS\System32\drivers\kbfiltr.sys [15416 2009-07-20] ( )
R2 McPvDrv; C:\WINDOWS\system32\drivers\McPvDrv.sys [87928 2016-08-01] (McAfee, Inc.)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [484576 2016-11-18] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [366320 2016-11-18] (McAfee, Inc.)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [85048 2016-11-18] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [518184 2016-11-18] (McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [916432 2016-11-18] (McAfee, Inc.)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [498152 2016-10-24] (McAfee, Inc.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [109336 2016-10-24] (McAfee, Inc.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [110248 2016-11-18] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [254800 2016-11-18] (McAfee, Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
U3 aswMBR; C:\Users\bruce\AppData\Local\Temp\aswMBR.sys [62728 2017-01-12] () [File not signed]
U3 aswVmm; C:\Users\bruce\AppData\Local\Temp\aswVmm.sys [224896 2017-01-12] ()
U3 idsvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-14 09:52 - 2017-01-14 10:02 - 00000000 ____D C:\WINDOWS\Minidump
2017-01-11 21:21 - 2016-12-21 02:43 - 04130440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-01-11 21:21 - 2016-12-21 02:43 - 01454504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2017-01-11 21:21 - 2016-12-21 02:43 - 01071736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-01-11 21:21 - 2016-12-21 02:42 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-01-11 21:21 - 2016-12-21 02:42 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-01-11 21:21 - 2016-12-21 02:42 - 01300600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-01-11 21:21 - 2016-12-21 02:41 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-01-11 21:21 - 2016-12-21 02:08 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2017-01-11 21:21 - 2016-12-21 02:06 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-01-11 21:21 - 2016-12-21 01:59 - 00883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-01-11 21:21 - 2016-12-21 01:56 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-01-11 21:21 - 2016-12-21 01:53 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-01-11 21:21 - 2016-12-21 01:51 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-01-11 21:21 - 2016-12-21 01:51 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-01-11 21:21 - 2016-12-21 00:59 - 00218976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2017-01-11 21:21 - 2016-12-21 00:09 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2017-01-11 21:21 - 2016-12-20 23:43 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-01-11 21:21 - 2016-12-20 23:41 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2017-01-11 21:21 - 2016-12-20 23:40 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-01-11 21:21 - 2016-12-20 23:40 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-01-11 21:21 - 2016-12-20 23:39 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-01-11 21:21 - 2016-12-20 23:38 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2017-01-11 21:21 - 2016-12-20 23:22 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-01-11 21:21 - 2016-12-14 00:41 - 01235296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-01-11 21:21 - 2016-12-13 23:48 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-01-11 21:21 - 2016-12-13 23:38 - 17188864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-01-11 21:21 - 2016-12-13 23:38 - 00213504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll
2017-01-11 21:21 - 2016-12-13 23:24 - 01005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2017-01-11 21:21 - 2016-12-13 23:24 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-01-11 21:21 - 2016-12-13 23:23 - 03134976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2017-01-11 21:21 - 2016-12-13 23:22 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-01-11 21:20 - 2016-12-21 03:08 - 00245600 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2017-01-11 21:20 - 2016-12-21 03:08 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-01-11 21:20 - 2016-12-21 03:04 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-01-11 21:20 - 2016-12-21 02:49 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-01-11 21:20 - 2016-12-21 02:46 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-01-11 21:20 - 2016-12-21 02:43 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-01-11 21:20 - 2016-12-21 02:42 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-01-11 21:20 - 2016-12-21 02:37 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-01-11 21:20 - 2016-12-21 02:15 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-01-11 21:20 - 2016-12-21 02:14 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2017-01-11 21:20 - 2016-12-21 02:09 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
2017-01-11 21:20 - 2016-12-21 02:09 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2017-01-11 21:20 - 2016-12-21 02:08 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-01-11 21:20 - 2016-12-21 02:08 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-01-11 21:20 - 2016-12-21 02:08 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-01-11 21:20 - 2016-12-21 02:07 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-01-11 21:20 - 2016-12-21 02:06 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-01-11 21:20 - 2016-12-21 02:06 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-01-11 21:20 - 2016-12-21 02:06 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-01-11 21:20 - 2016-12-21 02:05 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-01-11 21:20 - 2016-12-21 02:05 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-01-11 21:20 - 2016-12-21 02:05 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2017-01-11 21:20 - 2016-12-21 02:01 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-01-11 21:20 - 2016-12-21 02:00 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2017-01-11 21:20 - 2016-12-21 01:59 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-01-11 21:20 - 2016-12-21 01:58 - 23678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-01-11 21:20 - 2016-12-21 01:57 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsettingsprovider.dll
2017-01-11 21:20 - 2016-12-21 01:56 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2017-01-11 21:20 - 2016-12-21 01:55 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-01-11 21:20 - 2016-12-21 01:55 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-01-11 21:20 - 2016-12-21 01:54 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2017-01-11 21:20 - 2016-12-21 01:53 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-01-11 21:20 - 2016-12-21 01:50 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-01-11 21:20 - 2016-12-21 01:49 - 04149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-01-11 21:20 - 2016-12-21 01:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-01-11 21:20 - 2016-12-21 01:49 - 01062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-01-11 21:20 - 2016-12-21 01:47 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-01-11 21:20 - 2016-12-21 00:02 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-01-11 21:20 - 2016-12-21 00:02 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-01-11 21:20 - 2016-12-21 00:02 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-01-11 21:20 - 2016-12-21 00:02 - 01277344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-01-11 21:20 - 2016-12-21 00:02 - 01201872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-01-11 21:20 - 2016-12-21 00:02 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-01-11 21:20 - 2016-12-21 00:01 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-01-11 21:20 - 2016-12-20 23:46 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2017-01-11 21:20 - 2016-12-20 23:41 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-01-11 21:20 - 2016-12-20 23:40 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2017-01-11 21:20 - 2016-12-20 23:40 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-01-11 21:20 - 2016-12-20 23:39 - 01300480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-01-11 21:20 - 2016-12-20 23:35 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-01-11 21:20 - 2016-12-20 23:35 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2017-01-11 21:20 - 2016-12-20 23:34 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-01-11 21:20 - 2016-12-20 23:33 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-01-11 21:20 - 2016-12-20 23:32 - 19417600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-01-11 21:20 - 2016-12-20 23:30 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2017-01-11 21:20 - 2016-12-20 23:30 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-01-11 21:20 - 2016-12-20 23:27 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-01-11 21:20 - 2016-12-20 23:26 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2017-01-11 21:20 - 2016-12-20 23:25 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-01-11 21:20 - 2016-12-20 23:25 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-01-11 21:20 - 2016-12-20 23:24 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-01-11 21:20 - 2016-12-14 00:41 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-01-11 21:20 - 2016-12-14 00:34 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2017-01-11 21:20 - 2016-12-14 00:33 - 02169184 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2017-01-11 21:20 - 2016-12-14 00:33 - 01669984 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2017-01-11 21:20 - 2016-12-14 00:33 - 01400160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-01-11 21:20 - 2016-12-14 00:33 - 01356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2017-01-11 21:20 - 2016-12-14 00:33 - 01054048 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll
2017-01-11 21:20 - 2016-12-14 00:33 - 00992096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll
2017-01-11 21:20 - 2016-12-14 00:33 - 00822624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2017-01-11 21:20 - 2016-12-14 00:33 - 00813408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2017-01-11 21:20 - 2016-12-14 00:33 - 00779616 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2017-01-11 21:20 - 2016-12-14 00:33 - 00752992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2017-01-11 21:20 - 2016-12-14 00:33 - 00704352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-01-11 21:20 - 2016-12-14 00:33 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2017-01-11 21:20 - 2016-12-14 00:33 - 00571744 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2017-01-11 21:20 - 2016-12-14 00:33 - 00513376 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2017-01-11 21:20 - 2016-12-14 00:33 - 00406368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2017-01-11 21:20 - 2016-12-14 00:33 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe
2017-01-11 21:20 - 2016-12-14 00:33 - 00190816 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVDllSurrogate.exe
2017-01-11 21:20 - 2016-12-14 00:23 - 00404832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-01-11 21:20 - 2016-12-14 00:21 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2017-01-11 21:20 - 2016-12-14 00:19 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-01-11 21:20 - 2016-12-14 00:18 - 00715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-01-11 21:20 - 2016-12-14 00:18 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2017-01-11 21:20 - 2016-12-14 00:17 - 00319288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2017-01-11 21:20 - 2016-12-14 00:14 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-01-11 21:20 - 2016-12-14 00:14 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2017-01-11 21:20 - 2016-12-14 00:14 - 00089416 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2017-01-11 21:20 - 2016-12-14 00:01 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-01-11 21:20 - 2016-12-14 00:01 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2017-01-11 21:20 - 2016-12-14 00:01 - 00076984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2017-01-11 21:20 - 2016-12-13 23:46 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-01-11 21:20 - 2016-12-13 23:46 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-01-11 21:20 - 2016-12-13 23:43 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-01-11 21:20 - 2016-12-13 23:42 - 00352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-01-11 21:20 - 2016-12-13 23:42 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2017-01-11 21:20 - 2016-12-13 23:42 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-11 21:20 - 2016-12-13 23:42 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2017-01-11 21:20 - 2016-12-13 23:41 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-01-11 21:20 - 2016-12-13 23:40 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-01-11 21:20 - 2016-12-13 23:40 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-01-11 21:20 - 2016-12-13 23:40 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-01-11 21:20 - 2016-12-13 23:39 - 00837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-01-11 21:20 - 2016-12-13 23:39 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-01-11 21:20 - 2016-12-13 23:39 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.CredDialogController.dll
2017-01-11 21:20 - 2016-12-13 23:38 - 13869056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-01-11 21:20 - 2016-12-13 23:38 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-01-11 21:20 - 2016-12-13 23:37 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-01-11 21:20 - 2016-12-13 23:36 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-01-11 21:20 - 2016-12-13 23:36 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-01-11 21:20 - 2016-12-13 23:36 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-01-11 21:20 - 2016-12-13 23:35 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-01-11 21:20 - 2016-12-13 23:35 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-01-11 21:20 - 2016-12-13 23:35 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2017-01-11 21:20 - 2016-12-13 23:35 - 00553984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
2017-01-11 21:20 - 2016-12-13 23:32 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2017-01-11 21:20 - 2016-12-13 23:26 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-01-11 21:20 - 2016-12-13 23:26 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-01-11 21:20 - 2016-12-13 23:25 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2017-01-11 21:20 - 2016-12-13 23:23 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-01-11 21:20 - 2016-12-13 23:22 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2017-01-11 21:20 - 2016-12-13 23:22 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-01-11 21:20 - 2016-12-13 23:22 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-01-11 21:20 - 2016-12-13 23:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-01-11 21:20 - 2016-11-02 07:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-01-11 21:20 - 2016-11-02 06:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-01-11 21:20 - 2016-11-02 05:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-01-11 21:20 - 2016-11-02 05:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-01-11 21:20 - 2016-11-02 05:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-01-11 21:20 - 2016-08-01 23:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-01-11 21:19 - 2016-12-21 02:42 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-01-11 21:19 - 2016-12-21 02:13 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2017-01-11 21:19 - 2016-12-21 02:12 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2017-01-11 21:19 - 2016-12-21 02:10 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2017-01-11 21:19 - 2016-12-21 02:08 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-01-11 21:19 - 2016-12-21 02:08 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-01-11 21:19 - 2016-12-21 01:53 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-01-11 21:19 - 2016-12-21 01:51 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-01-11 21:19 - 2016-12-20 23:24 - 05061120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-01-11 21:19 - 2016-12-20 23:24 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-01-11 21:19 - 2016-12-20 23:24 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-01-11 21:19 - 2016-12-20 23:22 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-01-11 21:19 - 2016-12-14 00:26 - 01469792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2017-01-11 21:19 - 2016-12-14 00:08 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-01-11 21:19 - 2016-12-14 00:06 - 00509792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-01-11 21:19 - 2016-12-13 23:45 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-01-11 21:19 - 2016-12-13 23:40 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2017-01-11 21:19 - 2016-12-13 23:40 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-11 21:19 - 2016-12-13 23:32 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2017-01-11 21:19 - 2016-12-13 23:22 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-01-11 21:19 - 2016-12-13 23:22 - 00707584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-01-10 13:37 - 2017-01-10 13:37 - 00000000 ____D C:\Users\bruce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-12-24 08:27 - 2016-12-24 08:27 - 00179835 _____ C:\Users\bruce\Downloads\document (2).pdf
2016-12-20 14:21 - 2016-12-20 14:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2016-12-19 08:13 - 2016-12-19 08:13 - 00586870 _____ C:\Users\bruce\Downloads\12-16-2016.pdf
2016-12-18 09:38 - 2016-12-18 09:38 - 00911797 _____ C:\Users\bruce\Downloads\download.pdf
2016-12-16 19:04 - 2016-12-16 19:04 - 01429621 _____ C:\Users\bruce\Downloads\12-13-2016 (1).pdf
2016-12-16 18:56 - 2016-12-16 18:56 - 00067990 _____ C:\Users\bruce\Downloads\100051389748-095335007703-.PDF
2016-12-15 22:14 - 2016-12-15 22:14 - 01429621 _____ C:\Users\bruce\Downloads\12-13-2016.pdf
2016-12-15 21:48 - 2016-12-15 21:48 - 00110542 _____ C:\Users\bruce\Downloads\111-9995931-7736214.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-14 14:32 - 2016-02-15 11:43 - 00000000 ____D C:\FRST
2017-01-14 14:30 - 2016-09-18 11:28 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-01-14 11:55 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-01-14 10:02 - 2016-07-16 06:45 - 00000000 ____D C:\WINDOWS\INF
2017-01-14 09:58 - 2014-12-04 17:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2017-01-14 09:56 - 2016-02-14 19:19 - 00000000 ___RD C:\Users\bruce\Google Drive
2017-01-14 09:53 - 2016-09-18 11:34 - 00000000 ____D C:\Users\bruce
2017-01-14 09:52 - 2016-09-18 11:55 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-14 08:26 - 2015-01-08 17:58 - 00000000 ____D C:\Program Files (x86)\McAfee
2017-01-14 05:20 - 2016-10-29 09:13 - 00004034 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2017-01-13 18:19 - 2016-02-16 19:19 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-01-13 18:18 - 2016-07-16 01:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-01-13 18:01 - 2016-02-15 13:58 - 00000000 ____D C:\Program Files\KMSpico
2017-01-13 15:06 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\rescache
2017-01-13 13:40 - 2016-09-19 18:10 - 00004222 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
2017-01-13 11:08 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-13 10:58 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-01-13 10:58 - 2011-02-21 18:51 - 00485032 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-01-13 10:57 - 2016-07-16 01:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-01-12 19:13 - 2016-02-15 13:19 - 01232530 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-12 15:27 - 2016-02-15 13:25 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-01-12 15:21 - 2016-09-18 11:27 - 04855896 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-01-12 15:19 - 2016-07-16 06:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-01-12 15:19 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-01-12 15:19 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-01-12 15:19 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-01-12 15:19 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\Provisioning
2017-01-12 15:19 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-01-12 15:11 - 2015-01-08 17:49 - 00000000 ____D C:\ProgramData\McAfee
2017-01-12 15:09 - 2013-02-23 10:48 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-01-11 22:04 - 2015-01-08 17:50 - 00000000 ____D C:\Program Files\Common Files\McAfee
2017-01-11 22:02 - 2016-07-16 06:47 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2017-01-11 22:00 - 2016-09-18 11:55 - 00003126 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon
2017-01-11 22:00 - 2016-09-18 11:55 - 00000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2017-01-11 21:48 - 2013-08-16 17:17 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-01-11 21:40 - 2016-07-16 06:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-11 21:40 - 2011-02-24 13:58 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-01-10 14:18 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-01-10 14:18 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-01-10 13:37 - 2012-02-21 12:23 - 00000000 ____D C:\Users\bruce\AppData\Roaming\Dropbox
2016-12-31 12:51 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-12-30 20:58 - 2011-06-18 13:27 - 00000000 ____D C:\Users\bruce\AppData\Local\Diagnostics
2016-12-22 18:13 - 2016-07-16 06:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-12-22 18:13 - 2016-07-16 06:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-22 17:56 - 2016-09-18 11:34 - 00524288 ___SH C:\Users\bruce\NTUSER.DAT{16bdf58d-7dc5-11e6-a2c8-cc0d12853275}.TMContainer00000000000000000002.regtrans-ms
2016-12-22 17:56 - 2016-09-18 11:34 - 00065536 ___SH C:\Users\bruce\NTUSER.DAT{16bdf58d-7dc5-11e6-a2c8-cc0d12853275}.TM.blf
2016-12-22 17:56 - 2015-02-23 21:15 - 00000000 __SHD C:\Config.Msi
2016-12-22 17:55 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\en-US
2016-12-22 17:55 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\en-US
2016-12-22 17:55 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\Boot
2016-12-22 17:55 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppPatch
2016-12-21 04:54 - 2011-02-21 21:05 - 00389396 __RSH C:\bootmgr
2016-12-20 14:21 - 2016-07-16 06:47 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
2016-12-20 14:21 - 2016-06-30 09:53 - 00002015 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2016-12-20 14:21 - 2015-11-19 12:10 - 00000000 ____D C:\Program Files\McAfee Security Scan
2016-12-20 14:21 - 2009-07-13 22:20 - 00000000 __RHD C:\Users\Public\Desktop
2016-12-20 14:21 - 2009-07-13 21:34 - 00000903 _____ C:\WINDOWS\system32\Drivers\etc\hosts
2016-12-16 16:30 - 2016-07-16 06:47 - 00000000 __SHD C:\WINDOWS\Installer
2016-12-16 16:25 - 2016-09-18 11:55 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-16 16:25 - 2016-07-16 01:04 - 00000000 ___RD C:\Program Files (x86)
2016-12-16 16:25 - 2009-07-13 22:20 - 00000000 ____D C:\WINDOWS\Tasks
2016-12-16 16:24 - 2016-09-18 11:55 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-15 17:26 - 2016-02-14 19:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-12-15 08:55 - 2015-01-23 15:30 - 00002278 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
 
==================== Files in the root of some directories =======
 
2014-11-29 09:58 - 2015-01-08 17:59 - 32371688 _____ (McAfee) C:\Program Files (x86)\Common Files\lpuninstall.exe
2016-02-15 13:59 - 2016-02-15 13:59 - 0000218 _____ () C:\Users\bruce\AppData\Local\recently-used.xbel
2016-07-06 16:31 - 2016-07-06 16:31 - 0000017 _____ () C:\Users\bruce\AppData\Local\resmon.resmoncfg
2015-07-31 09:46 - 2015-07-31 09:46 - 0000000 _____ () C:\Users\bruce\AppData\Local\{CDC5D30D-8E43-409F-B1E1-F41947B4633A}
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-01-10 13:10
 
==================== End of FRST.txt ============================

 


    Advertisements

Register to Remove

#2 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 15 January 2017 - 07:22 AM

:welcome:

 

When you ran FRST it also created an Additions log, it will be in the same location as FRST, can you post it please



 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#3 madhartigan

madhartigan

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 15 January 2017 - 11:17 AM

Thank you for replying.

I meant to include that.  Sorry, I forgot.

 

Here ya go!


