Sluggish computer and occasional clipboard issue
Page 1 of 3 123 LastLast
Results 1 to 15 of 41

Thread: Sluggish computer and occasional clipboard issue

  1. #1
    Join Date
    Mar 2004
    Posts
    1,436

    Sluggish computer and occasional clipboard issue

    I guess it might be time for my annual checkup!!!
    I have a lot of 'not responding' messsage when I work, and recently, I also noticed some issues with the clipboard when I work with messages like 'unable to open the clipboard'.

    I ran a full scan with Microsoft Essential and nothing was found.

    I ran Farbar and here are the logs:

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-07-2017
    Ran by User_2 (administrator) on CAROLEDESKTOP (22-07-2017 10:12:27)
    Running from C:\Users\User_2\Desktop
    Loaded Profiles: User_2 (Available Profiles: User & User_2 & Administrator)
    Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (AMD) C:\Windows\System32\atiesrxx.exe
    (Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Microsoft Corporation) C:\Windows\System32\wisptis.exe
    (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
    (Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
    (Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE
    (Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\BCMWLTRY.EXE
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    (Code 42 Software) C:\Program Files\CrashPlan\CrashPlanService.exe
    (Foolish IT LLC) C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPreventMonSvc.exe
    (Microsoft Corporation) C:\Windows\System32\wisptis.exe
    (arvato digital services llc) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
    (arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    (Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
    (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
    (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    () C:\Program Files (x86)\D-Link\DWA-130 revE\WlanWpsSvc.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Code 42 Software, Inc.) C:\Program Files\CrashPlan\CrashPlanTray.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (RescueTime, Inc.) C:\Program Files (x86)\RescueTime\RescueTime.exe
    (FSL) C:\Program Files (x86)\FSL\SuperFinder\SuperFinder.exe
    (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Microsoft Corporation) C:\Windows\splwow64.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Jasc Software, Inc.) C:\Program Files (x86)\Jasc Software Inc\Paint Shop Pro 9\Paint Shop Pro 9.exe
    (Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
    (Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
    (Microsoft Corporation) C:\Windows\System32\prevhost.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\prevhost.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe

    ==================== Registry (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2887440 2012-03-26] (Synaptics Incorporated)
    HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe [5151744 2009-12-07] (Broadcom Corporation)
    HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16686600 2016-07-29] (Realtek Semiconductor)
    HKLM\...\Run: [CrashPlanTray] => C:\Program Files\CrashPlan\CrashPlanTray.exe [462808 2017-06-08] (Code 42 Software, Inc.)
    HKLM\...\Run: [Corel Photo Downloader] => C:\Program Files (x86)\Corel\Corel Snapfire\Corel Photo Downloader.exe
    HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2015-09-24] (Adobe Systems Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
    Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-2352983324-3960172132-545522257-1001\...\Run: [GoogleChromeAutoLaunch_CA8C337BC90098A1457B584A38FF3CD7] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1197912 2017-06-23] (Google Inc.)
    HKU\S-1-5-21-2352983324-3960172132-545522257-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27742168 2017-06-07] (Skype Technologies S.A.)
    HKU\S-1-5-21-2352983324-3960172132-545522257-1001\...\MountPoints2: {41f656b8-6deb-11e6-b7fb-806e6f6e6963} - D:\DWA-140.exe
    HKU\S-1-5-21-2352983324-3960172132-545522257-1001\Control Panel\Desktop\\SCRNSAVE.EXE ->
    Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AnyMeeting.lnk [2016-09-14]
    ShortcutTarget: AnyMeeting.lnk -> C:\Users\User_2\AppData\Roaming\Microsoft\Installer\{4DF71428-E2A8-4FED-8D67-B37D706D008F}\_6F282AB14BEFA1713431E9.exe ()
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RescueTime.lnk [2016-09-11]
    ShortcutTarget: RescueTime.lnk -> C:\Program Files (x86)\RescueTime\RescueTime.exe (RescueTime, Inc.)
    Startup: C:\Users\User_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Super Finder XT.lnk [2017-05-13]
    ShortcutTarget: Super Finder XT.lnk -> C:\Program Files (x86)\FSL\SuperFinder\SuperFinder.exe (FSL)
    GroupPolicyScripts: Restriction <==== ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 142.166.166.166
    Tcpip\..\Interfaces\{5C5A7034-C0C8-4DF5-8222-0CE542509FF8}: [DhcpNameServer] 192.168.2.1 142.166.166.166
    Tcpip\..\Interfaces\{CE792E5A-B025-48E8-9CFF-55903EF956CE}: [DhcpNameServer] 192.168.2.1 142.166.166.166

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-99ff3772
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-99ff3772
    HKU\S-1-5-21-2352983324-3960172132-545522257-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-99ff3772
    HKU\S-1-5-21-2352983324-3960172132-545522257-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://www.google.ca/
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-99ff3772&q={searchTerms}
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-99ff3772&q={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-99ff3772&q={searchTerms}
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-99ff3772&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2352983324-3960172132-545522257-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-05-06] (Oracle Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-06] (Oracle Corporation)
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-05-06] (Oracle Corporation)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
    BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-06] (Oracle Corporation)
    BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
    Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
    Handler-x32: intu-tt2016 - {D3619A28-0FAE-4AD2-A79F-BAD3CD6E8779} - C:\Program Files (x86)\TurboTax 2016\ic2016pp.dll [2017-02-24] (Intuit Canada, a general partnership/une société en nom collectif.)

    FireFox:
    ========
    FF ProfilePath: C:\Users\User_2\AppData\Roaming\Mozilla\Firefox\Profiles\6o1l1ku7.default [2017-06-25]
    FF NewTab: Mozilla\Firefox\Profiles\6o1l1ku7.default -> about:newtab
    FF DefaultSearchEngine: Mozilla\Firefox\Profiles\6o1l1ku7.default -> Search Provided by Bing
    FF SelectedSearchEngine: Mozilla\Firefox\Profiles\6o1l1ku7.default -> Search Provided by Bing
    FF Homepage: Mozilla\Firefox\Profiles\6o1l1ku7.default -> hxxp://www.bing.com/search?FORM=INCOH1&PC=IC04&PTAG=ICO-99ff3772
    FF Keyword.URL: Mozilla\Firefox\Profiles\6o1l1ku7.default -> user_pref("keyword.URL", true);
    FF Extension: (LastPass: Free Password Manager) - C:\Users\User_2\AppData\Roaming\Mozilla\Firefox\Profiles\6o1l1ku7.default\Extensions\support@lastpass.com [2017-05-28]
    FF SearchPlugin: C:\Users\User_2\AppData\Roaming\Mozilla\Firefox\Profiles\6o1l1ku7.default\searchplugins\search provided by bing.xml [2016-12-18]
    FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
    FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2017-01-01] [not signed]
    FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-06] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-06] (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
    FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
    FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.)
    FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-06] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-06] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
    FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
    FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
    FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
    FF Plugin HKU\S-1-5-21-2352983324-3960172132-545522257-1001: @citrixonline.com/appdetectorplugin -> C:\Users\User_2\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-09-08] (Citrix Online)
    FF Plugin HKU\S-1-5-21-2352983324-3960172132-545522257-1001: @cnw.com/cnwplugin -> C:\Users\User_2\AppData\Roaming\AnyMeeting\npcnwplugin.dll [2016-04-07] (AnyMeeting, Inc.)
    FF Plugin HKU\S-1-5-21-2352983324-3960172132-545522257-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\User_2\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2017-04-20] (Zoom Video Communications, Inc.)

    Chrome:
    =======
    CHR DefaultSearchKeyword: Default -> lp
    CHR Profile: C:\Users\User_2\AppData\Local\Google\Chrome\User Data\Default [2017-07-22]
    CHR Extension: (Google Slides) - C:\Users\User_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-01]
    CHR Extension: (Google Docs) - C:\Users\User_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-01]
    CHR Extension: (Google Drive) - C:\Users\User_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-01]
    CHR Extension: (YouTube) - C:\Users\User_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-01]
    CHR Extension: (Alexa Traffic Rank) - C:\Users\User_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel [2017-01-01]
    CHR Extension: (Adblock for Youtube™) - C:\Users\User_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2017-06-24]
    CHR Extension: (Webinar Ninja) - C:\Users\User_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\colcpmcipccekkjmmcojkipjgblinjei [2017-01-01]
    CHR Extension: (MozBar) - C:\Users\User_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\eakacpaijcpapndcfffdgphdiccmpknp [2017-03-05]
    CHR Extension: (Facebook Pixel Helper) - C:\Users\User_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc [2017-01-01]
    CHR Extension: (Google Sheets) - C:\Users\User_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-01-01]
    CHR Extension: (GoToMeeting Pro Screensharing) - C:\Users\User_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcgikpombjkodabhbdalkcdhmllafipp [2017-01-01]
    CHR Extension: (Google Docs Offline) - C:\Users\User_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-08]
    CHR Extension: (Follow) - C:\Users\User_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkakfimgbmogkpmjokgnbbanmmemcdij [2017-01-01]
    CHR Extension: (Pinterest Save Button) - C:\Users\User_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2017-04-22]
    CHR Extension: (LastPass: Free Password Manager) - C:\Users\User_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-07-08]
    CHR Extension: (Stencil) - C:\Users\User_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgmhphfbdfbkokcfajipbmkcakmmepeb [2017-01-01]
    CHR Extension: (Invite All Friends on Facebook) - C:\Users\User_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\inmmhkeajgflmokoaaoadgkhhmibjbpj [2017-07-17]
    CHR Extension: (Cookies) - C:\Users\User_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\iphcomljdfghbkdcfndaijbokpgddeno [2017-01-01]
    CHR Extension: (Grammarly for Chrome) - C:\Users\User_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2017-07-20]
    CHR Extension: (Loom - Video Recorder: Screen, Webcam and Mic) - C:\Users\User_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\liecbddmkiiihnedobmlmillhodjkdmb [2017-06-24]
    CHR Extension: (Skylink WebRTC Tools) - C:\Users\User_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljckddiekopnnjoeaiofddfhgnbdoafc [2017-01-01]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\User_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-25]
    CHR Extension: (RealtimeBoard: Whiteboard for Collaboration) - C:\Users\User_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\opfmbdmhambgleempeofcjjhjclimccg [2017-01-10]
    CHR Extension: (Gmail) - C:\Users\User_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-01]
    CHR Extension: (Chrome Media Router) - C:\Users\User_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-14]
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 CrashPlanService; C:\Program Files\CrashPlan\CrashPlanService.exe [267736 2017-06-08] (Code 42 Software)
    S3 CryptoPreventEmail; C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPreventMonSvc.exe [506864 2016-12-08] (Foolish IT LLC)
    R3 CryptoPreventFolderWatch; C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPreventMonSvc.exe [506864 2016-12-08] (Foolish IT LLC)
    R2 CryptoPreventMonSvc; C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPreventMonSvc.exe [506864 2016-12-08] (Foolish IT LLC)
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
    R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
    R2 PSI_SVC_2; c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (arvato digital services llc)
    R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (arvato digital services llc)
    S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
    R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10885360 2017-05-31] (TeamViewer GmbH)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
    R2 WlanWpsSvc; C:\Program Files (x86)\D-Link\DWA-130 revE\WlanWpsSvc.exe [167936 2008-06-26] () [File not signed]
    R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe [4630528 2009-12-07] (Broadcom Corporation) [File not signed]
    R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [656664 2014-08-19] (Wacom Technology, Corp.)