Addition - 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-01-2017
Ran by bruce (14-01-2017 14:34:56)
Running from F:\
Windows 10 Pro Version 1607 (X64) (2016-09-18 17:05:05)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3677484834-1582494324-1908912837-500 - Administrator - Disabled)
bruce (S-1-5-21-3677484834-1582494324-1908912837-1000 - Administrator - Enabled) => C:\Users\bruce
DefaultAccount (S-1-5-21-3677484834-1582494324-1908912837-503 - Limited - Disabled)
Guest (S-1-5-21-3677484834-1582494324-1908912837-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3677484834-1582494324-1908912837-1002 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
FW: McAfee Firewall (Enabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 15.14 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1514-000001000000}) (Version: 15.14.00.0 - Igor Pavlov)
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}) (Version: 9.5.5 - Adobe Systems)
Adobe Acrobat 9 Pro Extended 64-bit Add-On (HKLM\...\{AC76BA86-1033-0000-0064-0003D0000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM-x32\...\{AC76BA86-1033-F400-7761-000000000004}_955) (Version:  - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Creative Suite 5 Master Collection (HKLM-x32\...\{FBB02B04-C034-4382-A3F6-57416E2752C4}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 3.4.1 64-bit (HKLM\...\{8BBA6F77-4A79-4E90-BD82-E24669ACF221}) (Version: 3.4.2 - Adobe)
AnswerWorks 5.0 English Runtime (HKLM-x32\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
Apple Application Support (32-bit) (HKLM-x32\...\{F2871C89-C8A5-42EE-8D45-0F02506385A6}) (Version: 5.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9BC93467-75D1-4AA4-BD58-D9C51D88DFAB}) (Version: 5.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ATK Generic Function Service (HKLM-x32\...\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}) (Version: 1.00.0008 - ATK)
ATK Hotkey (HKLM-x32\...\{7C05592D-424B-46CB-B505-E0013E8E75C9}) (Version: 1.0.0052 - ASUS)
ATK Media (HKLM-x32\...\{D1E5870E-E3E5-4475-98A6-ADD614524ADF}) (Version: 2.0.0006 - ASUS)
ATKOSD2 (HKLM-x32\...\{3B05F2FB-745B-4012-ADF2-439F36B2E70B}) (Version: 7.0.0006 - ASUS)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform)
Deluge 1.3.12 (HKLM-x32\...\Deluge) (Version:  - )
Dropbox (HKU\S-1-5-21-3677484834-1582494324-1908912837-1000\...\Dropbox) (Version: 17.4.33 - Dropbox, Inc.)
ELAN Touchpad 11.15.0.18_X64 (HKLM\...\Elantech) (Version: 11.15.0.18 - ELAN Microelectronic Corp.)
FlipShare (HKLM-x32\...\{97C658D2-61FB-027F-0D76-E9CDC84AFEC7}) (Version: 5.12.3.0 - Flip Video)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Desktop (HKLM-x32\...\Google Desktop) (Version: 5.9.1005.12335 - Google)
Google Drive (HKLM-x32\...\{07A12123-B717-496B-B471-48AF6407B433}) (Version: 1.32.4066.7445 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.5.0 - LIGHTNING UK!)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
iTunes (HKLM\...\{554C62C7-E6BB-40F1-892B-F0AE02D3C135}) (Version: 12.5.3.17 - Apple Inc.)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.15 - Oracle Corporation)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version:  - )
McAfee All Access – Total Protection (HKLM-x32\...\MSC) (Version: 14.0.3061 - McAfee, Inc.)
McAfee SafeKey(uninstall only) (HKLM-x32\...\safekey) (Version: 2.2.3 - McAfee, Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.474.2 - McAfee, Inc.)
McAfee Virtual Technician (HKLM-x32\...\McAfee Virtual Technician) (Version: 7.6.0.202 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.209 - McAfee, Inc.)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
Quicken 2011 (HKLM-x32\...\{5FE545A1-D215-4216-9189-E7B39C9D1CC1}) (Version: 20.1.7.4 - Intuit)
Quicken 2012 (HKLM-x32\...\{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}) (Version: 21.1.7.18 - Intuit)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Sansa Updater (HKU\S-1-5-21-3677484834-1582494324-1908912837-1000\...\Sansa Updater) (Version: 1.407 - SanDisk Corporation)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.66695 - TeamViewer)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Wi-Fi Scanner version 3.2.0.114 (HKLM-x32\...\Wi-Fi Scanner_is1) (Version: 3.2.0.114 - LizardSystems)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3677484834-1582494324-1908912837-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\bruce\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3677484834-1582494324-1908912837-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\bruce\AppData\Roaming\Dropbox\bin\DropboxExt64.8.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3677484834-1582494324-1908912837-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\bruce\AppData\Roaming\Dropbox\bin\DropboxExt64.8.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3677484834-1582494324-1908912837-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\bruce\AppData\Roaming\Dropbox\bin\DropboxExt64.8.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3677484834-1582494324-1908912837-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\bruce\AppData\Roaming\Dropbox\bin\DropboxExt64.8.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3677484834-1582494324-1908912837-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\bruce\AppData\Roaming\Dropbox\bin\DropboxExt64.8.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3677484834-1582494324-1908912837-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\bruce\AppData\Roaming\Dropbox\bin\DropboxExt64.8.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3677484834-1582494324-1908912837-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\bruce\AppData\Roaming\Dropbox\bin\DropboxExt64.8.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3677484834-1582494324-1908912837-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\bruce\AppData\Roaming\Dropbox\bin\DropboxExt64.8.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3677484834-1582494324-1908912837-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\bruce\AppData\Roaming\Dropbox\bin\DropboxExt64.8.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3677484834-1582494324-1908912837-1000_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\bruce\AppData\Roaming\Dropbox\bin\DropboxExt64.8.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3677484834-1582494324-1908912837-1000_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\bruce\AppData\Roaming\Dropbox\bin\DropboxExt64.8.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3677484834-1582494324-1908912837-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\bruce\AppData\Roaming\Dropbox\bin\DropboxExt64.8.0.dll (Dropbox, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0CFBD76A-2A9F-4B20-9560-4ACE568507BB} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {107CF152-8876-48C2-8638-47E1B471E399} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-10] (Adobe Systems Incorporated)
Task: {119DA2D5-123E-4031-B228-05657CB87693} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {171B02B1-BDBE-4B94-9B26-FFA7253F530B} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {1DF0D4A6-AD0F-480A-808A-75CEFA941EC4} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1FE8FD77-9ADD-42B5-AD1B-A95412669B40} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-06] (Piriform Ltd)
Task: {2C35F430-3B98-4141-A45B-DFB64764FA3D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3677484834-1582494324-1908912837-1000UA => C:\Users\bruce\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {2EA1BF58-2DB9-4BC6-A442-B5E4CF736882} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {2F829855-A5D5-410C-AED1-EC2D9074BD74} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {35A5FCC8-8233-4159-9F1F-2BF643E00F39} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {35FDABEE-8ECB-4331-819A-079AF10B5608} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {4012A0BF-B288-4857-AD8A-C81CFCA6E430} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4873B693-8BF9-4EEE-8B41-CA75581E05A9} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3677484834-1582494324-1908912837-1000Core1d240788f9a42c5 => C:\Users\bruce\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-16] (Dropbox, Inc.)
Task: {4A5C1DD3-8558-4B1E-AF75-5CE80F558170} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5F5DF154-D4A7-4040-A85E-112B405710F0} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {60375DA6-761D-49B5-AE06-D0AF8AD6E6FA} - System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.50.1291.1\mcdatrep.exe [2017-01-11] (McAfee, Inc.)
Task: {60C6400A-04F5-42B9-901A-EFCB055F46E8} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2016-12-09] (McAfee, Inc.)
Task: {68AE808F-4960-49DF-8D2C-0C2FD471768D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {70AB7174-8C80-4C23-9641-DAAE02A91533} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {78731685-D400-4A23-8996-7F8EE0C16DD5} - \McAfee\McAfee Idle Detection Task -> No File <==== ATTENTION
Task: {8285F731-5271-4326-BB7A-600FC3B1F5F5} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3677484834-1582494324-1908912837-1000UA1d2407890043b07 => C:\Users\bruce\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-16] (Dropbox, Inc.)
Task: {87507ADD-55D5-4CF9-9321-8EF4ACD5E85C} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.50.1291.1\mcdatrep.exe [2017-01-11] (McAfee, Inc.)
Task: {8D1594FB-3F26-496C-A158-F63BF5A3C0E7} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8E2AD927-1A0A-4916-9093-A78883B7517E} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2016-12-15] (McAfee, Inc.)
Task: {8F6C44D4-5AA4-4166-B66C-ECC2003CC572} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {91ABBCA0-28AB-42AB-A476-5DAB672DFA9C} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {95D63F21-86E7-4346-80C9-62C0D61421AA} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {987EC4D9-A3C7-4725-9985-058AABBB0C15} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {99F5F930-1C38-4DA6-9A72-0D04CBD6423E} - System32\Tasks\AdobeAAMUpdater-1.0-ASUSP50IJ-PC-bruce => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {9C52ADC7-23E1-41A2-B4C2-80F1FE656C59} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {9EE14C19-98C5-4DA2-A8F7-0E797FE1269B} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {ABDBB888-D495-4F3D-8726-2EA95701113E} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {AF3E8BCD-3DC6-497B-A801-A3B1AEF8391F} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B7C3F7D5-AF5C-4B4C-B48C-060A306F97F4} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B7F7115C-FC6D-46DC-8955-00876734A0AA} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {C6A11B46-7CF6-4C42-80E9-2214B2900B75} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {DC238544-8A32-4F6A-883E-F6CFEC37E42E} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {E9FA1D44-33BE-432C-800B-261C2DE6257A} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {ECFB17DC-2FAB-45F4-95FF-AE38CFD2241C} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe
Task: {F46EE9FA-5F5A-458B-890D-76CF527A3416} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3677484834-1582494324-1908912837-1000Core1d240788f9a42c5.job => C:\Users\bruce\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3677484834-1582494324-1908912837-1000UA1d2407890043b07.job => C:\Users\bruce\AppData\Local\Dropbox\Update\DropboxUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-07-16 06:42 - 2016-07-16 06:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-14 20:39 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2011-02-24 12:33 - 2007-08-08 00:08 - 00094208 _____ () C:\Program Files\ATKGFNEX\GFNEXSrv.exe
2016-10-05 18:17 - 2016-10-05 18:17 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-10-05 18:17 - 2016-10-05 18:17 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-05-06 11:58 - 2011-05-06 11:58 - 01085440 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
2011-05-06 12:07 - 2011-05-06 12:07 - 00460144 _____ () C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
2016-12-14 20:39 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-09-20 16:26 - 2016-09-20 16:26 - 01864384 _____ () C:\Users\bruce\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll
2008-08-13 20:59 - 2008-08-13 20:59 - 00301624 _____ () C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
2016-09-19 07:13 - 2016-09-06 23:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-11 21:20 - 2016-12-21 02:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-11 21:20 - 2016-12-21 01:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-11 21:20 - 2016-12-21 01:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-11 21:20 - 2016-12-21 01:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-11 21:20 - 2016-12-21 01:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-11 21:20 - 2016-12-21 01:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-11 21:20 - 2016-12-21 01:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-12-14 09:47 - 2016-12-14 09:47 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2016-12-14 09:47 - 2016-12-14 09:47 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-12-14 09:47 - 2016-12-14 09:47 - 42130432 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2016-12-14 09:47 - 2016-12-14 09:47 - 02216448 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\roottools.dll
2010-10-25 23:06 - 2010-10-25 23:06 - 02248704 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\QtCore4.dll
2010-10-25 23:08 - 2010-10-25 23:08 - 00983040 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\QtNetwork4.dll
2010-10-25 23:23 - 2010-10-25 23:23 - 00204800 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\QtSql4.dll
2010-05-20 12:49 - 2010-05-20 12:49 - 00258048 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\boost_serialization-vc80-mt-1_43.dll
2010-05-17 08:47 - 2010-05-17 08:47 - 01199104 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\PocoFoundation.dll
2010-05-17 08:47 - 2010-05-17 08:47 - 00642048 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\PocoNet.dll
2010-05-17 08:47 - 2010-05-17 08:47 - 00175616 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\PocoNetSSL.dll
2010-05-17 08:47 - 2010-05-17 08:47 - 00291840 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\PocoUtil.dll
2010-05-17 08:47 - 2010-05-17 08:47 - 00511488 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\PocoXML.dll
2010-05-17 08:47 - 2010-05-17 08:47 - 00110592 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\PocoCrypto.dll
2010-10-25 23:06 - 2010-10-25 23:06 - 02248704 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtCore4.dll
2011-05-06 12:07 - 2011-05-06 12:07 - 04317184 _____ () C:\Program Files (x86)\Flip Video\FlipShare\Core.dll
2011-05-06 12:02 - 2011-05-06 12:02 - 00737280 _____ () C:\Program Files (x86)\Flip Video\FlipShare\qca2.dll
2010-10-25 23:23 - 2010-10-25 23:23 - 08351744 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtGui4.dll
2010-10-25 23:08 - 2010-10-25 23:08 - 00983040 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtNetwork4.dll
2010-10-25 23:23 - 2010-10-25 23:23 - 00204800 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtSql4.dll
2010-10-25 23:06 - 2010-10-25 23:06 - 00364544 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtXml4.dll
2010-10-26 07:34 - 2010-10-26 07:34 - 11853824 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtWebKit4.dll
2010-05-20 12:49 - 2010-05-20 12:49 - 00258048 _____ () C:\Program Files (x86)\Flip Video\FlipShare\boost_serialization-vc80-mt-1_43.dll
2010-05-17 08:47 - 2010-05-17 08:47 - 01199104 _____ () C:\Program Files (x86)\Flip Video\FlipShare\PocoFoundation.dll
2010-05-17 08:47 - 2010-05-17 08:47 - 00642048 _____ () C:\Program Files (x86)\Flip Video\FlipShare\PocoNet.dll
2010-05-17 08:47 - 2010-05-17 08:47 - 00511488 _____ () C:\Program Files (x86)\Flip Video\FlipShare\PocoXML.dll
2010-10-25 23:37 - 2010-10-25 23:37 - 00258048 _____ () C:\Program Files (x86)\Flip Video\FlipShare\phonon4.dll
2017-01-14 09:55 - 2017-01-14 09:55 - 00098816 ____R () C:\Users\bruce\AppData\Local\Temp\_MEI71002\win32api.pyd
2017-01-14 09:55 - 2017-01-14 09:55 - 00110080 ____R () C:\Users\bruce\AppData\Local\Temp\_MEI71002\pywintypes27.dll
2017-01-14 09:55 - 2017-01-14 09:55 - 00364544 ____R () C:\Users\bruce\AppData\Local\Temp\_MEI71002\pythoncom27.dll
2017-01-14 09:55 - 2017-01-14 09:55 - 00320512 ____R () C:\Users\bruce\AppData\Local\Temp\_MEI71002\win32com.shell.shell.pyd
2017-01-14 09:55 - 2017-01-14 09:55 - 00914432 ____R () C:\Users\bruce\AppData\Local\Temp\_MEI71002\_hashlib.pyd
2017-01-14 09:55 - 2017-01-14 09:55 - 01176576 ____R () C:\Users\bruce\AppData\Local\Temp\_MEI71002\wx._core_.pyd
2017-01-14 09:55 - 2017-01-14 09:55 - 00806400 ____R () C:\Users\bruce\AppData\Local\Temp\_MEI71002\wx._gdi_.pyd
2017-01-14 09:55 - 2017-01-14 09:55 - 00816128 ____R () C:\Users\bruce\AppData\Local\Temp\_MEI71002\wx._windows_.pyd
2017-01-14 09:55 - 2017-01-14 09:55 - 01067008 ____R () C:\Users\bruce\AppData\Local\Temp\_MEI71002\wx._controls_.pyd
2017-01-14 09:55 - 2017-01-14 09:55 - 00733184 ____R () C:\Users\bruce\AppData\Local\Temp\_MEI71002\wx._misc_.pyd
2017-01-14 09:55 - 2017-01-14 09:55 - 00682496 ____R () C:\Users\bruce\AppData\Local\Temp\_MEI71002\pysqlite2._sqlite.pyd
2017-01-14 09:55 - 2017-01-14 09:55 - 00088064 ____R () C:\Users\bruce\AppData\Local\Temp\_MEI71002\_ctypes.pyd
2017-01-14 09:55 - 2017-01-14 09:55 - 00686080 ____R () C:\Users\bruce\AppData\Local\Temp\_MEI71002\unicodedata.pyd
2017-01-14 09:55 - 2017-01-14 09:55 - 00119808 ____R () C:\Users\bruce\AppData\Local\Temp\_MEI71002\win32file.pyd
2017-01-14 09:55 - 2017-01-14 09:55 - 00108544 ____R () C:\Users\bruce\AppData\Local\Temp\_MEI71002\win32security.pyd
2017-01-14 09:55 - 2017-01-14 09:55 - 00007168 ____R () C:\Users\bruce\AppData\Local\Temp\_MEI71002\hashobjs_ext.pyd
2017-01-14 09:55 - 2017-01-14 09:55 - 00017920 ____R () C:\Users\bruce\AppData\Local\Temp\_MEI71002\thumbnails_ext.pyd
2017-01-14 09:55 - 2017-01-14 09:55 - 00088064 ____R () C:\Users\bruce\AppData\Local\Temp\_MEI71002\usb_ext.pyd
2017-01-14 09:55 - 2017-01-14 09:55 - 00012800 ____R () C:\Users\bruce\AppData\Local\Temp\_MEI71002\common.time34.pyd
2017-01-14 09:55 - 2017-01-14 09:55 - 00018432 ____R () C:\Users\bruce\AppData\Local\Temp\_MEI71002\win32event.pyd
2017-01-14 09:55 - 2017-01-14 09:55 - 00167936 ____R () C:\Users\bruce\AppData\Local\Temp\_MEI71002\win32gui.pyd
2017-01-14 09:55 - 2017-01-14 09:55 - 00046080 ____R () C:\Users\bruce\AppData\Local\Temp\_MEI71002\_socket.pyd
2017-01-14 09:55 - 2017-01-14 09:55 - 01303552 ____R () C:\Users\bruce\AppData\Local\Temp\_MEI71002\_ssl.pyd
2017-01-14 09:55 - 2017-01-14 09:55 - 00128512 ____R () C:\Users\bruce\AppData\Local\Temp\_MEI71002\_elementtree.pyd
2017-01-14 09:55 - 2017-01-14 09:55 - 00127488 ____R () C:\Users\bruce\AppData\Local\Temp\_MEI71002\pyexpat.pyd
2017-01-14 09:55 - 2017-01-14 09:55 - 00038912 ____R () C:\Users\bruce\AppData\Local\Temp\_MEI71002\win32inet.pyd
2017-01-14 09:55 - 2017-01-14 09:55 - 00036864 ____R () C:\Users\bruce\AppData\Local\Temp\_MEI71002\_psutil_windows.pyd
2017-01-14 09:55 - 2017-01-14 09:55 - 00524248 ____R () C:\Users\bruce\AppData\Local\Temp\_MEI71002\windows._lib_cacheinvalidation.pyd
2017-01-14 09:55 - 2017-01-14 09:55 - 00011264 ____R () C:\Users\bruce\AppData\Local\Temp\_MEI71002\win32crypt.pyd
2017-01-14 09:55 - 2017-01-14 09:55 - 00123392 ____R () C:\Users\bruce\AppData\Local\Temp\_MEI71002\wx._wizard.pyd
2017-01-14 09:55 - 2017-01-14 09:55 - 00077312 ____R () C:\Users\bruce\AppData\Local\Temp\_MEI71002\wx._html2.pyd
2017-01-14 09:55 - 2017-01-14 09:55 - 00027648 ____R () C:\Users\bruce\AppData\Local\Temp\_MEI71002\_multiprocessing.pyd
2017-01-14 09:55 - 2017-01-14 09:55 - 00020480 ____R () C:\Users\bruce\AppData\Local\Temp\_MEI71002\_yappi.pyd
2017-01-14 09:55 - 2017-01-14 09:55 - 00035840 ____R () C:\Users\bruce\AppData\Local\Temp\_MEI71002\win32process.pyd
2017-01-14 09:55 - 2017-01-14 09:55 - 00078848 ____R () C:\Users\bruce\AppData\Local\Temp\_MEI71002\wx._animate.pyd
2017-01-14 09:55 - 2017-01-14 09:55 - 00024064 ____R () C:\Users\bruce\AppData\Local\Temp\_MEI71002\win32pipe.pyd
2017-01-14 09:55 - 2017-01-14 09:55 - 00010240 ____R () C:\Users\bruce\AppData\Local\Temp\_MEI71002\select.pyd
2017-01-14 09:55 - 2017-01-14 09:55 - 00025600 ____R () C:\Users\bruce\AppData\Local\Temp\_MEI71002\win32pdh.pyd
2017-01-14 09:55 - 2017-01-14 09:55 - 00017408 ____R () C:\Users\bruce\AppData\Local\Temp\_MEI71002\win32profile.pyd
2017-01-14 09:55 - 2017-01-14 09:55 - 00022528 ____R () C:\Users\bruce\AppData\Local\Temp\_MEI71002\win32ts.pyd
2016-10-30 07:24 - 2016-12-07 20:00 - 00035792 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2017-01-10 13:36 - 2016-12-07 20:00 - 00145864 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2017-01-10 13:36 - 2016-12-07 20:01 - 00019408 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2017-01-10 13:36 - 2016-12-07 20:00 - 00116688 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2016-09-03 21:13 - 2016-12-07 20:04 - 00024528 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\win32event.pyd
2016-10-30 07:24 - 2016-12-07 20:00 - 00100296 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2016-09-03 21:13 - 2016-12-07 20:04 - 00105928 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\win32api.pyd
2016-09-03 21:13 - 2016-12-07 20:00 - 00018888 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\select.pyd
2016-09-03 21:13 - 2017-01-05 19:04 - 00019776 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2016-09-03 21:13 - 2016-12-07 20:00 - 00694224 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2017-01-10 13:36 - 2017-01-05 19:03 - 00020824 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2016-10-30 07:24 - 2016-12-07 20:01 - 00123856 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2017-01-10 13:36 - 2017-01-05 19:03 - 01682768 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2017-01-10 13:36 - 2017-01-05 19:03 - 00020816 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2016-10-30 07:24 - 2017-01-05 19:04 - 00021328 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\winffi.crt.compiled._winffi_crt.pyd
2017-01-10 13:36 - 2017-01-05 19:04 - 00052032 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2017-01-10 13:36 - 2017-01-05 19:04 - 00038712 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\fastpath.pyd
2017-01-10 13:36 - 2016-12-07 20:00 - 00392144 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2017-01-10 13:36 - 2016-12-07 20:04 - 00020936 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2016-09-03 21:13 - 2016-12-07 20:04 - 00116176 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\win32security.pyd
2016-09-03 21:13 - 2017-01-05 19:04 - 00381760 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2016-09-03 21:13 - 2016-12-07 20:04 - 00124880 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\win32file.pyd
2016-10-30 07:24 - 2017-01-05 19:04 - 00025432 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.pyd
2016-09-03 21:13 - 2016-12-07 20:04 - 00024016 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2016-09-03 21:13 - 2016-12-07 20:04 - 00175560 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\win32gui.pyd
2016-09-03 21:13 - 2016-12-07 20:04 - 00030160 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2016-09-03 21:13 - 2016-12-07 20:04 - 00043472 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\win32process.pyd
2016-09-03 21:13 - 2016-12-07 20:04 - 00048592 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\win32service.pyd
2016-09-03 21:13 - 2016-12-07 20:04 - 00057808 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2016-09-03 21:13 - 2016-12-07 20:04 - 00024016 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\win32profile.pyd
2017-01-10 13:36 - 2017-01-05 19:03 - 00246608 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2017-01-10 13:36 - 2017-01-05 19:03 - 00026464 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-10-30 07:24 - 2016-12-07 20:02 - 00241104 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\_jpegtran.pyd
2017-01-10 13:36 - 2017-01-05 19:03 - 00020288 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2016-10-30 07:24 - 2016-12-07 20:04 - 00028616 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\win32ts.pyd
2016-10-30 07:24 - 2017-01-05 19:04 - 00023384 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2016-10-30 07:24 - 2017-01-05 19:04 - 00020816 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-10-30 07:24 - 2017-01-05 19:04 - 00019792 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\winffi.winerror._winffi_winerror.pyd
2016-10-30 07:24 - 2017-01-05 19:04 - 00020808 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\winffi.wininet._winffi_wininet.pyd
2016-10-30 07:24 - 2016-12-07 20:04 - 00350152 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2016-10-30 07:24 - 2017-01-05 19:04 - 00022360 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2017-01-10 13:36 - 2017-01-05 19:04 - 00024400 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2017-01-10 13:36 - 2016-12-07 19:57 - 00036296 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\librsync.dll
2017-01-10 13:36 - 2017-01-05 19:04 - 00031576 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\enterprise_data.compiled._enterprise_data.pyd
2017-01-10 13:36 - 2016-12-21 21:04 - 00293392 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\EnterpriseDataAdapter.dll
2017-01-10 13:36 - 2017-01-05 19:03 - 00084288 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2017-01-10 13:36 - 2017-01-05 19:04 - 01826104 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2016-09-03 21:13 - 2016-12-07 20:01 - 00083912 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\sip.pyd
2017-01-10 13:36 - 2017-01-05 19:04 - 00531264 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2017-01-10 13:36 - 2017-01-05 19:04 - 03928896 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2017-01-10 13:36 - 2017-01-05 19:04 - 01972536 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2017-01-10 13:36 - 2017-01-05 19:04 - 00133432 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2017-01-10 13:36 - 2017-01-05 19:04 - 00224064 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2017-01-10 13:36 - 2017-01-05 19:04 - 00207680 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2016-10-30 07:24 - 2017-01-05 19:04 - 00020296 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\winffi.user32._winffi_user32.pyd
2017-01-10 13:36 - 2016-12-07 20:08 - 00017864 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\libEGL.dll
2017-01-10 13:36 - 2016-12-07 20:08 - 01631184 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2017-01-10 13:36 - 2017-01-05 19:04 - 00042816 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2017-01-10 13:36 - 2017-01-05 19:04 - 00171336 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2017-01-10 13:36 - 2017-01-05 19:04 - 00357688 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2016-09-03 21:13 - 2016-12-07 20:04 - 00060880 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\win32print.pyd
2016-10-30 07:24 - 2017-01-05 19:04 - 00037200 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\windisplaytoast.compiled._DisplayToast.pyd
2016-10-30 07:24 - 2017-01-05 19:04 - 00024920 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-01-10 13:36 - 2017-01-05 19:04 - 00546104 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2016-12-20 14:21 - 00000903 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1 activate.adobe.com
0.0.0.1 mssplus.mcafee.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3677484834-1582494324-1908912837-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\bruce\AppData\Local\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{AB1C79D7-652A-4ED3-84CF-89780DA00AB2}] => C:\Users\bruce\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{6F4C1844-C63B-4F5A-8ACC-9B0B1BC103CC}] => C:\Users\bruce\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{9428209B-3B13-45B1-8F3A-2D8AF987EA85}C:\users\bruce\appdata\roaming\dropbox\bin\dropbox.exe] => C:\users\bruce\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{F2E3DF0C-5B43-48F6-A326-17AD0E9DC36E}C:\users\bruce\appdata\roaming\dropbox\bin\dropbox.exe] => C:\users\bruce\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{14384F3D-B2F7-40EA-8537-DD5678A0F8D2}] => LPort=24726
FirewallRules: [{D9AEEA7B-44DB-47C2-8A79-819E2D074D2D}] => LPort=24727
FirewallRules: [{BF9B669C-76EA-4AE8-8BF0-B35E6124A154}] => C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{471691F9-DA96-4719-8DC3-2743003C6320}] => C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{3043D251-900E-4DFF-81E7-0CE99366C3A1}] => C:\Users\bruce\AppData\Roaming\McAfee\Supportability\MVTLogs\ProductDetection64.exe
FirewallRules: [{2BF95BAA-A644-4A0F-86F0-8B51436FC6A0}] => C:\Users\bruce\AppData\Roaming\McAfee\Supportability\MVTLogs\ProductDetection64.exe
FirewallRules: [{0BA2221F-E1C8-4981-BEE6-B4B443AEB073}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EEED883B-DDCF-41BC-9104-806521E70B3F}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{31B8418F-8A07-42D3-9930-3D2F59EDBEBE}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7608A25C-877D-4B6C-A813-C05A903B36C0}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2BDFE6A1-90BC-48B3-85A4-113C7E7A1599}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{D2C3B1C0-5125-4950-99CE-967726721396}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{5D69F063-F11A-49B0-8B5D-8448D0B8C2F1}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{5A73AE53-DE65-48E9-BD71-2AC11E470220}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{0EB4BD93-6AD7-457A-9E61-48C51AC8133E}] => C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{BABEEDA0-B977-4229-9407-BABDFAF26B4B}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/14/2017 12:08:33 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.
 
Error: (01/13/2017 06:21:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   20 C.5.3.B.5.0.1.0.2.0.5.F.4.C.D.D.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR ASUSP50IJ-PC.local.
 
Error: (01/13/2017 06:21:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from FE80:0000:0000:0000:DDC4:F502:0105:B35C:5353   22 C.5.3.B.5.0.1.0.2.0.5.F.4.C.D.D.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR ASUSP50IJ-PC-2.local.
 
Error: (01/13/2017 06:21:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   20 1.0.0.127.in-addr.arpa. PTR ASUSP50IJ-PC.local.
 
Error: (01/13/2017 06:21:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 127.0.0.1:5353   22 1.0.0.127.in-addr.arpa. PTR ASUSP50IJ-PC-2.local.
 
Error: (01/13/2017 01:23:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_MapsBroker, version: 10.0.14393.0, time stamp: 0x57899b1c
Faulting module name: MosHostCore.dll, version: 10.0.14393.479, time stamp: 0x58258db1
Exception code: 0x84000010
Fault offset: 0x000000000001ac50
Faulting process id: 0xdb0
Faulting application start time: 0x01d26d656c2d4877
Faulting application path: C:\WINDOWS\System32\svchost.exe
Faulting module path: C:\WINDOWS\SYSTEM32\MosHostCore.dll
Report Id: 3b748614-4b2c-4b05-849d-4957551fc10a
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (01/12/2017 08:17:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PortableAppsPlatform.exe, version: 14.1.0.0, time stamp: 0x57ec4496
Faulting module name: PortableAppsPlatform.exe, version: 14.1.0.0, time stamp: 0x57ec4496
Exception code: 0xc0000005
Fault offset: 0x00005ed6
Faulting process id: 0x1570
Faulting application start time: 0x01d26d3725d3dc57
Faulting application path: F:\PortableApps\PortableApps.com\PortableAppsPlatform.exe
Faulting module path: F:\PortableApps\PortableApps.com\PortableAppsPlatform.exe
Report Id: ff01235e-1270-46f6-be89-8d2c88ed8e31
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (01/12/2017 07:19:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program nslookup.exe version 10.0.14393.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 23c0
 
Start Time: 01d26d3216369b5c
 
Termination Time: 4294967295
 
Application Path: C:\Windows\System32\nslookup.exe
 
Report Id: e595197b-d925-11e6-a7e0-485b39838be7
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (01/12/2017 07:00:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program McUICnt.exe version 8.0.150.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 1d2c
 
Start Time: 01d26d2f20dc31cf
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\McAfee Security Scan\3.11.474\McUICnt.exe
 
Report Id: c2930973-d922-11e6-a7df-485b39838be7
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (01/12/2017 07:00:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 55.0.2883.87 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 151c
 
Start Time: 01d26d2ec4e88cfd
 
Termination Time: 4294967295
 
Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
Report Id: 36e5a702-d922-11e6-a7df-485b39838be7
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (01/14/2017 09:54:03 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (01/14/2017 09:53:35 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the 0243741484400473mcinstcleanup service to connect.
 
Error: (01/14/2017 09:53:22 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000109 (0xa39ffd5a961bb810, 0xb3b709e0e89cd06a, 0xfffff803198eb070, 0x0000000000000002). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: 8c527e79-af04-4802-ae33-c321cc1439f7.
 
Error: (01/14/2017 09:52:58 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:22:46 AM on ‎1/‎14/‎2017 was unexpected.
 
Error: (01/14/2017 08:02:54 AM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (01/13/2017 10:05:58 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error: 
Incorrect function.
 
Error: (01/13/2017 06:23:35 PM) (Source: DCOM) (EventID: 10016) (User: ASUSP50IJ-PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user ASUSP50IJ-PC\bruce SID (S-1-5-21-3677484834-1582494324-1908912837-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.
 
Error: (01/13/2017 06:19:48 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (01/13/2017 04:10:19 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (01/13/2017 04:07:14 PM) (Source: DCOM) (EventID: 10016) (User: ASUSP50IJ-PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user ASUSP50IJ-PC\bruce SID (S-1-5-21-3677484834-1582494324-1908912837-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.
 
 
CodeIntegrity:
===================================
  Date: 2017-01-12 17:15:43.000
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-01-12 17:15:42.916
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-01-12 17:15:42.835
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-01-12 17:15:42.702
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-01-12 17:15:42.629
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-01-12 17:15:42.588
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-01-12 17:15:37.413
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-01-12 17:15:36.270
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-01-12 16:01:00.771
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-01-12 16:01:00.671
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Pentium® Dual-Core CPU T4500 @ 2.30GHz
Percentage of memory in use: 57%
Total physical RAM: 4061.08 MB
Available physical RAM: 1734.57 MB
Total Virtual: 8157.08 MB
Available Virtual: 5655.46 MB
 
==================== Drives ================================
 
Drive c: (SYSTEM) (Fixed) (Total:97.22 GB) (Free:50.2 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive e: (DATA) (Fixed) (Total:200.43 GB) (Free:147.06 GB) NTFS
Drive f: (128GB) (Removable) (Total:115.69 GB) (Free:114.9 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 76692CA8)
Partition 1: (Active) - (Size=97.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)
Partition 3: (Not Active) - (Size=200.4 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 115.7 GB) (Disk ID: 08D625BD)
Partition 1: (Not Active) - (Size=115.7 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

#4 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 15 January 2017 - 11:57 AM

Hi 

 

Just looked at your logs briefly and I see Conduit which is a PUP ( Potentially Unwanted Program ) but I need to look over your logs more closely, in the meantime I need you to do a couple of things

 

Your running FRST64  from F:\, our tools and scanners work more efficiently when run from the Desktop in lieu of being buried in some folder or another drive, so go to  F:\ and look for FRST64, right click on it and select CUT, then come back to your Desktop and right click on a blank space and select PASTE, then we will have FRST64 exactly where we want it to be. Any future scans or programs we run need to be downloaded and run from the desktop

 

Run this quick program so I can have more info

 

CKS_zpsugippntv.jpg
Download CKScanner by askey127 from Here & save it to your Desktop.
  •  
  • Doubleclick CKScanner.exe then click Search For Files
  • When the cursor hourglass disappears, click Save List To File
  • A message box will verify the file saved
  • Please Run this program only once
  • Double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply
 

 

 



 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#5 madhartigan

madhartigan

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 15 January 2017 - 03:16 PM

In looking at the ckscanner output, I'm doubting the legitimacy of the Windows activation on this laptop.

 

It was a hand-me-down from a friend and I'm seeing that KMSpico seems to be a part of the file system.

I've already started researching pricing for a Windows Key.  Just want to put that out front so you know I'm not trying to pass off the communication of these facts onto you.  I would appreciate any assistance in removing KMS or any other programs that circumvent licensing or exhibit attributes of piracy software.

 

Thank you!!

 

 

 

Here is the CKScanner log file and the updated log files as you requested.

 

 

 

 

 

CK Scanner - 

 

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\program files\kmspico\devcomponents.dotnetbar2.dll
c:\program files\kmspico\dm.bin
c:\program files\kmspico\unins000.dat
c:\program files\kmspico\unins000.exe
c:\program files\kmspico\uninshs.exe
c:\program files\kmspico\vestris.resourcelib.dll
c:\program files\kmspico\cert\kmscert2010\access\accessvlreg32.reg
c:\program files\kmspico\cert\kmscert2010\access\accessvlreg64.reg
c:\program files\kmspico\cert\kmscert2010\access\accessvlregwow.reg
c:\program files\kmspico\cert\kmscert2010\access\access_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\access\access_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\access\access_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\access\access_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\access\access_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\excel\excelvlreg32.reg
c:\program files\kmspico\cert\kmscert2010\excel\excelvlreg64.reg
c:\program files\kmspico\cert\kmscert2010\excel\excelvlregwow.reg
c:\program files\kmspico\cert\kmscert2010\excel\excel_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\excel\excel_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\excel\excel_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\excel\excel_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\excel\excel_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\groove\groovevlreg32.reg
c:\program files\kmspico\cert\kmscert2010\groove\groovevlreg64.reg
c:\program files\kmspico\cert\kmscert2010\groove\groovevlregwow.reg
c:\program files\kmspico\cert\kmscert2010\groove\groove_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\groove\groove_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\groove\groove_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\groove\groove_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\groove\groove_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\infopath\infopathvlreg32.reg
c:\program files\kmspico\cert\kmscert2010\infopath\infopathvlreg64.reg
c:\program files\kmspico\cert\kmscert2010\infopath\infopathvlregwow.reg
c:\program files\kmspico\cert\kmscert2010\infopath\infopath_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\infopath\infopath_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\infopath\infopath_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\infopath\infopath_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\infopath\infopath_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\onenote\onenotevlreg32.reg
c:\program files\kmspico\cert\kmscert2010\onenote\onenotevlreg64.reg
c:\program files\kmspico\cert\kmscert2010\onenote\onenotevlregwow.reg
c:\program files\kmspico\cert\kmscert2010\onenote\onenote_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\onenote\onenote_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\onenote\onenote_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\onenote\onenote_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\onenote\onenote_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\outlook\outlookvlreg32.reg
c:\program files\kmspico\cert\kmscert2010\outlook\outlookvlreg64.reg
c:\program files\kmspico\cert\kmscert2010\outlook\outlookvlregwow.reg
c:\program files\kmspico\cert\kmscert2010\outlook\outlook_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\outlook\outlook_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\outlook\outlook_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\outlook\outlook_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\outlook\outlook_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\powerpoint\powerpointvlreg32.reg
c:\program files\kmspico\cert\kmscert2010\powerpoint\powerpointvlreg64.reg
c:\program files\kmspico\cert\kmscert2010\powerpoint\powerpointvlregwow.reg
c:\program files\kmspico\cert\kmscert2010\powerpoint\powerpoint_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\powerpoint\powerpoint_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\powerpoint\powerpoint_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\powerpoint\powerpoint_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\powerpoint\powerpoint_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectpro\projectprovlreg32.reg
c:\program files\kmspico\cert\kmscert2010\projectpro\projectprovlreg64.reg
c:\program files\kmspico\cert\kmscert2010\projectpro\projectprovlregwow.reg
c:\program files\kmspico\cert\kmscert2010\projectpro\projectpro_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectpro\projectpro_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectpro\projectpro_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectpro\projectpro_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectpro\projectpro_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstdvlreg32.reg
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstdvlreg64.reg
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstdvlregwow.reg
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstd_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstd_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstd_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstd_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\projectstd\projectstd_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\proplus\proplusvlreg32.reg
c:\program files\kmspico\cert\kmscert2010\proplus\proplusvlreg64.reg
c:\program files\kmspico\cert\kmscert2010\proplus\proplusvlregwow.reg
c:\program files\kmspico\cert\kmscert2010\proplus\proplus_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\proplus\proplus_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\proplus\proplus_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\proplus\proplus_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\proplus\proplus_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\publisher\publishervlreg32.reg
c:\program files\kmspico\cert\kmscert2010\publisher\publishervlreg64.reg
c:\program files\kmspico\cert\kmscert2010\publisher\publishervlregwow.reg
c:\program files\kmspico\cert\kmscert2010\publisher\publisher_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\publisher\publisher_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\publisher\publisher_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\publisher\publisher_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\publisher\publisher_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\smallbusbasics\smallbusbasicsvlreg32.reg
c:\program files\kmspico\cert\kmscert2010\smallbusbasics\smallbusbasicsvlreg64.reg
c:\program files\kmspico\cert\kmscert2010\smallbusbasics\smallbusbasicsvlregwow.reg
c:\program files\kmspico\cert\kmscert2010\smallbusbasics\smallbusbasics_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\smallbusbasics\smallbusbasics_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\smallbusbasics\smallbusbasics_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\smallbusbasics\smallbusbasics_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\smallbusbasics\smallbusbasics_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\standard\standardvlreg32.reg
c:\program files\kmspico\cert\kmscert2010\standard\standardvlreg64.reg
c:\program files\kmspico\cert\kmscert2010\standard\standardvlregwow.reg
c:\program files\kmspico\cert\kmscert2010\standard\standard_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\standard\standard_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\standard\standard_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\standard\standard_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\standard\standard_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visioprem_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visioprem_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visioprem_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visioprem_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visioprem_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiopro_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiopro_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiopro_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiopro_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiopro_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiostd_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiostd_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiostd_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiostd_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiostd_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2010\visio\visiovlreg32.reg
c:\program files\kmspico\cert\kmscert2010\visio\visiovlreg64.reg
c:\program files\kmspico\cert\kmscert2010\visio\visiovlregwow.reg
c:\program files\kmspico\cert\kmscert2010\word\wordvlreg32.reg
c:\program files\kmspico\cert\kmscert2010\word\wordvlreg64.reg
c:\program files\kmspico\cert\kmscert2010\word\wordvlregwow.reg
c:\program files\kmspico\cert\kmscert2010\word\word_kms_client.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2010\word\word_kms_client.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2010\word\word_kms_client.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2010\word\word_kms_client.rac_priv.xrm-ms
c:\program files\kmspico\cert\kmscert2010\word\word_kms_client.rac_pub.xrm-ms
c:\program files\kmspico\cert\kmscert2013\licenses.sl.issuance.client_bridge_office.xrm-ms
c:\program files\kmspico\cert\kmscert2013\licenses.sl.issuance.client_root.xrm-ms
c:\program files\kmspico\cert\kmscert2013\licenses.sl.issuance.client_root_bridge_test.xrm-ms
c:\program files\kmspico\cert\kmscert2013\licenses.sl.issuance.client_stil.xrm-ms
c:\program files\kmspico\cert\kmscert2013\licenses.sl.issuance.client_ul.xrm-ms
c:\program files\kmspico\cert\kmscert2013\licenses.sl.issuance.client_ul_oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\pkeyconfig-office.xrm-ms
c:\program files\kmspico\cert\kmscert2013\access\accessvl_kms_client_oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\access\accessvl_kms_client_pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\access\accessvl_kms_client_ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\excel\licensesetdata._f7461d52_7c2b_43b2_8744_ea958e0bd09a.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\excel\licensesetdata._f7461d52_7c2b_43b2_8744_ea958e0bd09a.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\excel\licensesetdata._f7461d52_7c2b_43b2_8744_ea958e0bd09a.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\infopath\licensesetdata._a30b8040_d68a_423f_b0b5_9ce292ea5a8f.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\infopath\licensesetdata._a30b8040_d68a_423f_b0b5_9ce292ea5a8f.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\infopath\licensesetdata._a30b8040_d68a_423f_b0b5_9ce292ea5a8f.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\lync\licensesetdata._1b9f11e3_c85c_4e1b_bb29_879ad2c909e3.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\lync\licensesetdata._1b9f11e3_c85c_4e1b_bb29_879ad2c909e3.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\lync\licensesetdata._1b9f11e3_c85c_4e1b_bb29_879ad2c909e3.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\onenote\licensesetdata._efe1f3e6_aea2_4144_a208_32aa872b6545.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\onenote\licensesetdata._efe1f3e6_aea2_4144_a208_32aa872b6545.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\onenote\licensesetdata._efe1f3e6_aea2_4144_a208_32aa872b6545.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\outlook\licensesetdata._771c3afa_50c5_443f_b151_ff2546d863a0.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\outlook\licensesetdata._771c3afa_50c5_443f_b151_ff2546d863a0.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\outlook\licensesetdata._771c3afa_50c5_443f_b151_ff2546d863a0.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\powerpoint\licensesetdata._8c762649_97d1_4953_ad27_b7e2c25b972e.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\powerpoint\licensesetdata._8c762649_97d1_4953_ad27_b7e2c25b972e.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\powerpoint\licensesetdata._8c762649_97d1_4953_ad27_b7e2c25b972e.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectpro\licensesetdata._4a5d124a_e620_44ba_b6ff_658961b33b9a.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectpro\licensesetdata._4a5d124a_e620_44ba_b6ff_658961b33b9a.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectpro\licensesetdata._4a5d124a_e620_44ba_b6ff_658961b33b9a.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectstd\licensesetdata._427a28d1_d17c_4abf_b717_32c780ba6f07.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectstd\licensesetdata._427a28d1_d17c_4abf_b717_32c780ba6f07.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\projectstd\licensesetdata._427a28d1_d17c_4abf_b717_32c780ba6f07.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\licensesetdata._b322da9c_a2e2_4058_9e4e_f59a6970bd69.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\licensesetdata._b322da9c_a2e2_4058_9e4e_f59a6970bd69.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\licensesetdata._b322da9c_a2e2_4058_9e4e_f59a6970bd69.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\proplus\proplus.reg
c:\program files\kmspico\cert\kmscert2013\publisher\licensesetdata._00c79ff1_6850_443d_bf61_71cde0de305f.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\publisher\licensesetdata._00c79ff1_6850_443d_bf61_71cde0de305f.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\publisher\licensesetdata._00c79ff1_6850_443d_bf61_71cde0de305f.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\standard\licensesetdata._b13afb38_cd79_4ae5_9f7f_eed058d750ca.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\standard\licensesetdata._b13afb38_cd79_4ae5_9f7f_eed058d750ca.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\standard\licensesetdata._b13afb38_cd79_4ae5_9f7f_eed058d750ca.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiopro\licensesetdata._e13ac10e_75d0_4aff_a0cd_764982cf541c.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiopro\licensesetdata._e13ac10e_75d0_4aff_a0cd_764982cf541c.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiopro\licensesetdata._e13ac10e_75d0_4aff_a0cd_764982cf541c.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiopro\visio.reg
c:\program files\kmspico\cert\kmscert2013\visiostd\licensesetdata._ac4efaf0_f81f_4f61_bdf7_ea32b02ab117.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiostd\licensesetdata._ac4efaf0_f81f_4f61_bdf7_ea32b02ab117.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\visiostd\licensesetdata._ac4efaf0_f81f_4f61_bdf7_ea32b02ab117.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2013\word\licensesetdata._d9f5b1c6_5386_495a_88f9_9ad6b41ac9b3.oob.xrm-ms
c:\program files\kmspico\cert\kmscert2013\word\licensesetdata._d9f5b1c6_5386_495a_88f9_9ad6b41ac9b3.pl.xrm-ms
c:\program files\kmspico\cert\kmscert2013\word\licensesetdata._d9f5b1c6_5386_495a_88f9_9ad6b41ac9b3.ppdlic.xrm-ms
c:\program files\kmspico\cert\kmscert2016\client-issuance-bridge-office.xrm-ms
c:\program files\kmspico\cert\kmscert2016\client-issuance-root-bridge-test.xrm-ms
c:\program files\kmspico\cert\kmscert2016\client-issuance-root.xrm-ms
c:\program files\kmspico\cert\kmscert2016\client-issuance-stil.xrm-ms
c:\program files\kmspico\cert\kmscert2016\client-issuance-ul-oob.xrm-ms
c:\program files\kmspico\cert\kmscert2016\client-issuance-ul.xrm-ms
c:\program files\kmspico\cert\kmscert2016\pkeyconfig-office.xrm-ms
c:\program files\kmspico\cert\kmscert2016\access\accessvl_kms_client-ppd.xrm-ms
c:\program files\kmspico\cert\kmscert2016\access\accessvl_kms_client-ul-oob.xrm-ms
c:\program files\kmspico\cert\kmscert2016\access\accessvl_kms_client-ul.xrm-ms
c:\program files\kmspico\cert\kmscert2016\excel\excelvl_kms_client-ppd.xrm-ms
c:\program files\kmspico\cert\kmscert2016\excel\excelvl_kms_client-ul-oob.xrm-ms
c:\program files\kmspico\cert\kmscert2016\excel\excelvl_kms_client-ul.xrm-ms
c:\program files\kmspico\cert\kmscert2016\mondo\mondovl_kms_client-ppd.xrm-ms
c:\program files\kmspico\cert\kmscert2016\mondo\mondovl_kms_client-ul-oob.xrm-ms
c:\program files\kmspico\cert\kmscert2016\mondo\mondovl_kms_client-ul.xrm-ms
c:\program files\kmspico\cert\kmscert2016\onenote\onenotevl_kms_client-ppd.xrm-ms
c:\program files\kmspico\cert\kmscert2016\onenote\onenotevl_kms_client-ul-oob.xrm-ms
c:\program files\kmspico\cert\kmscert2016\onenote\onenotevl_kms_client-ul.xrm-ms
c:\program files\kmspico\cert\kmscert2016\outlook\outlookvl_kms_client-ppd.xrm-ms
c:\program files\kmspico\cert\kmscert2016\outlook\outlookvl_kms_client-ul-oob.xrm-ms
c:\program files\kmspico\cert\kmscert2016\outlook\outlookvl_kms_client-ul.xrm-ms
c:\program files\kmspico\cert\kmscert2016\powerpoint\powerpointvl_kms_client-ppd.xrm-ms
c:\program files\kmspico\cert\kmscert2016\powerpoint\powerpointvl_kms_client-ul-oob.xrm-ms
c:\program files\kmspico\cert\kmscert2016\powerpoint\powerpointvl_kms_client-ul.xrm-ms
c:\program files\kmspico\cert\kmscert2016\projectpro\projectprovl_kms_client-ppd.xrm-ms
c:\program files\kmspico\cert\kmscert2016\projectpro\projectprovl_kms_client-ul-oob.xrm-ms
c:\program files\kmspico\cert\kmscert2016\projectpro\projectprovl_kms_client-ul.xrm-ms
c:\program files\kmspico\cert\kmscert2016\projectstd\projectstdvl_kms_client-ppd.xrm-ms
c:\program files\kmspico\cert\kmscert2016\projectstd\projectstdvl_kms_client-ul-oob.xrm-ms
c:\program files\kmspico\cert\kmscert2016\projectstd\projectstdvl_kms_client-ul.xrm-ms
c:\program files\kmspico\cert\kmscert2016\proplus\proplusvl_kms_client-ppd.xrm-ms
c:\program files\kmspico\cert\kmscert2016\proplus\proplusvl_kms_client-ul-oob.xrm-ms
c:\program files\kmspico\cert\kmscert2016\proplus\proplusvl_kms_client-ul.xrm-ms
c:\program files\kmspico\cert\kmscert2016\publisher\publishervl_kms_client-ppd.xrm-ms
c:\program files\kmspico\cert\kmscert2016\publisher\publishervl_kms_client-ul-oob.xrm-ms
c:\program files\kmspico\cert\kmscert2016\publisher\publishervl_kms_client-ul.xrm-ms
c:\program files\kmspico\cert\kmscert2016\skypeforbusiness\skypeforbusinessvl_kms_client-ppd.xrm-ms
c:\program files\kmspico\cert\kmscert2016\skypeforbusiness\skypeforbusinessvl_kms_client-ul-oob.xrm-ms
c:\program files\kmspico\cert\kmscert2016\skypeforbusiness\skypeforbusinessvl_kms_client-ul.xrm-ms
c:\program files\kmspico\cert\kmscert2016\standard\standardvl_kms_client-ppd.xrm-ms
c:\program files\kmspico\cert\kmscert2016\standard\standardvl_kms_client-ul-oob.xrm-ms
c:\program files\kmspico\cert\kmscert2016\standard\standardvl_kms_client-ul.xrm-ms
c:\program files\kmspico\cert\kmscert2016\visiopro\visioprovl_kms_client-ppd.xrm-ms
c:\program files\kmspico\cert\kmscert2016\visiopro\visioprovl_kms_client-ul-oob.xrm-ms
c:\program files\kmspico\cert\kmscert2016\visiopro\visioprovl_kms_client-ul.xrm-ms
c:\program files\kmspico\cert\kmscert2016\visiostd\visiostdvl_kms_client-ppd.xrm-ms
c:\program files\kmspico\cert\kmscert2016\visiostd\visiostdvl_kms_client-ul-oob.xrm-ms
c:\program files\kmspico\cert\kmscert2016\visiostd\visiostdvl_kms_client-ul.xrm-ms
c:\program files\kmspico\cert\kmscert2016\word\wordvl_kms_client-ppd.xrm-ms
c:\program files\kmspico\cert\kmscert2016\word\wordvl_kms_client-ul-oob.xrm-ms
c:\program files\kmspico\cert\kmscert2016\word\wordvl_kms_client-ul.xrm-ms
c:\program files\kmspico\cert\kmscertw10\pkeyconfig.xrm-ms
c:\program files\kmspico\cert\kmscertw10\core\core-volume-gvlk-1-ul-oob-rtm.xrm-ms
c:\program files\kmspico\cert\kmscertw10\core\core-volume-gvlk-1-ul-rtm.xrm-ms
c:\program files\kmspico\cert\kmscertw10\education\education-volume-gvlk-1-ul-oob-rtm.xrm-ms
c:\program files\kmspico\cert\kmscertw10\education\education-volume-gvlk-1-ul-rtm.xrm-ms
c:\program files\kmspico\cert\kmscertw10\enterprise\enterprise-volume-gvlk-1-ul-oob-rtm.xrm-ms
c:\program files\kmspico\cert\kmscertw10\enterprise\enterprise-volume-gvlk-1-ul-rtm.xrm-ms
c:\program files\kmspico\cert\kmscertw10\enterprises\enterprises-volume-gvlk-1-ul-oob-rtm.xrm-ms
c:\program files\kmspico\cert\kmscertw10\enterprises\enterprises-volume-gvlk-1-ul-rtm.xrm-ms
c:\program files\kmspico\cert\kmscertw10\enterprises\enterprises-volume-gvlk-2-ul-oob.xrm-ms
c:\program files\kmspico\cert\kmscertw10\enterprises\enterprises-volume-gvlk-2-ul.xrm-ms
c:\program files\kmspico\cert\kmscertw10\professional\professional-volume-gvlk-1-ul-oob-rtm.xrm-ms
c:\program files\kmspico\cert\kmscertw10\professional\professional-volume-gvlk-1-ul-rtm.xrm-ms
c:\program files\kmspico\cert\kmscertw6\pkeyconfig.xrm-ms
c:\program files\kmspico\cert\kmscertw6\business\security-licensing-slc-component-sku-business-ul-oob.xrm-ms
c:\program files\kmspico\cert\kmscertw6\business\security-licensing-slc-component-sku-business-ul-phn.xrm-ms
c:\program files\kmspico\cert\kmscertw6\business\security-licensing-slc-component-sku-business-vl-bypass-rac-private.xrm-ms
c:\program files\kmspico\cert\kmscertw6\business\security-licensing-slc-component-sku-business-vl-bypass-rac-public.xrm-ms
c:\program files\kmspico\cert\kmscertw6\business\security-licensing-slc-component-sku-business-vl-bypass-ul-oob.xrm-ms
c:\program files\kmspico\cert\kmscertw6\business\security-licensing-slc-component-sku-business-vl-bypass-ul.xrm-ms
c:\program files\kmspico\cert\kmscertw6\business\security-licensing-slc-component-sku-business-vl-kms-pl.xrm-ms
c:\program files\kmspico\cert\kmscertw6\business\security-licensing-slc-component-sku-business-vl-kms-ul-oob.xrm-ms
c:\program files\kmspico\cert\kmscertw6\business\security-licensing-slc-component-sku-business-vl-kms-ul-phn.xrm-ms
c:\program files\kmspico\cert\kmscertw6\business\security-licensing-slc-component-sku-business-vl-kms1-pl.xrm-ms
c:\program files\kmspico\cert\kmscertw6\business\security-licensing-slc-component-sku-business-vl-kms1-ul-oob.xrm-ms
c:\program files\kmspico\cert\kmscertw6\business\security-licensing-slc-component-sku-business-vl-kms1-ul-phn.xrm-ms
c:\program files\kmspico\cert\kmscertw6\businessn\security-licensing-slc-component-sku-businessn-ul-oob.xrm-ms
c:\program files\kmspico\cert\kmscertw6\businessn\security-licensing-slc-component-sku-businessn-ul-phn.xrm-ms
c:\program files\kmspico\cert\kmscertw6\businessn\security-licensing-slc-component-sku-businessn-vl-bypass-rac-private.xrm-ms
c:\program files\kmspico\cert\kmscertw6\businessn\security-licensing-slc-component-sku-businessn-vl-bypass-rac-public.xrm-ms
c:\program files\kmspico\cert\kmscertw6\businessn\security-licensing-slc-component-sku-businessn-vl-bypass-ul-oob.xrm-ms
c:\program files\kmspico\cert\kmscertw6\businessn\security-licensing-slc-component-sku-businessn-vl-bypass-ul.xrm-ms
c:\program files\kmspico\cert\kmscertw6\businessn\security-licensing-slc-component-sku-businessn-vl-kms-pl.xrm-ms
c:\program files\kmspico\cert\kmscertw6\businessn\security-licensing-slc-component-sku-businessn-vl-kms-ul-oob.xrm-ms
c:\program files\kmspico\cert\kmscertw6\businessn\security-licensing-slc-component-sku-businessn-vl-kms-ul-phn.xrm-ms
c:\program files\kmspico\cert\kmscertw6\businessn\security-licensing-slc-component-sku-businessn-vl-kms1-pl.xrm-ms
c:\program files\kmspico\cert\kmscertw6\businessn\security-licensing-slc-component-sku-businessn-vl-kms1-ul-oob.xrm-ms
c:\program files\kmspico\cert\kmscertw6\businessn\security-licensing-slc-component-sku-businessn-vl-kms1-ul-phn.xrm-ms
c:\program files\kmspico\cert\kmscertw6\enterprise\security-licensing-slc-component-sku-enterprise-ul-oob.xrm-ms
c:\program files\kmspico\cert\kmscertw6\enterprise\security-licensing-slc-component-sku-enterprise-ul-phn.xrm-ms
c:\program files\kmspico\cert\kmscertw6\enterprise\security-licensing-slc-component-sku-enterprise-vl-bypass-rac-private.xrm-ms
c:\program files\kmspico\cert\kmscertw6\enterprise\security-licensing-slc-component-sku-enterprise-vl-bypass-rac-public.xrm-ms
c:\program files\kmspico\cert\kmscertw6\enterprise\security-licensing-slc-component-sku-enterprise-vl-bypass-ul-oob.xrm-ms
c:\program files\kmspico\cert\kmscertw6\enterprise\security-licensing-slc-component-sku-enterprise-vl-bypass-ul.xrm-ms
c:\program files\kmspico\cert\kmscertw6\enterprise\security-licensing-slc-component-sku-enterprise-vl-kms-pl.xrm-ms
c:\program files\kmspico\cert\kmscertw6\enterprise\security-licensing-slc-component-sku-enterprise-vl-kms-ul-oob.xrm-ms
c:\program files\kmspico\cert\kmscertw6\enterprise\security-licensing-slc-component-sku-enterprise-vl-kms-ul-phn.xrm-ms
c:\program files\kmspico\cert\kmscertw6\enterprise\security-licensing-slc-component-sku-enterprise-vl-kms1-pl.xrm-ms
c:\program files\kmspico\cert\kmscertw6\enterprise\security-licensing-slc-component-sku-enterprise-vl-kms1-ul-oob.xrm-ms
c:\program files\kmspico\cert\kmscertw6\enterprise\security-licensing-slc-component-sku-enterprise-vl-kms1-ul-phn.xrm-ms
c:\program files\kmspico\cert\kmscertw7\embedded\pkeyconfig-embedded.xrm-ms
c:\program files\kmspico\cert\kmscertw7\embedded\security-spp-component-sku-embedded-pl.xrm-ms
c:\program files\kmspico\cert\kmscertw7\embedded\security-spp-component-sku-embedded-ul-oob.xrm-ms
c:\program files\kmspico\cert\kmscertw7\embedded\security-spp-component-sku-embedded-ul-phn.xrm-ms
c:\program files\kmspico\cert\kmscertw7\embedded\security-spp-component-sku-embedded-vlba-ul-oob.xrm-ms
c:\program files\kmspico\cert\kmscertw7\embedded\security-spp-component-sku-embedded-vlba-ul.xrm-ms
c:\program files\kmspico\cert\kmscertw7\professional\pkeyconfig.xrm-ms
c:\program files\kmspico\cert\kmscertw7\professional\security-spp-component-sku-professional-ul-oob.xrm-ms
c:\program files\kmspico\cert\kmscertw7\professional\security-spp-component-sku-professional-ul-phn.xrm-ms
c:\program files\kmspico\cert\kmscertw7\professional\security-spp-component-sku-professional-vl-bypass-rac-private.xrm-ms
c:\program files\kmspico\cert\kmscertw7\professional\security-spp-component-sku-professional-vl-bypass-rac-public.xrm-ms
c:\program files\kmspico\cert\kmscertw7\professional\security-spp-component-sku-professional-vl-bypass-ul-oob.xrm-ms
c:\program files\kmspico\cert\kmscertw7\professional\security-spp-component-sku-professional-vl-bypass-ul.xrm-ms
c:\program files\kmspico\cert\kmscertw7\professional\security-spp-component-sku-professional-vlkms1-pl.xrm-ms
c:\program files\kmspico\cert\kmscertw7\professional\security-spp-component-sku-professional-vlkms1-ul-oob.xrm-ms
c:\program files\kmspico\cert\kmscertw7\professional\security-spp-component-sku-professional-vlkms1-ul-phn.xrm-ms
c:\program files\kmspico\cert\kmscertw8\pkeyconfig.xrm-ms
c:\program files\kmspico\cert\kmscertw8\core\core-volume-gvlk-1-ul-oob-rtm.xrm-ms
c:\program files\kmspico\cert\kmscertw8\core\core-volume-gvlk-1-ul-rtm.xrm-ms
c:\program files\kmspico\cert\kmscertw8\coren\coren-volume-gvlk-1-ul-oob-rtm.xrm-ms
c:\program files\kmspico\cert\kmscertw8\coren\coren-volume-gvlk-1-ul-rtm.xrm-ms
c:\program files\kmspico\cert\kmscertw8\coresinglelanguage\coresinglelanguage-volume-gvlk-1-ul-oob-rtm.xrm-ms
c:\program files\kmspico\cert\kmscertw8\coresinglelanguage\coresinglelanguage-volume-gvlk-1-ul-rtm.xrm-ms
c:\program files\kmspico\cert\kmscertw8\enterprise\enterprise-volume-gvlk-1-ul-oob-rtm.xrm-ms
c:\program files\kmspico\cert\kmscertw8\enterprise\enterprise-volume-gvlk-1-ul-rtm.xrm-ms
c:\program files\kmspico\cert\kmscertw8\enterprisen\enterprisen-volume-gvlk-1-ul-oob-rtm.xrm-ms
c:\program files\kmspico\cert\kmscertw8\enterprisen\enterprisen-volume-gvlk-1-ul-rtm.xrm-ms
c:\program files\kmspico\cert\kmscertw8\professional\professional-volume-gvlk-1-ul-oob-rtm.xrm-ms
c:\program files\kmspico\cert\kmscertw8\professional\professional-volume-gvlk-1-ul-rtm.xrm-ms
c:\program files\kmspico\cert\kmscertw8\professionaln\professionaln-volume-gvlk-1-ul-oob-rtm.xrm-ms
c:\program files\kmspico\cert\kmscertw8\professionaln\professionaln-volume-gvlk-1-ul-rtm.xrm-ms
c:\program files\kmspico\cert\kmscertw8\professionalwmc\professionalwmc-volume-gvlk-1-ul-oob-rtm.xrm-ms
c:\program files\kmspico\cert\kmscertw8\professionalwmc\professionalwmc-volume-gvlk-1-ul-rtm.xrm-ms
c:\program files\kmspico\cert\kmscertw81\pkeyconfig.xrm-ms
c:\program files\kmspico\cert\kmscertw81\core\core-volume-gvlk-1-ul-oob-rtm.xrm-ms
c:\program files\kmspico\cert\kmscertw81\core\core-volume-gvlk-1-ul-rtm.xrm-ms
c:\program files\kmspico\cert\kmscertw81\coreconnectedsinglelanguage\coreconnectedsinglelanguage-volume-gvlk-1-ul-oob-rtm.xrm-ms
c:\program files\kmspico\cert\kmscertw81\coreconnectedsinglelanguage\coreconnectedsinglelanguage-volume-gvlk-1-ul-rtm.xrm-ms
c:\program files\kmspico\cert\kmscertw81\embeddedindustry\embeddedindustry-volume-gvlk-1-ul-oob-rtm.xrm-ms
c:\program files\kmspico\cert\kmscertw81\embeddedindustry\embeddedindustry-volume-gvlk-1-ul-rtm.xrm-ms
c:\program files\kmspico\cert\kmscertw81\enterprise\enterprise-volume-gvlk-1-ul-oob-rtm.xrm-ms
c:\program files\kmspico\cert\kmscertw81\enterprise\enterprise-volume-gvlk-1-ul-rtm.xrm-ms
c:\program files\kmspico\cert\kmscertw81\professional\professional-volume-gvlk-1-ul-oob-rtm.xrm-ms
c:\program files\kmspico\cert\kmscertw81\professional\professional-volume-gvlk-1-ul-rtm.xrm-ms
c:\program files\kmspico\cert\kmscertw81\professionalwmc\professionalwmc-volume-gvlk-1-ul-oob-rtm.xrm-ms
c:\program files\kmspico\cert\kmscertw81\professionalwmc\professionalwmc-volume-gvlk-1-ul-rtm.xrm-ms
c:\program files\kmspico\cert\kmscertw81\serverdatacenter\serverdatacenter-volume-gvlk-1-ul-oob-rtm.xrm-ms
c:\program files\kmspico\cert\kmscertw81\serverdatacenter\serverdatacenter-volume-gvlk-1-ul-rtm.xrm-ms
c:\program files\kmspico\cert\kmscertw81\serverstandard\serverstandard-volume-gvlk-1-ul-oob-rtm.xrm-ms
c:\program files\kmspico\cert\kmscertw81\serverstandard\serverstandard-volume-gvlk-1-ul-rtm.xrm-ms
c:\program files\kmspico\driver\cert.cmd
c:\program files\kmspico\driver\certeldi.pfx
c:\program files\kmspico\driver\openvpn.cer
c:\program files\kmspico\driver\tap-windows-9.21.0.exe
c:\program files\kmspico\driver\uninstalldriver.cmd
c:\program files\kmspico\icons\error.png
c:\program files\kmspico\icons\information.png
c:\program files\kmspico\icons\question.png
c:\program files\kmspico\icons\warning.png
c:\program files\kmspico\logs\autopico.log
c:\program files\kmspico\logs\kmseldi.log
c:\program files\kmspico\logs\service_kms.log
c:\program files\kmspico\scripts\addexceptionswd.reg
c:\program files\kmspico\scripts\addexceptions_defender.cmd
c:\program files\kmspico\scripts\disablesmartscreen.reg
c:\program files\kmspico\scripts\enablesmartscreen.cmd
c:\program files\kmspico\scripts\enablesmartscreen.reg
c:\program files\kmspico\scripts\log.cmd
c:\program files\kmspico\scripts\removeexceptionswd.reg
c:\program files\kmspico\scripts\restore_watermark.cmd
c:\program files\kmspico\scripts\silent.cmd
c:\program files\kmspico\sounds\affirmative.mp3
c:\program files\kmspico\sounds\begin.mp3
c:\program files\kmspico\sounds\complete.mp3
c:\program files\kmspico\sounds\diagnostic.mp3
c:\program files\kmspico\sounds\enterauthorizationcode.mp3
c:\program files\kmspico\sounds\incomingtransmission.mp3
c:\program files\kmspico\sounds\inputfailed.mp3
c:\program files\kmspico\sounds\inputok.mp3
c:\program files\kmspico\sounds\processing.mp3
c:\program files\kmspico\sounds\transfer.mp3
c:\program files\kmspico\sounds\verified.mp3
c:\program files\kmspico\sounds\warning.mp3
c:\program files\kmspico\tokensbackup\keys.txt
c:\program files\kmspico\tokensbackup\office\tokens.dat
c:\program files\kmspico\tokensbackup\office\cache\cache.dat
c:\program files\kmspico\tokensbackup\windows\data.dat
c:\program files\kmspico\tokensbackup\windows\pkeyconfig.xrm-ms
c:\program files\kmspico\tokensbackup\windows\tokens.dat
c:\program files\kmspico\tokensbackup\windows\cache\cache.dat
c:\program files (x86)\adobe\adobe flash catalyst cs5\plugins\com.adobe.thermo.core_1.0.0.273393\com\adobe\thermo\undo\thermoundosystem$undoabledocumentchangecracker.class
scanner sequence 3.ZZ.11.CXAPLZ
 ----- EOF ----- 
 