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R0 amdkmpfd; C:\windows\System32\drivers\amdkmpfd.sys [31872 2012-03-29] (Advanced Micro Devices, Inc.)
    R0 iaStorF; C:\windows\System32\drivers\iaStorF.sys [28008 2013-09-28] (Intel Corporation)
    R0 MpFilter; C:\windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
    R1 MpKslceeaaedf; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9445E171-1B87-4949-B2B3-34181BE61A91}\MpKslceeaaedf.sys [44928 2017-07-21] (Microsoft Corporation)
    S3 netr28ux; C:\windows\System32\DRIVERS\Dnetr28ux.sys [1061888 2009-09-15] (Ralink Technology Corp.)
    R3 NisDrv; C:\windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
    R1 nvkflt; C:\windows\System32\DRIVERS\nvkflt.sys [300320 2013-12-04] (NVIDIA Corporation)
    R3 RTSUER; C:\windows\System32\Drivers\RtsUer.sys [416472 2016-05-17] (Realsil Semiconductor Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-07-22 10:12 - 2017-07-22 10:23 - 00024467 _____ C:\Users\User_2\Desktop\FRST.txt
    2017-07-22 10:10 - 2017-07-22 10:12 - 00000000 ____D C:\FRST
    2017-07-22 10:10 - 2017-07-22 10:10 - 02382336 _____ (Farbar) C:\Users\User_2\Desktop\FRST64.exe
    2017-07-22 05:28 - 2017-07-22 10:03 - 01778176 _____ (Farbar) C:\Users\User_2\Desktop\FRST.exe
    2017-07-13 11:40 - 2017-07-13 11:40 - 00003584 _____ C:\Users\User_2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2017-07-12 03:05 - 2017-05-03 12:34 - 00094952 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
    2017-07-12 03:05 - 2017-05-03 12:29 - 01206272 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
    2017-07-12 03:05 - 2017-05-03 10:05 - 01555968 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
    2017-07-12 03:05 - 2017-05-03 10:05 - 00620544 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
    2017-07-12 03:05 - 2017-05-03 10:05 - 00535552 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
    2017-07-12 03:05 - 2017-05-03 10:05 - 00325632 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
    2017-07-12 03:05 - 2017-05-03 10:05 - 00311296 _____ (Microsoft Corporation) C:\windows\system32\centel.dll
    2017-07-12 03:05 - 2017-05-03 10:05 - 00217088 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
    2017-07-12 03:05 - 2017-05-03 10:05 - 00127488 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
    2017-07-12 03:05 - 2017-03-22 23:06 - 01691136 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
    2017-07-12 03:04 - 2017-07-06 01:56 - 00119296 _____ (Microsoft Corporation) C:\windows\system32\Drivers\bthpan.sys
    2017-07-12 03:04 - 2017-06-30 01:15 - 00394448 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
    2017-07-12 03:04 - 2017-06-30 00:32 - 00346312 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
    2017-07-12 03:04 - 2017-06-29 23:57 - 02319872 _____ (Microsoft Corporation) C:\windows\system32\tquery.dll
    2017-07-12 03:04 - 2017-06-29 23:57 - 02222080 _____ (Microsoft Corporation) C:\windows\system32\mssrch.dll
    2017-07-12 03:04 - 2017-06-29 23:57 - 02058240 _____ (Microsoft Corporation) C:\windows\system32\Query.dll
    2017-07-12 03:04 - 2017-06-29 23:57 - 00778240 _____ (Microsoft Corporation) C:\windows\system32\mssvp.dll
    2017-07-12 03:04 - 2017-06-29 23:57 - 00491520 _____ (Microsoft Corporation) C:\windows\system32\mssph.dll
    2017-07-12 03:04 - 2017-06-29 23:57 - 00288256 _____ (Microsoft Corporation) C:\windows\system32\mssphtb.dll
    2017-07-12 03:04 - 2017-06-29 23:57 - 00115200 _____ (Microsoft Corporation) C:\windows\system32\mssitlb.dll
    2017-07-12 03:04 - 2017-06-29 23:57 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\mssprxy.dll
    2017-07-12 03:04 - 2017-06-29 23:57 - 00075264 _____ (Microsoft Corporation) C:\windows\system32\msscntrs.dll
    2017-07-12 03:04 - 2017-06-29 23:57 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\msshooks.dll
    2017-07-12 03:04 - 2017-06-29 23:40 - 00591872 _____ (Microsoft Corporation) C:\windows\system32\SearchIndexer.exe
    2017-07-12 03:04 - 2017-06-29 23:40 - 00249856 _____ (Microsoft Corporation) C:\windows\system32\SearchProtocolHost.exe
    2017-07-12 03:04 - 2017-06-29 23:39 - 01549312 _____ (Microsoft Corporation) C:\windows\SysWOW64\tquery.dll
    2017-07-12 03:04 - 2017-06-29 23:39 - 00113664 _____ (Microsoft Corporation) C:\windows\system32\SearchFilterHost.exe
    2017-07-12 03:04 - 2017-06-29 23:38 - 01400320 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssrch.dll
    2017-07-12 03:04 - 2017-06-29 23:38 - 01363968 _____ (Microsoft Corporation) C:\windows\SysWOW64\Query.dll
    2017-07-12 03:04 - 2017-06-29 23:38 - 00666624 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssvp.dll
    2017-07-12 03:04 - 2017-06-29 23:38 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssph.dll
    2017-07-12 03:04 - 2017-06-29 23:38 - 00197120 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssphtb.dll
    2017-07-12 03:04 - 2017-06-29 23:38 - 00104448 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssitlb.dll
    2017-07-12 03:04 - 2017-06-29 23:38 - 00059392 _____ (Microsoft Corporation) C:\windows\SysWOW64\msscntrs.dll
    2017-07-12 03:04 - 2017-06-29 23:38 - 00034816 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssprxy.dll
    2017-07-12 03:04 - 2017-06-29 23:27 - 00427520 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchIndexer.exe
    2017-07-12 03:04 - 2017-06-29 23:27 - 00164352 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchProtocolHost.exe
    2017-07-12 03:04 - 2017-06-29 23:26 - 00086528 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchFilterHost.exe
    2017-07-12 03:04 - 2017-06-29 23:26 - 00009728 _____ (Microsoft Corporation) C:\windows\SysWOW64\msshooks.dll
    2017-07-12 03:04 - 2017-06-29 03:27 - 25734656 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
    2017-07-12 03:04 - 2017-06-29 03:19 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
    2017-07-12 03:04 - 2017-06-29 03:18 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
    2017-07-12 03:04 - 2017-06-29 03:04 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
    2017-07-12 03:04 - 2017-06-29 03:03 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
    2017-07-12 03:04 - 2017-06-29 03:03 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
    2017-07-12 03:04 - 2017-06-29 03:02 - 02899456 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
    2017-07-12 03:04 - 2017-06-29 03:02 - 00576512 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
    2017-07-12 03:04 - 2017-06-29 03:02 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
    2017-07-12 03:04 - 2017-06-29 02:55 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
    2017-07-12 03:04 - 2017-06-29 02:54 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
    2017-07-12 03:04 - 2017-06-29 02:51 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
    2017-07-12 03:04 - 2017-06-29 02:50 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
    2017-07-12 03:04 - 2017-06-29 02:50 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
    2017-07-12 03:04 - 2017-06-29 02:50 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
    2017-07-12 03:04 - 2017-06-29 02:50 - 00116224 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
    2017-07-12 03:04 - 2017-06-29 02:44 - 05975552 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
    2017-07-12 03:04 - 2017-06-29 02:43 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
    2017-07-12 03:04 - 2017-06-29 02:39 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
    2017-07-12 03:04 - 2017-06-29 02:35 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
    2017-07-12 03:04 - 2017-06-29 02:31 - 00087552 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
    2017-07-12 03:04 - 2017-06-29 02:31 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
    2017-07-12 03:04 - 2017-06-29 02:30 - 00107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
    2017-07-12 03:04 - 2017-06-29 02:27 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
    2017-07-12 03:04 - 2017-06-29 02:26 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
    2017-07-12 03:04 - 2017-06-29 02:23 - 20270592 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
    2017-07-12 03:04 - 2017-06-29 02:23 - 00499200 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
    2017-07-12 03:04 - 2017-06-29 02:23 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
    2017-07-12 03:04 - 2017-06-29 02:23 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
    2017-07-12 03:04 - 2017-06-29 02:23 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
    2017-07-12 03:04 - 2017-06-29 02:22 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
    2017-07-12 03:04 - 2017-06-29 02:22 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
    2017-07-12 03:04 - 2017-06-29 02:22 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
    2017-07-12 03:04 - 2017-06-29 02:19 - 02290176 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
    2017-07-12 03:04 - 2017-06-29 02:17 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
    2017-07-12 03:04 - 2017-06-29 02:16 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
    2017-07-12 03:04 - 2017-06-29 02:14 - 00476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
    2017-07-12 03:04 - 2017-06-29 02:13 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
    2017-07-12 03:04 - 2017-06-29 02:13 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
    2017-07-12 03:04 - 2017-06-29 02:13 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
    2017-07-12 03:04 - 2017-06-29 02:11 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
    2017-07-12 03:04 - 2017-06-29 02:09 - 00806912 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
    2017-07-12 03:04 - 2017-06-29 02:09 - 00725504 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
    2017-07-12 03:04 - 2017-06-29 02:08 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
    2017-07-12 03:04 - 2017-06-29 02:07 - 02132992 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
    2017-07-12 03:04 - 2017-06-29 02:05 - 00416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
    2017-07-12 03:04 - 2017-06-29 02:01 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
    2017-07-12 03:04 - 2017-06-29 02:00 - 00091136 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
    2017-07-12 03:04 - 2017-06-29 02:00 - 00073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
    2017-07-12 03:04 - 2017-06-29 01:58 - 15253504 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
    2017-07-12 03:04 - 2017-06-29 01:58 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
    2017-07-12 03:04 - 2017-06-29 01:56 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
    2017-07-12 03:04 - 2017-06-29 01:56 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
    2017-07-12 03:04 - 2017-06-29 01:54 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
    2017-07-12 03:04 - 2017-06-29 01:53 - 03240960 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
    2017-07-12 03:04 - 2017-06-29 01:52 - 04549632 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
    2017-07-12 03:04 - 2017-06-29 01:48 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
    2017-07-12 03:04 - 2017-06-29 01:47 - 00693248 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
    2017-07-12 03:04 - 2017-06-29 01:46 - 02057216 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
    2017-07-12 03:04 - 2017-06-29 01:46 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
    2017-07-12 03:04 - 2017-06-29 01:43 - 13663744 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
    2017-07-12 03:04 - 2017-06-29 01:41 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
    2017-07-12 03:04 - 2017-06-29 01:29 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
    2017-07-12 03:04 - 2017-06-29 01:28 - 02767872 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
    2017-07-12 03:04 - 2017-06-29 01:24 - 01314816 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
    2017-07-12 03:04 - 2017-06-29 01:23 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
    2017-07-12 03:04 - 2017-06-22 11:58 - 03223040 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
    2017-07-12 03:04 - 2017-06-15 17:23 - 00753664 _____ (Microsoft Corporation) C:\windows\system32\Drivers\http.sys
    2017-07-12 03:04 - 2017-06-12 19:54 - 00370920 _____ (Microsoft Corporation) C:\windows\system32\clfs.sys
    2017-07-12 03:04 - 2017-06-12 19:54 - 00154856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
    2017-07-12 03:04 - 2017-06-12 19:54 - 00095464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
    2017-07-12 03:04 - 2017-06-12 19:49 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
    2017-07-12 03:04 - 2017-06-12 19:49 - 01363456 _____ (Microsoft Corporation) C:\windows\system32\wdc.dll
    2017-07-12 03:04 - 2017-06-12 19:49 - 01212928 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
    2017-07-12 03:04 - 2017-06-12 19:49 - 00731648 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
    2017-07-12 03:04 - 2017-06-12 19:49 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
    2017-07-12 03:04 - 2017-06-12 19:49 - 00594432 _____ (Microsoft Corporation) C:\windows\system32\wvc.dll
    2017-07-12 03:04 - 2017-06-12 19:49 - 00475136 _____ (Microsoft Corporation) C:\windows\system32\sysmon.ocx
    2017-07-12 03:04 - 2017-06-12 19:49 - 00463872 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
    2017-07-12 03:04 - 2017-06-12 19:49 - 00345600 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
    2017-07-12 03:04 - 2017-06-12 19:49 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
    2017-07-12 03:04 - 2017-06-12 19:49 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
    2017-07-12 03:04 - 2017-06-12 19:49 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
    2017-07-12 03:04 - 2017-06-12 19:49 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
    2017-07-12 03:04 - 2017-06-12 19:49 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
    2017-07-12 03:04 - 2017-06-12 19:49 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
    2017-07-12 03:04 - 2017-06-12 19:49 - 00123904 _____ (Microsoft Corporation) C:\windows\system32\bcrypt.dll
    2017-07-12 03:04 - 2017-06-12 19:49 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
    2017-07-12 03:04 - 2017-06-12 19:49 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
    2017-07-12 03:04 - 2017-06-12 19:49 - 00058880 _____ (Microsoft Corporation) C:\windows\system32\pdhui.dll
    2017-07-12 03:04 - 2017-06-12 19:49 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
    2017-07-12 03:04 - 2017-06-12 19:49 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
    2017-07-12 03:04 - 2017-06-12 19:49 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
    2017-07-12 03:04 - 2017-06-12 19:49 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
    2017-07-12 03:04 - 2017-06-12 19:29 - 01227264 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdc.dll
    2017-07-12 03:04 - 2017-06-12 19:29 - 00666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
    2017-07-12 03:04 - 2017-06-12 19:29 - 00444928 _____ (Microsoft Corporation) C:\windows\SysWOW64\wvc.dll
    2017-07-12 03:04 - 2017-06-12 19:29 - 00390144 _____ (Microsoft Corporation) C:\windows\SysWOW64\sysmon.ocx
    2017-07-12 03:04 - 2017-06-12 19:29 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
    2017-07-12 03:04 - 2017-06-12 19:29 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
    2017-07-12 03:04 - 2017-06-12 19:29 - 00082944 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcrypt.dll
    2017-07-12 03:04 - 2017-06-12 19:29 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
    2017-07-12 03:04 - 2017-06-12 19:28 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
    2017-07-12 03:04 - 2017-06-12 19:28 - 00554496 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
    2017-07-12 03:04 - 2017-06-12 19:28 - 00342528 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
    2017-07-12 03:04 - 2017-06-12 19:28 - 00261120 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
    2017-07-12 03:04 - 2017-06-12 19:28 - 00254464 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
    2017-07-12 03:04 - 2017-06-12 19:28 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
    2017-07-12 03:04 - 2017-06-12 19:28 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
    2017-07-12 03:04 - 2017-06-12 19:28 - 00141312 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll
    2017-07-12 03:04 - 2017-06-12 19:28 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
    2017-07-12 03:04 - 2017-06-12 19:28 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\pdhui.dll
    2017-07-12 03:04 - 2017-06-12 19:28 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
    2017-07-12 03:04 - 2017-06-12 19:28 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
    2017-07-12 03:04 - 2017-06-12 19:19 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
    2017-07-12 03:04 - 2017-06-12 19:14 - 00379392 _____ (Microsoft Corporation) C:\windows\system32\msinfo32.exe
    2017-07-12 03:04 - 2017-06-12 19:14 - 00172544 _____ (Microsoft Corporation) C:\windows\system32\perfmon.exe
    2017-07-12 03:04 - 2017-06-12 19:14 - 00103936 _____ (Microsoft Corporation) C:\windows\system32\resmon.exe
    2017-07-12 03:04 - 2017-06-12 19:12 - 00291328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
    2017-07-12 03:04 - 2017-06-12 19:12 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
    2017-07-12 03:04 - 2017-06-12 19:12 - 00129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
    2017-07-12 03:04 - 2017-06-12 19:11 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
    2017-07-12 03:04 - 2017-06-12 19:09 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
    2017-07-12 03:04 - 2017-06-12 19:06 - 00303616 _____ (Microsoft Corporation) C:\windows\SysWOW64\msinfo32.exe
    2017-07-12 03:04 - 2017-06-12 19:06 - 00157184 _____ (Microsoft Corporation) C:\windows\SysWOW64\perfmon.exe
    2017-07-12 03:04 - 2017-06-12 19:06 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\resmon.exe
    2017-07-12 03:04 - 2017-06-12 19:05 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
    2017-07-12 03:04 - 2017-06-10 12:59 - 00313856 _____ (Microsoft Corporation) C:\windows\system32\Wldap32.dll
    2017-07-12 03:04 - 2017-06-10 12:39 - 00271360 _____ (Microsoft Corporation) C:\windows\SysWOW64\Wldap32.dll
    2017-07-12 03:04 - 2017-06-09 12:33 - 01680616 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
    2017-07-12 03:04 - 2017-06-06 12:30 - 01867264 _____ (Microsoft Corporation) C:\windows\system32\ExplorerFrame.dll
    2017-07-12 03:04 - 2017-06-06 12:12 - 01499648 _____ (Microsoft Corporation) C:\windows\SysWOW64\ExplorerFrame.dll
    2017-07-12 03:04 - 2017-05-30 01:56 - 01895656 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
    2017-07-12 03:04 - 2017-05-30 01:56 - 00377576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys
    2017-07-12 03:04 - 2017-05-30 01:56 - 00287976 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS
    2017-07-12 03:04 - 2017-05-21 01:24 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
    2017-07-12 03:04 - 2017-05-21 01:06 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
    2017-07-12 03:04 - 2017-05-16 12:35 - 00986856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
    2017-07-12 03:04 - 2017-05-16 12:35 - 00265448 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgmms1.sys
    2017-07-12 03:04 - 2017-05-16 12:30 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\cdd.dll
    2017-07-09 22:55 - 2017-07-09 22:55 - 00000000 ____D C:\Users\User_2\AppData\Roaming\ThePluginSite
    2017-07-09 22:55 - 2017-07-09 22:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Plugin Site
    2017-07-09 22:55 - 2017-07-09 22:55 - 00000000 ____D C:\Program Files\ThePluginSite
    2017-07-08 00:29 - 2017-07-08 00:29 - 00000000 ____D C:\Program Files (x86)\GoToMeeting
    2017-06-25 10:34 - 2017-06-25 10:34 - 00000000 ____D C:\ProgramData\Purple Tint Script
    2017-06-24 19:03 - 2017-06-24 19:03 - 00001276 _____ C:\Users\Public\Desktop\Corel PaintShop Pro 2018 (64-bit).lnk
    2017-06-24 19:00 - 2017-06-24 19:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel PaintShop Pro 2018
    2017-06-24 19:00 - 2017-06-24 19:00 - 00001145 _____ C:\Users\Public\Desktop\Corel PaintShop Pro 2018.lnk

    the rest on the next post

  2. #2
    Join Date
    Mar 2004
    Posts
    1,436
    and this is the end of the first log:

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-07-22 10:23 - 2016-08-20 20:17 - 00000000 ____D C:\Users\User_2\AppData\Roaming\Skype
    2017-07-22 10:14 - 2016-09-08 13:01 - 00000512 _____ C:\windows\Tasks\G2MUpdateTask-S-1-5-21-2352983324-3960172132-545522257-1001.job
    2017-07-22 09:42 - 2016-08-18 12:26 - 00000000 ____D C:\windows\SysWOW64\Macromed
    2017-07-22 08:27 - 2016-09-08 13:01 - 00000608 _____ C:\windows\Tasks\G2MUploadTask-S-1-5-21-2352983324-3960172132-545522257-1001.job
    2017-07-22 05:45 - 2009-07-14 01:45 - 00023072 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2017-07-22 05:45 - 2009-07-14 01:45 - 00023072 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2017-07-22 01:01 - 2016-08-21 16:58 - 00000000 ____D C:\Users\User_2\AppData\Roaming\FileZilla
    2017-07-21 22:38 - 2016-06-29 13:07 - 00003758 _____ C:\windows\System32\Tasks\AutoKMS
    2017-07-20 22:26 - 2016-08-18 16:13 - 00000000 ____D C:\Users\User_2\Documents\My PSP Files
    2017-07-20 22:15 - 2009-07-14 02:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
    2017-07-20 22:13 - 2016-08-18 12:49 - 00065536 _____ C:\windows\system32\spu_storage.bin
    2017-07-20 22:05 - 2016-08-21 13:51 - 00000000 ____D C:\Users\User_2\AppData\Local\CrashDumps
    2017-07-20 13:25 - 2016-08-20 15:56 - 00000000 ____D C:\Program Files (x86)\TeamViewer
    2017-07-20 12:40 - 2017-02-06 14:52 - 00078329 _____ C:\windows\FontData.fdb
    2017-07-19 11:11 - 2017-05-12 21:07 - 00003766 ___SH C:\windows\SysWOW64\KGyGaAvL.sys
    2017-07-19 11:11 - 2017-05-12 21:07 - 00000088 __RSH C:\windows\SysWOW64\9161D9C327.sys
    2017-07-13 04:26 - 2009-07-14 00:20 - 00000000 ____D C:\windows\rescache
    2017-07-13 03:34 - 2016-08-18 11:50 - 05003600 _____ C:\windows\system32\FNTCACHE.DAT
    2017-07-13 03:32 - 2016-06-29 03:50 - 00000000 ____D C:\windows\system32\appraiser
    2017-07-12 20:38 - 2016-08-18 16:09 - 00000000 ____D C:\Users\User_2\Documents\Corel PaintShop Pro
    2017-07-12 03:41 - 2016-08-18 15:21 - 00000000 ____D C:\Users\User_2
    2017-07-12 03:22 - 2016-06-25 03:04 - 00000000 ____D C:\windows\system32\MRT
    2017-07-12 03:11 - 2016-06-25 03:04 - 135225752 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
    2017-07-11 17:52 - 2016-12-30 13:18 - 00803328 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
    2017-07-11 17:52 - 2016-12-30 13:18 - 00144896 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
    2017-07-11 17:52 - 2016-12-30 13:18 - 00004462 _____ C:\windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
    2017-07-11 17:52 - 2016-12-30 13:18 - 00004312 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
    2017-07-11 17:51 - 2017-06-16 23:51 - 04500992 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
    2017-07-11 17:51 - 2016-08-18 12:26 - 00000000 ____D C:\windows\system32\Macromed
    2017-07-11 14:20 - 2016-08-18 13:14 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2017-07-08 00:30 - 2016-09-08 13:01 - 00003650 _____ C:\windows\System32\Tasks\G2MUploadTask-S-1-5-21-2352983324-3960172132-545522257-1001
    2017-07-08 00:30 - 2016-09-08 13:01 - 00003554 _____ C:\windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2352983324-3960172132-545522257-1001
    2017-07-05 22:05 - 2016-08-21 20:25 - 00000000 ____D C:\Users\User_2\AppData\Roaming\EasyVideoSuite
    2017-07-05 20:29 - 2009-07-14 02:13 - 00785594 _____ C:\windows\system32\PerfStringBackup.INI
    2017-07-05 20:29 - 2009-07-14 00:20 - 00000000 ____D C:\windows\inf
    2017-07-02 10:18 - 2016-09-11 18:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RescueTime
    2017-07-02 10:18 - 2016-09-11 18:18 - 00000000 ____D C:\Program Files (x86)\RescueTime
    2017-06-30 01:02 - 2017-02-25 16:51 - 00001016 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
    2017-06-30 01:02 - 2017-02-25 16:51 - 00001004 _____ C:\Users\Public\Desktop\TeamViewer 12.lnk
    2017-06-27 23:02 - 2016-12-17 12:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2017-06-27 17:36 - 2017-01-01 14:07 - 00002240 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2017-06-27 17:35 - 2017-01-01 14:07 - 00002228 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2017-06-25 10:31 - 2016-12-17 12:49 - 00000000 ____D C:\Users\User_2\AppData\LocalLow\Mozilla
    2017-06-25 10:22 - 2016-12-17 12:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2017-06-24 19:05 - 2016-08-20 17:03 - 00000000 ____D C:\Users\User_2\AppData\Local\Corel PaintShop Pro
    2017-06-24 19:05 - 2016-08-20 12:21 - 00003328 _____ C:\windows\System32\Tasks\CorelUpdateHelperTaskCore
    2017-06-24 19:02 - 2016-08-20 12:01 - 00000000 ____D C:\Program Files\Corel
    2017-06-24 19:01 - 2016-08-20 11:37 - 00000000 ____D C:\ProgramData\Corel
    2017-06-24 18:58 - 2016-08-20 11:36 - 00000000 ____D C:\Program Files (x86)\Corel
    2017-06-24 10:46 - 2017-04-22 07:49 - 00000000 ___RD C:\Program Files (x86)\Skype
    2017-06-24 10:46 - 2016-08-04 08:13 - 00000000 ____D C:\ProgramData\Skype
    2017-06-23 22:29 - 2016-08-20 12:02 - 00000000 ____D C:\ProgramData\Protexis64
    2017-06-23 14:57 - 2016-08-21 17:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
    2017-06-23 14:57 - 2016-08-21 17:18 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client

    ==================== Files in the root of some directories =======

    2017-02-19 20:43 - 2017-02-19 20:43 - 2294112 _____ () C:\Users\User_2\AppData\Local\ars.cache
    2017-02-19 20:45 - 2017-02-19 20:45 - 1073381 _____ () C:\Users\User_2\AppData\Local\census.cache
    2017-07-13 11:40 - 2017-07-13 11:40 - 0003584 _____ () C:\Users\User_2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2017-02-19 20:17 - 2017-02-19 20:17 - 0000036 _____ () C:\Users\User_2\AppData\Local\housecall.guid.cache
    2016-08-22 13:07 - 2016-08-22 13:12 - 0000600 _____ () C:\Users\User_2\AppData\Local\PUTTY.RND
    2016-09-06 22:11 - 2016-09-06 22:14 - 0007605 _____ () C:\Users\User_2\AppData\Local\resmon.resmoncfg
    2017-02-19 20:29 - 2017-02-19 20:29 - 0000010 _____ () C:\Users\User_2\AppData\Local\sponge.last.runtime.cache
    2016-08-18 12:46 - 2016-08-18 12:46 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

    Some files in TEMP:
    ====================
    2013-01-02 22:20 - 2013-01-02 22:20 - 0726016 _____ (Igor Pavlov) C:\Users\User_2\AppData\Local\Temp\7z.dll
    2013-01-02 22:20 - 2013-01-02 22:20 - 0150016 _____ (Igor Pavlov) C:\Users\User_2\AppData\Local\Temp\7z.exe
    2013-01-02 22:20 - 2013-01-02 22:20 - 0023477 _____ () C:\Users\User_2\AppData\Local\Temp\dtkill.exe
    2013-01-02 22:20 - 2013-01-02 22:20 - 0006656 _____ (doubleTwist Corperation) C:\Users\User_2\AppData\Local\Temp\Executor.exe
    2016-08-20 14:38 - 2016-08-20 14:38 - 6699032 _____ () C:\Users\User_2\AppData\Local\Temp\JingSetup.exe
    2017-01-17 19:41 - 2017-01-17 19:41 - 0739904 _____ (Oracle Corporation) C:\Users\User_2\AppData\Local\Temp\jre-8u121-windows-au.exe
    2017-05-06 22:01 - 2017-05-06 22:01 - 0739904 _____ (Oracle Corporation) C:\Users\User_2\AppData\Local\Temp\jre-8u131-windows-au.exe
    2017-03-07 23:09 - 2017-03-07 23:10 - 2903480 _____ () C:\Users\User_2\AppData\Local\Temp\npp.7.3.2.Installer.exe
    2017-03-25 10:46 - 2017-03-25 10:46 - 2982992 _____ () C:\Users\User_2\AppData\Local\Temp\npp.7.3.3.Installer.exe
    2017-06-02 18:32 - 2017-06-02 18:32 - 2990616 _____ () C:\Users\User_2\AppData\Local\Temp\npp.7.4.1.Installer.exe
    2017-05-12 21:15 - 2017-05-12 21:20 - 1134006 _____ () C:\Users\User_2\AppData\Local\Temp\pswi_preloaded.exe
    2016-09-11 19:01 - 2017-07-02 10:16 - 1382560 _____ (RescueTime, Inc. ) C:\Users\User_2\AppData\Local\Temp\RescueTimeInstaller.exe
    2016-11-23 22:45 - 2017-03-13 20:07 - 44048864 _____ (Skype Technologies S.A.) C:\Users\User_2\AppData\Local\Temp\SkypeSetup.exe
    2013-04-23 19:15 - 2013-04-23 19:15 - 4995416 _____ (Microsoft Corporation) C:\Users\User_2\AppData\Local\Temp\vcredist_x86-2010.exe
    2013-01-02 22:20 - 2013-01-02 22:20 - 6560088 _____ (Microsoft Corporation) C:\Users\User_2\AppData\Local\Temp\vcredist_x86-2012.exe
    2017-04-22 07:43 - 2017-04-22 07:43 - 14456872 _____ (Microsoft Corporation) C:\Users\User_2\AppData\Local\Temp\vc_redist.x86.exe
    2015-08-02 20:58 - 2015-08-02 20:58 - 0118784 _____ () C:\Users\User_2\AppData\Local\Temp\xmlUpdater.exe

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\windows\system32\winlogon.exe => File is digitally signed
    C:\windows\system32\wininit.exe => File is digitally signed
    C:\windows\SysWOW64\wininit.exe => File is digitally signed
    C:\windows\explorer.exe => File is digitally signed
    C:\windows\SysWOW64\explorer.exe => File is digitally signed
    C:\windows\system32\svchost.exe => File is digitally signed
    C:\windows\SysWOW64\svchost.exe => File is digitally signed
    C:\windows\system32\services.exe => File is digitally signed
    C:\windows\system32\User32.dll => File is digitally signed
    C:\windows\SysWOW64\User32.dll => File is digitally signed
    C:\windows\system32\userinit.exe => File is digitally signed
    C:\windows\SysWOW64\userinit.exe => File is digitally signed
    C:\windows\system32\rpcss.dll => File is digitally signed
    C:\windows\system32\dnsapi.dll => File is digitally signed
    C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2017-07-13 04:16

    ==================== End of FRST.txt ============================

  3. #3
    Join Date
    Mar 2004
    Posts
    1,436
    And the other log:

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-07-2017
    Ran by User_2 (22-07-2017 10:24:58)
    Running from C:\Users\User_2\Desktop
    Windows 7 Professional Service Pack 1 (X64) (2016-08-18 14:55:23)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-2352983324-3960172132-545522257-500 - Administrator - Enabled) => C:\Users\Administrator
    Guest (S-1-5-21-2352983324-3960172132-545522257-501 - Limited - Enabled)
    HomeGroupUser$ (S-1-5-21-2352983324-3960172132-545522257-1008 - Limited - Enabled)
    User (S-1-5-21-2352983324-3960172132-545522257-1000 - Administrator - Enabled) => C:\Users\User
    User_2 (S-1-5-21-2352983324-3960172132-545522257-1001 - Administrator - Enabled) => C:\Users\User_2