 
 
 
 
 
FRST - 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-01-2017
Ran by bruce (administrator) on ASUSP50IJ-PC (15-01-2017 15:51:45)
Running from C:\Users\bruce\Desktop
Loaded Profiles: bruce (Available Profiles: bruce)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
() C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_15_6\mcapexe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\2.3.253.0\McCSPServiceHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
() C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(SanDisk Corporation) C:\Users\bruce\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
(Dropbox, Inc.) C:\Users\bruce\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(ASUS) C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.474\SSScheduler.exe
(Dropbox, Inc.) C:\Users\bruce\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Intel Security) C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242696 2015-10-07] (ELAN Microelectronics Corp.)
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [3242696 2015-10-07] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-11-01] (Apple Inc.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-06] (Microsoft Corporation)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [6859392 2009-08-17] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [170624 2009-08-19] (ASUS)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2244096 2009-07-13] (VIA)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [Google Desktop Search] => C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [30192 2011-02-24] (Google)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-10-05] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595992 2016-05-20] (Oracle Corporation)
HKU\S-1-5-21-3677484834-1582494324-1908912837-1000\...\Run: [SansaDispatch] => C:\Users\bruce\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [1465616 2014-07-19] (SanDisk Corporation)
HKU\S-1-5-21-3677484834-1582494324-1908912837-1000\...\Run: [Dropbox Update] => C:\Users\bruce\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-16] (Dropbox, Inc.)
HKU\S-1-5-21-3677484834-1582494324-1908912837-1000\...\Run: [GoogleChromeAutoLaunch_2826B3ABEE4F5A7A466A806D64AA8669] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [935768 2016-12-08] (Google Inc.)
HKU\S-1-5-21-3677484834-1582494324-1908912837-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23818360 2016-11-30] (Google)
HKU\S-1-5-21-3677484834-1582494324-1908912837-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9288408 2016-12-06] (Piriform Ltd)
HKU\S-1-5-21-3677484834-1582494324-1908912837-1000\...\RunOnce: [Uninstall C:\Users\bruce\AppData\Local\Microsoft\OneDrive\17.3.6386.0412_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\bruce\AppData\Local\Microsoft\OneDrive\17.3.6386.0412_1\amd64"
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\bruce\AppData\Roaming\Dropbox\bin\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\bruce\AppData\Roaming\Dropbox\bin\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\bruce\AppData\Roaming\Dropbox\bin\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\bruce\AppData\Roaming\Dropbox\bin\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\bruce\AppData\Roaming\Dropbox\bin\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\bruce\AppData\Roaming\Dropbox\bin\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\bruce\AppData\Roaming\Dropbox\bin\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\bruce\AppData\Roaming\Dropbox\bin\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install SafeKey IE RunOnce.lnk [2015-01-08]
ShortcutTarget: Install SafeKey IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (McAfee)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-12-20]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.474\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\bruce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2017-01-10]
ShortcutTarget: Dropbox.lnk -> C:\Users\bruce\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1bf3c3fa-a7d3-4900-aa5b-f67749e86fa7}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{42e3064b-4e27-4187-b672-396de0cfc114}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{4864f3a4-c147-45d5-a397-742ced98cc9e}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3677484834-1582494324-1908912837-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3677484834-1582494324-1908912837-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/
HKU\S-1-5-21-3677484834-1582494324-1908912837-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKU\S-1-5-21-3677484834-1582494324-1908912837-1000 -> DefaultScope {E293979B-493B-4AFB-B85B-9FAD1FA239A9} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US0D20150108&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3677484834-1582494324-1908912837-1000 -> {70D46D94-BF1E-45ED-B567-48701376298E} URL = hxxp://127.0.0.1:4664/search&s=EKBJ-9xRDQ5tzhbdkvSjuPSXCyQ?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3677484834-1582494324-1908912837-1000 -> {E293979B-493B-4AFB-B85B-9FAD1FA239A9} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US0D20150108&p={searchTerms}
BHO: McAfee SafeKey Vault -> {9DB059B3-DD36-4a55-846C-59BE42A1202A} -> C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll [2015-01-08] (McAfee)
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-01-09] (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-06-27] (Oracle Corporation)
BHO-x32: McAfee SafeKey Vault -> {9DB059B3-DD36-4a55-846C-59BE42A1202A} -> C:\Program Files (x86)\SafeKey\LPToolbar.dll [2015-01-08] (McAfee)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-01-09] (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-27] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM - McAfee SafeKey - {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll [2015-01-08] (McAfee)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - McAfee SafeKey - {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar.dll [2015-01-08] (McAfee)
Toolbar: HKU\S-1-5-21-3677484834-1582494324-1908912837-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-01-09] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-01-09] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-01-09] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-01-09] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2016-12-21] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2016-12-21] (McAfee, Inc.)
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-01-14]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2017-01-12] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-10] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-12-21] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-10] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-27] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-12-21] ()
FF Plugin-x32: @mcafee.com/MVT -> C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll [2014-12-08] (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=1.1.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default [2017-01-15]
CHR Extension: (McAfee SafeKey) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\agbnjankikoaabjkmfbaceggjliabkbn [2017-01-13]
CHR Extension: (Google Docs) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-13]
CHR Extension: (Google Drive) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-13]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2017-01-13]
CHR Extension: (Google Docs Offline) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-13]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-01-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-13]
CHR Extension: (Gmail) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-13]
CHR Extension: (Chrome Media Router) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-13]
CHR Profile: C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default backup [2017-01-14] <==== ATTENTION
CHR Extension: (Google Drive) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default backup\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-14]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default backup\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2016-11-25]
CHR Extension: (Full Screen Weather) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default backup\Extensions\fkkaebihfmbofclegkcfkkemepfehibg [2015-05-12]
CHR Extension: (Google Docs Offline) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default backup\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default backup\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-02-14]
CHR Extension: (EasyDocMerge) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default backup\Extensions\mabloidgodmbnmnhoenmhlcjkfelomgp [2016-09-30]
CHR Extension: (Plants vs Zombies) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default backup\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina [2012-12-23]
CHR Extension: (RadioRage) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default backup\Extensions\nmhnimmlenjeaagdfpheikljicikpgjj [2016-10-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default backup\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Chrome Media Router) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default backup\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-15]
CHR Extension: (Canvas Rider) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default backup\Extensions\poknhlcknimnnbfcombaooklofipaibk [2015-05-09]
CHR Profile: C:\Users\bruce\AppData\Local\Google\Chrome\User Data\System Profile [2017-01-14]
CHR Extension: (Google Slides) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-10]
CHR Extension: (McAfee SafeKey) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\agbnjankikoaabjkmfbaceggjliabkbn [2015-07-10]
CHR Extension: (Google Docs) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-10]
CHR Extension: (Google Drive) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-10]
CHR Extension: (YouTube) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-10]
CHR Extension: (Google Search) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-10]
CHR Extension: (Google Sheets) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-10]
CHR Extension: (SiteAdvisor) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-07-10]
CHR Extension: (Mapit 1) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\jbkceikmmebhmgcjiemejoaeholbnnjl [2015-07-10] [UpdateUrl: hxxp://autoupdate.chromewebtb.conduit-services.com/sb/?productId=CT3008660&extensionData=\u003Cextension_data>] <==== ATTENTION
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-10]
CHR Extension: (Google Wallet) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-10]
CHR Extension: (Gmail) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-10]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-06-20]
CHR HKU\S-1-5-21-3677484834-1582494324-1908912837-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\bruce\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2016-02-14]
CHR HKU\S-1-5-21-3677484834-1582494324-1908912837-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jbkceikmmebhmgcjiemejoaeholbnnjl] - C:\Users\bruce\AppData\Local\CRE\jbkceikmmebhmgcjiemejoaeholbnnjl.crx <not found>
CHR HKU\S-1-5-21-3677484834-1582494324-1908912837-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [agbnjankikoaabjkmfbaceggjliabkbn] - C:\Program Files (x86)\SafeKey\lpchrome.crx [2014-11-29]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-06-20]
CHR HKLM-x32\...\Chrome\Extension: [jbkceikmmebhmgcjiemejoaeholbnnjl] - C:\Users\bruce\AppData\Local\CRE\jbkceikmmebhmgcjiemejoaeholbnnjl.crx <not found>
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () [File not signed]
R3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1701840 2016-12-08] (Intel Security)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [144072 2015-10-07] (ELAN Microelectronics Corp.)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2011-02-24] (Macrovision Europe Ltd.) [File not signed]
R2 FlipShare Service; C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe [460144 2011-05-06] ()
R2 FlipShareServer; C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [1085440 2011-05-06] () [File not signed]
S3 GoogleDesktopManager-051210-111108; C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [30192 2011-02-24] (Google)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [188352 2017-01-09] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_6\McApExe.exe [989632 2016-12-06] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.474\McCHSvc.exe [329480 2016-12-14] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.3.253.0\\McCSPServiceHost.exe [2053568 2016-11-16] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [1342904 2016-12-15] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [241040 2016-11-14] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [383032 2016-11-14] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [342768 2016-11-14] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1465840 2016-12-22] (McAfee, Inc.)
S3 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1104304 2016-11-15] (Intel Security, Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)
R2 VIAKaraokeService; C:\WINDOWS\system32\viakaraokesrv.exe [36504 2015-06-22] (VIA Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [88456 2016-11-18] (McAfee, Inc.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [216704 2016-08-02] (McAfee, Inc.)
R3 kbfiltr; C:\WINDOWS\System32\drivers\kbfiltr.sys [15416 2009-07-20] ( )
R2 McPvDrv; C:\WINDOWS\system32\drivers\McPvDrv.sys [87928 2016-08-01] (McAfee, Inc.)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [484576 2016-11-18] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [366320 2016-11-18] (McAfee, Inc.)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [85048 2016-11-18] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [518184 2016-11-18] (McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [916432 2016-11-18] (McAfee, Inc.)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [498152 2016-10-24] (McAfee, Inc.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [109336 2016-10-24] (McAfee, Inc.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [110248 2016-11-18] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [254800 2016-11-18] (McAfee, Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
U3 idsvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-15 15:51 - 2017-01-15 15:53 - 00032680 _____ C:\Users\bruce\Desktop\FRST.txt
2017-01-15 15:51 - 2017-01-15 15:51 - 00000000 ____D C:\Users\bruce\Desktop\FRST-OlderVersion
2017-01-15 15:36 - 2017-01-15 15:51 - 02419200 _____ (Farbar) C:\Users\bruce\Desktop\FRST64.exe
2017-01-15 15:36 - 2017-01-15 15:11 - 00468480 _____ () C:\Users\bruce\Desktop\CKScanner.exe
2017-01-14 09:52 - 2017-01-14 10:02 - 00000000 ____D C:\WINDOWS\Minidump
2017-01-11 21:21 - 2016-12-21 02:43 - 04130440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-01-11 21:21 - 2016-12-21 02:43 - 01454504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2017-01-11 21:21 - 2016-12-21 02:43 - 01071736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-01-11 21:21 - 2016-12-21 02:42 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-01-11 21:21 - 2016-12-21 02:42 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-01-11 21:21 - 2016-12-21 02:42 - 01300600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-01-11 21:21 - 2016-12-21 02:41 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-01-11 21:21 - 2016-12-21 02:08 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2017-01-11 21:21 - 2016-12-21 02:06 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-01-11 21:21 - 2016-12-21 01:59 - 00883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-01-11 21:21 - 2016-12-21 01:56 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-01-11 21:21 - 2016-12-21 01:53 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-01-11 21:21 - 2016-12-21 01:51 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-01-11 21:21 - 2016-12-21 01:51 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-01-11 21:21 - 2016-12-21 00:59 - 00218976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2017-01-11 21:21 - 2016-12-21 00:09 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2017-01-11 21:21 - 2016-12-20 23:43 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-01-11 21:21 - 2016-12-20 23:41 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2017-01-11 21:21 - 2016-12-20 23:40 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-01-11 21:21 - 2016-12-20 23:40 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-01-11 21:21 - 2016-12-20 23:39 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-01-11 21:21 - 2016-12-20 23:38 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2017-01-11 21:21 - 2016-12-20 23:22 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-01-11 21:21 - 2016-12-14 00:41 - 01235296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-01-11 21:21 - 2016-12-13 23:48 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-01-11 21:21 - 2016-12-13 23:38 - 17188864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-01-11 21:21 - 2016-12-13 23:38 - 00213504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll
2017-01-11 21:21 - 2016-12-13 23:24 - 01005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2017-01-11 21:21 - 2016-12-13 23:24 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-01-11 21:21 - 2016-12-13 23:23 - 03134976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2017-01-11 21:21 - 2016-12-13 23:22 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-01-11 21:20 - 2016-12-21 03:08 - 00245600 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2017-01-11 21:20 - 2016-12-21 03:08 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-01-11 21:20 - 2016-12-21 03:04 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-01-11 21:20 - 2016-12-21 02:49 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-01-11 21:20 - 2016-12-21 02:46 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-01-11 21:20 - 2016-12-21 02:43 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-01-11 21:20 - 2016-12-21 02:42 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-01-11 21:20 - 2016-12-21 02:37 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-01-11 21:20 - 2016-12-21 02:15 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-01-11 21:20 - 2016-12-21 02:14 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2017-01-11 21:20 - 2016-12-21 02:09 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
2017-01-11 21:20 - 2016-12-21 02:09 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2017-01-11 21:20 - 2016-12-21 02:08 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-01-11 21:20 - 2016-12-21 02:08 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-01-11 21:20 - 2016-12-21 02:08 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-01-11 21:20 - 2016-12-21 02:07 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-01-11 21:20 - 2016-12-21 02:06 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-01-11 21:20 - 2016-12-21 02:06 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-01-11 21:20 - 2016-12-21 02:06 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-01-11 21:20 - 2016-12-21 02:05 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-01-11 21:20 - 2016-12-21 02:05 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-01-11 21:20 - 2016-12-21 02:05 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2017-01-11 21:20 - 2016-12-21 02:01 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-01-11 21:20 - 2016-12-21 02:00 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2017-01-11 21:20 - 2016-12-21 01:59 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-01-11 21:20 - 2016-12-21 01:58 - 23678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-01-11 21:20 - 2016-12-21 01:57 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsettingsprovider.dll
2017-01-11 21:20 - 2016-12-21 01:56 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2017-01-11 21:20 - 2016-12-21 01:55 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-01-11 21:20 - 2016-12-21 01:55 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-01-11 21:20 - 2016-12-21 01:54 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2017-01-11 21:20 - 2016-12-21 01:53 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-01-11 21:20 - 2016-12-21 01:50 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-01-11 21:20 - 2016-12-21 01:49 - 04149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-01-11 21:20 - 2016-12-21 01:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-01-11 21:20 - 2016-12-21 01:49 - 01062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-01-11 21:20 - 2016-12-21 01:47 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-01-11 21:20 - 2016-12-21 00:02 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-01-11 21:20 - 2016-12-21 00:02 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-01-11 21:20 - 2016-12-21 00:02 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-01-11 21:20 - 2016-12-21 00:02 - 01277344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-01-11 21:20 - 2016-12-21 00:02 - 01201872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-01-11 21:20 - 2016-12-21 00:02 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-01-11 21:20 - 2016-12-21 00:01 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-01-11 21:20 - 2016-12-20 23:46 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2017-01-11 21:20 - 2016-12-20 23:41 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-01-11 21:20 - 2016-12-20 23:40 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2017-01-11 21:20 - 2016-12-20 23:40 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-01-11 21:20 - 2016-12-20 23:39 - 01300480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-01-11 21:20 - 2016-12-20 23:35 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-01-11 21:20 - 2016-12-20 23:35 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2017-01-11 21:20 - 2016-12-20 23:34 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-01-11 21:20 - 2016-12-20 23:33 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-01-11 21:20 - 2016-12-20 23:32 - 19417600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-01-11 21:20 - 2016-12-20 23:30 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2017-01-11 21:20 - 2016-12-20 23:30 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-01-11 21:20 - 2016-12-20 23:27 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-01-11 21:20 - 2016-12-20 23:26 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2017-01-11 21:20 - 2016-12-20 23:25 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-01-11 21:20 - 2016-12-20 23:25 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-01-11 21:20 - 2016-12-20 23:24 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-01-11 21:20 - 2016-12-14 00:41 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-01-11 21:20 - 2016-12-14 00:34 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2017-01-11 21:20 - 2016-12-14 00:33 - 02169184 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2017-01-11 21:20 - 2016-12-14 00:33 - 01669984 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2017-01-11 21:20 - 2016-12-14 00:33 - 01400160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-01-11 21:20 - 2016-12-14 00:33 - 01356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2017-01-11 21:20 - 2016-12-14 00:33 - 01054048 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll
2017-01-11 21:20 - 2016-12-14 00:33 - 00992096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll
2017-01-11 21:20 - 2016-12-14 00:33 - 00822624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2017-01-11 21:20 - 2016-12-14 00:33 - 00813408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2017-01-11 21:20 - 2016-12-14 00:33 - 00779616 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2017-01-11 21:20 - 2016-12-14 00:33 - 00752992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2017-01-11 21:20 - 2016-12-14 00:33 - 00704352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-01-11 21:20 - 2016-12-14 00:33 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2017-01-11 21:20 - 2016-12-14 00:33 - 00571744 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2017-01-11 21:20 - 2016-12-14 00:33 - 00513376 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2017-01-11 21:20 - 2016-12-14 00:33 - 00406368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2017-01-11 21:20 - 2016-12-14 00:33 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe
2017-01-11 21:20 - 2016-12-14 00:33 - 00190816 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVDllSurrogate.exe
2017-01-11 21:20 - 2016-12-14 00:23 - 00404832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-01-11 21:20 - 2016-12-14 00:21 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2017-01-11 21:20 - 2016-12-14 00:19 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-01-11 21:20 - 2016-12-14 00:18 - 00715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-01-11 21:20 - 2016-12-14 00:18 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2017-01-11 21:20 - 2016-12-14 00:17 - 00319288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2017-01-11 21:20 - 2016-12-14 00:14 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-01-11 21:20 - 2016-12-14 00:14 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2017-01-11 21:20 - 2016-12-14 00:14 - 00089416 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2017-01-11 21:20 - 2016-12-14 00:01 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-01-11 21:20 - 2016-12-14 00:01 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2017-01-11 21:20 - 2016-12-14 00:01 - 00076984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2017-01-11 21:20 - 2016-12-13 23:46 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-01-11 21:20 - 2016-12-13 23:46 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-01-11 21:20 - 2016-12-13 23:43 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-01-11 21:20 - 2016-12-13 23:42 - 00352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-01-11 21:20 - 2016-12-13 23:42 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2017-01-11 21:20 - 2016-12-13 23:42 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-11 21:20 - 2016-12-13 23:42 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2017-01-11 21:20 - 2016-12-13 23:41 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-01-11 21:20 - 2016-12-13 23:40 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-01-11 21:20 - 2016-12-13 23:40 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-01-11 21:20 - 2016-12-13 23:40 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-01-11 21:20 - 2016-12-13 23:39 - 00837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-01-11 21:20 - 2016-12-13 23:39 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-01-11 21:20 - 2016-12-13 23:39 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.CredDialogController.dll
2017-01-11 21:20 - 2016-12-13 23:38 - 13869056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-01-11 21:20 - 2016-12-13 23:38 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-01-11 21:20 - 2016-12-13 23:37 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-01-11 21:20 - 2016-12-13 23:36 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-01-11 21:20 - 2016-12-13 23:36 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-01-11 21:20 - 2016-12-13 23:36 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-01-11 21:20 - 2016-12-13 23:35 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-01-11 21:20 - 2016-12-13 23:35 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-01-11 21:20 - 2016-12-13 23:35 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2017-01-11 21:20 - 2016-12-13 23:35 - 00553984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
2017-01-11 21:20 - 2016-12-13 23:32 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2017-01-11 21:20 - 2016-12-13 23:26 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-01-11 21:20 - 2016-12-13 23:26 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-01-11 21:20 - 2016-12-13 23:25 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2017-01-11 21:20 - 2016-12-13 23:23 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-01-11 21:20 - 2016-12-13 23:22 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2017-01-11 21:20 - 2016-12-13 23:22 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-01-11 21:20 - 2016-12-13 23:22 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-01-11 21:20 - 2016-12-13 23:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-01-11 21:20 - 2016-11-02 07:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-01-11 21:20 - 2016-11-02 06:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-01-11 21:20 - 2016-11-02 05:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-01-11 21:20 - 2016-11-02 05:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-01-11 21:20 - 2016-11-02 05:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-01-11 21:20 - 2016-08-01 23:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-01-11 21:19 - 2016-12-21 02:42 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-01-11 21:19 - 2016-12-21 02:13 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2017-01-11 21:19 - 2016-12-21 02:12 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2017-01-11 21:19 - 2016-12-21 02:10 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2017-01-11 21:19 - 2016-12-21 02:08 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-01-11 21:19 - 2016-12-21 02:08 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-01-11 21:19 - 2016-12-21 01:53 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-01-11 21:19 - 2016-12-21 01:51 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-01-11 21:19 - 2016-12-20 23:24 - 05061120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-01-11 21:19 - 2016-12-20 23:24 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-01-11 21:19 - 2016-12-20 23:24 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-01-11 21:19 - 2016-12-20 23:22 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-01-11 21:19 - 2016-12-14 00:26 - 01469792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2017-01-11 21:19 - 2016-12-14 00:08 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-01-11 21:19 - 2016-12-14 00:06 - 00509792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-01-11 21:19 - 2016-12-13 23:45 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-01-11 21:19 - 2016-12-13 23:40 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2017-01-11 21:19 - 2016-12-13 23:40 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-11 21:19 - 2016-12-13 23:32 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2017-01-11 21:19 - 2016-12-13 23:22 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-01-11 21:19 - 2016-12-13 23:22 - 00707584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-01-10 13:37 - 2017-01-10 13:37 - 00000000 ____D C:\Users\bruce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-12-24 08:27 - 2016-12-24 08:27 - 00179835 _____ C:\Users\bruce\Downloads\document (2).pdf
2016-12-20 14:21 - 2016-12-20 14:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2016-12-19 08:13 - 2016-12-19 08:13 - 00586870 _____ C:\Users\bruce\Downloads\12-16-2016.pdf
2016-12-18 09:38 - 2016-12-18 09:38 - 00911797 _____ C:\Users\bruce\Downloads\download.pdf
2016-12-16 19:04 - 2016-12-16 19:04 - 01429621 _____ C:\Users\bruce\Downloads\12-13-2016 (1).pdf
2016-12-16 18:56 - 2016-12-16 18:56 - 00067990 _____ C:\Users\bruce\Downloads\100051389748-095335007703-.PDF
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-15 15:51 - 2016-02-15 11:43 - 00000000 ____D C:\FRST
2017-01-15 15:50 - 2016-09-18 11:28 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-01-15 14:07 - 2016-10-29 09:13 - 00004034 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2017-01-15 08:27 - 2014-12-04 17:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2017-01-15 07:56 - 2016-07-16 06:45 - 00000000 ____D C:\WINDOWS\INF
2017-01-15 07:54 - 2016-02-14 19:19 - 00000000 ___RD C:\Users\bruce\Google Drive
2017-01-15 07:51 - 2015-01-08 17:58 - 00000000 ____D C:\Program Files (x86)\McAfee
2017-01-15 07:50 - 2016-09-18 11:55 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-15 07:49 - 2016-07-16 01:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-01-15 07:40 - 2016-07-16 01:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-01-14 22:27 - 2016-09-19 18:10 - 00004222 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
2017-01-14 11:55 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-01-14 09:53 - 2016-09-18 11:34 - 00000000 ____D C:\Users\bruce
2017-01-13 18:19 - 2016-02-16 19:19 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-01-13 18:01 - 2016-02-15 13:58 - 00000000 ____D C:\Program Files\KMSpico
2017-01-13 15:06 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\rescache
2017-01-13 11:08 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-13 10:58 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-01-13 10:58 - 2011-02-21 18:51 - 00485032 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-01-12 19:13 - 2016-02-15 13:19 - 01232530 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-12 15:27 - 2016-02-15 13:25 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-01-12 15:21 - 2016-09-18 11:27 - 04855896 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-01-12 15:19 - 2016-07-16 06:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-01-12 15:19 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-01-12 15:19 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-01-12 15:19 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-01-12 15:19 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\Provisioning
2017-01-12 15:19 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-01-12 15:11 - 2015-01-08 17:49 - 00000000 ____D C:\ProgramData\McAfee
2017-01-12 15:09 - 2013-02-23 10:48 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-01-11 22:04 - 2015-01-08 17:50 - 00000000 ____D C:\Program Files\Common Files\McAfee
2017-01-11 22:02 - 2016-07-16 06:47 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2017-01-11 22:00 - 2016-09-18 11:55 - 00003126 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon
2017-01-11 22:00 - 2016-09-18 11:55 - 00000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2017-01-11 21:48 - 2013-08-16 17:17 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-01-11 21:40 - 2016-07-16 06:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-11 21:40 - 2011-02-24 13:58 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-01-10 14:18 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-01-10 14:18 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-01-10 13:37 - 2012-02-21 12:23 - 00000000 ____D C:\Users\bruce\AppData\Roaming\Dropbox
2016-12-31 12:51 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-12-30 20:58 - 2011-06-18 13:27 - 00000000 ____D C:\Users\bruce\AppData\Local\Diagnostics
2016-12-22 18:13 - 2016-07-16 06:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-12-22 18:13 - 2016-07-16 06:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-22 17:56 - 2016-09-18 11:34 - 00524288 ___SH C:\Users\bruce\NTUSER.DAT{16bdf58d-7dc5-11e6-a2c8-cc0d12853275}.TMContainer00000000000000000002.regtrans-ms
2016-12-22 17:56 - 2016-09-18 11:34 - 00065536 ___SH C:\Users\bruce\NTUSER.DAT{16bdf58d-7dc5-11e6-a2c8-cc0d12853275}.TM.blf
2016-12-22 17:56 - 2015-02-23 21:15 - 00000000 __SHD C:\Config.Msi
2016-12-22 17:55 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\en-US
2016-12-22 17:55 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\en-US
2016-12-22 17:55 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\Boot
2016-12-22 17:55 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppPatch
2016-12-21 04:54 - 2011-02-21 21:05 - 00389396 __RSH C:\bootmgr
2016-12-20 14:21 - 2016-07-16 06:47 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
2016-12-20 14:21 - 2016-06-30 09:53 - 00002015 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2016-12-20 14:21 - 2015-11-19 12:10 - 00000000 ____D C:\Program Files\McAfee Security Scan
2016-12-20 14:21 - 2009-07-13 22:20 - 00000000 __RHD C:\Users\Public\Desktop
2016-12-20 14:21 - 2009-07-13 21:34 - 00000903 _____ C:\WINDOWS\system32\Drivers\etc\hosts
2016-12-16 16:30 - 2016-07-16 06:47 - 00000000 __SHD C:\WINDOWS\Installer
2016-12-16 16:25 - 2016-09-18 11:55 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-16 16:25 - 2016-07-16 01:04 - 00000000 ___RD C:\Program Files (x86)
2016-12-16 16:25 - 2009-07-13 22:20 - 00000000 ____D C:\WINDOWS\Tasks
2016-12-16 16:24 - 2016-09-18 11:55 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
 