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
    AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version: - Microsoft) Hidden
    2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version: - Microsoft) Hidden
    2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version: - Microsoft) Hidden
    2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version: - Microsoft) Hidden
    2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version: - Microsoft) Hidden
    2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version: - Microsoft) Hidden
    2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}) (Version: - Microsoft) Hidden
    2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}) (Version: - Microsoft) Hidden
    2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}) (Version: - Microsoft) Hidden
    2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}) (Version: - Microsoft) Hidden
    2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}) (Version: - Microsoft) Hidden
    2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version: - Microsoft) Hidden
    2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}) (Version: - Microsoft) Hidden
    2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version: - Microsoft) Hidden
    2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version: - Microsoft) Hidden
    2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version: - Microsoft) Hidden
    2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}) (Version: - Microsoft) Hidden
    2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}) (Version: - Microsoft) Hidden
    2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}) (Version: - Microsoft) Hidden
    7-Zip 16.02 (x64) (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov)
    abrMate version 1.1 (HKLM-x32\...\abrMate_is1) (Version: 1.1 - )
    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20058 - Adobe Systems Incorporated)
    Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.16 - Adobe Systems)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
    Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
    Adobe Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 1.4.0 - Adobe Systems Incorporated)
    Adobe Creative Suite 5.5 Design Standard (HKLM-x32\...\{53CF3920-648B-4F99-8D05-6A6C5298F57B}) (Version: 5.5 - Adobe Systems Incorporated)
    Adobe Flash Player 26 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 26.0.0.137 - Adobe Systems Incorporated)
    Adobe Flash Player 26 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.4.194 - Adobe Systems, Inc.)
    Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version: 1.17.1.44183 - Amazon)
    AnyMeeting (HKLM-x32\...\{4DF71428-E2A8-4FED-8D67-B37D706D008F}) (Version: 3.6.0 - AnyMeeting, Inc.)
    Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{33EB1061-ABF1-4470-A540-32E97A610536}) (Version: 3.2.0.47 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
    Auto FX Free version 3.4.0 (HKLM-x32\...\{A5004993-D4BE-451E-AA5C-FA9058027930}_is1) (Version: 3.4.0 - Auto FX Software)
    Bonjour (HKLM\...\{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}) (Version: 2.0.3.0 - Apple Inc.)
    Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.48.18 - Broadcom Corporation)
    Broadcom Wireless Utility (HKLM\...\Broadcom Wireless Utility) (Version: 5.60.48.18 - Broadcom Corporation)
    Camtasia 9 (HKLM\...\{1D09B594-C8B5-4CF1-B927-41D9A487799C}) (Version: 9.0.5.2021 - TechSmith Corporation) Hidden
    Camtasia 9 (HKLM-x32\...\{00ce4b8c-0138-4743-b0b8-379b2715eb44}) (Version: 9.0.5.2021 - TechSmith Corporation)
    Camtasia Studio 8 (HKLM-x32\...\{AF33D0D2-2627-4AC8-8473-FDBB7892129C}) (Version: 8.6.0.2079 - TechSmith Corporation)
    CCleaner (HKLM\...\CCleaner) (Version: 5.21 - Piriform)
    CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.7.6282 - CDBurnerXP)
    CGS17_Setup_x64 (HKLM\...\{A6B7D078-EDC4-4D8A-BD3D-CB2B11440219}) (Version: 17.6 - Corel Corporation) Hidden
    Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
    Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
    Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
    Citrix Online Launcher (HKLM-x32\...\{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}) (Version: 1.0.408 - Citrix)
    CloudBerry Explorer for Amazon S3 3.8.2 (HKLM\...\CloudBerry Explorer for Amazon S3) (Version: 3.8.2 - CloudBerryLab)
    Corel Graphics - Windows Shell Extension (HKLM\...\_{52166132-E642-447F-9785-F9133563CE59}) (Version: 17.6.0.1021 - Corel Corporation)
    Corel Graphics - Windows Shell Extension (HKLM\...\{52166132-E642-447F-9785-F9133563CE59}) (Version: 17.6.1021 - Corel Corporation) Hidden
    Corel Graphics - Windows Shell Extension 32 Bit (HKLM\...\{909C0E2F-44AB-46A4-AE04-8FFCCDEECCFC}) (Version: 17.6.1021 - Corel Corporation) Hidden
    Corel Paint Shop Pro Photo XI (HKLM-x32\...\{93A1B09E-BAFA-4628-A5B6-921CB026955A}) (Version: 11.00.0000 - Corel Inc)
    Corel PaintShop Pro 2018 (HKLM-x32\...\_{6000096B-318C-40F8-A450-043B6A602D16}) (Version: 20.0.0.106 - Corel Corporation)
    Corel PaintShop Pro 2018 (HKLM-x32\...\{5A150D1D-326B-4C75-8984-2D2C602D1CA1}) (Version: 20.0.0.106 - Corel Corporation) Hidden
    Corel PaintShop Pro X4 (HKLM-x32\...\_{00580795-581C-4587-B9F2-37320D7AB37F}) (Version: 14.0.0.332 - Corel Corporation)
    Corel PaintShop Pro X4 (HKLM-x32\...\{00AE1A2D-7BC2-4359-A0EC-E19F36E391BB}) (Version: 14.3.0.3 - Corel Corporation) Hidden
    Corel PaintShop Pro X5 (HKLM-x32\...\_{1563C6F2-E9B5-42DE-9EA6-207C9A8C2DFB}) (Version: 15.0.0.183 - Corel Corporation)
    Corel PaintShop Pro X5 (HKLM-x32\...\{15180A90-1FC0-47E4-A150-3AECEF07B3B6}) (Version: 15.1.0.10 - Corel Corporation) Hidden
    Corel PaintShop Pro X6 (HKLM-x32\...\_{166D1CB6-DD8A-40DD-9E25-4D31D2D6DE4D}) (Version: 16.2.0.20 - Corel Corporation)
    Corel PaintShop Pro X6 (HKLM-x32\...\{161AB62E-65D6-46E5-B3D8-2AC15D3B920B}) (Version: 16.2.0.20 - Corel Corporation) Hidden
    Corel PaintShop Pro X7 (HKLM-x32\...\_{176F50D6-6857-49CE-B731-65F757EE3F0D}) (Version: 17.3.0.30 - Corel Corporation)
    Corel PaintShop Pro X7 (HKLM-x32\...\{17196252-8555-4E35-9C06-F743143D76D4}) (Version: 17.3.0.30 - Corel Corporation) Hidden
    Corel PaintShop Pro X8 (HKLM-x32\...\_{85C69B9B-F9BD-4A60-BD83-F2B7E081ED39}) (Version: 18.0.0.124 - Corel Corporation)
    Corel PaintShop Pro X8 (HKLM-x32\...\{8239357B-E792-4EEB-9F8B-F2535730A315}) (Version: 18.0.0.124 - Corel Corporation) Hidden
    Corel PaintShop Pro X9 (HKLM-x32\...\_{998717E5-1031-4D28-A143-48ADAF062E5F}) (Version: 19.2.0.7 - Corel Corporation)
    Corel PaintShop Pro X9 (HKLM-x32\...\{93EE564E-9DA1-4655-8A90-4E816019B409}) (Version: 19.0.0.96 - Corel Corporation) Hidden
    Corel Update Manager (HKLM\...\{67881956-8135-4804-9465-BA1419010638}) (Version: 2.3.170 - Corel corporation) Hidden
    Corel Update Manager (HKLM\...\{B8C05FFE-C36F-4F17-AD20-739E4BC65AC9}) (Version: 2.3.170 - Corel corporation) Hidden
    Corel Update Manager (HKLM-x32\...\{3F8C582C-B21D-49EC-AD5F-C9890041A0CC}) (Version: 2.3.170 - Corel corporation) Hidden
    Corel Update Manager (HKLM-x32\...\{EE61B6C5-F017-4505-85D3-6D40B1797D32}) (Version: 2.3.170 - Corel corporation) Hidden
    CorelDRAW Graphics Suite X7 - BR (x64) (HKLM\...\{FC41DFBE-6C39-4C84-949B-7CB1E6460C7A}) (Version: 17.6 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X7 - Capture (x64) (HKLM\...\{2C91CB9D-323D-43E5-A433-229B71CFB773}) (Version: 17.6 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X7 - Common (x64) (HKLM\...\{9178F0A8-B6F6-4DA7-AD63-317CC4875F4B}) (Version: 17.6 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X7 - Connect (x64) (HKLM\...\{BD036E95-A9CD-4DED-B744-95AB1DCAFF0C}) (Version: 17.6 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X7 - Custom Data (x64) (HKLM\...\{5162E418-BB43-4C8F-ACD6-069645EF98C3}) (Version: 17.6 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X7 - Draw (x64) (HKLM\...\{2C0DDC74-5234-43DD-BB5A-0645B8FE5289}) (Version: 17.6 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X7 - EN (x64) (HKLM\...\{3BB8EB77-737B-4B32-BAB9-08C7110C46BD}) (Version: 17.6 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X7 - ES (x64) (HKLM\...\{65168D5C-A6DD-4C1B-BF5C-860A39CDD05E}) (Version: 17.6 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X7 - Filters (x64) (HKLM\...\{D10A5CFA-FE33-4F06-AE37-554604F00A52}) (Version: 17.6 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X7 - FontNav (x64) (HKLM\...\{5406029B-67AD-4F8E-9F2D-F1959CD9CD86}) (Version: 17.6 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X7 - FR (x64) (HKLM\...\{FC9BCB82-55E3-4328-868F-B19112B07B93}) (Version: 17.6 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X7 - IPM (x64) (HKLM\...\{13179AB2-69FD-459B-800F-81865A501AD4}) (Version: 17.6 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X7 - IPM Content (x64) (HKLM\...\{EF44BCCD-13F9-4974-862C-CCFAF43EE082}) (Version: 17.0 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X7 - PHOTO-PAINT (x64) (HKLM\...\{C922F325-DD52-4E22-B204-431A06E63E51}) (Version: 17.6 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X7 - Photozoom Plugin (x64) (HKLM\...\{1A73168F-5983-46A6-AAAB-FD83BC231E02}) (Version: 17.0 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X7 - Redist (x64) (HKLM\...\{C57EDB5A-AC8E-4E03-9F1A-DC013A2BB9B2}) (Version: 17.0 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X7 - Setup Files (x64) (HKLM\...\{5CB73140-806C-42C6-A05A-1AFD0E92DEB5}) (Version: 17.6 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X7 - VBA (x64) (HKLM\...\{5672E0DC-7489-4EAC-8CFD-E01B3868FCB5}) (Version: 17.6 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X7 - VideoBrowser (x64) (HKLM\...\{966996DC-D67C-40E3-8BD4-31FA0F093571}) (Version: 17.6 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X7 - Writing Tools (x64) (HKLM\...\{D63404AC-C2F1-4B3D-96EA-9727AC9D994C}) (Version: 17.6 - Corel Corporation) Hidden
    CorelDRAW Graphics Suite X7 (64-Bit) (HKLM\...\_{5CB73140-806C-42C6-A05A-1AFD0E92DEB5}) (Version: 17.6.0.1021 - Corel Corporation)
    CrashPlan (HKLM\...\{82DD9B45-C8B7-4786-A733-4D76CA572AA6}) (Version: 4.8.3.15 - Code 42 Software)
    Creative Content (HKLM-x32\...\_{9375898A-ED8E-4423-ADFA-75AF8E594769}) (Version: 1.0.0.130 - Corel Corporation) Hidden
    Creative Content (HKLM-x32\...\{9375898A-ED8E-4423-ADFA-75AF8E594769}) (Version: 1.0.0.130 - Corel Corporation) Hidden
    CryptoPrevent (HKLM-x32\...\{0EC0476E-07F1-4FC9-8F36-BB363A4B09E0}_is1) (Version: - Foolish IT LLC)
    D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
    D-Link DWA-130 Wireless N USB Adapter (HKLM-x32\...\{6F6F39E3-D24D-4EEE-9AEA-DEDAF991385D}) (Version: 1 - D-Link)
    EasyVideoSuite (HKLM-x32\...\{626ED56A-F33D-4DE9-A2EF-2473E3475904}) (Version: 1.0.0 - WebActix)
    FileZilla Client 3.26.2 (HKLM-x32\...\FileZilla Client) (Version: 3.26.2 - Tim Kosse)
    Filter Forge 5.014 (HKLM-x32\...\Filter Forge 5_is1) (Version: - Filter Forge, Inc.)
    FreeMind (HKLM-x32\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 1.0.1 - )
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
    GoToMeeting 8.8.0.7297 (HKU\S-1-5-21-2352983324-3960172132-545522257-1001\...\GoToMeeting) (Version: 8.8.0.7297 - LogMeIn, Inc.)
    Harrys Filters (HKLM\...\Harrys Filters //Make sure there is no second un~11E23A8E_is1) (Version: - The Plugin Site)
    High-Logic FontCreator 8 (HKLM-x32\...\FontCreator8_is1) (Version: - High-Logic B.V.)
    ICA (HKLM-x32\...\{00580795-581C-4587-B9F2-37320D7AB37F}) (Version: 14.0.0.332 - Corel Corporation) Hidden
    ICA (HKLM-x32\...\{1563C6F2-E9B5-42DE-9EA6-207C9A8C2DFB}) (Version: 15.0.0.183 - Corel Corporation) Hidden
    ICA (HKLM-x32\...\{166D1CB6-DD8A-40DD-9E25-4D31D2D6DE4D}) (Version: 16.0.0.113 - Corel Corporation) Hidden
    ICA (HKLM-x32\...\{176F50D6-6857-49CE-B731-65F757EE3F0D}) (Version: 17.3.0.30 - Corel Corporation) Hidden
    ICA (HKLM-x32\...\{6000096B-318C-40F8-A450-043B6A602D16}) (Version: 20.0.0.106 - Corel Corporation) Hidden
    ICA (HKLM-x32\...\{85C69B9B-F9BD-4A60-BD83-F2B7E081ED39}) (Version: 18.0.0.124 - Corel Corporation) Hidden
    ICA (HKLM-x32\...\{998717E5-1031-4D28-A143-48ADAF062E5F}) (Version: 19.0.0.96 - Corel Corporation) Hidden
    IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6341.0 - IDT)
    Image Composite Editor (HKLM\...\{92AB5708-1AAA-4B1B-A8D5-45CF3AD77519}) (Version: 2.0.3 - Microsoft Corporation)
    Intel(R) C++ Redistributables for Windows* on Intel(R) 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
    IPM_PSP_COM (HKLM-x32\...\{00BEE329-BAAB-49FF-9B66-55E4B12B9ADD}) (Version: 14.0.0.332 - Corel Corporation) Hidden
    IPM_PSP_COM (HKLM-x32\...\{154B0B16-ABCD-4A06-B0B7-8146B7A89B25}) (Version: 15.0.0.183 - Corel Corporation) Hidden
    IPM_PSP_COM (HKLM-x32\...\{164D34E1-0271-4960-8A26-E8990A302DB1}) (Version: 16.0.0.113 - Corel Corporation) Hidden
    IPM_PSP_COM (HKLM-x32\...\{174F9DF8-AC60-486A-8FF4-A22831D48E0D}) (Version: 17.3.0.30 - Corel Corporation) Hidden
    IPM_PSP_COM (HKLM-x32\...\{80A28CA4-189A-4EB2-9F76-7845A0A83D2A}) (Version: 18.0.0.124 - Corel Corporation) Hidden
    IPM_PSP_COM (HKLM-x32\...\{9A86C6EE-2CCC-4A51-BCC8-AAF97C2F4615}) (Version: 19.0.0.96 - Corel Corporation) Hidden
    IPM_PSP_COM (HKLM-x32\...\{E366C7D5-FD35-482C-AA33-38AE3BC48021}) (Version: 20.0.0.106 - Corel Corporation) Hidden
    IPM_PSP_COM64 (HKLM\...\{1678F86C-889D-4198-8249-F4625058256B}) (Version: 16.0.0.113 - Corel Corporation) Hidden
    IPM_PSP_COM64 (HKLM\...\{17704FA2-B1D2-4D5C-A23D-BDA0D2BC9CC7}) (Version: 17.3.0.30 - Corel Corporation) Hidden
    IPM_PSP_COM64 (HKLM\...\{2013AABB-7212-4D79-B13B-25E567C2D0E4}) (Version: 20.0.0.106 - Corel Corporation) Hidden
    IPM_PSP_COM64 (HKLM\...\{842A3E2E-15B2-4D49-A50F-05964CA93374}) (Version: 18.0.0.124 - Corel Corporation) Hidden
    IPM_PSP_COM64 (HKLM\...\{966E78A9-AB34-4FC6-BEDA-7D3F1F42121D}) (Version: 19.0.0.96 - Corel Corporation) Hidden
    IrfanView 4.44 (32-bit) (HKLM-x32\...\IrfanView) (Version: 4.44 - Irfan Skiljan)
    Jasc Paint Shop Photo Album 5 (HKLM-x32\...\{24960CD0-661D-4957-9D5F-D2905A30EDB1}) (Version: 5.0.1 - Jasc Software, Inc.)
    Jasc Paint Shop Pro 8 (HKLM-x32\...\{81A34902-9D0B-4920-A25C-4CDC5D14B328}) (Version: 8.01.0000 - Jasc Software Inc)
    Jasc Paint Shop Pro 8.10 Update Patch (HKLM-x32\...\Jasc Paint Shop Pro 8.10 Update Patch) (Version: - )
    Jasc Paint Shop Pro 9 (HKLM-x32\...\{F843C6A3-224D-4615-94F8-3C461BD9AEA0}) (Version: 9.00.0000 - Jasc Software Inc)
    Jasc Paint Shop Pro 9.01 Patch (HKLM-x32\...\Jasc Paint Shop Pro 9.01 Patch) (Version: - )
    Java 8 Update 131 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
    Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
    Jing (HKLM-x32\...\{8C784F8B-89D0-4A59-A000-7EEF129E1574}) (Version: 2.9.15255.1 - TechSmith Corporation)
    Junk Mail filter update (HKLM-x32\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    K-Lite Codec Pack 12.3.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 12.3.5 - KLCP)
    LookInMyPC (HKLM-x32\...\LookInMyPC) (Version: - )
    Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
    Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
    Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
    Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation)
    Mozilla Firefox 54.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0 (x86 en-US)) (Version: 54.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 54.0.0.6368 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Nik Collection (HKLM-x32\...\Nik Collection) (Version: 1.2.11 - Google)
    Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.4.1 - Notepad++ Team)
    Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (HKLM\...\{E237254B-36A1-3D27-815E-B37C13BE0796}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
    Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (HKLM-x32\...\{03077B58-6ACF-32CA-B42A-EAA458C295A1}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
    Paint Shop Pro 6.02 EVAL (HKLM-x32\...\Paint Shop Pro 6) (Version: - )
    PDF Settings CS5 (HKLM-x32\...\{A78FE97A-C0C8-49CE-89D0-EDD524A17392}) (Version: 10.0 - Adobe Systems Incorporated) Hidden
    PDF To Word Converter 3.70 (HKLM-x32\...\{BC58612B-71F0-4354-8A3F-54751AF9B19F}}_is1) (Version: - AdeptPDF Studio)
    PSPPContent (HKLM-x32\...\{006CAAEF-CA96-4181-AC22-FE56D61432E4}) (Version: 14.0.0.332 - Corel Corporation) Hidden
    PSPPContent (HKLM-x32\...\{1522E36C-3739-41E4-8CD3-A4AFEA70086A}) (Version: 15.1.0.9 - Corel Corporation) Hidden
    PSPPContent (HKLM-x32\...\{162BD2D6-6C63-41A7-8151-93188450D36A}) (Version: 16.0.0.113 - Corel Corporation) Hidden
    PSPPContent (HKLM-x32\...\{17289BF4-5826-447B-A20A-738044D0B3E5}) (Version: 17.3.0.30 - Corel Corporation) Hidden
    PSPPContent (HKLM-x32\...\{89E018D8-558F-4051-BB26-64DD9B90DF68}) (Version: 18.0.0.124 - Corel Corporation) Hidden
    PSPPContent (HKLM-x32\...\{91773E30-F29C-4381-854A-95281DEB8DA1}) (Version: 19.0.0.96 - Corel Corporation) Hidden
    PSPPContent (HKLM-x32\...\{CC719875-8939-48D2-BA50-D5F5673C4C6A}) (Version: 20.0.0.106 - Corel Corporation) Hidden
    PSPPHelp (HKLM-x32\...\{00D74A7A-F7AD-4D00-ABD2-0973836292C7}) (Version: 14.0.0.332 - Corel Corporation) Hidden
    PSPPHelp (HKLM-x32\...\{153DD765-C8C6-4893-8CEF-D965351D82EC}) (Version: 15.0.0.183 - Corel Corporation) Hidden
    PSPPHelp (HKLM-x32\...\{16346B2A-87BC-407C-9D6B-72A4D21ABF03}) (Version: 16.0.0.113 - Corel Corporation) Hidden
    PSPPHelp (HKLM-x32\...\{1735F0DE-B173-4116-BABC-653A12FB9238}) (Version: 17.3.0.30 - Corel Corporation) Hidden
    PSPPHelp (HKLM-x32\...\{88340123-2A5C-48D4-98C1-58C18D12F09C}) (Version: 18.0.0.124 - Corel Corporation) Hidden
    PSPPHelp (HKLM-x32\...\{9F087D85-EDDC-4DC4-B665-AFDD3734D987}) (Version: 19.0.0.96 - Corel Corporation) Hidden
    PSPPHelp (HKLM-x32\...\{BBF5A9A0-82BD-4C51-9EAD-624651FE765B}) (Version: 20.0.0.106 - Corel Corporation) Hidden
    PSPPro64 (HKLM\...\{0015DE8E-8D9F-403E-8E5A-4098410E6125}) (Version: 14.0.0.332 - Corel Corporation) Hidden
    PSPPro64 (HKLM\...\{1551A29F-B1B0-43CA-90B5-E6E5186F683E}) (Version: 15.0.0.183 - Corel Corporation) Hidden
    PSPPro64 (HKLM\...\{16582334-495C-4F1C-A66B-3BFD8866B674}) (Version: 16.2.0.20 - Corel Corporation) Hidden
    PSPPro64 (HKLM\...\{17511557-C430-486A-AB5A-87A8134B2613}) (Version: 17.3.0.30 - Corel Corporation) Hidden
    PSPPro64 (HKLM\...\{88CFC59F-1491-4359-819F-87DFAFF9CCF4}) (Version: 18.0.0.124 - Corel Corporation) Hidden
    PSPPro64 (HKLM\...\{9722764A-D7C1-483A-931C-9C0A95D5F4EB}) (Version: 19.0.0.96 - Corel Corporation) Hidden
    PSPPro64 (HKLM\...\{A8A7345E-0111-4A73-9F0F-560A837BF901}) (Version: 20.0.0.106 - Corel Corporation) Hidden
    QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31225 - Realtek Semiconduct Corp.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.73.618.2013 - Realtek)
    Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6409 - Realtek Semiconductor Corp.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7891 - Realtek Semiconductor Corp.)
    RescueTime 2.12.5.1503 (HKLM-x32\...\{2505571C-03B3-4F9F-AC35-33F1CB4B5E9E}_is1) (Version: - RescueTime.com)
    Setup (HKLM-x32\...\{00D13418-7DDF-4D3D-A237-E297B103BB6B}) (Version: 14.0.0.332 - Corel Corporation) Hidden
    Setup (HKLM-x32\...\{15002A1B-C1E7-4E91-A3EC-5502BF924A32}) (Version: 15.0.0.183 - Corel Corporation) Hidden
    Setup (HKLM-x32\...\{16006EE1-DDB7-4E5F-8696-9FEF32C0151A}) (Version: 16.0.0.113 - Corel Corporation) Hidden
    Setup (HKLM-x32\...\{17088A4E-3CF3-4F12-926D-2A9E8085B8EC}) (Version: 17.3.0.30 - Corel Corporation) Hidden
    Setup (HKLM-x32\...\{8BFA76B5-47DD-4C88-9C9B-7407019F0E13}) (Version: 18.0.0.124 - Corel Corporation) Hidden
    Setup (HKLM-x32\...\{9E0054AB-F957-4177-850E-3541960DBD53}) (Version: 19.0.0.96 - Corel Corporation) Hidden
    Setup (HKLM-x32\...\{C9C9ACD1-F275-45CB-B507-96486DB5E608}) (Version: 20.0.0.106 - Corel Corporation) Hidden
    Skype™ 7.37 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.37.103 - Skype Technologies S.A.)
    Super Finder XT 1.6.3.2 (HKLM-x32\...\Super Finder XT_is1) (Version: - FSL - FreeSoftLand)
    swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.0.3.0 - Synaptics Incorporated)
    TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.78716 - TeamViewer)
    TurboTax Canada 2016 (HKLM-x32\...\TurboTax Canada 2016_is1) (Version: 2016 - Intuit Canada)
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    Validity Fingerprint Sensor Driver (HKLM\...\{697E5298-CF76-43A3-AC9D-6AE2FA0F2B43}) (Version: 4.3.226.0 - Validity Sensors, Inc.)
    Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.5-3 - Wacom Technology Corp.)
    WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
    WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
    WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
    Zoom (HKU\S-1-5-21-2352983324-3960172132-545522257-1001\...\ZoomUMX) (Version: 4.0 - Zoom Video Communications, Inc.)
    Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (HKLM\...\{25FB53C5-BE4C-3B6C-A0C9-D49A39227E1E}) (Version: 11.0.51108 - Microsoft Corporation) Hidden
    Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (HKLM-x32\...\{68DC347D-C1C0-3DE2-A53E-CCC71DA53E57}) (Version: 11.0.51108 - Microsoft Corporation) Hidden