==================== Files in the root of some directories =======
 
2014-11-29 09:58 - 2015-01-08 17:59 - 32371688 _____ (McAfee) C:\Program Files (x86)\Common Files\lpuninstall.exe
2016-02-15 13:59 - 2016-02-15 13:59 - 0000218 _____ () C:\Users\bruce\AppData\Local\recently-used.xbel
2016-07-06 16:31 - 2016-07-06 16:31 - 0000017 _____ () C:\Users\bruce\AppData\Local\resmon.resmoncfg
2015-07-31 09:46 - 2015-07-31 09:46 - 0000000 _____ () C:\Users\bruce\AppData\Local\{CDC5D30D-8E43-409F-B1E1-F41947B4633A}
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-01-10 13:10
 
==================== End of FRST.txt ============================
 
 
 
 
Addition.txt - 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-01-2017
Ran by bruce (15-01-2017 15:54:29)
Running from C:\Users\bruce\Desktop
Windows 10 Pro Version 1607 (X64) (2016-09-18 17:05:05)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3677484834-1582494324-1908912837-500 - Administrator - Disabled)
bruce (S-1-5-21-3677484834-1582494324-1908912837-1000 - Administrator - Enabled) => C:\Users\bruce
DefaultAccount (S-1-5-21-3677484834-1582494324-1908912837-503 - Limited - Disabled)
Guest (S-1-5-21-3677484834-1582494324-1908912837-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3677484834-1582494324-1908912837-1002 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
FW: McAfee Firewall (Enabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 15.14 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1514-000001000000}) (Version: 15.14.00.0 - Igor Pavlov)
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}) (Version: 9.5.5 - Adobe Systems)
Adobe Acrobat 9 Pro Extended 64-bit Add-On (HKLM\...\{AC76BA86-1033-0000-0064-0003D0000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM-x32\...\{AC76BA86-1033-F400-7761-000000000004}_955) (Version:  - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Creative Suite 5 Master Collection (HKLM-x32\...\{FBB02B04-C034-4382-A3F6-57416E2752C4}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 3.4.1 64-bit (HKLM\...\{8BBA6F77-4A79-4E90-BD82-E24669ACF221}) (Version: 3.4.2 - Adobe)
AnswerWorks 5.0 English Runtime (HKLM-x32\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
Apple Application Support (32-bit) (HKLM-x32\...\{F2871C89-C8A5-42EE-8D45-0F02506385A6}) (Version: 5.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9BC93467-75D1-4AA4-BD58-D9C51D88DFAB}) (Version: 5.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ATK Generic Function Service (HKLM-x32\...\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}) (Version: 1.00.0008 - ATK)
ATK Hotkey (HKLM-x32\...\{7C05592D-424B-46CB-B505-E0013E8E75C9}) (Version: 1.0.0052 - ASUS)
ATK Media (HKLM-x32\...\{D1E5870E-E3E5-4475-98A6-ADD614524ADF}) (Version: 2.0.0006 - ASUS)
ATKOSD2 (HKLM-x32\...\{3B05F2FB-745B-4012-ADF2-439F36B2E70B}) (Version: 7.0.0006 - ASUS)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform)
Deluge 1.3.12 (HKLM-x32\...\Deluge) (Version:  - )
Dropbox (HKU\S-1-5-21-3677484834-1582494324-1908912837-1000\...\Dropbox) (Version: 17.4.33 - Dropbox, Inc.)
ELAN Touchpad 11.15.0.18_X64 (HKLM\...\Elantech) (Version: 11.15.0.18 - ELAN Microelectronic Corp.)
FlipShare (HKLM-x32\...\{97C658D2-61FB-027F-0D76-E9CDC84AFEC7}) (Version: 5.12.3.0 - Flip Video)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Desktop (HKLM-x32\...\Google Desktop) (Version: 5.9.1005.12335 - Google)
Google Drive (HKLM-x32\...\{07A12123-B717-496B-B471-48AF6407B433}) (Version: 1.32.4066.7445 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.5.0 - LIGHTNING UK!)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
iTunes (HKLM\...\{554C62C7-E6BB-40F1-892B-F0AE02D3C135}) (Version: 12.5.3.17 - Apple Inc.)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.15 - Oracle Corporation)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version:  - )
McAfee All Access – Total Protection (HKLM-x32\...\MSC) (Version: 14.0.3061 - McAfee, Inc.)
McAfee SafeKey(uninstall only) (HKLM-x32\...\safekey) (Version: 2.2.3 - McAfee, Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.474.2 - McAfee, Inc.)
McAfee Virtual Technician (HKLM-x32\...\McAfee Virtual Technician) (Version: 7.6.0.202 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.209 - McAfee, Inc.)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
Quicken 2011 (HKLM-x32\...\{5FE545A1-D215-4216-9189-E7B39C9D1CC1}) (Version: 20.1.7.4 - Intuit)
Quicken 2012 (HKLM-x32\...\{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}) (Version: 21.1.7.18 - Intuit)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Sansa Updater (HKU\S-1-5-21-3677484834-1582494324-1908912837-1000\...\Sansa Updater) (Version: 1.407 - SanDisk Corporation)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.66695 - TeamViewer)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Wi-Fi Scanner version 3.2.0.114 (HKLM-x32\...\Wi-Fi Scanner_is1) (Version: 3.2.0.114 - LizardSystems)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3677484834-1582494324-1908912837-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\bruce\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3677484834-1582494324-1908912837-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\bruce\AppData\Roaming\Dropbox\bin\DropboxExt64.8.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3677484834-1582494324-1908912837-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\bruce\AppData\Roaming\Dropbox\bin\DropboxExt64.8.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3677484834-1582494324-1908912837-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\bruce\AppData\Roaming\Dropbox\bin\DropboxExt64.8.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3677484834-1582494324-1908912837-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\bruce\AppData\Roaming\Dropbox\bin\DropboxExt64.8.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3677484834-1582494324-1908912837-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\bruce\AppData\Roaming\Dropbox\bin\DropboxExt64.8.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3677484834-1582494324-1908912837-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\bruce\AppData\Roaming\Dropbox\bin\DropboxExt64.8.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3677484834-1582494324-1908912837-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\bruce\AppData\Roaming\Dropbox\bin\DropboxExt64.8.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3677484834-1582494324-1908912837-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\bruce\AppData\Roaming\Dropbox\bin\DropboxExt64.8.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3677484834-1582494324-1908912837-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\bruce\AppData\Roaming\Dropbox\bin\DropboxExt64.8.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3677484834-1582494324-1908912837-1000_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\bruce\AppData\Roaming\Dropbox\bin\DropboxExt64.8.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3677484834-1582494324-1908912837-1000_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\bruce\AppData\Roaming\Dropbox\bin\DropboxExt64.8.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3677484834-1582494324-1908912837-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\bruce\AppData\Roaming\Dropbox\bin\DropboxExt64.8.0.dll (Dropbox, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0CFBD76A-2A9F-4B20-9560-4ACE568507BB} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {107CF152-8876-48C2-8638-47E1B471E399} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-10] (Adobe Systems Incorporated)
Task: {119DA2D5-123E-4031-B228-05657CB87693} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {171B02B1-BDBE-4B94-9B26-FFA7253F530B} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {1DF0D4A6-AD0F-480A-808A-75CEFA941EC4} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1FE8FD77-9ADD-42B5-AD1B-A95412669B40} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-06] (Piriform Ltd)
Task: {2219CD19-21A1-4806-AEF7-611652C84622} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {2BAE15FF-58F9-4787-B6ED-D429D3889755} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.50.1291.1\mcdatrep.exe [2017-01-11] (McAfee, Inc.)
Task: {2C35F430-3B98-4141-A45B-DFB64764FA3D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3677484834-1582494324-1908912837-1000UA => C:\Users\bruce\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {2EA1BF58-2DB9-4BC6-A442-B5E4CF736882} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {2F829855-A5D5-410C-AED1-EC2D9074BD74} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {35A5FCC8-8233-4159-9F1F-2BF643E00F39} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {35FDABEE-8ECB-4331-819A-079AF10B5608} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {4012A0BF-B288-4857-AD8A-C81CFCA6E430} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {42130B14-8CB6-4894-9C5B-1B6A75B07168} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {4873B693-8BF9-4EEE-8B41-CA75581E05A9} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3677484834-1582494324-1908912837-1000Core1d240788f9a42c5 => C:\Users\bruce\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-16] (Dropbox, Inc.)
Task: {4A5C1DD3-8558-4B1E-AF75-5CE80F558170} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4DAAF815-FA36-43E7-9ACF-FF46FAC8FAF8} - System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.50.1291.1\mcdatrep.exe [2017-01-11] (McAfee, Inc.)
Task: {50C8A4FA-2480-44CF-B648-0AEC5722837D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {5F5DF154-D4A7-4040-A85E-112B405710F0} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {60C6400A-04F5-42B9-901A-EFCB055F46E8} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2016-12-09] (McAfee, Inc.)
Task: {68AE808F-4960-49DF-8D2C-0C2FD471768D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {70AB7174-8C80-4C23-9641-DAAE02A91533} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {78731685-D400-4A23-8996-7F8EE0C16DD5} - \McAfee\McAfee Idle Detection Task -> No File <==== ATTENTION
Task: {8285F731-5271-4326-BB7A-600FC3B1F5F5} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3677484834-1582494324-1908912837-1000UA1d2407890043b07 => C:\Users\bruce\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-16] (Dropbox, Inc.)
Task: {8D1594FB-3F26-496C-A158-F63BF5A3C0E7} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8E2AD927-1A0A-4916-9093-A78883B7517E} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2016-12-15] (McAfee, Inc.)
Task: {8F6C44D4-5AA4-4166-B66C-ECC2003CC572} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {91ABBCA0-28AB-42AB-A476-5DAB672DFA9C} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {95D63F21-86E7-4346-80C9-62C0D61421AA} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {987EC4D9-A3C7-4725-9985-058AABBB0C15} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {99F5F930-1C38-4DA6-9A72-0D04CBD6423E} - System32\Tasks\AdobeAAMUpdater-1.0-ASUSP50IJ-PC-bruce => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {9C52ADC7-23E1-41A2-B4C2-80F1FE656C59} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {9EE14C19-98C5-4DA2-A8F7-0E797FE1269B} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {ABDBB888-D495-4F3D-8726-2EA95701113E} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {AF3E8BCD-3DC6-497B-A801-A3B1AEF8391F} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B7C3F7D5-AF5C-4B4C-B48C-060A306F97F4} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B7F7115C-FC6D-46DC-8955-00876734A0AA} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {C6A11B46-7CF6-4C42-80E9-2214B2900B75} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {CF36E3AB-9240-4C4A-8A08-CE91DC80AC41} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {DC238544-8A32-4F6A-883E-F6CFEC37E42E} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {E9FA1D44-33BE-432C-800B-261C2DE6257A} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {ECFB17DC-2FAB-45F4-95FF-AE38CFD2241C} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe
Task: {F46EE9FA-5F5A-458B-890D-76CF527A3416} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3677484834-1582494324-1908912837-1000Core1d240788f9a42c5.job => C:\Users\bruce\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3677484834-1582494324-1908912837-1000UA1d2407890043b07.job => C:\Users\bruce\AppData\Local\Dropbox\Update\DropboxUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-07-16 06:42 - 2016-07-16 06:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-14 20:39 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2011-02-24 12:33 - 2007-08-08 00:08 - 00094208 _____ () C:\Program Files\ATKGFNEX\GFNEXSrv.exe
2016-10-05 18:17 - 2016-10-05 18:17 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-10-05 18:17 - 2016-10-05 18:17 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-05-06 12:07 - 2011-05-06 12:07 - 00460144 _____ () C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
2011-05-06 11:58 - 2011-05-06 11:58 - 01085440 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
2008-08-13 20:59 - 2008-08-13 20:59 - 00301624 _____ () C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
2016-12-14 20:39 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-09-20 16:26 - 2016-09-20 16:26 - 01864384 _____ () C:\Users\bruce\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll
2016-09-19 07:13 - 2016-09-06 23:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-11 21:20 - 2016-12-21 02:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-11 21:20 - 2016-12-21 01:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-11 21:20 - 2016-12-21 01:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-11 21:20 - 2016-12-21 01:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-11 21:20 - 2016-12-21 01:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-11 21:20 - 2016-12-21 01:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-11 21:20 - 2016-12-21 01:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-12-14 09:47 - 2016-12-14 09:47 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2016-12-14 09:47 - 2016-12-14 09:47 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-12-14 09:47 - 2016-12-14 09:47 - 42130432 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2016-12-14 09:47 - 2016-12-14 09:47 - 02216448 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\roottools.dll
2010-10-25 23:06 - 2010-10-25 23:06 - 02248704 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtCore4.dll
2011-05-06 12:07 - 2011-05-06 12:07 - 04317184 _____ () C:\Program Files (x86)\Flip Video\FlipShare\Core.dll
2011-05-06 12:02 - 2011-05-06 12:02 - 00737280 _____ () C:\Program Files (x86)\Flip Video\FlipShare\qca2.dll
2010-10-25 23:23 - 2010-10-25 23:23 - 08351744 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtGui4.dll
2010-10-25 23:08 - 2010-10-25 23:08 - 00983040 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtNetwork4.dll
2010-10-25 23:23 - 2010-10-25 23:23 - 00204800 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtSql4.dll
2010-10-25 23:06 - 2010-10-25 23:06 - 00364544 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtXml4.dll
2010-10-26 07:34 - 2010-10-26 07:34 - 11853824 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtWebKit4.dll
2010-05-20 12:49 - 2010-05-20 12:49 - 00258048 _____ () C:\Program Files (x86)\Flip Video\FlipShare\boost_serialization-vc80-mt-1_43.dll
2010-05-17 08:47 - 2010-05-17 08:47 - 01199104 _____ () C:\Program Files (x86)\Flip Video\FlipShare\PocoFoundation.dll
2010-05-17 08:47 - 2010-05-17 08:47 - 00642048 _____ () C:\Program Files (x86)\Flip Video\FlipShare\PocoNet.dll
2010-05-17 08:47 - 2010-05-17 08:47 - 00511488 _____ () C:\Program Files (x86)\Flip Video\FlipShare\PocoXML.dll
2010-10-25 23:37 - 2010-10-25 23:37 - 00258048 _____ () C:\Program Files (x86)\Flip Video\FlipShare\phonon4.dll
2010-10-25 23:06 - 2010-10-25 23:06 - 02248704 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\QtCore4.dll
2010-10-25 23:08 - 2010-10-25 23:08 - 00983040 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\QtNetwork4.dll
2010-10-25 23:23 - 2010-10-25 23:23 - 00204800 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\QtSql4.dll
2010-05-20 12:49 - 2010-05-20 12:49 - 00258048 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\boost_serialization-vc80-mt-1_43.dll
2010-05-17 08:47 - 2010-05-17 08:47 - 01199104 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\PocoFoundation.dll
2010-05-17 08:47 - 2010-05-17 08:47 - 00642048 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\PocoNet.dll
2010-05-17 08:47 - 2010-05-17 08:47 - 00175616 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\PocoNetSSL.dll
2010-05-17 08:47 - 2010-05-17 08:47 - 00291840 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\PocoUtil.dll
2010-05-17 08:47 - 2010-05-17 08:47 - 00511488 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\PocoXML.dll
2010-05-17 08:47 - 2010-05-17 08:47 - 00110592 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\PocoCrypto.dll
2017-01-15 07:53 - 2017-01-15 07:53 - 00098816 ____R () C:\Users\bruce\AppData\Local\Temp\_MEI72682\win32api.pyd
2017-01-15 07:53 - 2017-01-15 07:53 - 00110080 ____R () C:\Users\bruce\AppData\Local\Temp\_MEI72682\pywintypes27.dll
2017-01-15 07:53 - 2017-01-15 07:53 - 00364544 ____R () C:\Users\bruce\AppData\Local\Temp\_MEI72682\pythoncom27.dll
2017-01-15 07:53 - 2017-01-15 07:53 - 00320512 ____R () C:\Users\bruce\AppData\Local\Temp\_MEI72682\win32com.shell.shell.pyd
2017-01-15 07:53 - 2017-01-15 07:53 - 00914432 ____R () C:\Users\bruce\AppData\Local\Temp\_MEI72682\_hashlib.pyd
2017-01-15 07:53 - 2017-01-15 07:53 - 01176576 ____R () C:\Users\bruce\AppData\Local\Temp\_MEI72682\wx._core_.pyd
2017-01-15 07:53 - 2017-01-15 07:53 - 00806400 ____R () C:\Users\bruce\AppData\Local\Temp\_MEI72682\wx._gdi_.pyd
2017-01-15 07:53 - 2017-01-15 07:53 - 00816128 ____R () C:\Users\bruce\AppData\Local\Temp\_MEI72682\wx._windows_.pyd
2017-01-15 07:53 - 2017-01-15 07:53 - 01067008 ____R () C:\Users\bruce\AppData\Local\Temp\_MEI72682\wx._controls_.pyd
2017-01-15 07:53 - 2017-01-15 07:53 - 00733184 ____R () C:\Users\bruce\AppData\Local\Temp\_MEI72682\wx._misc_.pyd
2017-01-15 07:53 - 2017-01-15 07:53 - 00682496 ____R () C:\Users\bruce\AppData\Local\Temp\_MEI72682\pysqlite2._sqlite.pyd
2017-01-15 07:53 - 2017-01-15 07:53 - 00088064 ____R () C:\Users\bruce\AppData\Local\Temp\_MEI72682\_ctypes.pyd
2017-01-15 07:53 - 2017-01-15 07:53 - 00686080 ____R () C:\Users\bruce\AppData\Local\Temp\_MEI72682\unicodedata.pyd
2017-01-15 07:53 - 2017-01-15 07:53 - 00119808 ____R () C:\Users\bruce\AppData\Local\Temp\_MEI72682\win32file.pyd
2017-01-15 07:53 - 2017-01-15 07:53 - 00108544 ____R () C:\Users\bruce\AppData\Local\Temp\_MEI72682\win32security.pyd
2017-01-15 07:53 - 2017-01-15 07:53 - 00007168 ____R () C:\Users\bruce\AppData\Local\Temp\_MEI72682\hashobjs_ext.pyd
2017-01-15 07:53 - 2017-01-15 07:53 - 00017920 ____R () C:\Users\bruce\AppData\Local\Temp\_MEI72682\thumbnails_ext.pyd
2017-01-15 07:53 - 2017-01-15 07:53 - 00088064 ____R () C:\Users\bruce\AppData\Local\Temp\_MEI72682\usb_ext.pyd
2017-01-15 07:53 - 2017-01-15 07:53 - 00012800 ____R () C:\Users\bruce\AppData\Local\Temp\_MEI72682\common.time34.pyd
2017-01-15 07:53 - 2017-01-15 07:53 - 00018432 ____R () C:\Users\bruce\AppData\Local\Temp\_MEI72682\win32event.pyd
2017-01-15 07:53 - 2017-01-15 07:53 - 00167936 ____R () C:\Users\bruce\AppData\Local\Temp\_MEI72682\win32gui.pyd
2017-01-15 07:53 - 2017-01-15 07:53 - 00046080 ____R () C:\Users\bruce\AppData\Local\Temp\_MEI72682\_socket.pyd
2017-01-15 07:53 - 2017-01-15 07:53 - 01303552 ____R () C:\Users\bruce\AppData\Local\Temp\_MEI72682\_ssl.pyd
2017-01-15 07:53 - 2017-01-15 07:53 - 00128512 ____R () C:\Users\bruce\AppData\Local\Temp\_MEI72682\_elementtree.pyd
2017-01-15 07:53 - 2017-01-15 07:53 - 00127488 ____R () C:\Users\bruce\AppData\Local\Temp\_MEI72682\pyexpat.pyd
2017-01-15 07:53 - 2017-01-15 07:53 - 00038912 ____R () C:\Users\bruce\AppData\Local\Temp\_MEI72682\win32inet.pyd
2017-01-15 07:53 - 2017-01-15 07:53 - 00036864 ____R () C:\Users\bruce\AppData\Local\Temp\_MEI72682\_psutil_windows.pyd
2017-01-15 07:53 - 2017-01-15 07:53 - 00524248 ____R () C:\Users\bruce\AppData\Local\Temp\_MEI72682\windows._lib_cacheinvalidation.pyd
2017-01-15 07:53 - 2017-01-15 07:53 - 00011264 ____R () C:\Users\bruce\AppData\Local\Temp\_MEI72682\win32crypt.pyd
2017-01-15 07:53 - 2017-01-15 07:53 - 00123392 ____R () C:\Users\bruce\AppData\Local\Temp\_MEI72682\wx._wizard.pyd
2017-01-15 07:53 - 2017-01-15 07:53 - 00077312 ____R () C:\Users\bruce\AppData\Local\Temp\_MEI72682\wx._html2.pyd
2017-01-15 07:53 - 2017-01-15 07:53 - 00027648 ____R () C:\Users\bruce\AppData\Local\Temp\_MEI72682\_multiprocessing.pyd
2017-01-15 07:53 - 2017-01-15 07:53 - 00020480 ____R () C:\Users\bruce\AppData\Local\Temp\_MEI72682\_yappi.pyd
2017-01-15 07:53 - 2017-01-15 07:53 - 00035840 ____R () C:\Users\bruce\AppData\Local\Temp\_MEI72682\win32process.pyd
2017-01-15 07:53 - 2017-01-15 07:53 - 00078848 ____R () C:\Users\bruce\AppData\Local\Temp\_MEI72682\wx._animate.pyd
2017-01-15 07:53 - 2017-01-15 07:53 - 00024064 ____R () C:\Users\bruce\AppData\Local\Temp\_MEI72682\win32pipe.pyd
2017-01-15 07:53 - 2017-01-15 07:53 - 00010240 ____R () C:\Users\bruce\AppData\Local\Temp\_MEI72682\select.pyd
2017-01-15 07:53 - 2017-01-15 07:53 - 00025600 ____R () C:\Users\bruce\AppData\Local\Temp\_MEI72682\win32pdh.pyd
2017-01-15 07:53 - 2017-01-15 07:53 - 00017408 ____R () C:\Users\bruce\AppData\Local\Temp\_MEI72682\win32profile.pyd
2017-01-15 07:53 - 2017-01-15 07:53 - 00022528 ____R () C:\Users\bruce\AppData\Local\Temp\_MEI72682\win32ts.pyd
2016-10-30 07:24 - 2016-12-07 20:00 - 00035792 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2017-01-10 13:36 - 2016-12-07 20:00 - 00145864 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2017-01-10 13:36 - 2016-12-07 20:01 - 00019408 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2017-01-10 13:36 - 2016-12-07 20:00 - 00116688 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2016-09-03 21:13 - 2016-12-07 20:04 - 00024528 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\win32event.pyd
2016-10-30 07:24 - 2016-12-07 20:00 - 00100296 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2016-09-03 21:13 - 2016-12-07 20:04 - 00105928 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\win32api.pyd
2016-09-03 21:13 - 2016-12-07 20:00 - 00018888 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\select.pyd
2016-09-03 21:13 - 2017-01-05 19:04 - 00019776 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2016-09-03 21:13 - 2016-12-07 20:00 - 00694224 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2017-01-10 13:36 - 2017-01-05 19:03 - 00020824 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2016-10-30 07:24 - 2016-12-07 20:01 - 00123856 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2017-01-10 13:36 - 2017-01-05 19:03 - 01682768 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2017-01-10 13:36 - 2017-01-05 19:03 - 00020816 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2016-10-30 07:24 - 2017-01-05 19:04 - 00021328 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\winffi.crt.compiled._winffi_crt.pyd
2017-01-10 13:36 - 2017-01-05 19:04 - 00052032 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2017-01-10 13:36 - 2017-01-05 19:04 - 00038712 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\fastpath.pyd
2017-01-10 13:36 - 2016-12-07 20:00 - 00392144 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2017-01-10 13:36 - 2016-12-07 20:04 - 00020936 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2016-09-03 21:13 - 2016-12-07 20:04 - 00116176 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\win32security.pyd
2016-09-03 21:13 - 2017-01-05 19:04 - 00381760 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2016-09-03 21:13 - 2016-12-07 20:04 - 00124880 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\win32file.pyd
2016-10-30 07:24 - 2017-01-05 19:04 - 00025432 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.pyd
2016-09-03 21:13 - 2016-12-07 20:04 - 00024016 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2016-09-03 21:13 - 2016-12-07 20:04 - 00175560 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\win32gui.pyd
2016-09-03 21:13 - 2016-12-07 20:04 - 00030160 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2016-09-03 21:13 - 2016-12-07 20:04 - 00043472 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\win32process.pyd
2016-09-03 21:13 - 2016-12-07 20:04 - 00048592 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\win32service.pyd
2016-09-03 21:13 - 2016-12-07 20:04 - 00057808 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2016-09-03 21:13 - 2016-12-07 20:04 - 00024016 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\win32profile.pyd
2017-01-10 13:36 - 2017-01-05 19:03 - 00246608 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2017-01-10 13:36 - 2017-01-05 19:03 - 00026464 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-10-30 07:24 - 2016-12-07 20:02 - 00241104 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\_jpegtran.pyd
2017-01-10 13:36 - 2017-01-05 19:03 - 00020288 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2016-10-30 07:24 - 2016-12-07 20:04 - 00028616 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\win32ts.pyd
2016-10-30 07:24 - 2017-01-05 19:04 - 00023384 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2016-10-30 07:24 - 2017-01-05 19:04 - 00020816 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-10-30 07:24 - 2017-01-05 19:04 - 00019792 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\winffi.winerror._winffi_winerror.pyd
2016-10-30 07:24 - 2017-01-05 19:04 - 00020808 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\winffi.wininet._winffi_wininet.pyd
2016-10-30 07:24 - 2016-12-07 20:04 - 00350152 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2016-10-30 07:24 - 2017-01-05 19:04 - 00022360 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2017-01-10 13:36 - 2017-01-05 19:04 - 00024400 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2017-01-10 13:36 - 2016-12-07 19:57 - 00036296 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\librsync.dll
2017-01-10 13:36 - 2017-01-05 19:04 - 00031576 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\enterprise_data.compiled._enterprise_data.pyd
2017-01-10 13:36 - 2016-12-21 21:04 - 00293392 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\EnterpriseDataAdapter.dll
2017-01-10 13:36 - 2017-01-05 19:03 - 00084288 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2017-01-10 13:36 - 2017-01-05 19:04 - 01826104 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2016-09-03 21:13 - 2016-12-07 20:01 - 00083912 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\sip.pyd
2017-01-10 13:36 - 2017-01-05 19:04 - 00531264 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2017-01-10 13:36 - 2017-01-05 19:04 - 03928896 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2017-01-10 13:36 - 2017-01-05 19:04 - 01972536 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2017-01-10 13:36 - 2017-01-05 19:04 - 00133432 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2017-01-10 13:36 - 2017-01-05 19:04 - 00224064 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2017-01-10 13:36 - 2017-01-05 19:04 - 00207680 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2016-10-30 07:24 - 2017-01-05 19:04 - 00020296 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\winffi.user32._winffi_user32.pyd
2017-01-10 13:36 - 2016-12-07 20:08 - 00017864 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\libEGL.dll
2017-01-10 13:36 - 2016-12-07 20:08 - 01631184 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2017-01-10 13:36 - 2017-01-05 19:04 - 00042816 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2017-01-10 13:36 - 2017-01-05 19:04 - 00171336 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2017-01-10 13:36 - 2017-01-05 19:04 - 00357688 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2016-09-03 21:13 - 2016-12-07 20:04 - 00060880 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\win32print.pyd
2016-10-30 07:24 - 2017-01-05 19:04 - 00037200 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\windisplaytoast.compiled._DisplayToast.pyd
2016-10-30 07:24 - 2017-01-05 19:04 - 00024920 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-01-10 13:36 - 2017-01-05 19:04 - 00546104 _____ () C:\Users\bruce\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2016-12-20 14:21 - 00000903 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1 activate.adobe.com
0.0.0.1 mssplus.mcafee.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3677484834-1582494324-1908912837-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\bruce\AppData\Local\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{AB1C79D7-652A-4ED3-84CF-89780DA00AB2}] => C:\Users\bruce\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{6F4C1844-C63B-4F5A-8ACC-9B0B1BC103CC}] => C:\Users\bruce\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{9428209B-3B13-45B1-8F3A-2D8AF987EA85}C:\users\bruce\appdata\roaming\dropbox\bin\dropbox.exe] => C:\users\bruce\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{F2E3DF0C-5B43-48F6-A326-17AD0E9DC36E}C:\users\bruce\appdata\roaming\dropbox\bin\dropbox.exe] => C:\users\bruce\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{14384F3D-B2F7-40EA-8537-DD5678A0F8D2}] => LPort=24726
FirewallRules: [{D9AEEA7B-44DB-47C2-8A79-819E2D074D2D}] => LPort=24727
FirewallRules: [{BF9B669C-76EA-4AE8-8BF0-B35E6124A154}] => C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{471691F9-DA96-4719-8DC3-2743003C6320}] => C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{3043D251-900E-4DFF-81E7-0CE99366C3A1}] => C:\Users\bruce\AppData\Roaming\McAfee\Supportability\MVTLogs\ProductDetection64.exe
FirewallRules: [{2BF95BAA-A644-4A0F-86F0-8B51436FC6A0}] => C:\Users\bruce\AppData\Roaming\McAfee\Supportability\MVTLogs\ProductDetection64.exe
FirewallRules: [{0BA2221F-E1C8-4981-BEE6-B4B443AEB073}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EEED883B-DDCF-41BC-9104-806521E70B3F}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{31B8418F-8A07-42D3-9930-3D2F59EDBEBE}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7608A25C-877D-4B6C-A813-C05A903B36C0}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2BDFE6A1-90BC-48B3-85A4-113C7E7A1599}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{D2C3B1C0-5125-4950-99CE-967726721396}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{5D69F063-F11A-49B0-8B5D-8448D0B8C2F1}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{5A73AE53-DE65-48E9-BD71-2AC11E470220}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{0EB4BD93-6AD7-457A-9E61-48C51AC8133E}] => C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{BABEEDA0-B977-4229-9407-BABDFAF26B4B}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/15/2017 07:52:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 10.0.14393.479, time stamp: 0x58258a90
Faulting module name: windows.immersiveshell.serviceprovider.dll, version: 10.0.14393.0, time stamp: 0x57899873
Exception code: 0x80270233
Fault offset: 0x0000000000033c25
Faulting process id: 0x16b0
Faulting application start time: 0x01d26f2e27e03492
Faulting application path: C:\WINDOWS\Explorer.EXE
Faulting module path: C:\Windows\System32\windows.immersiveshell.serviceprovider.dll
Report Id: b55a414e-eb8f-4366-b3a4-229ff2278a20
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (01/15/2017 07:41:31 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (01/15/2017 07:40:49 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (01/15/2017 03:00:28 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (01/15/2017 01:14:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_MapsBroker, version: 10.0.14393.0, time stamp: 0x57899b1c
Faulting module name: MosHostCore.dll, version: 10.0.14393.479, time stamp: 0x58258db1
Exception code: 0x84000010
Fault offset: 0x000000000001ac50
Faulting process id: 0x1c0
Faulting application start time: 0x01d26ef68daa525d
Faulting application path: C:\WINDOWS\System32\svchost.exe
Faulting module path: C:\WINDOWS\SYSTEM32\MosHostCore.dll
Report Id: 9f8a5516-27bb-4e37-997d-e96f3125fcef
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (01/14/2017 12:08:33 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.
 