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-2352983324-3960172132-545522257-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\6291\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
    ContextMenuHandlers01: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov)
    ContextMenuHandlers01: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2015-09-24] (Adobe Systems Inc.)
    ContextMenuHandlers01: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2017-05-17] ()
    ContextMenuHandlers01: [Corel PaintShop Pro X4] -> {CA34A346-C652-4F33-8CFF-FD6A91D9D64A} => c:\Program Files (x86)\Corel\Corel PaintShop Pro X4\PSPContextMenu64.dll [2011-07-03] (Corel Software, Inc.)
    ContextMenuHandlers01: [Corel PaintShop Pro X5] -> {D6D67107-2AFB-41D4-97E3-4F6ED2A21FF8} => c:\Program Files (x86)\Corel\Corel PaintShop Pro X5\PSPContextMenu64.dll [2012-07-20] (Corel Software, Inc.)
    ContextMenuHandlers01: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
    ContextMenuHandlers01: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
    ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File
    ContextMenuHandlers01: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => -> No File
    ContextMenuHandlers02: [Corel PaintShop Pro X4] -> {CA34A346-C652-4F33-8CFF-FD6A91D9D64A} => c:\Program Files (x86)\Corel\Corel PaintShop Pro X4\PSPContextMenu64.dll [2011-07-03] (Corel Software, Inc.)
    ContextMenuHandlers02: [Corel PaintShop Pro X5] -> {D6D67107-2AFB-41D4-97E3-4F6ED2A21FF8} => c:\Program Files (x86)\Corel\Corel PaintShop Pro X5\PSPContextMenu64.dll [2012-07-20] (Corel Software, Inc.)
    ContextMenuHandlers02: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
    ContextMenuHandlers03: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
    ContextMenuHandlers03: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => -> No File
    ContextMenuHandlers04: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov)
    ContextMenuHandlers04: [Corel PaintShop Pro X4] -> {CA34A346-C652-4F33-8CFF-FD6A91D9D64A} => c:\Program Files (x86)\Corel\Corel PaintShop Pro X4\PSPContextMenu64.dll [2011-07-03] (Corel Software, Inc.)
    ContextMenuHandlers04: [Corel PaintShop Pro X5] -> {D6D67107-2AFB-41D4-97E3-4F6ED2A21FF8} => c:\Program Files (x86)\Corel\Corel PaintShop Pro X5\PSPContextMenu64.dll [2012-07-20] (Corel Software, Inc.)
    ContextMenuHandlers04: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
    ContextMenuHandlers04: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => -> No File
    ContextMenuHandlers05: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => -> No File
    ContextMenuHandlers05: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\windows\system32\igfxpph.dll [2015-06-01] (Intel Corporation)
    ContextMenuHandlers05: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => -> No File
    ContextMenuHandlers06: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov)
    ContextMenuHandlers06: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\..\Acrobat Elements\ContextMenu64.dll [2015-09-24] (Adobe Systems Inc.)
    ContextMenuHandlers06: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
    ContextMenuHandlers06: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
    ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File
    ContextMenuHandlers06: [XXX Groove GFS Context Menu Handler XXX] -> {6C467336-8281-4E60-8204-430CED96822D} => -> No File

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {024B27F2-CE2C-4B57-8EA3-AE61667E9833} - System32\Tasks\G2MUpdateTask-S-1-5-21-2352983324-3960172132-545522257-1001 => C:\Program Files (x86)\GoToMeeting\7297\g2mupdate.exe [2017-07-08] (LogMeIn, Inc.)
    Task: {0F0BE2F9-44C8-4ED2-A1F7-ABCCF22A4D47} - System32\Tasks\G2MUploadTask-S-1-5-21-2352983324-3960172132-545522257-1001 => C:\Program Files (x86)\GoToMeeting\7297\g2mupload.exe [2017-07-08] (LogMeIn, Inc.)
    Task: {16516FE6-0253-474F-89DB-63AE87383DA2} - System32\Tasks\CorelUpdateHelperTask => C:\Program Files (x86)\Corel\CUH\v2\CUH.exe [2017-05-29] (Corel Corporation)
    Task: {1CC2E1F3-2B5E-46B5-8D8B-4B2563DC4A32} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-08-05] (Piriform Ltd)
    Task: {517C6A72-C2F8-476F-B96A-1D8EA86E0AA2} - System32\Tasks\Microsoft\Windows\PLA\Sept6-2016 => C:\windows\system32\rundll32.exe C:\windows\system32\pla.dll,PlaHost "Sept6-2016" "$(Arg0)"
    Task: {60C4810E-B6BC-41FC-9778-839641A06637} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
    Task: {648256C4-3AA7-4ED2-931F-73F340F93340} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-01] (Google Inc.)
    Task: {8208A653-553D-468F-90EF-2BE9C4027B9E} - System32\Tasks\CorelUpdateHelperTaskCore => c:\Program Files (x86)\Corel\CUH\v2\CUH.exe [2017-05-29] (Corel Corporation)
    Task: {87B5038E-B118-4F28-BB13-042026579868} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2016-08-15] ()
    Task: {9E8A4ECB-5B02-4111-9AD0-B2227E0C804F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-01] (Google Inc.)
    Task: {A7BE1CBE-F0A0-4EDC-B09F-7DFDDE5340B6} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_26_0_0_137_pepper.exe [2017-07-11] (Adobe Systems Incorporated)
    Task: {BB27C8C8-E2C8-4620-B7AF-75A353BEAC6F} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-07-11] (Adobe Systems Incorporated)
    Task: {C2F5ECD6-1A50-4000-B574-B8F9E05E75DE} - System32\Tasks\AdobeAAMUpdater-1.0-CAROLEDESKTOP-User_2 => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-03-30] (Adobe Systems Incorporated)
    Task: {D1FF67D5-8169-4F2B-AE5A-911DFFE853AA} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
    Task: {DD56B184-3974-4BC8-84E0-3EBFE0C222E8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
    Task: {E69E1E47-24B0-4EA8-9201-F977E74FA0FB} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2016-06-29] ()
    Task: {F2B16C84-CA43-4038-B06F-95D60A5DE24C} - System32\Tasks\{2D739C6B-FF49-4C53-8101-E1F4B231C540} => C:\windows\system32\pcalua.exe -a C:\Carole-C-DeskTop\PSP2\Originals\pspXI\PaintShopPro1100_EN_DE_FR_ES_IT_NL_CORELTBYB_ESD.exe -d C:\Carole-C-DeskTop\PSP2\Originals\pspXI