Error: (01/13/2017 06:21:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   20 C.5.3.B.5.0.1.0.2.0.5.F.4.C.D.D.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR ASUSP50IJ-PC.local.
 
Error: (01/13/2017 06:21:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from FE80:0000:0000:0000:DDC4:F502:0105:B35C:5353   22 C.5.3.B.5.0.1.0.2.0.5.F.4.C.D.D.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR ASUSP50IJ-PC-2.local.
 
Error: (01/13/2017 06:21:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   20 1.0.0.127.in-addr.arpa. PTR ASUSP50IJ-PC.local.
 
Error: (01/13/2017 06:21:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 127.0.0.1:5353   22 1.0.0.127.in-addr.arpa. PTR ASUSP50IJ-PC-2.local.
 
 
System errors:
=============
Error: (01/15/2017 07:49:44 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Connected User Experiences and Telemetry service did not shut down properly after receiving a preshutdown control.
 
Error: (01/15/2017 07:45:57 AM) (Source: DCOM) (EventID: 10029) (User: ASUSP50IJ-PC)
Description: The activation of the CLSID {E782BE15-9936-4A7F-8DF9-9AB95D229DF1} timed out waiting for the service ClientAnalyticsService to stop.
 
Error: (01/15/2017 07:41:55 AM) (Source: DCOM) (EventID: 10029) (User: NT AUTHORITY)
Description: The activation of the CLSID {E782BE15-9936-4A7F-8DF9-9AB95D229DF1} timed out waiting for the service ClientAnalyticsService to stop.
 
Error: (01/15/2017 07:39:38 AM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.
 
Error: (01/15/2017 07:37:54 AM) (Source: DCOM) (EventID: 10029) (User: NT AUTHORITY)
Description: The activation of the CLSID {E782BE15-9936-4A7F-8DF9-9AB95D229DF1} timed out waiting for the service ClientAnalyticsService to stop.
 
Error: (01/15/2017 07:33:51 AM) (Source: DCOM) (EventID: 10029) (User: NT AUTHORITY)
Description: The activation of the CLSID {E782BE15-9936-4A7F-8DF9-9AB95D229DF1} timed out waiting for the service ClientAnalyticsService to stop.
 
Error: (01/15/2017 07:29:49 AM) (Source: DCOM) (EventID: 10029) (User: NT AUTHORITY)
Description: The activation of the CLSID {E782BE15-9936-4A7F-8DF9-9AB95D229DF1} timed out waiting for the service ClientAnalyticsService to stop.
 
Error: (01/15/2017 07:25:48 AM) (Source: DCOM) (EventID: 10029) (User: NT AUTHORITY)
Description: The activation of the CLSID {E782BE15-9936-4A7F-8DF9-9AB95D229DF1} timed out waiting for the service ClientAnalyticsService to stop.
 
Error: (01/15/2017 07:21:46 AM) (Source: DCOM) (EventID: 10029) (User: NT AUTHORITY)
Description: The activation of the CLSID {E782BE15-9936-4A7F-8DF9-9AB95D229DF1} timed out waiting for the service ClientAnalyticsService to stop.
 
Error: (01/15/2017 07:17:44 AM) (Source: DCOM) (EventID: 10029) (User: NT AUTHORITY)
Description: The activation of the CLSID {E782BE15-9936-4A7F-8DF9-9AB95D229DF1} timed out waiting for the service ClientAnalyticsService to stop.
 
 
CodeIntegrity:
===================================
  Date: 2017-01-15 08:31:33.457
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-01-12 17:15:43.000
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-01-12 17:15:42.916
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-01-12 17:15:42.835
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-01-12 17:15:42.702
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-01-12 17:15:42.629
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-01-12 17:15:42.588
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-01-12 17:15:37.413
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-01-12 17:15:36.270
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-01-12 16:01:00.771
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Pentium® Dual-Core CPU T4500 @ 2.30GHz
Percentage of memory in use: 55%
Total physical RAM: 4061.08 MB
Available physical RAM: 1813.61 MB
Total Virtual: 8157.08 MB
Available Virtual: 5895.08 MB
 
==================== Drives ================================
 
Drive c: (SYSTEM) (Fixed) (Total:97.22 GB) (Free:50.27 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive e: (DATA) (Fixed) (Total:200.43 GB) (Free:147.06 GB) NTFS
Drive f: (128GB) (Removable) (Total:115.69 GB) (Free:114.9 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 76692CA8)
Partition 1: (Active) - (Size=97.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)
Partition 3: (Not Active) - (Size=200.4 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 115.7 GB) (Disk ID: 08D625BD)
Partition 1: (Not Active) - (Size=115.7 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

#6 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 15 January 2017 - 06:10 PM

You have a lot of illegal stuff going on.   I am going to try and clean you up a bit but have to warn you with all the ilegal stuff your leaving yourself wide open for futher infections . I would not use this computer to do any legal things like checking your banking account or doing any online purchases with a credit card.

 

 

 

All our tools and scanners work more efficiently when run from the DESKTOP in lieu of being buried in some folder, so download and run these tools right from the DESKTOP
 
 
-AdwCleaner-by Xplode
 
Click on this link to download : ADWCleaner TO YOUR DESKTOP
 
Use my link only, do not do a search for AdwCleaner as there is a bogus copy going around by scammers
 
AdwCleaner4.201_zpsxrbk2llq.jpg
 
 
  •  
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
 
 
 
===============================================================================
 
 
 
 
Capture_zpsge1t2tk9.jpg Please download Junkware Removal Tool TO YOUR DESKTOP
  •  
  • Download the one from Bleeping Computer
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
 
 
 
===============================================================================
 
Download Malwarebytes' Anti-Malware  TO YOUR DESKTOP
 
  •  
  • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 , 8, 8.1 and 10 : Right click and select "Run as Administrator"
 
 
MBAM305Good_zps6urblsu9.jpg
 
 
  •  
  • On the Dashboard click on Update Now
  • Go to the Setting Tab
  • Under Setting go to Detection and Protection
  • Under PUP and PUM make sure both are set to show Treat Detections as Malware
  • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
  • Then on the Dashboard click on Scan
  • Make sure to select THREAT SCAN
  • Then click on Scan
  • When the scan is finished on the bottom right click on SAVE RESULTS then select Copy to Clipboard
  • Please paste the log back into this thread for review
  • Exit Malwarebytes
 

 

 

 



 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#7 madhartigan

madhartigan

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 15 January 2017 - 07:18 PM

Thank you for stepping me through this.  I was under the impression that this laptop was running legitimate software and out of nowhere, last Thursday, it was unable to connect to the internet (nslookup would hang and i couldn't ping outside of the LAN) and Chrome kept showing as "not responding".

At this point, I'm able to connect to the internet and Chrome seems to operate well.  Seems like this is making steps in the right direction.

 

 

Here are the log files that were generated from following your procedures. adwCleaner generated two log files.  One with [C0] at the end of the filename and another with [S0] at the end of the filename.  I have included both. Additionally, Malwarebytes Anti-Malware generated two log files so I have also included both.

 

 

Thank you, again for your help.

adwCleaner [C0] - 

 

 

# AdwCleaner v6.042 - Logfile created 15/01/2017 at 19:38:30
# Updated on 06/01/2017 by Malwarebytes
# Database : 2017-01-15.1 [Server]
# Operating System : Windows 10 Pro  (X64)
# Username : bruce - ASUSP50IJ-PC
# Running from : C:\Users\bruce\Desktop\AdwCleaner.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
 
 
***** [ Folders ] *****
 
 
 
***** [ Files ] *****
 
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
 
 
***** [ Web browsers ] *****
 
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
:: Proxy settings cleared
:: TCP/IP settings cleared
:: Firewall rules cleared
:: IPSec settings cleared
:: BITS queue cleared
:: IE policies deleted
:: Chrome policies deleted
:: Chrome preferences reset: C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default
:: Hosts file cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [1045 Bytes] - [15/01/2017 19:38:30]
C:\AdwCleaner\AdwCleaner[S0].txt - [1138 Bytes] - [15/01/2017 19:38:00]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1191 Bytes] ##########
 
 
 
 
 
adwCleaner [S0] - 
 
 
# AdwCleaner v6.042 - Logfile created 15/01/2017 at 19:38:00
# Updated on 06/01/2017 by Malwarebytes
# Database : 2017-01-15.1 [Server]
# Operating System : Windows 10 Pro  (X64)
# Username : bruce - ASUSP50IJ-PC
# Running from : C:\Users\bruce\Desktop\AdwCleaner.exe
# Mode: Scan
 
 
 
***** [ Services ] *****
 
No malicious services found.
 
 
***** [ Folders ] *****
 
No malicious folders found.
 
 
***** [ Files ] *****
 
No malicious files found.
 
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
 
***** [ WMI ] *****
 
No malicious keys found.
 
 
***** [ Shortcuts ] *****
 
No infected shortcut found.
 
 
***** [ Scheduled Tasks ] *****
 
No malicious task found.
 
 
***** [ Registry ] *****
 
No malicious registry entries found.
 
 
***** [ Web browsers ] *****
 
No malicious Firefox based browser items found.
No malicious Chromium based browser items found.
 
*************************
 
C:\AdwCleaner\AdwCleaner[S0].txt - [987 Bytes] - [15/01/2017 19:38:00]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1059 Bytes] ##########
 
 
 
 
 
JRT.txt - 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 10 Pro x64 
Ran by bruce (Administrator) on Sun 01/15/2017 at 19:48:49.06
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 0 
 
 
 
 
Registry: 2 
 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value) 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E293979B-493B-4AFB-B85B-9FAD1FA239A9} (Registry Key)
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 01/15/2017 at 19:52:46.21
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
 
MWB Anti-Malware log - 
 
 
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 1/15/17
Scan Time: 7:59 PM
Logfile: antimalware.txt
Administrator: Yes
 
-Software Information-
Version: 3.0.5.1299
Components Version: 1.0.43
Update Package Version: 1.0.1021
License: Trial
 
-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: ASUSP50IJ-PC\bruce
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 397523
Time Elapsed: 7 min, 18 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 2
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-3677484834-1582494324-1908912837-1000\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\jbkceikmmebhmgcjiemejoaeholbnnjl, No Action By User, [13567], [186949],1.0.1021
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\jbkceikmmebhmgcjiemejoaeholbnnjl, No Action By User, [13567], [186948],1.0.1021
 
Registry Value: 2
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-3677484834-1582494324-1908912837-1000\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\jbkceikmmebhmgcjiemejoaeholbnnjl|PATH, No Action By User, [13567], [186949],1.0.1021
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\jbkceikmmebhmgcjiemejoaeholbnnjl|PATH, No Action By User, [13567], [186948],1.0.1021
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)
 
 
 
 
MWB quarantine log - 
 
 
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 1/15/17
Scan Time: 7:59 PM
Logfile: quarantine.txt
Administrator: Yes
 
-Software Information-
Version: 3.0.5.1299
Components Version: 1.0.43
Update Package Version: 1.0.1021
License: Trial
 
-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: ASUSP50IJ-PC\bruce
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 397523
Time Elapsed: 7 min, 18 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 2
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-3677484834-1582494324-1908912837-1000\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\jbkceikmmebhmgcjiemejoaeholbnnjl, Quarantined, [13567], [186949],1.0.1021
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\jbkceikmmebhmgcjiemejoaeholbnnjl, Quarantined, [13567], [186948],1.0.1021
 
Registry Value: 2
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-3677484834-1582494324-1908912837-1000\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\jbkceikmmebhmgcjiemejoaeholbnnjl|PATH, Quarantined, [13567], [186949],1.0.1021
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\jbkceikmmebhmgcjiemejoaeholbnnjl|PATH, Quarantined, [13567], [186948],1.0.1021
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)
 
 
 
 
 

#8 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 15 January 2017 - 08:26 PM

The way the forum works is that we dont support the use of ilegal software, if you keep it your setting yourself up for failure malwarewise.  Once your clean, if you get infected again in the future and the illegal stuff is still present, no help will be offered. So it would be to your benefit to uninstall all the illegal stuff.

 

Open up FRST by right clicking on the icon and select RUN AS ADMINISTRATOR ,  when it opens make sure that Additions is checked, leave everything else as is, click on scan and post both new logs please



 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#9 madhartigan

madhartigan

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 16 January 2017 - 08:00 AM

I'm happy to uninstall that which is illegal, I'm just unsure of everything that is installed on the laptop, exactly what is and what isn't legitimate.  As I mentioned before I see that KMSPico is on the laptop.  I know I could delete all instances of it that were listed by CKScan.  Would that fully remove it?

 

I'm certainly not trying to retain any of the things you are seeing, so any advice for steps to take to remove it all would be appreciated.