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\windows\Tasks\G2MUpdateTask-S-1-5-21-2352983324-3960172132-545522257-1001.job => C:\Program Files (x86)\GoToMeeting\7297\g2mupdate.exe
    Task: C:\windows\Tasks\G2MUploadTask-S-1-5-21-2352983324-3960172132-545522257-1001.job => C:\Program Files (x86)\GoToMeeting\7297\g2mupload.exe

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)


    ==================== Loaded Modules (Whitelisted) ==============

    2017-06-08 18:37 - 2017-06-08 18:37 - 00014848 _____ () C:\Program Files\CrashPlan\md564.dll
    2017-06-08 18:37 - 2017-06-08 18:37 - 00238592 _____ () \\?\C:\Program Files\CrashPlan\cpnative64.dll
    2017-06-08 18:37 - 2017-06-08 18:37 - 00082432 _____ () \\?\C:\Program Files\CrashPlan\c42archive64.dll
    2017-06-08 18:37 - 2017-06-08 18:37 - 00484864 _____ () \\?\C:\Program Files\CrashPlan\libleveldb64.dll
    2017-06-12 14:48 - 2017-06-12 14:48 - 00052392 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
    2017-05-17 21:05 - 2017-05-17 21:05 - 00230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
    2017-01-27 02:25 - 2014-08-19 16:12 - 01356568 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
    2016-09-04 17:26 - 2008-06-26 19:09 - 00167936 _____ () C:\Program Files (x86)\D-Link\DWA-130 revE\WlanWpsSvc.exe
    2017-06-27 17:35 - 2017-06-23 00:21 - 03807064 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libglesv2.dll
    2017-06-27 17:35 - 2017-06-23 00:21 - 00100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libegl.dll
    2017-05-31 11:41 - 2017-05-31 11:41 - 01982976 ____R () C:\Program Files (x86)\Skype\Phone\skypert.dll
    2014-11-20 19:04 - 2014-11-20 19:04 - 00054272 ____S () C:\Program Files (x86)\WebActix\EasyVideoSuite\screen-capture-recorder.dll
    2009-02-26 13:46 - 2009-02-26 13:46 - 00064344 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
    2015-09-24 12:40 - 2015-09-24 12:40 - 02897304 _____ () C:\Program Files (x86)\Adobe\Acrobat 10.0\PDFMaker\Common\AdobePDFMakerX.dll
    2011-06-22 11:46 - 2011-06-22 11:46 - 00434016 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
    2011-05-26 20:18 - 2011-05-26 20:18 - 00136536 _____ () C:\Program Files (x86)\Microsoft Office\Office12\OUTLCTL.DLL
    2015-11-11 03:41 - 2015-11-11 03:41 - 00756376 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
    2004-08-16 09:00 - 2004-11-09 09:01 - 00438272 _____ () C:\Program Files (x86)\Jasc Software Inc\Paint Shop Pro 9\igJPEG2K13d.dll
    2017-06-12 14:48 - 2017-06-12 14:48 - 00048296 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
    2017-05-17 21:05 - 2017-05-17 21:05 - 00021680 _____ () C:\Program Files (x86)\Notepad++\plugins\NppExport.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptoPreventEventSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProtexisLicensing => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSI_SVC_2 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSI_SVC_2_x64 => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE restricted site: HKU\S-1-5-21-2352983324-3960172132-545522257-1001\...\skype.com -> hxxps://apps.skype.com

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 23:34 - 2017-01-01 02:26 - 00000826 _____ C:\windows\system32\Drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2352983324-3960172132-545522257-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\User_2\Pictures\WallPaper\TranscodedWallpaper.jpg
    DNS Servers: 192.168.2.1 - 142.166.166.166
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
    Windows Firewall is enabled.

  4. #4
    Join Date
    Mar 2004
    Posts
    1,436
    and finally the end of this log:



    ==================== MSCONFIG/TASK MANAGER disabled items ==

    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Wireless Connection Manager.lnk => C:\windows\pss\Wireless Connection Manager.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^Users^User_2^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
    MSCONFIG\startupfolder: C:^Users^User_2^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Super Finder XT.lnk => C:\windows\pss\Super Finder XT.lnk.Startup
    MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
    MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    MSCONFIG\startupreg: AdobeCS5.5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
    MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    MSCONFIG\startupreg: EKIJ5000StatusMonitor => C:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe
    MSCONFIG\startupreg: Jing => C:\Program Files (x86)\TechSmith\Jing\Jing.exe
    MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
    FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
    FirewallRules: [{DDA4E166-22BF-4D93-B10E-23BBB26F53E1}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [{59FF8C9C-4A76-4C71-990F-9226C53C04CF}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{09FAC2D8-AA2B-4024-A789-A0B023802747}] => (Allow) LPort=2869
    FirewallRules: [{AE87C40E-511A-4205-8190-4CE6DA308920}] => (Allow) LPort=1900
    FirewallRules: [{E2DF9F2D-F0F7-4126-B08E-0956BD37B249}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{4E3C7B22-15F0-4CEF-A435-062DFFF0428D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{CD211E2A-C9E1-4EB3-958F-27ABF96C1283}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
    FirewallRules: [{84AD8952-730D-46FE-892E-C15C64C2F537}] => (Allow) LPort=8317
    FirewallRules: [{4F0F54D1-E394-419B-83AD-54B957F18B77}] => (Allow) LPort=8318
    FirewallRules: [{7E29FE92-D390-4C70-B071-328A8041B5DF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{F23C8ED5-C463-4C3C-AE40-4F8E5F180F2F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{6A18DA4B-0743-45BD-82E6-7EA389B40718}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelDrw.exe
    FirewallRules: [{ECE9A29A-38D6-4506-8EB4-902A429CEDED}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelPP.exe
    FirewallRules: [{A0F56ABB-E275-4D1F-9E37-7C15EA1CDD3C}] => (Allow) C:\Program Files\CrashPlan\CrashPlanService.exe
    FirewallRules: [{21743D9C-48F5-4F04-9A51-BA68B0A443EE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{522DC62E-E303-4480-A24B-A20AED18A56B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    FirewallRules: [{40136CFE-C55E-46FC-AA07-D1237C471D54}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    FirewallRules: [{08BF8103-0511-40B9-87A6-185D8A33F662}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [{F75E165C-D382-4DEB-948C-7420440C788B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

    ==================== Restore Points =========================


    ==================== Faulty Device Manager Devices =============

    Name: MpKsl925d2e71
    Description: MpKsl925d2e71
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: MpKsl925d2e71
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (07/22/2017 10:10:32 AM) (Source: SideBySide) (EventID: 33) (User: )
    Description: Activation context generation failed for "C:\Users\User_2\Desktop\vcredist_arm.exe".
    Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.

    Error: (07/22/2017 04:56:44 AM) (Source: SideBySide) (EventID: 80) (User: )
    Description: Activation context generation failed for "c:\program files (x86)\corel\corel paintshop pro 2018\setup\{6000096b-318c-40f8-a450-043b6a602d16}\Setup.exe".Error in manifest or policy file "" on line .
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
    Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

    Error: (07/21/2017 05:37:35 PM) (Source: VSS) (EventID: 12294) (User: )
    Description: Volume Shadow Copy Service error: Error calling a routine on the Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine returned E_INVALIDARG.
    Routine details GetSnapshot({00000000-0000-0000-0000-000000000000},00000000003E9860).


    Operation:
    Get Shadow Copy Properties

    Context:
    Execution Context: Coordinator

    Error: (07/21/2017 05:37:35 PM) (Source: VSS) (EventID: 12298) (User: )
    Description: Volume Shadow Copy Service error: The I/O writes cannot be held during the shadow copy creation period on volume \\?\Volume{16345c62-6553-11e6-b9e1-806e6f6e6963}\.
    The volume index in the shadow copy set is 0. Error details: Open[0x00000000, The operation completed successfully.
    ], Flush[0x00000000, The operation completed successfully.
    ], Release[0x80042314, The shadow copy provider timed out while holding writes to the volume being shadow copied. This is probably due to excessive activity on the volume by an application or a system service. Try again later when activity on the volume is reduced.
    ], OnRun[0x00000000, The operation completed successfully.
    ].


    Operation:
    Executing Asynchronous Operation

    Context:
    Current State: DoSnapshotSet

    Error: (07/21/2017 05:37:34 PM) (Source: VSS) (EventID: 12310) (User: )
    Description: Volume Shadow Copy Service error: The shadow copy could not be committed - operation timed out.
    Error context: DeviceIoControl(\\?\Volume{16345c62-6553-11e6-b9e1-806e6f6e6963} - 0000000000000154,0x0053c010,00000000003CC010,0,00000000003CB000,4096,[0]).


    Operation:
    Committing shadow copies

    Context:
    Execution Context: System Provider

    Error: (07/21/2017 05:07:28 PM) (Source: VSS) (EventID: 12294) (User: )
    Description: Volume Shadow Copy Service error: Error calling a routine on the Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine returned E_INVALIDARG.
    Routine details GetSnapshot({00000000-0000-0000-0000-000000000000},00000000003FA850).


    Operation:
    Get Shadow Copy Properties

    Context:
    Execution Context: Coordinator

    Error: (07/21/2017 04:01:01 PM) (Source: VSS) (EventID: 12294) (User: )
    Description: Volume Shadow Copy Service error: Error calling a routine on the Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine returned E_INVALIDARG.
    Routine details GetSnapshot({00000000-0000-0000-0000-000000000000},00000000002386B0).


    Operation:
    Get Shadow Copy Properties

    Context:
    Execution Context: Coordinator

    Error: (07/21/2017 12:56:38 PM) (Source: VSS) (EventID: 12294) (User: )
    Description: Volume Shadow Copy Service error: Error calling a routine on the Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine returned E_INVALIDARG.
    Routine details GetSnapshot({00000000-0000-0000-0000-000000000000},00000000002E0C30).


    Operation:
    Get Shadow Copy Properties

    Context:
    Execution Context: Coordinator

    Error: (07/21/2017 12:56:38 PM) (Source: VSS) (EventID: 12298) (User: )
    Description: Volume Shadow Copy Service error: The I/O writes cannot be held during the shadow copy creation period on volume \\?\Volume{16345c62-6553-11e6-b9e1-806e6f6e6963}\.
    The volume index in the shadow copy set is 0. Error details: Open[0x00000000, The operation completed successfully.
    ], Flush[0x00000000, The operation completed successfully.
    ], Release[0x80042314, The shadow copy provider timed out while holding writes to the volume being shadow copied. This is probably due to excessive activity on the volume by an application or a system service. Try again later when activity on the volume is reduced.
    ], OnRun[0x00000000, The operation completed successfully.
    ].


    Operation:
    Executing Asynchronous Operation

    Context:
    Current State: DoSnapshotSet

    Error: (07/21/2017 12:56:34 PM) (Source: VSS) (EventID: 12310) (User: )
    Description: Volume Shadow Copy Service error: The shadow copy could not be committed - operation timed out.
    Error context: DeviceIoControl(\\?\Volume{16345c62-6553-11e6-b9e1-806e6f6e6963} - 0000000000000158,0x0053c010,00000000002FC000,0,00000000002FAFF0,4096,[0]).


    Operation:
    Committing shadow copies

    Context:
    Execution Context: System Provider


    System errors:
    =============
    Error: (07/22/2017 10:31:04 AM) (Source: Disk) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Harddisk2\DR2.

    Error: (07/22/2017 10:31:04 AM) (Source: Disk) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Harddisk2\DR2.

    Error: (07/22/2017 10:31:03 AM) (Source: Disk) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Harddisk2\DR2.

    Error: (07/22/2017 10:31:03 AM) (Source: Disk) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Harddisk2\DR2.

    Error: (07/22/2017 10:31:02 AM) (Source: Disk) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Harddisk2\DR2.

    Error: (07/22/2017 10:08:27 AM) (Source: Disk) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Harddisk2\DR2.

    Error: (07/22/2017 10:08:27 AM) (Source: Disk) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Harddisk2\DR2.

    Error: (07/22/2017 10:08:26 AM) (Source: Disk) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Harddisk2\DR2.

    Error: (07/22/2017 10:08:26 AM) (Source: Disk) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Harddisk2\DR2.

    Error: (07/22/2017 10:08:25 AM) (Source: Disk) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Harddisk2\DR2.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i3 CPU 530 @ 2.93GHz
    Percentage of memory in use: 93%
    Total physical RAM: 8119.09 MB
    Available physical RAM: 517.64 MB
    Total Virtual: 16236.37 MB
    Available Virtual: 6681.49 MB

    ==================== Drives ================================

    Drive c: (Windows) (Fixed) (Total:921.71 GB) (Free:173.87 GB) NTFS
    Drive d: (DWA-140) (CDROM) (Total:0.05 GB) (Free:0 GB) CDFS
    Drive e: (Acer) (Fixed) (Total:683.54 GB) (Free:158.72 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive f: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.04 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive g: (FANTOM) (Fixed) (Total:931.5 GB) (Free:684.08 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 7385C9C4)
    Partition 1: (Active) - (Size=499 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=921.7 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=9.3 GB) - (Type=27)

    ========================================================
    Disk: 1 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 2BD2C32A)
    Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
    Partition 2: (Not Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 3: (Active) - (Size=683.5 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 2 (Size: 931.5 GB) (Disk ID: F87B4C9A)
    Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================

  5. #5
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Please, observe following rules:

    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.



    ===============================

    Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2
    • Close all the running programs
    • Double click on downloaded setup.exe file to install the program.
    • Click on Start Scan button.
    • Click on another Start Scan button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.

    Please download Malwarebytes to your desktop.
    • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
    • Then click Finish.
    • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
    • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
    • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
    • Restart your computer when prompted to do so.
    • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

    Please download AdwCleaner by Xplode and save to your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
      Vista/Windows 7/8 users right-click and select Run As Administrator
    • The tool will start to update the database if one is required.
    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • After the scan has finished, click on the Logfile button.
    • A window will open which lists the logs of your scans.
    • Click on the Scan tab.
    • Double-click the most recent scan which will be at the top of the list....the log will appear.
    • Review the results...see note below
    • After reviewing the log, click on the Clean button.
    • Press OK when asked to close all programs and follow the onscreen prompts.
    • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
    • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
    • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
    • A copy of all logfiles are saved to C:\AdwCleaner.

    -- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.


    Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

  6. #6
    Join Date
    Mar 2004
    Posts
    1,436
    Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2
    Close all the running programs
    Double click on downloaded setup.exe file to install the program.
    Click on Start Scan button.
    Click on another Start Scan button.
    Wait until the Status box shows Scan Finished
    Click on Delete.
    Wait until the Status box shows Deleting Finished.
    Click on Report and copy/paste the content of the Notepad into your next reply.
    RKreport.txt could also be found on your desktop.
    If more than one log is produced post all logs.
    I am not sure if i downloaded a different version (it shows version 12.11.7.0), but once it went through the whole scanning (which took a couple of hours), I have a list of "Threats detected", in red, orange, and grey, with a few of them are checked. The options available are Open Report, Remove Selected, or Cancel.