Here are the two logs:

FRST.txt - 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-01-2017
Ran by bruce (administrator) on ASUSP50IJ-PC (16-01-2017 08:38:59)
Running from C:\Users\bruce\Desktop
Loaded Profiles: bruce (Available Profiles: bruce)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
() C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
() C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_15_6\mcapexe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\2.3.253.0\McCSPServiceHost.exe
(McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\swriter.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\swriter.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\swriter.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\swriter.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\swriter.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Security) C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
(SafeKey) C:\Program Files (x86)\SafeKey\npmcafee.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan\McVsShld.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242696 2015-10-07] (ELAN Microelectronics Corp.)
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [3242696 2015-10-07] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-11-01] (Apple Inc.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-06] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [6859392 2009-08-17] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [170624 2009-08-19] (ASUS)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2244096 2009-07-13] (VIA)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [Google Desktop Search] => C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [30192 2011-02-24] (Google)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-10-05] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595992 2016-05-20] (Oracle Corporation)
HKU\S-1-5-21-3677484834-1582494324-1908912837-1000\...\Run: [SansaDispatch] => C:\Users\bruce\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [1465616 2014-07-19] (SanDisk Corporation)
HKU\S-1-5-21-3677484834-1582494324-1908912837-1000\...\Run: [Dropbox Update] => C:\Users\bruce\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-16] (Dropbox, Inc.)
HKU\S-1-5-21-3677484834-1582494324-1908912837-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23818360 2016-11-30] (Google)
HKU\S-1-5-21-3677484834-1582494324-1908912837-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9288408 2016-12-06] (Piriform Ltd)
HKU\S-1-5-21-3677484834-1582494324-1908912837-1000\...\RunOnce: [Uninstall C:\Users\bruce\AppData\Local\Microsoft\OneDrive\17.3.6386.0412_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\bruce\AppData\Local\Microsoft\OneDrive\17.3.6386.0412_1\amd64"
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\bruce\AppData\Roaming\Dropbox\bin\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\bruce\AppData\Roaming\Dropbox\bin\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\bruce\AppData\Roaming\Dropbox\bin\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\bruce\AppData\Roaming\Dropbox\bin\DropboxExt64.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\bruce\AppData\Roaming\Dropbox\bin\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\bruce\AppData\Roaming\Dropbox\bin\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\bruce\AppData\Roaming\Dropbox\bin\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\bruce\AppData\Roaming\Dropbox\bin\DropboxExt.8.0.dll [2017-01-05] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install SafeKey IE RunOnce.lnk [2015-01-08]
ShortcutTarget: Install SafeKey IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (McAfee)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-12-20]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.474\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\bruce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2017-01-10]
ShortcutTarget: Dropbox.lnk -> C:\Users\bruce\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1bf3c3fa-a7d3-4900-aa5b-f67749e86fa7}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{42e3064b-4e27-4187-b672-396de0cfc114}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{4864f3a4-c147-45d5-a397-742ced98cc9e}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3677484834-1582494324-1908912837-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3677484834-1582494324-1908912837-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/
HKU\S-1-5-21-3677484834-1582494324-1908912837-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKU\S-1-5-21-3677484834-1582494324-1908912837-1000 -> DefaultScope {E293979B-493B-4AFB-B85B-9FAD1FA239A9} URL = 
SearchScopes: HKU\S-1-5-21-3677484834-1582494324-1908912837-1000 -> {70D46D94-BF1E-45ED-B567-48701376298E} URL = hxxp://127.0.0.1:4664/search&s=EKBJ-9xRDQ5tzhbdkvSjuPSXCyQ?q={searchTerms}
BHO: McAfee SafeKey Vault -> {9DB059B3-DD36-4a55-846C-59BE42A1202A} -> C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll [2015-01-08] (McAfee)
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-01-09] (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-06-27] (Oracle Corporation)
BHO-x32: McAfee SafeKey Vault -> {9DB059B3-DD36-4a55-846C-59BE42A1202A} -> C:\Program Files (x86)\SafeKey\LPToolbar.dll [2015-01-08] (McAfee)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-01-09] (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-27] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM - McAfee SafeKey - {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar_x64.dll [2015-01-08] (McAfee)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - McAfee SafeKey - {61D700C1-7D8D-43c5-9C13-4FF85157CFE6} - C:\Program Files (x86)\SafeKey\LPToolbar.dll [2015-01-08] (McAfee)
Toolbar: HKU\S-1-5-21-3677484834-1582494324-1908912837-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-01-09] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-01-09] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-01-09] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-01-09] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2016-12-21] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2016-12-21] (McAfee, Inc.)
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-01-14]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2017-01-12] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-10] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-12-21] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-10] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-27] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-12-21] ()
FF Plugin-x32: @mcafee.com/MVT -> C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll [2014-12-08] (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=1.1.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default [2017-01-16]
CHR Extension: (McAfee SafeKey) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\agbnjankikoaabjkmfbaceggjliabkbn [2017-01-15]
CHR Extension: (Google Drive) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-15]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2017-01-15]
CHR Extension: (Google Docs Offline) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-15]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-01-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-15]
CHR Extension: (Chrome Media Router) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-15]
CHR Profile: C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default backup [2017-01-14] <==== ATTENTION
CHR Extension: (Google Drive) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default backup\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-14]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default backup\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2016-11-25]
CHR Extension: (Full Screen Weather) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default backup\Extensions\fkkaebihfmbofclegkcfkkemepfehibg [2015-05-12]
CHR Extension: (Google Docs Offline) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default backup\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default backup\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-02-14]
CHR Extension: (EasyDocMerge) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default backup\Extensions\mabloidgodmbnmnhoenmhlcjkfelomgp [2016-09-30]
CHR Extension: (Plants vs Zombies) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default backup\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina [2012-12-23]
CHR Extension: (RadioRage) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default backup\Extensions\nmhnimmlenjeaagdfpheikljicikpgjj [2016-10-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default backup\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Chrome Media Router) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default backup\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-15]
CHR Extension: (Canvas Rider) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default backup\Extensions\poknhlcknimnnbfcombaooklofipaibk [2015-05-09]
CHR Profile: C:\Users\bruce\AppData\Local\Google\Chrome\User Data\System Profile [2017-01-14]
CHR Extension: (Google Slides) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-10]
CHR Extension: (McAfee SafeKey) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\agbnjankikoaabjkmfbaceggjliabkbn [2015-07-10]
CHR Extension: (Google Docs) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-10]
CHR Extension: (Google Drive) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-10]
CHR Extension: (YouTube) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-10]
CHR Extension: (Google Search) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-10]
CHR Extension: (Google Sheets) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-10]
CHR Extension: (SiteAdvisor) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-07-10]
CHR Extension: (Mapit 1) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\jbkceikmmebhmgcjiemejoaeholbnnjl [2015-07-10] [UpdateUrl: hxxp://autoupdate.chromewebtb.conduit-services.com/sb/?productId=CT3008660&extensionData=\u003Cextension_data>] <==== ATTENTION
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-10]
CHR Extension: (Google Wallet) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-10]
CHR Extension: (Gmail) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-10]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-06-20]
CHR HKU\S-1-5-21-3677484834-1582494324-1908912837-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\bruce\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2016-02-14]
CHR HKU\S-1-5-21-3677484834-1582494324-1908912837-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [agbnjankikoaabjkmfbaceggjliabkbn] - C:\Program Files (x86)\SafeKey\lpchrome.crx [2014-11-29]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-06-20]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () [File not signed]
R3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1701840 2016-12-08] (Intel Security)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [144072 2015-10-07] (ELAN Microelectronics Corp.)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2011-02-24] (Macrovision Europe Ltd.) [File not signed]
R2 FlipShare Service; C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe [460144 2011-05-06] ()
R2 FlipShareServer; C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [1085440 2011-05-06] () [File not signed]
S3 GoogleDesktopManager-051210-111108; C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [30192 2011-02-24] (Google)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [188352 2017-01-09] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_6\McApExe.exe [989632 2016-12-06] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.474\McCHSvc.exe [329480 2016-12-14] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.3.253.0\\McCSPServiceHost.exe [2053568 2016-11-16] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [1342904 2016-12-15] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [241040 2016-11-14] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [383032 2016-11-14] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [342768 2016-11-14] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1465840 2016-12-22] (McAfee, Inc.)
S3 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1104304 2016-11-15] (Intel Security, Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)
R2 VIAKaraokeService; C:\WINDOWS\system32\viakaraokesrv.exe [36504 2015-06-22] (VIA Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [88456 2016-11-18] (McAfee, Inc.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77416 2016-12-14] ()
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [216704 2016-08-02] (McAfee, Inc.)
R3 kbfiltr; C:\WINDOWS\System32\drivers\kbfiltr.sys [15416 2009-07-20] ( )
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176064 2017-01-15] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [102856 2017-01-15] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-01-15] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [250816 2017-01-15] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2017-01-15] (Malwarebytes)
R2 McPvDrv; C:\WINDOWS\system32\drivers\McPvDrv.sys [87928 2016-08-01] (McAfee, Inc.)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [484576 2016-11-18] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [366320 2016-11-18] (McAfee, Inc.)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [85048 2016-11-18] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [518184 2016-11-18] (McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [916432 2016-11-18] (McAfee, Inc.)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [498152 2016-10-24] (McAfee, Inc.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [109336 2016-10-24] (McAfee, Inc.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [110248 2016-11-18] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [254800 2016-11-18] (McAfee, Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
U3 idsvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-16 08:38 - 2017-01-16 08:41 - 00033202 _____ C:\Users\bruce\Desktop\FRST.txt
2017-01-15 19:57 - 2017-01-15 19:58 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-01-15 19:57 - 2017-01-15 19:57 - 00250816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-01-15 19:57 - 2017-01-15 19:57 - 00176064 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-01-15 19:57 - 2017-01-15 19:57 - 00102856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-01-15 19:57 - 2017-01-15 19:57 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-01-15 19:56 - 2017-01-15 19:56 - 00001918 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-01-15 19:56 - 2017-01-15 19:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-01-15 19:56 - 2017-01-15 19:56 - 00000000 ____D C:\Program Files\Malwarebytes
2017-01-15 19:56 - 2016-12-14 12:55 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-01-15 19:34 - 2017-01-15 19:38 - 00000000 ____D C:\AdwCleaner
2017-01-15 19:21 - 2017-01-15 19:19 - 54199488 _____ (Malwarebytes ) C:\Users\bruce\Desktop\mb3-setup-consumer-3.0.5.1299.exe
2017-01-15 19:21 - 2017-01-15 19:19 - 03988944 _____ C:\Users\bruce\Desktop\AdwCleaner.exe
2017-01-15 19:21 - 2017-01-15 19:19 - 01663040 _____ (Malwarebytes) C:\Users\bruce\Desktop\JRT.exe
2017-01-15 15:51 - 2017-01-15 15:51 - 00000000 ____D C:\Users\bruce\Desktop\FRST-OlderVersion
2017-01-15 15:36 - 2017-01-15 15:51 - 02419200 _____ (Farbar) C:\Users\bruce\Desktop\FRST64.exe
2017-01-15 15:36 - 2017-01-15 15:11 - 00468480 _____ () C:\Users\bruce\Desktop\CKScanner.exe
2017-01-14 09:52 - 2017-01-14 10:02 - 00000000 ____D C:\WINDOWS\Minidump
2017-01-11 21:21 - 2016-12-21 02:43 - 04130440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-01-11 21:21 - 2016-12-21 02:43 - 01454504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2017-01-11 21:21 - 2016-12-21 02:43 - 01071736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-01-11 21:21 - 2016-12-21 02:42 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-01-11 21:21 - 2016-12-21 02:42 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-01-11 21:21 - 2016-12-21 02:42 - 01300600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-01-11 21:21 - 2016-12-21 02:41 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-01-11 21:21 - 2016-12-21 02:08 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2017-01-11 21:21 - 2016-12-21 02:06 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-01-11 21:21 - 2016-12-21 01:59 - 00883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-01-11 21:21 - 2016-12-21 01:56 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-01-11 21:21 - 2016-12-21 01:53 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-01-11 21:21 - 2016-12-21 01:51 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-01-11 21:21 - 2016-12-21 01:51 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-01-11 21:21 - 2016-12-21 00:59 - 00218976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2017-01-11 21:21 - 2016-12-21 00:09 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2017-01-11 21:21 - 2016-12-20 23:43 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-01-11 21:21 - 2016-12-20 23:41 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2017-01-11 21:21 - 2016-12-20 23:40 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-01-11 21:21 - 2016-12-20 23:40 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-01-11 21:21 - 2016-12-20 23:39 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-01-11 21:21 - 2016-12-20 23:38 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2017-01-11 21:21 - 2016-12-20 23:22 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-01-11 21:21 - 2016-12-14 00:41 - 01235296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-01-11 21:21 - 2016-12-13 23:48 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-01-11 21:21 - 2016-12-13 23:38 - 17188864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-01-11 21:21 - 2016-12-13 23:38 - 00213504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll
2017-01-11 21:21 - 2016-12-13 23:24 - 01005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2017-01-11 21:21 - 2016-12-13 23:24 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-01-11 21:21 - 2016-12-13 23:23 - 03134976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2017-01-11 21:21 - 2016-12-13 23:22 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-01-11 21:20 - 2016-12-21 03:08 - 00245600 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2017-01-11 21:20 - 2016-12-21 03:08 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-01-11 21:20 - 2016-12-21 03:04 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-01-11 21:20 - 2016-12-21 02:49 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-01-11 21:20 - 2016-12-21 02:46 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-01-11 21:20 - 2016-12-21 02:43 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-01-11 21:20 - 2016-12-21 02:42 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-01-11 21:20 - 2016-12-21 02:37 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-01-11 21:20 - 2016-12-21 02:15 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-01-11 21:20 - 2016-12-21 02:14 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2017-01-11 21:20 - 2016-12-21 02:09 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
2017-01-11 21:20 - 2016-12-21 02:09 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2017-01-11 21:20 - 2016-12-21 02:08 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-01-11 21:20 - 2016-12-21 02:08 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-01-11 21:20 - 2016-12-21 02:08 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-01-11 21:20 - 2016-12-21 02:07 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-01-11 21:20 - 2016-12-21 02:06 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-01-11 21:20 - 2016-12-21 02:06 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-01-11 21:20 - 2016-12-21 02:06 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-01-11 21:20 - 2016-12-21 02:05 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-01-11 21:20 - 2016-12-21 02:05 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-01-11 21:20 - 2016-12-21 02:05 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2017-01-11 21:20 - 2016-12-21 02:01 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-01-11 21:20 - 2016-12-21 02:00 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2017-01-11 21:20 - 2016-12-21 01:59 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-01-11 21:20 - 2016-12-21 01:58 - 23678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-01-11 21:20 - 2016-12-21 01:57 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsettingsprovider.dll
2017-01-11 21:20 - 2016-12-21 01:56 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2017-01-11 21:20 - 2016-12-21 01:55 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-01-11 21:20 - 2016-12-21 01:55 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-01-11 21:20 - 2016-12-21 01:54 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2017-01-11 21:20 - 2016-12-21 01:53 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-01-11 21:20 - 2016-12-21 01:50 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-01-11 21:20 - 2016-12-21 01:49 - 04149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-01-11 21:20 - 2016-12-21 01:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-01-11 21:20 - 2016-12-21 01:49 - 01062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-01-11 21:20 - 2016-12-21 01:47 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-01-11 21:20 - 2016-12-21 00:02 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-01-11 21:20 - 2016-12-21 00:02 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-01-11 21:20 - 2016-12-21 00:02 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-01-11 21:20 - 2016-12-21 00:02 - 01277344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-01-11 21:20 - 2016-12-21 00:02 - 01201872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-01-11 21:20 - 2016-12-21 00:02 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-01-11 21:20 - 2016-12-21 00:01 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-01-11 21:20 - 2016-12-20 23:46 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2017-01-11 21:20 - 2016-12-20 23:41 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-01-11 21:20 - 2016-12-20 23:40 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2017-01-11 21:20 - 2016-12-20 23:40 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-01-11 21:20 - 2016-12-20 23:39 - 01300480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-01-11 21:20 - 2016-12-20 23:35 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-01-11 21:20 - 2016-12-20 23:35 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2017-01-11 21:20 - 2016-12-20 23:34 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-01-11 21:20 - 2016-12-20 23:33 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-01-11 21:20 - 2016-12-20 23:32 - 19417600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-01-11 21:20 - 2016-12-20 23:30 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2017-01-11 21:20 - 2016-12-20 23:30 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-01-11 21:20 - 2016-12-20 23:27 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-01-11 21:20 - 2016-12-20 23:26 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2017-01-11 21:20 - 2016-12-20 23:25 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-01-11 21:20 - 2016-12-20 23:25 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-01-11 21:20 - 2016-12-20 23:24 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-01-11 21:20 - 2016-12-14 00:41 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-01-11 21:20 - 2016-12-14 00:34 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2017-01-11 21:20 - 2016-12-14 00:33 - 02169184 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2017-01-11 21:20 - 2016-12-14 00:33 - 01669984 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2017-01-11 21:20 - 2016-12-14 00:33 - 01400160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-01-11 21:20 - 2016-12-14 00:33 - 01356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2017-01-11 21:20 - 2016-12-14 00:33 - 01054048 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll
2017-01-11 21:20 - 2016-12-14 00:33 - 00992096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll
2017-01-11 21:20 - 2016-12-14 00:33 - 00822624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2017-01-11 21:20 - 2016-12-14 00:33 - 00813408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2017-01-11 21:20 - 2016-12-14 00:33 - 00779616 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2017-01-11 21:20 - 2016-12-14 00:33 - 00752992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2017-01-11 21:20 - 2016-12-14 00:33 - 00704352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-01-11 21:20 - 2016-12-14 00:33 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2017-01-11 21:20 - 2016-12-14 00:33 - 00571744 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2017-01-11 21:20 - 2016-12-14 00:33 - 00513376 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2017-01-11 21:20 - 2016-12-14 00:33 - 00406368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2017-01-11 21:20 - 2016-12-14 00:33 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe
2017-01-11 21:20 - 2016-12-14 00:33 - 00190816 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVDllSurrogate.exe
2017-01-11 21:20 - 2016-12-14 00:23 - 00404832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-01-11 21:20 - 2016-12-14 00:21 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2017-01-11 21:20 - 2016-12-14 00:19 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-01-11 21:20 - 2016-12-14 00:18 - 00715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-01-11 21:20 - 2016-12-14 00:18 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2017-01-11 21:20 - 2016-12-14 00:17 - 00319288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2017-01-11 21:20 - 2016-12-14 00:14 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-01-11 21:20 - 2016-12-14 00:14 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2017-01-11 21:20 - 2016-12-14 00:14 - 00089416 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2017-01-11 21:20 - 2016-12-14 00:01 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-01-11 21:20 - 2016-12-14 00:01 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2017-01-11 21:20 - 2016-12-14 00:01 - 00076984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2017-01-11 21:20 - 2016-12-13 23:46 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-01-11 21:20 - 2016-12-13 23:46 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-01-11 21:20 - 2016-12-13 23:43 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-01-11 21:20 - 2016-12-13 23:42 - 00352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-01-11 21:20 - 2016-12-13 23:42 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2017-01-11 21:20 - 2016-12-13 23:42 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-11 21:20 - 2016-12-13 23:42 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2017-01-11 21:20 - 2016-12-13 23:41 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-01-11 21:20 - 2016-12-13 23:40 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-01-11 21:20 - 2016-12-13 23:40 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-01-11 21:20 - 2016-12-13 23:40 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-01-11 21:20 - 2016-12-13 23:39 - 00837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-01-11 21:20 - 2016-12-13 23:39 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-01-11 21:20 - 2016-12-13 23:39 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.CredDialogController.dll
2017-01-11 21:20 - 2016-12-13 23:38 - 13869056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-01-11 21:20 - 2016-12-13 23:38 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-01-11 21:20 - 2016-12-13 23:37 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-01-11 21:20 - 2016-12-13 23:36 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-01-11 21:20 - 2016-12-13 23:36 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-01-11 21:20 - 2016-12-13 23:36 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-01-11 21:20 - 2016-12-13 23:35 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-01-11 21:20 - 2016-12-13 23:35 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-01-11 21:20 - 2016-12-13 23:35 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2017-01-11 21:20 - 2016-12-13 23:35 - 00553984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
2017-01-11 21:20 - 2016-12-13 23:32 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2017-01-11 21:20 - 2016-12-13 23:26 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-01-11 21:20 - 2016-12-13 23:26 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-01-11 21:20 - 2016-12-13 23:25 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2017-01-11 21:20 - 2016-12-13 23:23 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-01-11 21:20 - 2016-12-13 23:22 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2017-01-11 21:20 - 2016-12-13 23:22 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-01-11 21:20 - 2016-12-13 23:22 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-01-11 21:20 - 2016-12-13 23:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-01-11 21:20 - 2016-11-02 07:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-01-11 21:20 - 2016-11-02 06:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-01-11 21:20 - 2016-11-02 05:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-01-11 21:20 - 2016-11-02 05:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-01-11 21:20 - 2016-11-02 05:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-01-11 21:20 - 2016-08-01 23:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-01-11 21:19 - 2016-12-21 02:42 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-01-11 21:19 - 2016-12-21 02:13 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2017-01-11 21:19 - 2016-12-21 02:12 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2017-01-11 21:19 - 2016-12-21 02:10 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2017-01-11 21:19 - 2016-12-21 02:08 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-01-11 21:19 - 2016-12-21 02:08 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-01-11 21:19 - 2016-12-21 01:53 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-01-11 21:19 - 2016-12-21 01:51 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-01-11 21:19 - 2016-12-20 23:24 - 05061120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-01-11 21:19 - 2016-12-20 23:24 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-01-11 21:19 - 2016-12-20 23:24 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-01-11 21:19 - 2016-12-20 23:22 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-01-11 21:19 - 2016-12-14 00:26 - 01469792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2017-01-11 21:19 - 2016-12-14 00:08 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-01-11 21:19 - 2016-12-14 00:06 - 00509792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-01-11 21:19 - 2016-12-13 23:45 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-01-11 21:19 - 2016-12-13 23:40 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2017-01-11 21:19 - 2016-12-13 23:40 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-11 21:19 - 2016-12-13 23:32 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2017-01-11 21:19 - 2016-12-13 23:22 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-01-11 21:19 - 2016-12-13 23:22 - 00707584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-01-10 13:37 - 2017-01-10 13:37 - 00000000 ____D C:\Users\bruce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-12-24 08:27 - 2016-12-24 08:27 - 00179835 _____ C:\Users\bruce\Downloads\document (2).pdf
2016-12-20 14:21 - 2016-12-20 14:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2016-12-19 08:13 - 2016-12-19 08:13 - 00586870 _____ C:\Users\bruce\Downloads\12-16-2016.pdf
2016-12-18 09:38 - 2016-12-18 09:38 - 00911797 _____ C:\Users\bruce\Downloads\download.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-16 08:40 - 2016-10-29 09:13 - 00004034 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2017-01-16 08:38 - 2016-02-15 11:43 - 00000000 ____D C:\FRST
2017-01-16 08:37 - 2016-09-18 11:28 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-01-15 21:38 - 2011-02-24 17:41 - 00000000 ____D C:\ProgramData\FLEXnet
2017-01-15 20:04 - 2014-12-04 17:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2017-01-15 19:56 - 2014-12-26 11:17 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-15 19:41 - 2016-02-14 19:19 - 00000000 ___RD C:\Users\bruce\Google Drive
2017-01-15 19:39 - 2016-09-18 11:55 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-15 19:38 - 2016-07-16 01:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-01-15 18:32 - 2016-09-19 18:10 - 00004222 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
2017-01-15 07:56 - 2016-07-16 06:45 - 00000000 ____D C:\WINDOWS\INF
2017-01-15 07:51 - 2015-01-08 17:58 - 00000000 ____D C:\Program Files (x86)\McAfee
2017-01-15 07:49 - 2016-09-18 11:34 - 00000000 ____D C:\Users\bruce
2017-01-15 07:40 - 2016-07-16 01:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-01-14 11:55 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-01-13 18:19 - 2016-02-16 19:19 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-01-13 18:01 - 2016-02-15 13:58 - 00000000 ____D C:\Program Files\KMSpico
2017-01-13 15:06 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\rescache
2017-01-13 11:08 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-13 10:58 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-01-13 10:58 - 2011-02-21 18:51 - 00485032 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-01-12 19:13 - 2016-02-15 13:19 - 01232530 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-12 15:27 - 2016-02-15 13:25 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-01-12 15:21 - 2016-09-18 11:27 - 04855896 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-01-12 15:19 - 2016-07-16 06:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-01-12 15:19 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-01-12 15:19 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-01-12 15:19 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-01-12 15:19 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\Provisioning
2017-01-12 15:19 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-01-12 15:11 - 2015-01-08 17:49 - 00000000 ____D C:\ProgramData\McAfee
2017-01-12 15:09 - 2013-02-23 10:48 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-01-11 22:04 - 2015-01-08 17:50 - 00000000 ____D C:\Program Files\Common Files\McAfee
2017-01-11 22:02 - 2016-07-16 06:47 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2017-01-11 22:00 - 2016-09-18 11:55 - 00003126 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon
2017-01-11 22:00 - 2016-09-18 11:55 - 00000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2017-01-11 21:48 - 2013-08-16 17:17 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-01-11 21:40 - 2016-07-16 06:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-11 21:40 - 2011-02-24 13:58 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-01-10 14:18 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-01-10 14:18 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-01-10 13:37 - 2012-02-21 12:23 - 00000000 ____D C:\Users\bruce\AppData\Roaming\Dropbox
2016-12-31 12:51 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-12-30 20:58 - 2011-06-18 13:27 - 00000000 ____D C:\Users\bruce\AppData\Local\Diagnostics
2016-12-22 18:13 - 2016-07-16 06:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-12-22 18:13 - 2016-07-16 06:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-22 17:56 - 2016-09-18 11:34 - 00524288 ___SH C:\Users\bruce\NTUSER.DAT{16bdf58d-7dc5-11e6-a2c8-cc0d12853275}.TMContainer00000000000000000002.regtrans-ms
2016-12-22 17:56 - 2016-09-18 11:34 - 00065536 ___SH C:\Users\bruce\NTUSER.DAT{16bdf58d-7dc5-11e6-a2c8-cc0d12853275}.TM.blf
2016-12-22 17:56 - 2015-02-23 21:15 - 00000000 __SHD C:\Config.Msi
2016-12-22 17:55 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\en-US
2016-12-22 17:55 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\en-US
2016-12-22 17:55 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\Boot
2016-12-22 17:55 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppPatch
2016-12-21 04:54 - 2011-02-21 21:05 - 00389396 __RSH C:\bootmgr
2016-12-20 14:21 - 2016-07-16 06:47 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
2016-12-20 14:21 - 2016-06-30 09:53 - 00002015 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2016-12-20 14:21 - 2015-11-19 12:10 - 00000000 ____D C:\Program Files\McAfee Security Scan
 
==================== Files in the root of some directories =======
 
2014-11-29 09:58 - 2015-01-08 17:59 - 32371688 _____ (McAfee) C:\Program Files (x86)\Common Files\lpuninstall.exe
2016-02-15 13:59 - 2016-02-15 13:59 - 0000218 _____ () C:\Users\bruce\AppData\Local\recently-used.xbel
2016-07-06 16:31 - 2016-07-06 16:31 - 0000017 _____ () C:\Users\bruce\AppData\Local\resmon.resmoncfg
2015-07-31 09:46 - 2015-07-31 09:46 - 0000000 _____ () C:\Users\bruce\AppData\Local\{CDC5D30D-8E43-409F-B1E1-F41947B4633A}
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-01-10 13:10
 
==================== End of FRST.txt ============================
 
 
 
 
 
Addition.txt - 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-01-2017
Ran by bruce (16-01-2017 08:43:12)
Running from C:\Users\bruce\Desktop
Windows 10 Pro Version 1607 (X64) (2016-09-18 17:05:05)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3677484834-1582494324-1908912837-500 - Administrator - Disabled)
bruce (S-1-5-21-3677484834-1582494324-1908912837-1000 - Administrator - Enabled) => C:\Users\bruce
DefaultAccount (S-1-5-21-3677484834-1582494324-1908912837-503 - Limited - Disabled)
Guest (S-1-5-21-3677484834-1582494324-1908912837-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3677484834-1582494324-1908912837-1002 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
FW: McAfee Firewall (Enabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 15.14 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1514-000001000000}) (Version: 15.14.00.0 - Igor Pavlov)
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}) (Version: 9.5.5 - Adobe Systems)
Adobe Acrobat 9 Pro Extended 64-bit Add-On (HKLM\...\{AC76BA86-1033-0000-0064-0003D0000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM-x32\...\{AC76BA86-1033-F400-7761-000000000004}_955) (Version:  - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Creative Suite 5 Master Collection (HKLM-x32\...\{FBB02B04-C034-4382-A3F6-57416E2752C4}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 3.4.1 64-bit (HKLM\...\{8BBA6F77-4A79-4E90-BD82-E24669ACF221}) (Version: 3.4.2 - Adobe)
AnswerWorks 5.0 English Runtime (HKLM-x32\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
Apple Application Support (32-bit) (HKLM-x32\...\{F2871C89-C8A5-42EE-8D45-0F02506385A6}) (Version: 5.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9BC93467-75D1-4AA4-BD58-D9C51D88DFAB}) (Version: 5.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ATK Generic Function Service (HKLM-x32\...\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}) (Version: 1.00.0008 - ATK)
ATK Hotkey (HKLM-x32\...\{7C05592D-424B-46CB-B505-E0013E8E75C9}) (Version: 1.0.0052 - ASUS)
ATK Media (HKLM-x32\...\{D1E5870E-E3E5-4475-98A6-ADD614524ADF}) (Version: 2.0.0006 - ASUS)
ATKOSD2 (HKLM-x32\...\{3B05F2FB-745B-4012-ADF2-439F36B2E70B}) (Version: 7.0.0006 - ASUS)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform)
Deluge 1.3.12 (HKLM-x32\...\Deluge) (Version:  - )
Dropbox (HKU\S-1-5-21-3677484834-1582494324-1908912837-1000\...\Dropbox) (Version: 17.4.33 - Dropbox, Inc.)
ELAN Touchpad 11.15.0.18_X64 (HKLM\...\Elantech) (Version: 11.15.0.18 - ELAN Microelectronic Corp.)
FlipShare (HKLM-x32\...\{97C658D2-61FB-027F-0D76-E9CDC84AFEC7}) (Version: 5.12.3.0 - Flip Video)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Desktop (HKLM-x32\...\Google Desktop) (Version: 5.9.1005.12335 - Google)
Google Drive (HKLM-x32\...\{07A12123-B717-496B-B471-48AF6407B433}) (Version: 1.32.4066.7445 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.5.0 - LIGHTNING UK!)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
iTunes (HKLM\...\{554C62C7-E6BB-40F1-892B-F0AE02D3C135}) (Version: 12.5.3.17 - Apple Inc.)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.15 - Oracle Corporation)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version:  - )
Malwarebytes version 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes)
McAfee All Access – Total Protection (HKLM-x32\...\MSC) (Version: 14.0.3061 - McAfee, Inc.)
McAfee SafeKey(uninstall only) (HKLM-x32\...\safekey) (Version: 2.2.3 - McAfee, Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.474.2 - McAfee, Inc.)
McAfee Virtual Technician (HKLM-x32\...\McAfee Virtual Technician) (Version: 7.6.0.202 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.209 - McAfee, Inc.)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
Quicken 2011 (HKLM-x32\...\{5FE545A1-D215-4216-9189-E7B39C9D1CC1}) (Version: 20.1.7.4 - Intuit)
Quicken 2012 (HKLM-x32\...\{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}) (Version: 21.1.7.18 - Intuit)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Sansa Updater (HKU\S-1-5-21-3677484834-1582494324-1908912837-1000\...\Sansa Updater) (Version: 1.407 - SanDisk Corporation)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.66695 - TeamViewer)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Wi-Fi Scanner version 3.2.0.114 (HKLM-x32\...\Wi-Fi Scanner_is1) (Version: 3.2.0.114 - LizardSystems)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3677484834-1582494324-1908912837-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\bruce\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3677484834-1582494324-1908912837-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\bruce\AppData\Roaming\Dropbox\bin\DropboxExt64.8.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3677484834-1582494324-1908912837-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\bruce\AppData\Roaming\Dropbox\bin\DropboxExt64.8.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3677484834-1582494324-1908912837-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\bruce\AppData\Roaming\Dropbox\bin\DropboxExt64.8.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3677484834-1582494324-1908912837-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\bruce\AppData\Roaming\Dropbox\bin\DropboxExt64.8.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3677484834-1582494324-1908912837-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\bruce\AppData\Roaming\Dropbox\bin\DropboxExt64.8.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3677484834-1582494324-1908912837-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\bruce\AppData\Roaming\Dropbox\bin\DropboxExt64.8.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3677484834-1582494324-1908912837-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\bruce\AppData\Roaming\Dropbox\bin\DropboxExt64.8.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3677484834-1582494324-1908912837-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\bruce\AppData\Roaming\Dropbox\bin\DropboxExt64.8.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3677484834-1582494324-1908912837-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\bruce\AppData\Roaming\Dropbox\bin\DropboxExt64.8.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3677484834-1582494324-1908912837-1000_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\bruce\AppData\Roaming\Dropbox\bin\DropboxExt64.8.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3677484834-1582494324-1908912837-1000_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\bruce\AppData\Roaming\Dropbox\bin\DropboxExt64.8.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3677484834-1582494324-1908912837-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\bruce\AppData\Roaming\Dropbox\bin\DropboxExt64.8.0.dll (Dropbox, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0CFBD76A-2A9F-4B20-9560-4ACE568507BB} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {107CF152-8876-48C2-8638-47E1B471E399} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-10] (Adobe Systems Incorporated)
Task: {108D1847-39DC-46F9-80CF-EFC2D384ED50} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.50.1291.1\mcdatrep.exe [2017-01-11] (McAfee, Inc.)
Task: {119DA2D5-123E-4031-B228-05657CB87693} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {171B02B1-BDBE-4B94-9B26-FFA7253F530B} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {1DF0D4A6-AD0F-480A-808A-75CEFA941EC4} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1FE8FD77-9ADD-42B5-AD1B-A95412669B40} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-06] (Piriform Ltd)
Task: {2219CD19-21A1-4806-AEF7-611652C84622} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {2C35F430-3B98-4141-A45B-DFB64764FA3D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3677484834-1582494324-1908912837-1000UA => C:\Users\bruce\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {2EA1BF58-2DB9-4BC6-A442-B5E4CF736882} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {2F829855-A5D5-410C-AED1-EC2D9074BD74} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {35A5FCC8-8233-4159-9F1F-2BF643E00F39} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {35FDABEE-8ECB-4331-819A-079AF10B5608} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {4012A0BF-B288-4857-AD8A-C81CFCA6E430} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {42130B14-8CB6-4894-9C5B-1B6A75B07168} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {4873B693-8BF9-4EEE-8B41-CA75581E05A9} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3677484834-1582494324-1908912837-1000Core1d240788f9a42c5 => C:\Users\bruce\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-16] (Dropbox, Inc.)
Task: {4A5C1DD3-8558-4B1E-AF75-5CE80F558170} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {50C8A4FA-2480-44CF-B648-0AEC5722837D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {5F5DF154-D4A7-4040-A85E-112B405710F0} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {60C6400A-04F5-42B9-901A-EFCB055F46E8} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2016-12-09] (McAfee, Inc.)
Task: {64B6C8F6-1450-48EB-9986-797A049EC7D2} - System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.50.1291.1\mcdatrep.exe [2017-01-11] (McAfee, Inc.)
Task: {68AE808F-4960-49DF-8D2C-0C2FD471768D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {70AB7174-8C80-4C23-9641-DAAE02A91533} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {78731685-D400-4A23-8996-7F8EE0C16DD5} - \McAfee\McAfee Idle Detection Task -> No File <==== ATTENTION
Task: {8285F731-5271-4326-BB7A-600FC3B1F5F5} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3677484834-1582494324-1908912837-1000UA1d2407890043b07 => C:\Users\bruce\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-16] (Dropbox, Inc.)
Task: {8D1594FB-3F26-496C-A158-F63BF5A3C0E7} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8E2AD927-1A0A-4916-9093-A78883B7517E} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2016-12-15] (McAfee, Inc.)
Task: {8F6C44D4-5AA4-4166-B66C-ECC2003CC572} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {91ABBCA0-28AB-42AB-A476-5DAB672DFA9C} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {95D63F21-86E7-4346-80C9-62C0D61421AA} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {987EC4D9-A3C7-4725-9985-058AABBB0C15} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {99F5F930-1C38-4DA6-9A72-0D04CBD6423E} - System32\Tasks\AdobeAAMUpdater-1.0-ASUSP50IJ-PC-bruce => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {9C52ADC7-23E1-41A2-B4C2-80F1FE656C59} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {9EE14C19-98C5-4DA2-A8F7-0E797FE1269B} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {ABDBB888-D495-4F3D-8726-2EA95701113E} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {AF3E8BCD-3DC6-497B-A801-A3B1AEF8391F} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B7C3F7D5-AF5C-4B4C-B48C-060A306F97F4} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B7F7115C-FC6D-46DC-8955-00876734A0AA} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {C6A11B46-7CF6-4C42-80E9-2214B2900B75} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {CF36E3AB-9240-4C4A-8A08-CE91DC80AC41} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {DC238544-8A32-4F6A-883E-F6CFEC37E42E} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {E9FA1D44-33BE-432C-800B-261C2DE6257A} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {ECFB17DC-2FAB-45F4-95FF-AE38CFD2241C} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe
Task: {F46EE9FA-5F5A-458B-890D-76CF527A3416} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3677484834-1582494324-1908912837-1000Core1d240788f9a42c5.job => C:\Users\bruce\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3677484834-1582494324-1908912837-1000UA1d2407890043b07.job => C:\Users\bruce\AppData\Local\Dropbox\Update\DropboxUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-07-16 06:42 - 2016-07-16 06:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-14 20:39 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2011-02-24 12:33 - 2007-08-08 00:08 - 00094208 _____ () C:\Program Files\ATKGFNEX\GFNEXSrv.exe
2016-10-05 18:17 - 2016-10-05 18:17 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-10-05 18:17 - 2016-10-05 18:17 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-05-06 12:07 - 2011-05-06 12:07 - 00460144 _____ () C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
2011-05-06 11:58 - 2011-05-06 11:58 - 01085440 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
2016-12-14 20:39 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-09-20 16:26 - 2016-09-20 16:26 - 01864384 _____ () C:\Users\bruce\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll
2016-12-14 09:47 - 2016-12-14 09:47 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2016-12-14 09:47 - 2016-12-14 09:47 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-12-14 09:47 - 2016-12-14 09:47 - 42130432 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2016-12-14 09:47 - 2016-12-14 09:47 - 02216448 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\roottools.dll
2016-09-19 07:13 - 2016-09-06 23:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-11 21:20 - 2016-12-21 02:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-11 21:20 - 2016-12-21 01:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-11 21:20 - 2016-12-21 01:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-11 21:20 - 2016-12-21 01:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-11 21:20 - 2016-12-21 01:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-11 21:20 - 2016-12-21 01:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-11 21:20 - 2016-12-21 01:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-01-15 19:56 - 2016-12-14 12:55 - 02259232 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-01-15 19:56 - 2016-12-14 12:55 - 02813904 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
2017-01-15 19:56 - 2016-12-14 12:55 - 02247632 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2010-10-25 23:06 - 2010-10-25 23:06 - 02248704 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtCore4.dll
2011-05-06 12:07 - 2011-05-06 12:07 - 04317184 _____ () C:\Program Files (x86)\Flip Video\FlipShare\Core.dll
2011-05-06 12:02 - 2011-05-06 12:02 - 00737280 _____ () C:\Program Files (x86)\Flip Video\FlipShare\qca2.dll
2010-10-25 23:23 - 2010-10-25 23:23 - 08351744 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtGui4.dll
2010-10-25 23:08 - 2010-10-25 23:08 - 00983040 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtNetwork4.dll
2010-10-25 23:23 - 2010-10-25 23:23 - 00204800 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtSql4.dll
2010-10-25 23:06 - 2010-10-25 23:06 - 00364544 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtXml4.dll
2010-10-26 07:34 - 2010-10-26 07:34 - 11853824 _____ () C:\Program Files (x86)\Flip Video\FlipShare\QtWebKit4.dll
2010-05-20 12:49 - 2010-05-20 12:49 - 00258048 _____ () C:\Program Files (x86)\Flip Video\FlipShare\boost_serialization-vc80-mt-1_43.dll
2010-05-17 08:47 - 2010-05-17 08:47 - 01199104 _____ () C:\Program Files (x86)\Flip Video\FlipShare\PocoFoundation.dll
2010-05-17 08:47 - 2010-05-17 08:47 - 00642048 _____ () C:\Program Files (x86)\Flip Video\FlipShare\PocoNet.dll
2010-05-17 08:47 - 2010-05-17 08:47 - 00511488 _____ () C:\Program Files (x86)\Flip Video\FlipShare\PocoXML.dll
2010-10-25 23:37 - 2010-10-25 23:37 - 00258048 _____ () C:\Program Files (x86)\Flip Video\FlipShare\phonon4.dll
2010-10-25 23:06 - 2010-10-25 23:06 - 02248704 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\QtCore4.dll
2010-10-25 23:08 - 2010-10-25 23:08 - 00983040 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\QtNetwork4.dll
2010-10-25 23:23 - 2010-10-25 23:23 - 00204800 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\QtSql4.dll
2010-05-20 12:49 - 2010-05-20 12:49 - 00258048 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\boost_serialization-vc80-mt-1_43.dll
2010-05-17 08:47 - 2010-05-17 08:47 - 01199104 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\PocoFoundation.dll
2010-05-17 08:47 - 2010-05-17 08:47 - 00642048 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\PocoNet.dll
2010-05-17 08:47 - 2010-05-17 08:47 - 00175616 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\PocoNetSSL.dll
2010-05-17 08:47 - 2010-05-17 08:47 - 00291840 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\PocoUtil.dll
2010-05-17 08:47 - 2010-05-17 08:47 - 00511488 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\PocoXML.dll
2010-05-17 08:47 - 2010-05-17 08:47 - 00110592 _____ () C:\Program Files (x86)\Flip Video\FlipShareServer\PocoCrypto.dll
2014-08-13 09:27 - 2014-08-13 09:27 - 00988160 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxml2.dll
2014-07-29 13:34 - 2014-07-29 13:34 - 00170496 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxslt.dll
2016-12-15 08:55 - 2016-12-08 02:29 - 01829208 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libglesv2.dll
2016-12-15 08:55 - 2016-12-08 02:29 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2017-01-15 19:38 - 00000832 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3677484834-1582494324-1908912837-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\bruce\AppData\Local\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/15/2017 10:53:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1875
 
Error: (01/15/2017 10:53:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1875
 
Error: (01/15/2017 10:53:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/15/2017 07:58:14 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.
 
Error: (01/15/2017 07:52:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 10.0.14393.479, time stamp: 0x58258a90
Faulting module name: windows.immersiveshell.serviceprovider.dll, version: 10.0.14393.0, time stamp: 0x57899873
Exception code: 0x80270233
Fault offset: 0x0000000000033c25
Faulting process id: 0x16b0
Faulting application start time: 0x01d26f2e27e03492
Faulting application path: C:\WINDOWS\Explorer.EXE
Faulting module path: C:\Windows\System32\windows.immersiveshell.serviceprovider.dll
Report Id: b55a414e-eb8f-4366-b3a4-229ff2278a20
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (01/15/2017 07:41:31 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (01/15/2017 07:40:49 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (01/15/2017 03:00:28 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (01/15/2017 01:14:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_MapsBroker, version: 10.0.14393.0, time stamp: 0x57899b1c
Faulting module name: MosHostCore.dll, version: 10.0.14393.479, time stamp: 0x58258db1
Exception code: 0x84000010
Fault offset: 0x000000000001ac50
Faulting process id: 0x1c0
Faulting application start time: 0x01d26ef68daa525d
Faulting application path: C:\WINDOWS\System32\svchost.exe
Faulting module path: C:\WINDOWS\SYSTEM32\MosHostCore.dll
Report Id: 9f8a5516-27bb-4e37-997d-e96f3125fcef
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (01/14/2017 12:08:33 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.
 
 
System errors:
=============
Error: (01/15/2017 10:08:53 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR3.
 
Error: (01/15/2017 10:06:02 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error: 
Incorrect function.
 
Error: (01/15/2017 07:43:27 PM) (Source: DCOM) (EventID: 10016) (User: ASUSP50IJ-PC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user ASUSP50IJ-PC\bruce SID (S-1-5-21-3677484834-1582494324-1908912837-1000) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.
 
Error: (01/15/2017 07:39:47 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (01/15/2017 07:38:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The McAfee SiteAdvisor Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (01/15/2017 07:38:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (01/15/2017 07:38:08 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (01/15/2017 07:38:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The VIA Karaoke digital mixer Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (01/15/2017 07:38:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Office Software Protection Platform service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (01/15/2017 07:38:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The FlipShare Server service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
 
CodeIntegrity:
===================================
  Date: 2017-01-15 08:31:33.457
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-01-12 17:15:43.000
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-01-12 17:15:42.916
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-01-12 17:15:42.835
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-01-12 17:15:42.702
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-01-12 17:15:42.629
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-01-12 17:15:42.588
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-01-12 17:15:37.413
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-01-12 17:15:36.270
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-01-12 16:01:00.771
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Pentium® Dual-Core CPU T4500 @ 2.30GHz
Percentage of memory in use: 64%
Total physical RAM: 4061.08 MB
Available physical RAM: 1443.49 MB
Total Virtual: 8157.08 MB
Available Virtual: 5031.65 MB
 
==================== Drives ================================
 
Drive c: (SYSTEM) (Fixed) (Total:97.22 GB) (Free:50.02 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive e: (DATA) (Fixed) (Total:200.43 GB) (Free:147.06 GB) NTFS
Drive f: (128GB) (Removable) (Total:115.69 GB) (Free:114.84 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 76692CA8)
Partition 1: (Active) - (Size=97.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)
Partition 3: (Not Active) - (Size=200.4 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 115.7 GB) (Disk ID: 08D625BD)
Partition 1: (Not Active) - (Size=115.7 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

#10 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 16 January 2017 - 02:06 PM

Im thinking these should be uninstalled

 

Microsoft Office Professional Plus 2010 
c:\program files (x86)\adobe\adobe flash catalyst 
 
 
 

 
Open notepad , Go to Start --> All Programs --> Accessories --> Notepad.
Please copy the entire contents Inside of the code box below beginning with START and ending with END
(To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
Name the file Fixlist.txt , Save it to your desktop where you have FRST/FRST64 or the fix wont work. Right Click on FRST/FRST64 and select RUN AS ADMINISTRATOR Then click on >FIX< (Not Scan) It won't take long, after your computer reboots you will find a FIXLOG.TXT on your desktop, post it please
 
Start
CloseProcesses:
CreateRestorePoint:
 C:\Users\bruce\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\jbkceikmmebhmgcjiemejoaeholbnnjl\10.11.21.5_0\plugins\ConduitChromeApiPlugin.dll  
HKLM-x32\...\Run: [] => [X]
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-3677484834-1582494324-1908912837-1000 -> DefaultScope {E293979B-493B-4AFB-B85B-9FAD1FA239A9} URL = 
SearchScopes: HKU\S-1-5-21-3677484834-1582494324-1908912837-1000 -> {70D46D94-BF1E-45ED-B567-48701376298E} URL = hxxp://127.0.0.1:4664/search&s=EKBJ-9xRDQ5tzhbdkvSjuPSXCyQ?q={searchTerms}
CHR Profile: C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default backup [2017-01-14] <==== ATTENTION
CHR Extension: (Mapit 1) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\jbkceikmmebhmgcjiemejoaeholbnnjl [2015-07-10] [UpdateUrl: hxxp://autoupdate.chromewebtb.conduit-services.com/sb/?productId=CT3008660&extensionData=\u003Cextension_data>] <==== ATTENTION
2017-01-13 18:01 - 2016-02-15 13:58 - 00000000 ____D C:\Program Files\KMSpico
Task: {78731685-D400-4A23-8996-7F8EE0C16DD5} - \McAfee\McAfee Idle Detection Task -> No File <==== ATTENTION
Task: {C6A11B46-7CF6-4C42-80E9-2214B2900B75} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {ECFB17DC-2FAB-45F4-95FF-AE38CFD2241C} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe
C:\Program Files\KMSpico
Hosts:
CMD: ipconfig /flushdns
EmptyTemp:
End
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

 



 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

    Advertisements

Register to Remove

#11 madhartigan

madhartigan

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 16 January 2017 - 04:52 PM

Thank you for this fixlist.

 

Prior to running FRST, I was able to uninstall MS Office Professional and Adobe Flash Catalyst, as you suggested.  I also noticed KMSPico in the list of programs able to be uninstalled, so I uninstalled that as well.



Here is the Fixlog.txt:


Fixlog.txt - 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-01-2017
Ran by bruce (16-01-2017 17:43:16) Run:1
Running from C:\Users\bruce\Desktop
Loaded Profiles: bruce (Available Profiles: bruce)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:
 C:\Users\bruce\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\jbkceikmmebhmgcjiemejoaeholbnnjl\10.11.21.5_0\plugins\ConduitChromeApiPlugin.dll  
HKLM-x32\...\Run: [] => [X]
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-3677484834-1582494324-1908912837-1000 -> DefaultScope {E293979B-493B-4AFB-B85B-9FAD1FA239A9} URL = 
SearchScopes: HKU\S-1-5-21-3677484834-1582494324-1908912837-1000 -> {70D46D94-BF1E-45ED-B567-48701376298E} URL = hxxp://127.0.0.1:4664/search&s=EKBJ-9xRDQ5tzhbdkvSjuPSXCyQ?q={searchTerms}
CHR Profile: C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default backup [2017-01-14] <==== ATTENTION
CHR Extension: (Mapit 1) - C:\Users\bruce\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\jbkceikmmebhmgcjiemejoaeholbnnjl [2015-07-10] [UpdateUrl: hxxp://autoupdate.chromewebtb.conduit-services.com/sb/?productId=CT3008660&extensionData=\u003Cextension_data>] <==== ATTENTION
2017-01-13 18:01 - 2016-02-15 13:58 - 00000000 ____D C:\Program Files\KMSpico
Task: {78731685-D400-4A23-8996-7F8EE0C16DD5} - \McAfee\McAfee Idle Detection Task -> No File <==== ATTENTION
Task: {C6A11B46-7CF6-4C42-80E9-2214B2900B75} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {ECFB17DC-2FAB-45F4-95FF-AE38CFD2241C} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe
C:\Program Files\KMSpico
Hosts:
CMD: ipconfig /flushdns
EmptyTemp:
End
*****************
 
Processes closed successfully.
Error: (0) Failed to create a restore point.
C:\Users\bruce\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\jbkceikmmebhmgcjiemejoaeholbnnjl\10.11.21.5_0\plugins\ConduitChromeApiPlugin.dll => moved successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-3677484834-1582494324-1908912837-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-3677484834-1582494324-1908912837-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E} => key removed successfully
HKCR\CLSID\{70D46D94-BF1E-45ED-B567-48701376298E} => key not found. 
C:\Users\bruce\AppData\Local\Google\Chrome\User Data\Default backup => moved successfully
C:\Users\bruce\AppData\Local\Google\Chrome\User Data\System Profile\Extensions\jbkceikmmebhmgcjiemejoaeholbnnjl <==== ATTENTION => not found
C:\Program Files\KMSpico => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{78731685-D400-4A23-8996-7F8EE0C16DD5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{78731685-D400-4A23-8996-7F8EE0C16DD5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee\McAfee Idle Detection Task => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C6A11B46-7CF6-4C42-80E9-2214B2900B75} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C6A11B46-7CF6-4C42-80E9-2214B2900B75} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ECFB17DC-2FAB-45F4-95FF-AE38CFD2241C} => key not found. 
C:\WINDOWS\System32\Tasks\AutoPico Daily Restart => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoPico Daily Restart => key not found. 
"C:\Program Files\KMSpico" => not found.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 859088 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 27515946 B
Java, Flash, Steam htmlcache => 952 B
Windows/system/drivers => 207720 B
Edge => 0 B
Chrome => 231585835 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 9842 B
NetworkService => -658 B
bruce => 283257677 B
 
RecycleBin => 0 B
EmptyTemp: => 518.3 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 17:45:24 ====

#12 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 16 January 2017 - 05:13 PM

Good job  

 

How is your system behaving now ?



 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#13 madhartigan

madhartigan

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 16 January 2017 - 06:44 PM

Seems to be running fine at the moment.  I'd like to give it a day and see if any issues pop up, but as of now it seems there's nothing wrong.
 

I've run CKscanner again and nothing appears in the scan.

Thank you very much for assisting me with not only purging the malware/viruses, but also identifying some illegal software and assisting me in removing it.  I genuinely appreciate your help.


#14 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 16 January 2017 - 07:27 PM

:thumbup:

 

I will keep this thread open for you for a few days, post back and give me an update. At that point I can have you run a tool that will remove all the tools and scanners we used to clean you up

 

 

 

Ken :)



 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#15 madhartigan

madhartigan

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 17 January 2017 - 06:30 PM

Thank you for leaving it open.

Earlier today, Chrome locked up and showed "not responding" again.  I had the user (my father) reboot and so far it hasn't hung yet.  I wasn't there at when Chrome hanged, so I wasn't able to diagnose anything.  I'm hoping I can catch it if it happens again.

 

Based on CKscanner logs, McAfee Total Protection and Windows Defender, there are no issues to be found, yet this issue with Chrome hanging may still persist.   :scratch: 

I'll be back when there's more to report.

 

Thanks, again.


Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·