    What do you suggest? I don't want to do the wrong thing.

  7. #7
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Click on Remove Selected.

  8. #8
    Join Date
    Mar 2004
    Posts
    1,436
    Only three are selected after the process, while it identified 36. I just go with the 3?

  9. #9
    Join Date
    Mar 2004
    Posts
    1,436
    RogueKiller V12.11.7.0 (x64) [Jul 17 2017] (Free) by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : https://forum.adlice.com
    Website : http://www.adlice.com/download/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : User_2 [Administrator]
    Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
    Mode : Delete -- Date : 07/22/2017 21:30:18 (Duration : 02:12:22)
    Switches : -refid

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 28 ¤¤¤
    [PUP.DriverPack] (X64) HKEY_LOCAL_MACHINE\Software\drpsu -> Not selected
    [PUP.DriverPack] (X86) HKEY_LOCAL_MACHINE\Software\drpsu -> Not selected
    [PUP.DriverPack] (X64) HKEY_USERS\RK_Administrator_ON_E_AC44\Software\drpsu -> Not selected
    [PUP.DriverPack] (X86) HKEY_USERS\RK_Administrator_ON_E_AC44\Software\drpsu -> Not selected
    [PUP.Gen1] (X64) HKEY_USERS\RK_user_ON_E_8B1B\Software\YahooPartnerToolbar -> Not selected
    [PUP.Gen1] (X86) HKEY_USERS\RK_user_ON_E_8B1B\Software\YahooPartnerToolbar -> Not selected
    [PUP.DriverPack] (X64) HKEY_USERS\RK_User_ON_E_ABB8\Software\drpsu -> Not selected
    [PUP.DriverPack] (X86) HKEY_USERS\RK_User_ON_E_ABB8\Software\drpsu -> Not selected
    [PUP.Gen1] (X64) HKEY_USERS\RK_user_ON_E_8B1B\Software\AppDataLow\Software\adawarebp -> Not selected
    [PUP.Gen1] (X64) HKEY_USERS\RK_user_ON_E_8B1B\Software\AppDataLow\Software\adawaretb -> Not selected
    [PUP.Gen1] (X86) HKEY_USERS\RK_user_ON_E_8B1B\Software\AppDataLow\Software\adawarebp -> Not selected
    [PUP.Gen1] (X86) HKEY_USERS\RK_user_ON_E_8B1B\Software\AppDataLow\Software\adawaretb -> Not selected
    [PUP.Gen0] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_E_6BFE\ControlSet001\Services\YahooAUService ("C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe") -> Not selected
    [PUP.Gen0] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_E_6BFE\ControlSet002\Services\YahooAUService ("C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe") -> Not selected
    [PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.bing.com/search?FORM=INCO...G=ICO-99ff3772 -> Not selected
    [PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.bing.com/search?FORM=INCO...G=ICO-99ff3772 -> Not selected
    [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2352983324-3960172132-545522257-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.bing.com/search?FORM=INCO...G=ICO-99ff3772 -> Not selected
    [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2352983324-3960172132-545522257-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.bing.com/search?FORM=INCO...G=ICO-99ff3772 -> Not selected
    [PUM.SearchPage] (X64) HKEY_USERS\RK_user_ON_E_8B1B\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Not selected
    [PUM.SearchPage] (X86) HKEY_USERS\RK_user_ON_E_8B1B\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Not selected
    [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Not selected
    [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Not selected
    [PUM.StartMenu] (X64) HKEY_USERS\RK_Administrator_ON_E_AC44\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Not selected
    [PUM.StartMenu] (X86) HKEY_USERS\RK_Administrator_ON_E_AC44\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Not selected
    [PUM.StartMenu] (X64) HKEY_USERS\RK_User_ON_E_ABB8\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Not selected
    [PUM.StartMenu] (X86) HKEY_USERS\RK_User_ON_E_ABB8\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Not selected
    [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2352983324-3960172132-545522257-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Not selected
    [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2352983324-3960172132-545522257-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Not selected

    ¤¤¤ Tasks : 1 ¤¤¤
    [PUP.HackTool|VT.not-a-virus:RiskTool.Win32.HackKMS.bg] \AutoKMS -- C:\Windows\AutoKMS\AutoKMS.exe -> Deleted

    ¤¤¤ Files : 3 ¤¤¤
    [PUP.HackTool][Folder] C:\Windows\AutoKMS -> Deleted
    [PUP.HackTool][File] C:\Windows\AutoKMS\AutoKMS.exe -> Deleted
    [PUP.HackTool][File] C:\Windows\AutoKMS\AutoKMS.log -> Deleted
    [PUP.Gen1][Folder] C:\Users\User_2\AppData\Roaming\PDF To Word Converter -> Deleted
    [PUP.Gen1][File] C:\Users\User_2\AppData\Roaming\PDF To Word Converter\pdf2word.ini -> Deleted
    [PUP.Gen3][File] C:\Users\User_2\AppData\Roaming\Mozilla\Firefox\Profiles\6o1l1ku7.default\searchplugins\search provided by bing.xml -> Deleted

    ¤¤¤ WMI : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

    ¤¤¤ Web browsers : 4 ¤¤¤
    [PUP.Gen0][Chrome:Addon] Default : Alexa Traffic Rank [cknebhggccemgcnbidipinkifmmegdel] -> Not selected
    [PUM.HomePage][Firefox:Config] 6o1l1ku7.default : user_pref("browser.startup.homepage", "http://www.bing.com/search?FORM=INCOH1&PC=IC04&PTAG=ICO-99ff3772"); -> Not selected
    [PUM.SearchEngine][Firefox:Config] 6o1l1ku7.default : user_pref("browser.search.selectedEngine", "Search Provided by Bing"); -> Not selected
    [PUM.SearchEngine][Firefox:Config] 6o1l1ku7.default : user_pref("browser.search.defaultenginename", "Search Provided by Bing"); -> Not selected

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: WDC WD10EZEX-00ZF5A0 SCSI Disk Device +++++
    --- User ---
    [MBR] e5403177f076166c1f08a60e02c50f8a
    [BSP] 73c44aad11b4338a9a5dfad98107edb5 : Windows Vista/7/8|VT.Unknown MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 499 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1024000 | Size: 943834 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 1933996032 | Size: 9534 MB
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive1: WDC WD7500AVDS-63U8B SCSI Disk Device +++++
    --- User ---
    [MBR] 385e72240a879394f4b0026820d295c0
    [BSP] 55d57d3e41aa878a2341aeb65fa94d4f : Windows Vista/7/8|VT.Unknown MBR Code
    Partition table:
    0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15360 MB
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 31459328 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    2 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 31664128 | Size: 699942 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive2: MICRONET FANTOM DRIVE USB Device +++++
    --- User ---
    [MBR] 06f124675604a573815bd973a2612e8d
    [BSP] 35a28c61f53c4867a290f03a4732c7ec : Windows XP MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 953859 MB [Windows XP Bootstrap | Windows XP Bootloader]
    User = LL1 ... OK
    Error reading LL2 MBR! ([32] The request is not supported. )

  10. #10
    Join Date
    Mar 2004
    Posts
    1,436
    Malwarebytes turned out no threat at all.
    Onto the next step.

  11. #11
    Join Date
    Mar 2004
    Posts
    1,436
    Trying to run adwCleaner and three times I ran it as admininstrator (i have W7) and three times i get the message that "AdwCleaner has stopped working" when it gets to Post actions.

  12. #12
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Skip it.

  13. #13
    Join Date
    Mar 2004
    Posts
    1,436
    As i did the last step, once the scan was done and the log appeared, I noticed that my graphic tablet was somehow deactivated. I had no more pointing device (i don't have a mouse connected to that computer) so i rebooted the computer to recover my pointer.

    Here is the last log:

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.1.4 (07.09.2017)
    Operating System: Windows 7 Professional x64
    Ran by User_2 (Administrator) on Sun 07/23/2017 at 16:57:09.96
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    File System: 37

    Successfully deleted: C:\ProgramData\Start Menu\Programs\pdf to word converter.lnk (Shortcut)
    Successfully deleted: C:\Users\Public\thunder network (Folder)
    Successfully deleted: C:\Users\User_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel (Folder)
    Successfully deleted: C:\Users\User_2\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cknebhggccemgcnbidipinkifmmegdel_0.localstorage-journal (File)
    Successfully deleted: C:\Users\User_2\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cknebhggccemgcnbidipinkifmmegdel_0.localstorage (File)
    Successfully deleted: C:\Users\User_2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\User_2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1TJDG5FI (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\User_2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3TSH2R0L (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\User_2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\User_2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6KIMOCQC (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\User_2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\98NT356G (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\User_2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BWB5YD2Q (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\User_2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7O21I6F (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\User_2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\User_2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GYM03Y3P (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\User_2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\User_2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QJ2BK7DG (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\User_2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RQSMV5TR (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\User_2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SHLDOMOC (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\User_2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TF9URFQ2 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\User_2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V1GG63AZ (Temporary Internet Files Folder)
    Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
    Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1TJDG5FI (Temporary Internet Files Folder)
    Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3TSH2R0L (Temporary Internet Files Folder)
    Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
    Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6KIMOCQC (Temporary Internet Files Folder)
    Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\98NT356G (Temporary Internet Files Folder)
    Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BWB5YD2Q (Temporary Internet Files Folder)
    Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F7O21I6F (Temporary Internet Files Folder)
    Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
    Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GYM03Y3P (Temporary Internet Files Folder)
    Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
    Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QJ2BK7DG (Temporary Internet Files Folder)
    Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RQSMV5TR (Temporary Internet Files Folder)
    Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SHLDOMOC (Temporary Internet Files Folder)
    Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TF9URFQ2 (Temporary Internet Files Folder)
    Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V1GG63AZ (Temporary Internet Files Folder)



    Registry: 1

    Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_CA8C337BC90098A1457B584A38FF3CD7 (Registry Value)




    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sun 07/23/2017 at 17:01:39.53
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  14. #14
    Join Date
    Dec 2007
    Location
    Daly City, CA
    Posts
    22,550
    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.



    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.



    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"


    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode


    • Double-click on the Rkill desktop icon to run the tool.
    • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.



    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

  15. #15
    Join Date
    Mar 2004
    Posts
    1,436
    Here is the ComboFix log:

    ComboFix 17-07-07.01 - User_2 07/23/2017 17:52:08.1.4 - x64
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8119.4565 [GMT -3:00]
    Running from: c:\users\User_2\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {71A27EC9-3DA6-45FC-60A7-004F623C6189}
    SP: Microsoft Security Essentials *Disabled/Updated* {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\TEMP\jna--36540036\jna3277110023732583403.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2017-06-23 to 2017-07-23 )))))))))))))))))))))))))))))))
    .
    .
    2017-07-23 21:05 . 2017-07-23 21:05 -------- d-----w- c:\users\User_original\AppData\Local\temp
    2017-07-23 20:10 . 2017-07-17 20:54 13476768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{63858194-0929-45B9-88D9-F77A5970DF20}\mpengine.dll
    2017-07-23 17:45 . 2017-07-23 17:53 -------- d-----w- C:\AdwCleaner
    2017-07-23 17:06 . 2017-07-23 20:06 253856 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2017-07-23 17:05 . 2017-06-27 15:06 77376 ----a-w- c:\windows\system32\drivers\mbae64.sys
    2017-07-23 17:04 . 2017-07-23 17:04 -------- d-----w- c:\program files\Malwarebytes
    2017-07-23 01:33 . 2017-07-17 20:54 13476768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2017-07-23 00:30 . 2017-07-23 00:30 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2017-07-23 00:28 . 2017-07-23 17:01 -------- d-----w- c:\programdata\RogueKiller
    2017-07-23 00:28 . 2017-07-23 00:28 -------- d-----w- c:\program files\RogueKiller
    2017-07-22 13:10 . 2017-07-22 13:31 -------- d-----w- C:\FRST
    2017-07-12 06:05 . 2017-05-03 15:29 1206272 ----a-w- c:\windows\system32\aeinv.dll
    2017-07-12 06:05 . 2017-05-03 13:05 217088 ----a-w- c:\windows\system32\aepic.dll
    2017-07-12 06:05 . 2017-05-03 13:05 1555968 ----a-w- c:\windows\system32\appraiser.dll
    2017-07-12 06:05 . 2017-03-23 02:06 1691136 ----a-w- c:\windows\system32\aitstatic.exe
    2017-07-12 06:05 . 2017-05-03 13:05 620544 ----a-w- c:\windows\system32\generaltel.dll
    2017-07-12 06:05 . 2017-05-03 13:05 535552 ----a-w- c:\windows\system32\devinv.dll
    2017-07-12 06:05 . 2017-05-03 15:34 94952 ----a-w- c:\windows\system32\CompatTelRunner.exe
    2017-07-12 06:05 . 2017-05-03 13:05 325632 ----a-w- c:\windows\system32\invagent.dll
    2017-07-12 06:05 . 2017-05-03 13:05 311296 ----a-w- c:\windows\system32\centel.dll
    2017-07-12 06:05 . 2017-05-03 13:05 127488 ----a-w- c:\windows\system32\acmigration.dll
    2017-07-10 01:55 . 2017-07-10 01:55 -------- d-----w- c:\users\User_2\AppData\Roaming\ThePluginSite
    2017-07-10 01:55 . 2017-07-10 01:55 -------- d-----w- c:\program files\ThePluginSite
    2017-07-08 03:29 . 2017-07-08 03:29 -------- d-----w- c:\program files (x86)\GoToMeeting
    2017-07-03 22:38 . 2017-07-03 22:38 17406208 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE12\MSO.DLL
    2017-06-25 13:34 . 2017-06-25 13:34 -------- d-----w- c:\programdata\Purple Tint Script
    2017-06-25 13:22 . 2017-06-25 13:22 54728 ----a-w- c:\program files (x86)\Mozilla Firefox\pingsender.exe
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2017-07-23 20:04 . 2016-08-18 15:49 65536 ----a-w- c:\windows\system32\spu_storage.bin
    2017-07-12 06:11 . 2016-06-25 06:04 135225752 -c--a-w- c:\windows\system32\MRT.exe
    2017-07-11 20:52 . 2016-12-30 16:18 803328 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2017-07-11 20:52 . 2016-12-30 16:18 144896 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2017-07-11 20:51 . 2017-06-17 02:51 4500992 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
    2017-06-06 21:32 . 2017-06-11 23:20 1078240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7AFC7207-9C99-4756-9F5E-F06238E89227}\gapaengine.dll
    2017-06-06 21:32 . 2016-08-18 14:57 1078240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    2017-06-02 08:10 . 2017-06-13 23:35 733696 ----a-w- c:\windows\HelpPane.exe
    2017-05-30 20:45 . 2010-11-21 03:27 565416 ------w- c:\windows\system32\MpSigStub.exe
    2017-05-16 15:30 . 2017-07-12 06:04 309760 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
    2017-05-16 15:12 . 2017-07-12 06:04 2179072 ----a-w- c:\windows\apppatch\AcGenral.dll
    2017-05-16 15:12 . 2017-07-12 06:04 2560 ----a-w- c:\windows\apppatch\AcRes.dll
    2017-05-12 18:27 . 2017-06-13 23:35 631176 ----a-w- c:\windows\system32\winresume.efi
    2017-05-12 18:26 . 2017-06-13 23:35 706792 ----a-w- c:\windows\system32\winload.efi
    2017-05-12 18:26 . 2017-06-13 23:35 5547752 ----a-w- c:\windows\system32\ntoskrnl.exe
    2017-05-12 18:26 . 2017-06-13 23:35 382696 ----a-w- c:\windows\system32\atmfd.dll
    2017-05-12 18:24 . 2017-06-13 23:35 1732864 ----a-w- c:\windows\system32\ntdll.dll
    2017-05-12 18:22 . 2017-06-13 23:34 362496 ----a-w- c:\windows\system32\wow64win.dll
    2017-05-12 18:22 . 2017-06-13 23:34 243712 ----a-w- c:\windows\system32\wow64.dll
    2017-05-12 18:22 . 2017-06-13 23:34 13312 ----a-w- c:\windows\system32\wow64cpu.dll
    2017-05-12 18:22 . 2017-06-13 23:35 215552 ----a-w- c:\windows\system32\winsrv.dll
    2017-05-12 18:22 . 2017-06-13 23:35 806912 ----a-w- c:\windows\system32\usp10.dll
    2017-05-12 18:22 . 2017-06-13 23:34 503808 ----a-w- c:\windows\system32\srcore.dll
    2017-05-12 18:22 . 2017-06-13 23:34 50176 ----a-w- c:\windows\system32\srclient.dll
    2017-05-12 18:22 . 2017-06-13 23:34 63488 ----a-w- c:\windows\system32\setbcdlocale.dll
    2017-05-12 18:22 . 2017-06-13 23:34 16384 ----a-w- c:\windows\system32\ntvdm64.dll
    2017-05-12 18:22 . 2017-06-13 23:35 1163264 ----a-w- c:\windows\system32\kernel32.dll
    2017-05-12 18:22 . 2017-06-13 23:35 419840 ----a-w- c:\windows\system32\KernelBase.dll
    2017-05-12 18:22 . 2017-06-13 23:34 41472 ----a-w- c:\windows\system32\lpk.dll
    2017-05-12 18:22 . 2017-06-13 23:35 405504 ----a-w- c:\windows\system32\gdi32.dll
    2017-05-12 18:22 . 2017-06-13 23:34 100864 ----a-w- c:\windows\system32\fontsub.dll
    2017-05-12 18:22 . 2017-06-13 23:34 44032 ----a-w- c:\windows\system32\csrsrv.dll
    2017-05-12 18:22 . 2017-06-13 23:34 14336 ----a-w- c:\windows\system32\dciman32.dll
    2017-05-12 18:22 . 2017-06-13 23:34 46080 ----a-w- c:\windows\system32\atmlib.dll
    2017-05-12 18:22 . 2017-06-13 23:35 880640 ----a-w- c:\windows\system32\advapi32.dll
    2017-05-12 18:22 . 2017-06-13 23:34 59904 ----a-w- c:\windows\system32\appidapi.dll
    2017-05-12 18:22 . 2017-06-13 23:34 34816 ----a-w- c:\windows\system32\appidsvc.dll
    2017-05-12 18:22 . 2017-06-13 23:34 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
    2017-05-12 18:22 . 2017-06-13 23:34 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
    2017-05-12 18:22 . 2017-06-13 23:34 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2017-05-12 18:22 . 2017-06-13 23:34 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2017-05-12 18:22 . 2017-06-13 23:34 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2017-05-12 18:22 . 2017-06-13 23:34 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2017-05-12 18:22 . 2017-06-13 23:34 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2017-05-12 18:22 . 2017-06-13 23:34 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2017-05-12 18:22 . 2017-06-13 23:34 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2017-05-12 18:22 . 2017-06-13 23:34 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2017-05-12 18:22 . 2017-06-13 23:34 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2017-05-12 18:22 . 2017-06-13 23:34 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2017-05-12 18:22 . 2017-06-13 23:34 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2017-05-12 18:22 . 2017-06-13 23:34 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2017-05-12 18:22 . 2017-06-13 23:34 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2017-05-12 18:22 . 2017-06-13 23:34 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
    2017-05-12 18:22 . 2017-06-13 23:34 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
    2017-05-12 18:22 . 2017-06-13 23:34 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2017-05-12 18:22 . 2017-06-13 23:34 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
    2017-05-12 18:22 . 2017-06-13 23:34 6656 ----a-w- c:\windows\system32\apisetschema.dll
    2017-05-12 18:22 . 2017-06-13 23:34 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2017-05-12 18:22 . 2017-06-13 23:34 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2017-05-12 18:22 . 2017-06-13 23:34 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2017-05-12 18:22 . 2017-06-13 23:34 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2017-05-12 18:22 . 2017-06-13 23:34 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2017-05-12 18:22 . 2017-06-13 23:34 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2017-05-12 18:22 . 2017-06-13 23:34 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2017-05-12 18:22 . 2017-06-13 23:34 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2017-05-12 18:22 . 2017-06-13 23:34 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
    2017-05-12 18:07 . 2017-06-13 23:35 4001000 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2017-05-12 18:07 . 2017-06-13 23:35 3945704 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2017-05-12 18:07 . 2017-06-13 23:35 308456 ----a-w- c:\windows\SysWow64\atmfd.dll
    2017-05-12 18:04 . 2017-06-13 23:35 1314112 ----a-w- c:\windows\SysWow64\ntdll.dll
    2017-05-12 18:03 . 2017-06-13 23:35 313344 ----a-w- c:\windows\SysWow64\gdi32.dll
    2017-05-12 18:03 . 2017-06-13 23:34 275456 ----a-w- c:\windows\SysWow64\KernelBase.dll
    2017-05-12 18:03 . 2017-06-13 23:34 5120 ----a-w- c:\windows\SysWow64\wow32.dll
    2017-05-12 18:03 . 2017-06-13 23:34 25600 ----a-w- c:\windows\SysWow64\lpk.dll
    2017-05-12 18:03 . 2017-06-13 23:35 629760 ----a-w- c:\windows\SysWow64\usp10.dll
    2017-05-12 18:03 . 2017-06-13 23:34 43008 ----a-w- c:\windows\SysWow64\srclient.dll
    2017-05-12 18:03 . 2017-06-13 23:34 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
    2017-05-12 18:03 . 2017-06-13 23:34 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
    2017-05-12 18:03 . 2017-06-13 23:34 644096 ----a-w- c:\windows\SysWow64\advapi32.dll
    2017-05-12 18:03 . 2017-06-13 23:34 50688 ----a-w- c:\windows\SysWow64\appidapi.dll
    2017-05-12 18:03 . 2017-06-13 23:34 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2017-05-12 18:03 . 2017-06-13 23:34 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
    2017-05-12 18:03 . 2017-06-13 23:34 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
    2017-05-12 18:03 . 2017-06-13 23:34 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
    2017-05-12 18:03 . 2017-06-13 23:34 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
    2017-05-12 18:03 . 2017-06-13 23:34 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
    2017-05-12 18:03 . 2017-06-13 23:34 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
    2017-05-12 18:03 . 2017-06-13 23:34 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
    2017-05-12 18:03 . 2017-06-13 23:34 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
    2017-05-12 18:03 . 2017-06-13 23:34 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
    2017-05-12 18:03 . 2017-06-13 23:34 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
    2017-05-12 18:03 . 2017-06-13 23:34 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
    2017-05-12 18:03 . 2017-06-13 23:34 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2017-05-12 18:03 . 2017-06-13 23:34 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
    2017-05-12 18:03 . 2017-06-13 23:34 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
    2017-05-12 18:03 . 2017-06-13 23:34 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
    2017-05-12 18:03 . 2017-06-13 23:34 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
    2017-05-12 18:03 . 2017-06-13 23:34 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
    2017-05-12 18:03 . 2017-06-13 23:34 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
    2017-05-12 18:03 . 2017-06-13 23:34 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2017-06-07 27742168]
    "GoogleChromeAutoLaunch_CA8C337BC90098A1457B584A38FF3CD7"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2017-06-23 1197912]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
    "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2015-09-24 840592]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2017-03-15 587288]
    .
    c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    AnyMeeting.lnk - c:\users\User_2\AppData\Roaming\Microsoft\Installer\{4DF71428-E2A8-4FED-8D67-B37D706D008F}\_6F282AB14BEFA1713431E9.exe anymeeting://?silent=true [2016-8-20 15086]
    .
    c:\users\User_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Super Finder XT.lnk - c:\program files (x86)\FSL\SuperFinder\SuperFinder.exe auto [2016-8-21 2447360]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    RescueTime.lnk - c:\program files (x86)\RescueTime\RescueTime.exe [2016-9-11 2607104]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R3 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys;c:\windows\SYSNATIVE\drivers\amd_sata.sys [x]
    R3 CryptoPreventEmail;CryptoPrevent Email Service;c:\program files (x86)\Foolish IT\CryptoPrevent\CryptoPreventMonSvc.exe;c:\program files (x86)\Foolish IT\CryptoPrevent\CryptoPreventMonSvc.exe [x]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\drivers\iusb3hub.sys;c:\windows\SYSNATIVE\drivers\iusb3hub.sys [x]
    R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\drivers\iusb3xhc.sys;c:\windows\SYSNATIVE\drivers\iusb3xhc.sys [x]
    R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
    R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\drivers\nvstusb.sys;c:\windows\SYSNATIVE\drivers\nvstusb.sys [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
    R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
    R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys;c:\windows\SYSNATIVE\drivers\amd_xata.sys [x]
    S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\drivers\amdkmpfd.sys;c:\windows\SYSNATIVE\drivers\amdkmpfd.sys [x]
    S0 iaStorA;iaStorA;c:\windows\system32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
    S0 iaStorF;iaStorF;c:\windows\system32\drivers\iaStorF.sys;c:\windows\SYSNATIVE\drivers\iaStorF.sys [x]
    S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\drivers\iusb3hcs.sys;c:\windows\SYSNATIVE\drivers\iusb3hcs.sys [x]
    S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
    S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvkflt.sys [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
    S2 CrashPlanService;CrashPlan Backup Service;c:\program files\CrashPlan\CrashPlanService.exe;c:\program files\CrashPlan\CrashPlanService.exe [x]
    S2 CryptoPreventMonSvc;CryptoPrevent Monitor Service;c:\program files (x86)\Foolish IT\CryptoPrevent\CryptoPreventMonSvc.exe;c:\program files (x86)\Foolish IT\CryptoPrevent\CryptoPreventMonSvc.exe [x]
    S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
    S2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [x]
    S2 PSI_SVC_2_x64;Corel License Validation Service V2 x64, Powered by arvato;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe [x]
    S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
    S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe;c:\windows\SYSNATIVE\vcsFPService.exe [x]
    S2 WlanWpsSvc;WlanWpsSvc;c:\program files (x86)\D-Link\DWA-130 revE\WlanWpsSvc.exe;c:\program files (x86)\D-Link\DWA-130 revE\WlanWpsSvc.exe [x]
    S2 WTabletServiceCon;Wacom Consumer Service;c:\program files\Tablet\Pen\WTabletServiceCon.exe;c:\program files\Tablet\Pen\WTabletServiceCon.exe [x]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
    S3 CryptoPreventFolderWatch;CryptoPrevent Folder Watch Service;c:\program files (x86)\Foolish IT\CryptoPrevent\CryptoPreventMonSvc.exe;c:\program files (x86)\Foolish IT\CryptoPrevent\CryptoPreventMonSvc.exe [x]
    S3 e1kexpress;Intel(R) Network Connections Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1k62x64.sys [x]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
    S3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys;c:\windows\SYSNATIVE\DRIVERS\hidkmdf.sys [x]
    S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
    S3 LVUVC64;Logitech Webcam C210(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
    S3 RTSUER;Realtek USB Card Reader - UER;c:\windows\system32\Drivers\RtsUer.sys;c:\windows\SYSNATIVE\Drivers\RtsUer.sys [x]
    S3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys;c:\windows\SYSNATIVE\DRIVERS\wachidrouter.sys [x]
    S3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys;c:\windows\SYSNATIVE\DRIVERS\wacomrouterfilter.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - MBAMSWISSARMY
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
    LocalDriverService REG_MULTI_SZ LDrvSvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2017-07-23 c:\windows\Tasks\G2MUpdateTask-S-1-5-21-2352983324-3960172132-545522257-1001.job
    - c:\program files (x86)\GoToMeeting\7297\g2mupdate.exe [2017-07-08 03:29]
    .
    2017-07-23 c:\windows\Tasks\G2MUploadTask-S-1-5-21-2352983324-3960172132-545522257-1001.job
    - c:\program files (x86)\GoToMeeting\7297\g2mupload.exe [2017-07-08 03:29]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Broadcom Wireless Manager UI"="c:\program files\Broadcom\Broadcom 802.11\WLTRAY.exe" [2009-12-07 5151744]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2016-11-15 1353680]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2015-06-02 183216]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2015-06-02 411056]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2015-06-02 453552]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2016-07-29 16686600]
    "CrashPlanTray"="c:\program files\CrashPlan\CrashPlanTray.exe" [2017-06-08 462808]
    "Malwarebytes TrayApp"="c:\program files\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe" [2017-05-09 3146704]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-99ff3772
    mStart Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-99ff3772
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.2.1 142.166.166.166
    Handler: intu-tt2016 - {D3619A28-0FAE-4AD2-A79F-BAD3CD6E8779} - c:\program files (x86)\TurboTax 2016\ic2016pp.dll
    FF - ProfilePath - c:\users\User_2\AppData\Roaming\Mozilla\Firefox\Profiles\6o1l1ku7.default\
    FF - prefs.js: browser.search.selectedEngine - Search Provided by Bing
    FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/search?FORM=INCOH1&PC=IC04&PTAG=ICO-99ff3772
    FF - prefs.js: keyword.URL - true
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    Toolbar-Locked - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    HKLM-Run-Corel Photo Downloader - c:\program files (x86)\Corel\Corel Snapfire\Corel Photo Downloader.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_26_0_0_137_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_26_0_0_137_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_26_0_0_137_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_26_0_0_137_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_26_0_0_137.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.26"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_26_0_0_137.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_26_0_0_137.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_26_0_0_137.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2017-07-23 18:07:38
    ComboFix-quarantined-files.txt 2017-07-23 21:07
    .
    Pre-Run: 181,272,907,776 bytes free
    Post-Run: 187,335,393,280 bytes free
    .
    - - End Of File - - 4CA2FA97CB68E1E59093E84003C86C71
    A36C5E4F47E84449FF07ED3517B43A31

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •