Jump to content


Photo

CSRSS.exe eating cpu cycles


  • Please log in to reply
10 replies to this topic

#1 TheWriterInBlack

TheWriterInBlack

    Member

  • Full Member
  • Pip
  • 60 posts

Posted 28 May 2018 - 09:22 AM

As the topic says, my CPU usage (both cores) frequently runs close to max and the process csrss.exe seems to be the culprit.

 

Searching on Google for this gives results that this is usually either caused by malware spoofing the csrss.exe file (with the "fix" being to run Malwarebytes, which I have done) or a corrupted user account. Hoping for a "fix" other than starting over with a new user account if that's the case. 

 

I've got a Windows 7, 64 bit system.  E5700 dual core processor and 4 GB of memory.

 

Logs as follows:

MBAM:

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 5/28/18
Scan Time: 1:18 AM
Log File: 86b1e898-6236-11e8-a8ac-4437e61650d2.json
Administrator: Yes
 
-Software Information-
Version: 3.4.5.2467
Components Version: 1.0.342
Update Package Version: 1.0.5274
License: Premium
 
-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: DBHome2\dburkhead
 
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 528772
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 42 min, 1 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)
 
FRST:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16.05.2018 01
Ran by dburkhead (administrator) on DBHOME2 (28-05-2018 10:40:13)
Running from C:\Users\dburkhead\Desktop\Security
Loaded Profiles: dburkhead (Available Profiles: dburkhead & Backup)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7Debug\mdm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Alcatel-Lucent) C:\Program Files\ATT-SST\pcTrayApp.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
(Google Inc.) C:\Users\dburkhead\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
() C:\Program Files\Google\Drive\googledrivesync.exe
(Memeo) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
(Western Digital) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Lenovo (Shenzhen) Electronic Co., Ltd.) C:\Program Files (x86)\Lenovo\FanSpeedControl\LenovoFSC.exe
(JME) C:\Program Files (x86)\jmesoft\hotkey.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
() C:\Users\dburkhead\Documents\rsc-1.5\randomSIG.exe
() C:\Program Files\Google\Drive\googledrivesync.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8060960 2009-08-05] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [ATT-SST_McciTrayApp] => C:\Program Files\ATT-SST\pcTrayApp.exe [2794496 2013-05-07] (Alcatel-Lucent)
HKLM\...\Run: [ShadowPlay] => "C:\windows\system32\rundll32.exe" C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [LenovoFSC] => C:\Program Files (x86)\Lenovo\FanSpeedControl\LenovoFSC.exe [49152 2009-07-29] (Lenovo (Shenzhen) Electronic Co., Ltd.)
HKLM-x32\...\Run: [jmekey] => C:\Program Files (x86)\jmesoft\hotkey.exe [114688 2009-07-16] (JME)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2017-01-13] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3910636834-3735429815-1665592217-1001\...\Run: [MobileDocuments] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-3910636834-3735429815-1665592217-1001\...\Run: [Google Update] => C:\Users\dburkhead\AppData\Local\Google\Update\1.3.33.17\GoogleUpdateCore.exe [601680 2018-05-16] (Google Inc.)
HKU\S-1-5-21-3910636834-3735429815-1665592217-1001\...\Run: [MusicManager] => C:\Users\dburkhead\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7643136 2015-11-17] (Google Inc.)
HKU\S-1-5-21-3910636834-3735429815-1665592217-1001\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [46281240 2018-05-21] ()
HKU\S-1-5-21-3910636834-3735429815-1665592217-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [49654736 2018-05-18] (Skype Technologies S.A.)
HKU\S-1-5-21-3910636834-3735429815-1665592217-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [KSS] => "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun
HKU\S-1-5-18\...\RunOnce: [WLStart] => C:\Program Files (x86)\Windows Live\Installer\wlstart.exe [768336 2009-07-26] (Microsoft Corporation)
HKU\S-1-5-18\...A8F59079A8D5}\localserver32:  <==== ATTENTION
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acrobat Assistant.lnk [2011-05-17]
ShortcutTarget: Acrobat Assistant.lnk -> C:\Program Files (x86)\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2013-12-17]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk [2010-12-27]
ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDSmartWare.lnk [2010-12-27]
ShortcutTarget: WDSmartWare.lnk -> C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
Startup: C:\Users\dburkhead\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\randomSIG.lnk [2010-12-19]
ShortcutTarget: randomSIG.lnk -> C:\Users\dburkhead\Documents\rsc-1.5\randomSIG.exe ()
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2010-11-02]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2010-11-02]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File 
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File 
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File 
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{84667FC7-D29F-4796-9C8F-3593B6742831}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKU\S-1-5-21-3910636834-3735429815-1665592217-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.coldservings.com/
SearchScopes: HKU\S-1-5-21-3910636834-3735429815-1665592217-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll [2013-04-08] (pdfforge GmbH)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
Handler-x32: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2004-01-29] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2004-01-29] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2004-01-29] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2004-01-29] (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2004-01-29] (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2004-01-29] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [2004-01-29] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: r6l8ts3w.default
FF ProfilePath: C:\Users\dburkhead\AppData\Roaming\Mozilla\Firefox\Profiles\r6l8ts3w.default [2018-05-06]
FF Homepage: Mozilla\Firefox\Profiles\r6l8ts3w.default -> about:home
FF NewTab: Mozilla\Firefox\Profiles\r6l8ts3w.default -> about:newtab
FF Extension: (NoScript) - C:\Users\dburkhead\AppData\Roaming\Mozilla\Firefox\Profiles\r6l8ts3w.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2018-04-24]
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_29_0_0_171.dll [2018-05-09] ()
FF Plugin: @microsoft.com/GENUINE -> C:\windows\system32\Wat\npWatWeb.dll [2010-12-23] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_171.dll [2018-05-09] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 -> C:\windows\SysWOW64\npDeployJava1.dll [2013-04-19] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\windows\system32\Wat\npWatWeb.dll [2010-12-23] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll [2013-05-07] (Alcatel-Lucent)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-02-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-02-23] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-05-10] (Adobe Systems Inc.)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [No File]
FF Plugin HKU\S-1-5-21-3910636834-3735429815-1665592217-1001: @citrixonline.com/appdetectorplugin -> C:\Users\dburkhead\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-10-20] (Citrix Online)
FF Plugin HKU\S-1-5-21-3910636834-3735429815-1665592217-1001: @nsroblox.roblox.com/launcher -> C:\Users\dburkhead\AppData\Local\Roblox\Versions\version-eecd9135a67340ab\\NPRobloxProxy.dll [2012-05-24] ( Roblox Corporation)
FF Plugin HKU\S-1-5-21-3910636834-3735429815-1665592217-1001: @tools.google.com/Google Update;version=3 -> C:\Users\dburkhead\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-3910636834-3735429815-1665592217-1001: @tools.google.com/Google Update;version=9 -> C:\Users\dburkhead\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-3910636834-3735429815-1665592217-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\dburkhead\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [No File]
 
Chrome: 
=======
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\dburkhead\AppData\Local\Google\Chrome\User Data\Default [2018-05-28]
CHR Extension: (Slides) - C:\Users\dburkhead\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-27]
CHR Extension: (Docs) - C:\Users\dburkhead\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-02]
CHR Extension: (Google Drive) - C:\Users\dburkhead\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-27]
CHR Extension: (YouTube) - C:\Users\dburkhead\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-27]
CHR Extension: (Adobe Acrobat) - C:\Users\dburkhead\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-05-27]
CHR Extension: (Sheets) - C:\Users\dburkhead\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-27]
CHR Extension: (Google Docs Offline) - C:\Users\dburkhead\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-31]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\dburkhead\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-05-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\dburkhead\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-05]
CHR Extension: (Gmail) - C:\Users\dburkhead\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-27]
CHR Extension: (Chrome Media Router) - C:\Users\dburkhead\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-04-25]
CHR HKU\S-1-5-21-3910636834-3735429815-1665592217-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3910636834-3735429815-1665592217-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6479136 2018-03-27] (Malwarebytes)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [460288 2013-05-07] (Alcatel-Lucent) [File not signed]
R2 pcServiceHost; C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe [342528 2013-05-07] (Alcatel-Lucent) [File not signed]
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [130048 2010-01-21] (WDC) [File not signed]
R2 WDSmartWareBackgroundService; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [20480 2009-06-16] (Memeo) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 NvContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerLocalSystem -a -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000
S3 NvContainerNetworkService; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerNetworkService -f "C:\ProgramData\NVIDIA\NvContainerNetworkService.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\NetworkService" -r -p 30000
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugin"
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
R1 ESProtectionDriver; C:\windows\system32\drivers\mbae64.sys [76192 2018-03-19] ()
R0 MBAMChameleon; C:\windows\System32\Drivers\MbamChameleon.sys [193768 2018-04-10] (Malwarebytes)
R3 MBAMFarflt; C:\windows\System32\DRIVERS\farflt.sys [112864 2018-05-28] (Malwarebytes)
R3 MBAMProtection; C:\windows\System32\DRIVERS\mbam.sys [44768 2018-05-28] (Malwarebytes)
R3 MBAMSwissArmy; C:\windows\System32\Drivers\mbamswissarmy.sys [253664 2018-05-28] (Malwarebytes)
R3 MBAMWebProtection; C:\windows\System32\DRIVERS\mwac.sys [93816 2018-05-28] (Malwarebytes)
R0 MpFilter; C:\windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R1 MpKslc0f89d50; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{14298040-4CA1-4311-A488-521DDABD0D73}\MpKslc0f89d50.sys [58120 2018-05-28] (Microsoft Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2013-05-07] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2013-05-07] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2013-05-07] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2013-05-07] (Printing Communications Assoc., Inc. (PCAUSA))
R3 NisDrv; C:\windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [29240 2017-02-23] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\windows\System32\drivers\nvvad64v.sys [47672 2017-02-23] (NVIDIA Corporation)
R3 nvvhci; C:\windows\System32\DRIVERS\nvvhci.sys [59448 2017-02-23] (NVIDIA Corporation)
S3 RTL8023x64; C:\windows\System32\DRIVERS\Rtnic64.sys [51712 2009-06-10] (Realtek Semiconductor Corporation )
R3 SuperIO; C:\windows\System32\DRIVERS\spio.sys [11848 2009-06-05] ()
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-04-24] ()
S3 vmulti; C:\windows\System32\DRIVERS\vmulti.sys [10752 2014-09-16] (Windows ® Win 7 DDK provider) [File not signed]
S3 WacHidRouterPro; system32\DRIVERS\wachidrouter.sys [X]
S3 wacomrouterfilter; system32\DRIVERS\wacomrouterfilter.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-05-28 01:15 - 2018-05-28 01:15 - 000253664 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamswissarmy.sys
2018-05-23 22:37 - 2018-05-28 10:40 - 000000000 ____D C:\FRST
2018-05-18 22:51 - 2018-05-28 10:17 - 000093816 _____ (Malwarebytes) C:\windows\system32\Drivers\mwac.sys
2018-05-18 21:44 - 2018-01-29 16:27 - 000000000 ____D C:\Users\dburkhead\Downloads\Ariana
2018-05-18 21:06 - 2018-05-18 22:40 - 1567727724 _____ C:\Users\dburkhead\Downloads\Season 7.zip
2018-05-18 19:16 - 2018-05-18 20:49 - 1470150708 _____ C:\Users\dburkhead\Downloads\Season 6.zip
2018-05-18 07:51 - 2018-05-18 09:23 - 1852932274 _____ C:\Users\dburkhead\Downloads\Season 5.zip
2018-05-17 22:23 - 2018-05-17 23:55 - 2069560602 _____ C:\Users\dburkhead\Downloads\Season 4.zip
2018-05-17 20:23 - 2018-05-17 21:56 - 2181061030 _____ C:\Users\dburkhead\Downloads\Season 3.zip
2018-05-17 18:50 - 2018-05-17 20:22 - 1631662875 _____ C:\Users\dburkhead\Downloads\Season 2.zip
2018-05-17 17:49 - 2018-05-17 19:21 - 2146068646 _____ C:\Users\dburkhead\Downloads\Season 1.zip
2018-05-15 23:07 - 2018-05-15 23:07 - 000002037 _____ C:\Users\dburkhead\AppData\Local\recently-used.xbel
2018-05-14 20:14 - 2018-05-14 23:05 - 1144183932 _____ C:\Users\dburkhead\Downloads\bobbi-starr-si.mp4
2018-05-14 17:39 - 2018-05-14 19:32 - 1294913295 _____ C:\Users\dburkhead\Downloads\Bobbi.Starr_HTBALM720.mp4
2018-05-13 19:46 - 2018-05-13 19:55 - 161558082 _____ C:\Users\dburkhead\Downloads\pdf_uscAll@115-170not141.zip
2018-05-08 14:52 - 2018-04-23 14:57 - 000396960 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2018-05-08 14:52 - 2018-04-23 14:02 - 000348832 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2018-05-08 14:52 - 2018-04-22 20:35 - 005583552 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2018-05-08 14:52 - 2018-04-22 20:35 - 000708288 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2018-05-08 14:52 - 2018-04-22 20:12 - 004047040 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2018-05-08 14:52 - 2018-04-22 20:12 - 003958464 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2018-05-08 14:52 - 2018-04-22 20:00 - 000876032 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2018-05-08 14:52 - 2018-04-22 20:00 - 000512512 _____ (Microsoft Corporation) C:\windows\system32\rpcss.dll
2018-05-08 14:52 - 2018-04-22 20:00 - 000094208 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2018-05-08 14:52 - 2018-04-22 19:40 - 000582144 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2018-05-08 14:52 - 2018-04-22 04:04 - 025744896 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2018-05-08 14:52 - 2018-04-22 03:40 - 002902016 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2018-05-08 14:52 - 2018-04-22 03:38 - 000578048 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2018-05-08 14:52 - 2018-04-22 03:32 - 005779456 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2018-05-08 14:52 - 2018-04-22 03:26 - 000794624 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2018-05-08 14:52 - 2018-04-22 03:24 - 020286464 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2018-05-08 14:52 - 2018-04-22 03:18 - 000969216 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2018-05-08 14:52 - 2018-04-22 03:04 - 000499712 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2018-05-08 14:52 - 2018-04-22 03:00 - 002295296 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2018-05-08 14:52 - 2018-04-22 02:54 - 000661504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2018-05-08 14:52 - 2018-04-22 02:49 - 000809472 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2018-05-08 14:52 - 2018-04-22 02:48 - 015283200 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2018-05-08 14:52 - 2018-04-22 02:46 - 002135552 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2018-05-08 14:52 - 2018-04-22 02:33 - 003241472 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2018-05-08 14:52 - 2018-04-22 02:31 - 004496896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2018-05-08 14:52 - 2018-04-22 02:27 - 000696320 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2018-05-08 14:52 - 2018-04-22 02:26 - 013679616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2018-05-08 14:52 - 2018-04-22 02:26 - 002059776 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2018-05-08 14:52 - 2018-04-22 02:22 - 001546240 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2018-05-08 14:52 - 2018-04-22 02:08 - 002767872 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2018-05-08 14:52 - 2018-04-22 02:04 - 001314304 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2018-05-08 14:52 - 2018-04-18 12:03 - 000701952 _____ (Microsoft Corporation) C:\windows\system32\hhctrl.ocx
2018-05-08 14:52 - 2018-04-18 11:51 - 000523776 _____ (Microsoft Corporation) C:\windows\SysWOW64\hhctrl.ocx
2018-05-08 14:52 - 2018-04-11 12:38 - 000170496 _____ (Microsoft Corporation) C:\windows\system32\itss.dll
2018-05-08 14:52 - 2018-04-11 12:36 - 000142848 _____ (Microsoft Corporation) C:\windows\SysWOW64\itss.dll
2018-05-08 14:52 - 2018-04-10 15:45 - 000634272 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2018-05-08 14:52 - 2018-04-10 12:36 - 000236032 _____ (Microsoft Corporation) C:\windows\system32\srvsvc.dll
2018-05-08 14:52 - 2018-04-10 12:35 - 001735168 _____ (Microsoft Corporation) C:\windows\system32\comsvcs.dll
2018-05-08 14:52 - 2018-04-10 12:34 - 000525824 _____ (Microsoft Corporation) C:\windows\system32\catsrvut.dll
2018-05-08 14:52 - 2018-04-10 12:33 - 001241600 _____ (Microsoft Corporation) C:\windows\SysWOW64\comsvcs.dll
2018-05-08 14:52 - 2018-04-10 11:54 - 003226112 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2018-05-08 14:52 - 2018-04-10 11:48 - 000464384 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv.sys
2018-05-08 14:52 - 2018-04-10 11:47 - 000406016 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys
2018-05-08 14:52 - 2018-04-10 11:47 - 000169984 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys
2018-05-08 14:52 - 2018-04-07 12:41 - 000371392 _____ (Microsoft Corporation) C:\windows\system32\clfs.sys
2018-05-08 14:52 - 2018-03-14 13:12 - 003165184 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2018-05-08 14:52 - 2018-03-14 13:12 - 000098816 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2018-05-08 14:52 - 2018-03-14 12:57 - 000573440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2018-05-08 14:52 - 2018-03-14 12:57 - 000093696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2018-05-08 14:52 - 2018-03-14 12:53 - 002651648 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2018-05-08 14:51 - 2018-04-22 20:35 - 000262336 _____ (Microsoft Corporation) C:\windows\system32\hal.dll
2018-05-08 14:51 - 2018-04-22 20:35 - 000154816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2018-05-08 14:51 - 2018-04-22 20:35 - 000095424 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2018-05-08 14:51 - 2018-04-22 20:10 - 000631640 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2018-05-08 14:51 - 2018-04-22 20:07 - 001665336 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2018-05-08 14:51 - 2018-04-22 20:00 - 002066432 _____ (Microsoft Corporation) C:\windows\system32\ole32.dll
2018-05-08 14:51 - 2018-04-22 20:00 - 001461248 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2018-05-08 14:51 - 2018-04-22 20:00 - 001212928 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2018-05-08 14:51 - 2018-04-22 20:00 - 001163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2018-05-08 14:51 - 2018-04-22 20:00 - 000880640 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2018-05-08 14:51 - 2018-04-22 20:00 - 000731648 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2018-05-08 14:51 - 2018-04-22 20:00 - 000690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2018-05-08 14:51 - 2018-04-22 20:00 - 000503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2018-05-08 14:51 - 2018-04-22 20:00 - 000463872 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2018-05-08 14:51 - 2018-04-22 20:00 - 000419840 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2018-05-08 14:51 - 2018-04-22 20:00 - 000361984 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2018-05-08 14:51 - 2018-04-22 20:00 - 000345600 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2018-05-08 14:51 - 2018-04-22 20:00 - 000316928 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2018-05-08 14:51 - 2018-04-22 20:00 - 000312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2018-05-08 14:51 - 2018-04-22 20:00 - 000243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2018-05-08 14:51 - 2018-04-22 20:00 - 000215552 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2018-05-08 14:51 - 2018-04-22 20:00 - 000210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2018-05-08 14:51 - 2018-04-22 20:00 - 000190464 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
2018-05-08 14:51 - 2018-04-22 20:00 - 000146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2018-05-08 14:51 - 2018-04-22 20:00 - 000135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2018-05-08 14:51 - 2018-04-22 20:00 - 000123904 _____ (Microsoft Corporation) C:\windows\system32\bcrypt.dll
2018-05-08 14:51 - 2018-04-22 20:00 - 000063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2018-05-08 14:51 - 2018-04-22 20:00 - 000060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2018-05-08 14:51 - 2018-04-22 20:00 - 000059904 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2018-05-08 14:51 - 2018-04-22 20:00 - 000050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2018-05-08 14:51 - 2018-04-22 20:00 - 000044032 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2018-05-08 14:51 - 2018-04-22 20:00 - 000043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2018-05-08 14:51 - 2018-04-22 20:00 - 000034816 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2018-05-08 14:51 - 2018-04-22 20:00 - 000028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2018-05-08 14:51 - 2018-04-22 20:00 - 000028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2018-05-08 14:51 - 2018-04-22 20:00 - 000026112 _____ (Microsoft Corporation) C:\windows\system32\oleres.dll
2018-05-08 14:51 - 2018-04-22 20:00 - 000022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2018-05-08 14:51 - 2018-04-22 20:00 - 000016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2018-05-08 14:51 - 2018-04-22 20:00 - 000013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2018-05-08 14:51 - 2018-04-22 20:00 - 000008704 _____ (Microsoft Corporation) C:\windows\system32\comcat.dll
2018-05-08 14:51 - 2018-04-22 20:00 - 000007168 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2018-05-08 14:51 - 2018-04-22 20:00 - 000006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2018-05-08 14:51 - 2018-04-22 20:00 - 000005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2018-05-08 14:51 - 2018-04-22 20:00 - 000004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2018-05-08 14:51 - 2018-04-22 20:00 - 000004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2018-05-08 14:51 - 2018-04-22 20:00 - 000004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-05-08 14:51 - 2018-04-22 20:00 - 000004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2018-05-08 14:51 - 2018-04-22 20:00 - 000004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2018-05-08 14:51 - 2018-04-22 20:00 - 000004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2018-05-08 14:51 - 2018-04-22 20:00 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-05-08 14:51 - 2018-04-22 20:00 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-05-08 14:51 - 2018-04-22 20:00 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-05-08 14:51 - 2018-04-22 20:00 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2018-05-08 14:51 - 2018-04-22 20:00 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2018-05-08 14:51 - 2018-04-22 20:00 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-05-08 14:51 - 2018-04-22 20:00 - 000003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2018-05-08 14:51 - 2018-04-22 20:00 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2018-05-08 14:51 - 2018-04-22 20:00 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2018-05-08 14:51 - 2018-04-22 20:00 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2018-05-08 14:51 - 2018-04-22 20:00 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2018-05-08 14:51 - 2018-04-22 20:00 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2018-05-08 14:51 - 2018-04-22 20:00 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2018-05-08 14:51 - 2018-04-22 20:00 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2018-05-08 14:51 - 2018-04-22 20:00 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2018-05-08 14:51 - 2018-04-22 20:00 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-05-08 14:51 - 2018-04-22 20:00 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2018-05-08 14:51 - 2018-04-22 20:00 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2018-05-08 14:51 - 2018-04-22 20:00 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2018-05-08 14:51 - 2018-04-22 20:00 - 000003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2018-05-08 14:51 - 2018-04-22 19:44 - 001314064 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2018-05-08 14:51 - 2018-04-22 19:41 - 001114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2018-05-08 14:51 - 2018-04-22 19:41 - 000666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2018-05-08 14:51 - 2018-04-22 19:41 - 000275456 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2018-05-08 14:51 - 2018-04-22 19:41 - 000172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2018-05-08 14:51 - 2018-04-22 19:41 - 000096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2018-05-08 14:51 - 2018-04-22 19:41 - 000082944 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcrypt.dll
2018-05-08 14:51 - 2018-04-22 19:41 - 000070144 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2018-05-08 14:51 - 2018-04-22 19:41 - 000043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2018-05-08 14:51 - 2018-04-22 19:41 - 000005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2018-05-08 14:51 - 2018-04-22 19:40 - 001417728 _____ (Microsoft Corporation) C:\windows\SysWOW64\ole32.dll
2018-05-08 14:51 - 2018-04-22 19:40 - 000690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2018-05-08 14:51 - 2018-04-22 19:40 - 000644096 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2018-05-08 14:51 - 2018-04-22 19:40 - 000554496 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2018-05-08 14:51 - 2018-04-22 19:40 - 000342528 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2018-05-08 14:51 - 2018-04-22 19:40 - 000261120 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2018-05-08 14:51 - 2018-04-22 19:40 - 000254464 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2018-05-08 14:51 - 2018-04-22 19:40 - 000223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2018-05-08 14:51 - 2018-04-22 19:40 - 000146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2018-05-08 14:51 - 2018-04-22 19:40 - 000141312 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll
2018-05-08 14:51 - 2018-04-22 19:40 - 000060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2018-05-08 14:51 - 2018-04-22 19:40 - 000050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2018-05-08 14:51 - 2018-04-22 19:40 - 000026112 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleres.dll
2018-05-08 14:51 - 2018-04-22 19:40 - 000022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2018-05-08 14:51 - 2018-04-22 19:40 - 000017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2018-05-08 14:51 - 2018-04-22 19:40 - 000007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2018-05-08 14:51 - 2018-04-22 19:40 - 000005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2018-05-08 14:51 - 2018-04-22 19:40 - 000004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-05-08 14:51 - 2018-04-22 19:40 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-05-08 14:51 - 2018-04-22 19:40 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-05-08 14:51 - 2018-04-22 19:40 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-05-08 14:51 - 2018-04-22 19:40 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-05-08 14:51 - 2018-04-22 19:40 - 000004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-05-08 14:51 - 2018-04-22 19:40 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-05-08 14:51 - 2018-04-22 19:40 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-05-08 14:51 - 2018-04-22 19:40 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-05-08 14:51 - 2018-04-22 19:40 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-05-08 14:51 - 2018-04-22 19:40 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-05-08 14:51 - 2018-04-22 19:40 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-05-08 14:51 - 2018-04-22 19:40 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2018-05-08 14:51 - 2018-04-22 19:40 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-05-08 14:51 - 2018-04-22 19:40 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-05-08 14:51 - 2018-04-22 19:40 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2018-05-08 14:51 - 2018-04-22 19:40 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-05-08 14:51 - 2018-04-22 19:40 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-05-08 14:51 - 2018-04-22 19:40 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-05-08 14:51 - 2018-04-22 19:40 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-05-08 14:51 - 2018-04-22 19:40 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-05-08 14:51 - 2018-04-22 19:40 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-05-08 14:51 - 2018-04-22 19:40 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2018-05-08 14:51 - 2018-04-22 19:32 - 000148480 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2018-05-08 14:51 - 2018-04-22 19:32 - 000062464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2018-05-08 14:51 - 2018-04-22 19:32 - 000017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2018-05-08 14:51 - 2018-04-22 19:31 - 000064512 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2018-05-08 14:51 - 2018-04-22 19:28 - 000338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2018-05-08 14:51 - 2018-04-22 19:28 - 000129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\videoprt.sys
2018-05-08 14:51 - 2018-04-22 19:27 - 000296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2018-05-08 14:51 - 2018-04-22 19:25 - 000160256 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2018-05-08 14:51 - 2018-04-22 19:24 - 000291328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2018-05-08 14:51 - 2018-04-22 19:24 - 000129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2018-05-08 14:51 - 2018-04-22 19:24 - 000007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\comcat.dll
2018-05-08 14:51 - 2018-04-22 19:23 - 000112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2018-05-08 14:51 - 2018-04-22 19:23 - 000030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2018-05-08 14:51 - 2018-04-22 19:22 - 000050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2018-05-08 14:51 - 2018-04-22 19:19 - 000025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2018-05-08 14:51 - 2018-04-22 19:19 - 000014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2018-05-08 14:51 - 2018-04-22 19:19 - 000007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2018-05-08 14:51 - 2018-04-22 19:19 - 000002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2018-05-08 14:51 - 2018-04-22 19:18 - 000036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2018-05-08 14:51 - 2018-04-22 19:18 - 000006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2018-05-08 14:51 - 2018-04-22 19:18 - 000004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-05-08 14:51 - 2018-04-22 19:18 - 000003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-05-08 14:51 - 2018-04-22 19:18 - 000003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2018-05-08 14:51 - 2018-04-22 03:53 - 002724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2018-05-08 14:51 - 2018-04-22 03:53 - 000004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2018-05-08 14:51 - 2018-04-22 03:39 - 000066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2018-05-08 14:51 - 2018-04-22 03:38 - 000417280 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2018-05-08 14:51 - 2018-04-22 03:38 - 000048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2018-05-08 14:51 - 2018-04-22 03:37 - 000088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2018-05-08 14:51 - 2018-04-22 03:31 - 000054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2018-05-08 14:51 - 2018-04-22 03:30 - 000034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2018-05-08 14:51 - 2018-04-22 03:27 - 000615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2018-05-08 14:51 - 2018-04-22 03:26 - 000814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2018-05-08 14:51 - 2018-04-22 03:26 - 000144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2018-05-08 14:51 - 2018-04-22 03:26 - 000116224 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2018-05-08 14:51 - 2018-04-22 03:16 - 002724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2018-05-08 14:51 - 2018-04-22 03:15 - 000489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2018-05-08 14:51 - 2018-04-22 03:08 - 000087552 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2018-05-08 14:51 - 2018-04-22 03:08 - 000077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2018-05-08 14:51 - 2018-04-22 03:07 - 000107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2018-05-08 14:51 - 2018-04-22 03:04 - 000199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2018-05-08 14:51 - 2018-04-22 03:04 - 000092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2018-05-08 14:51 - 2018-04-22 03:04 - 000062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2018-05-08 14:51 - 2018-04-22 03:03 - 000341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2018-05-08 14:51 - 2018-04-22 03:03 - 000047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2018-05-08 14:51 - 2018-04-22 03:02 - 000315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2018-05-08 14:51 - 2018-04-22 03:02 - 000064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2018-05-08 14:51 - 2018-04-22 03:00 - 000152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2018-05-08 14:51 - 2018-04-22 02:57 - 000047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2018-05-08 14:51 - 2018-04-22 02:56 - 000030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2018-05-08 14:51 - 2018-04-22 02:55 - 000476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2018-05-08 14:51 - 2018-04-22 02:53 - 000620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2018-05-08 14:51 - 2018-04-22 02:53 - 000115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2018-05-08 14:51 - 2018-04-22 02:51 - 000262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2018-05-08 14:51 - 2018-04-22 02:49 - 000728064 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2018-05-08 14:51 - 2018-04-22 02:46 - 001359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2018-05-08 14:51 - 2018-04-22 02:45 - 000416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2018-05-08 14:51 - 2018-04-22 02:40 - 000073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2018-05-08 14:51 - 2018-04-22 02:40 - 000060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2018-05-08 14:51 - 2018-04-22 02:39 - 000091136 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2018-05-08 14:51 - 2018-04-22 02:37 - 000168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2018-05-08 14:51 - 2018-04-22 02:37 - 000076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2018-05-08 14:51 - 2018-04-22 02:35 - 000279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2018-05-08 14:51 - 2018-04-22 02:34 - 000130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2018-05-08 14:51 - 2018-04-22 02:29 - 000230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2018-05-08 14:51 - 2018-04-22 02:26 - 001155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2018-05-08 14:51 - 2018-04-22 02:11 - 000800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2018-05-08 14:51 - 2018-04-22 02:03 - 000710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2018-05-08 14:51 - 2018-04-18 12:03 - 000053248 _____ (Microsoft Corporation) C:\windows\system32\hhsetup.dll
2018-05-08 14:51 - 2018-04-18 11:51 - 000043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\hhsetup.dll
2018-05-08 14:51 - 2018-04-18 11:41 - 000016896 _____ (Microsoft Corporation) C:\windows\hh.exe
2018-05-08 14:51 - 2018-04-18 11:35 - 000015360 _____ (Microsoft Corporation) C:\windows\SysWOW64\hh.exe
2018-05-08 14:51 - 2018-04-11 12:38 - 000194048 _____ (Microsoft Corporation) C:\windows\system32\itircl.dll
2018-05-08 14:51 - 2018-04-11 12:36 - 000158720 _____ (Microsoft Corporation) C:\windows\SysWOW64\itircl.dll
2018-05-08 14:51 - 2018-04-10 12:36 - 000013312 _____ (Microsoft Corporation) C:\windows\system32\sscore.dll
2018-05-08 14:51 - 2018-04-10 12:32 - 000487936 _____ (Microsoft Corporation) C:\windows\SysWOW64\catsrvut.dll
2018-05-08 14:51 - 2018-04-10 12:00 - 000009728 _____ (Microsoft Corporation) C:\windows\SysWOW64\sscore.dll
2018-05-08 14:51 - 2018-03-18 18:16 - 000002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2018-05-08 14:51 - 2018-03-18 18:11 - 000002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2018-05-08 14:51 - 2018-03-14 13:16 - 000174080 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2018-05-08 14:51 - 2018-03-14 13:12 - 000192512 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2018-05-08 14:51 - 2018-03-14 13:07 - 000091136 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2018-05-08 14:51 - 2018-03-14 12:57 - 000035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2018-05-08 14:51 - 2018-03-14 12:57 - 000030208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2018-05-08 14:51 - 2018-03-14 12:53 - 000709120 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2018-05-08 14:51 - 2018-03-14 12:52 - 000140288 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2018-05-08 14:51 - 2018-03-14 12:52 - 000037888 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2018-05-08 14:51 - 2018-03-14 12:52 - 000037888 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2018-05-08 14:51 - 2018-03-14 12:52 - 000036864 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2018-05-08 14:51 - 2018-03-14 12:52 - 000012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2018-05-06 14:35 - 2018-05-06 14:35 - 000003192 _____ C:\windows\System32\Tasks\{339DBEDB-0D8C-47A1-8555-9F0DF6C41717}
2018-05-04 19:34 - 2018-05-04 19:34 - 000000000 ____D C:\Users\dburkhead\AppData\Local\NVIDIA
2018-05-03 22:29 - 2018-05-03 22:29 - 000000000 ____D C:\Users\dburkhead\AppData\Roaming\NVIDIA
2018-05-03 21:37 - 2018-05-28 01:15 - 000112864 _____ (Malwarebytes) C:\windows\system32\Drivers\farflt.sys
2018-05-03 21:36 - 2018-05-04 19:43 - 000000000 ____D C:\Users\dburkhead\AppData\Local\NVIDIA Corporation
2018-05-03 21:31 - 2018-05-03 21:31 - 000001416 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2018-05-03 21:30 - 2018-05-03 21:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2018-05-03 21:30 - 2018-05-03 21:30 - 000003852 _____ C:\windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-03 21:30 - 2017-02-23 14:34 - 001882168 _____ (NVIDIA Corporation) C:\windows\system32\nvspcap64.dll
2018-05-03 21:30 - 2017-02-23 14:34 - 001756728 _____ (NVIDIA Corporation) C:\windows\system32\nvspbridge64.dll
2018-05-03 21:30 - 2017-02-23 14:34 - 001470520 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvspcap.dll
2018-05-03 21:30 -

#2 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,218 posts

Posted 28 May 2018 - 09:44 AM

Hello, Welcome to SpywareInfoForum.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start


CreateRestorePoint:
EmptyTemp:
CloseProcesses:


HKU\S-1-5-18\...A8F59079A8D5}\localserver32:  <==== ATTENTION
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2010-11-02]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2010-11-02]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [No File]
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [No File]
FF Plugin HKU\S-1-5-21-3910636834-3735429815-1665592217-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\dburkhead\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [No File]
S3 WacHidRouterPro; system32\DRIVERS\wachidrouter.sys [X]
S3 wacomrouterfilter; system32\DRIVERS\wacomrouterfilter.sys [X]

cmd: netsh winsock reset catalog

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===

If still unable to attach the Addition.txt file post if using 2 or more replys.

Please post the logs for my review.

Let me know if the problem persists.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#3 TheWriterInBlack

TheWriterInBlack

    Member

  • Full Member
  • Pip
  • 60 posts

Posted 30 May 2018 - 07:43 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 16.05.2018 01
Ran by dburkhead (30-05-2018 21:03:54) Run:1
Running from C:\Users\dburkhead\Desktop\Security
Loaded Profiles: dburkhead (Available Profiles: dburkhead & Backup)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
 
HKU\S-1-5-18\...A8F59079A8D5}\localserver32:  <==== ATTENTION
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2010-11-02]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2010-11-02]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [No File]
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [No File]
FF Plugin HKU\S-1-5-21-3910636834-3735429815-1665592217-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\dburkhead\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [No File]
S3 WacHidRouterPro; system32\DRIVERS\wachidrouter.sys [X]
S3 wacomrouterfilter; system32\DRIVERS\wacomrouterfilter.sys [X]
 
cmd: netsh winsock reset catalog
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-18\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 => not found
"HKU\S-1-5-18\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => removed successfully
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk => moved successfully
"C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe" => not found
"C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk" => not found
"C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000008" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000009" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000008" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000009" => removed successfully
"HKLM\Software\MozillaPlugins\wacom.com/WacomTabletPlugin" => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\wacom.com/WacomTabletPlugin" => removed successfully
"HKU\S-1-5-21-3910636834-3735429815-1665592217-1001\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0" => removed successfully
"C:\Users\dburkhead\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll" => not found
"HKLM\System\CurrentControlSet\Services\WacHidRouterPro" => removed successfully
WacHidRouterPro => service removed successfully
"HKLM\System\CurrentControlSet\Services\wacomrouterfilter" => removed successfully
wacomrouterfilter => service removed successfully
 
========= netsh winsock reset catalog =========
 
Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 11003
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 19161499 B
Java, Flash, Steam htmlcache => 1304 B
Windows/system/drivers => 32375872 B
Edge => 0 B
Chrome => 692234419 B
Firefox => 323260659 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
systemprofile32 => 5993 B
LocalService => 0 B
NetworkService => 20829676 B
dburkhead => 4887101036 B
Backup => 0 B
 
RecycleBin => 31322100374 B
EmptyTemp: => 34.7 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 21:29:12 ====


#4 TheWriterInBlack

TheWriterInBlack

    Member

  • Full Member
  • Pip
  • 60 posts

Posted 30 May 2018 - 07:45 PM

The addition.txt is 60 kb, larger than the 45.22 kb allowed for attached files so here it is in pieces (throws an error when I try).

Part 1

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16.05.2018 01
Ran by dburkhead (28-05-2018 10:42:38)
Running from C:\Users\dburkhead\Desktop\Security
Windows 7 Home Premium Service Pack 1 (X64) (2010-12-19 01:11:26)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3910636834-3735429815-1665592217-500 - Administrator - Disabled)
Backup (S-1-5-21-3910636834-3735429815-1665592217-1005 - Administrator - Enabled) => C:\Users\Backup
dburkhead (S-1-5-21-3910636834-3735429815-1665592217-1001 - Administrator - Enabled) => C:\Users\dburkhead
Guest (S-1-5-21-3910636834-3735429815-1665592217-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (HKLM\...\{5737101A-27C4-408A-8A57-D1DC78DF84B4}) (Version: 8.2.1 - Hewlett-Packard) Hidden
Adobe Acrobat 5.0 (HKLM-x32\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20040 - Adobe Systems Incorporated)
Adobe Digital Editions 3.0 (HKLM-x32\...\Adobe Digital Editions 3.0) (Version: 3.0 - Adobe Systems Incorporated)
Adobe Flash Player 29 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 29.0.0.171 - Adobe Systems Incorporated)
Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.171 - Adobe Systems Incorporated)
Adobe Flash Player 29 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 29.0.0.171 - Adobe Systems Incorporated)
AndroidPCDrivers (HKLM-x32\...\{308E6160-6D81-48DA-AA3F-54D0BED0801C}) (Version: 1.0.1 -  )
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 378.78 - NVIDIA Corporation) Hidden
AnyToISO (HKLM-x32\...\AnyToISO_is1) (Version: 3.1 - CrystalIdea Software, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
AT&T Troubleshoot & Resolve Tool (HKLM-x32\...\ATT-SST) (Version:  - )
Backup and Sync from Google (HKLM\...\{C388B258-2CE7-4CA5-8007-9DEF6DF80787}) (Version: 3.42.9747.1898 - Google, Inc.)
Best Buy pc app (HKLM\...\{FBBC4667-2521-4E78-B1BD-8706F774549B}) (Version: 3.0.0.0 - Best Buy) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Caesar 3 Demo (HKLM-x32\...\Caesar 3 Demo) (Version:  - )
calibre (HKLM-x32\...\{CA97CC85-FAF9-4316-9284-0F6CFA67B867}) (Version: 0.8.59 - Kovid Goyal)
Citrix Online Launcher (HKLM-x32\...\{E5F6D26D-E180-4547-A865-565EAB61000C}) (Version: 1.0.362 - Citrix)
Civilization III (HKLM-x32\...\{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}) (Version:  - )
ComicRack v0.9.140 (HKLM\...\ComicRack) (Version: v0.9.140 - cYo Soft)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - CutePDF.com)
DAZ Install Manager (HKU\S-1-5-21-3910636834-3735429815-1665592217-1001\...\DAZ Install Manager 1.1.0.74) (Version: 1.1.0.74 - DAZ 3D)
Dell System Detect (HKU\S-1-5-21-3910636834-3735429815-1665592217-1001\...\9204f5692a8faf3b) (Version: 5.6.0.4 - Dell)
doubleTwist Sync (HKLM-x32\...\doubleTwist) (Version: 4.0.4.19778 - doubleTwist Corporation)
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version:  - Lars Hederer)
FanSpeedControl (HKLM-x32\...\{0EC766C7-F444-42BF-A05F-4A790F5360EB}) (Version: 1.00.00.13 - Lenovo) Hidden
FanSpeedControl (HKLM-x32\...\InstallShield_{0EC766C7-F444-42BF-A05F-4A790F5360EB}) (Version: 1.00.00.13 - Lenovo)
FLAC To MP3 V4.0.4 (HKLM-x32\...\FLAC To MP3_is1) (Version:  - FLAC To MP3, Inc.)
FormatFactory 3.0.1 (HKLM-x32\...\FormatFactory) (Version: 3.0.1 - Free Time)
Forté Agent (HKLM-x32\...\Forte Agent) (Version: 6.00 - Forté Internet Software, Inc.)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 66.0.3359.181 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
GoToMeeting 8.23.0.8557 (HKU\S-1-5-21-3910636834-3735429815-1665592217-1001\...\GoToMeeting) (Version: 8.23.0.8557 - LogMeIn, Inc.)
Hoyle Board Games Demo (HKLM-x32\...\Hoyle Board Games Demo) (Version:  - )
iCloud (HKLM\...\{4BB313CE-D3D1-424C-8823-15CF85B00B05}) (Version: 6.1.0.30 - Apple Inc.)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
Jasc Paint Shop Pro 8 (HKLM-x32\...\{81A34902-9D0B-4920-A25C-4CDC5D14B328}) (Version: 8.00.0000 - Jasc Software Inc)
Junk Mail filter update (HKLM-x32\...\{E2DFE069-083E-4631-9B6C-43C48E991DE5}) (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Lenovo Driver and Application Installation (HKLM-x32\...\{45970CD1-D599-47D4-938F-3E9800D54ED1}) (Version: 5.1.0.1311 - Lenovo)
Lenovo Rescue System (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 3.0.1409 - CyberLink Corp.) Hidden
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 3.0.1409 - CyberLink Corp.)
LVT (HKLM-x32\...\{D3063097-EC84-4D21-84A4-9D852E974355}) (Version: 4.1.2.0423 - Lenovo)
LXH-JME2207FN Hotkey Driver (HKLM-x32\...\{42B21298-C850-4272-AFD9-636CBC005421}) (Version: 5.1.0804 - Lenovo)
Malwarebytes version 3.4.5.2467 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes)
MediaInfo 0.7.75 (HKLM\...\MediaInfo) (Version: 0.7.75 - MediaArea.net)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office XP Media Content (HKLM-x32\...\{90300409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2619.0 - Microsoft Corporation)
Microsoft Office XP Professional with FrontPage (HKLM-x32\...\{90280409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Office XP Small Business (HKLM-x32\...\{91130409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}) (Version: 3.1.8.0 - Apple Inc.)
Mobipocket Reader 6.2 (HKLM-x32\...\{342126E1-173C-4585-BFBE-3EBDD20E3E9E}) (Version: 6.2.608 - Mobipocket.com)
Mozilla Firefox 59.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 59.0.2 (x64 en-US)) (Version: 59.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 53.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 59.0.2.6656 - Mozilla)
Mozilla Thunderbird 52.8.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 52.8.0 (x86 en-US)) (Version: 52.8.0 - Mozilla)
Music Manager (HKU\S-1-5-21-3910636834-3735429815-1665592217-1001\...\MusicManager) (Version:  - Google, Inc.)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 378.78 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 378.78 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.4.0.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.4.0.70 - NVIDIA Corporation)
NVIDIA Graphics Driver 378.78 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 378.78 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.23 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.4.0.70 - NVIDIA Corporation) Hidden
NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 2.3.16.0 - NVIDIA Corporation) Hidden
NvvHci (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci) (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
ODT To Doc Converter Software (HKLM-x32\...\ODT To Doc Converter Software_is1) (Version:  - Sobolsoft)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
Pdf995 (HKLM-x32\...\Pdf995) (Version: 16.0s - )
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0006 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5911 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30095 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.0.3 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.3 - VS Revo Group, Ltd.)
Roblox for dburkhead (HKU\S-1-5-21-3910636834-3735429815-1665592217-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
RogueKiller version 12.10.5.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.10.5.0 - Adlice Software)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0351 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 3.4.0.70 - NVIDIA Corporation) Hidden
Sierra Utilities (HKLM-x32\...\Sierra Utilities) (Version:  - )
Skype version 8.22 (HKLM-x32\...\Skype_is1) (Version: 8.22 - Skype Technologies S.A.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.6 - Sophos Limited)
TuxGuitar 1.2 (HKLM-x32\...\TuxGuitar_0) (Version:  - )
Update Service (HKLM-x32\...\{06924979-89C7-47A9-B4ED-9D2EE9A9941C}) (Version: 3.2.0 - <no manufacturer>) Hidden
VC 9.0 Runtime (HKLM-x32\...\{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}) (Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.8 - VideoLAN)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
WD SmartWare (HKLM\...\{604CB4FC-3D32-405F-A109-165F170529B6}) (Version: 1.2.0.20 - Western Digital)
Windows Driver Package - Graphics Tablet (WinUsb) USBDevice  (04/10/2014 8.33.30.0) (HKLM\...\142118DF51345EA02D2B1583E102C8FB95FD6D52) (Version: 04/10/2014 8.33.30.0 - Graphics Tablet)
Windows Essentials Media Codec Pack 3.2 (HKLM-x32\...\Windows Essentials Media Codec Pack) (Version: 3.2 - Media Codec)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16423 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )


#5 TheWriterInBlack

TheWriterInBlack

    Member

  • Full Member
  • Pip
  • 60 posts

Posted 30 May 2018 - 07:45 PM

Part 2:

 
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3910636834-3735429815-1665592217-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\dburkhead\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3910636834-3735429815-1665592217-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\3499\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3910636834-3735429815-1665592217-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\dburkhead\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3910636834-3735429815-1665592217-1001_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\dburkhead\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3910636834-3735429815-1665592217-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\dburkhead\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3910636834-3735429815-1665592217-1001_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\dburkhead\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll (Google Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-05-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-05-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-05-21] (Google)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-05-21] (Google)
ContextMenuHandlers1-x32: [PDFArchitectExtension] -> {DBDB3433-0E01-40CE-A026-D9F54FAC3CA9} => C:\Program Files (x86)\PDF Architect\ContextMenuExt.dll [2013-04-08] (pdfforge GmbH)
ContextMenuHandlers1-x32: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2016-11-17] (Apple Inc.)
ContextMenuHandlers1-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2010-03-15] ()
ContextMenuHandlers1-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2010-03-15] ()
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-05-21] (Google)
ContextMenuHandlers4: [MSSE] -> {0365FE2C-F183-4091-AC82-BFC39FB75C49} =>  -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2010-03-15] ()
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2010-03-15] ()
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\windows\system32\igfxpph.dll [2010-08-25] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\windows\system32\nvshext.dll [2017-02-23] (NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2010-03-15] ()
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2010-03-15] ()
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0AECA6AD-88D0-41ED-8ECD-EE6AD4CB2CB1} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-05-09] (Adobe Systems Incorporated)
Task: {0F12C184-758A-4A24-B578-395A019F76F4} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-23] (NVIDIA Corporation)
Task: {126BB6CF-5BE5-45B9-9613-8A9E233B6018} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {12B178DD-0C77-4C70-929D-7F974E1399A3} - System32\Tasks\{24E0939D-D635-4CCF-8271-6C0548B7DF6A} => D:\SETUP.EXE
Task: {17C13C20-FB21-4569-B99B-5A98B1F91A1A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {1E87E375-6D9E-4D94-9C3F-4E8A67B25BDC} - System32\Tasks\{3F6C96AA-85CE-49CE-8CD3-EB24B60FF20E} => C:\Users\dburkhead\Downloads\games\stars26i.exe
Task: {21BDC122-04A9-4959-8F52-EFCAF3C7BA64} - System32\Tasks\{2AA23CB4-B3F9-4388-843B-8DB253D9D15D} => C:\stars!\STARS!.EXE
Task: {35D72D07-1804-49DC-A5DD-55B84B86253D} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-02-23] (NVIDIA Corporation)
Task: {36D8970D-1229-4D19-A2A6-62754917973B} - System32\Tasks\{CCF99508-7C9F-4819-853D-5E84361BA1BA} => D:\SETUP.EXE
Task: {3D046383-219E-4CDC-9AEC-35691DBAD88B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {429BEB6F-09E9-46A6-B893-A091C1BA0109} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-23] (NVIDIA Corporation)
Task: {47F22EAC-16BB-43E1-9617-BFFAE7ECB9F9} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_171_Plugin.exe [2018-05-09] (Adobe Systems Incorporated)
Task: {4A83C2D4-B8FA-4A40-A4C1-F9F4FA1A180D} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-23] (NVIDIA Corporation)
Task: {4D847C4A-8E5A-4B9A-9A23-0A04380F0511} - System32\Tasks\G2MUploadTask-S-1-5-21-3910636834-3735429815-1665592217-1001 => C:\Users\dburkhead\AppData\Local\GoToMeeting\8557\g2mupload.exe [2018-03-23] (LogMeIn, Inc.)
Task: {527B07A3-50B0-45FC-931D-532156942ABA} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {54006665-42CB-45D1-B05D-A917EEED552E} - System32\Tasks\{D1217A9A-8F82-4537-9633-F4BC08C5CCB5} => C:\Users\dburkhead\Downloads\games\stars26i.exe
Task: {68449B72-7619-4490-99EA-CD86961D4D6D} - System32\Tasks\{8357E553-E714-43CF-981F-B733544631DB} => C:\stars!\STARS!.EXE
Task: {6EDFF6BB-DDBF-42C7-BADB-6F2F6E6BA6B8} - System32\Tasks\G2MUpdateTask-S-1-5-21-3910636834-3735429815-1665592217-1001 => C:\Users\dburkhead\AppData\Local\GoToMeeting\8557\g2mupdate.exe [2018-03-23] (LogMeIn, Inc.)
Task: {744077F8-5F38-4D5A-B561-DE41A791815A} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-23] (NVIDIA Corporation)
Task: {7EE155D8-37A7-48F5-B64E-BD0488A29199} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {7F3ECBF9-821B-4FC6-94BE-5DF48D98509B} - System32\Tasks\{3757BB6F-D040-4DD4-9502-EED8C5F8D415} => C:\stars!\INTRO.EXE
Task: {966804F2-827E-4E92-908B-A90198376795} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-02-18] (Google Inc.)
Task: {97EBF595-A308-49C1-8D58-0BBF03D80B4D} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {9B9A477D-B121-4D2E-BB83-FCDBE7A9EB22} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3910636834-3735429815-1665592217-1001Core => C:\Users\dburkhead\AppData\Local\Google\Update\GoogleUpdate.exe [2015-10-31] (Google Inc.)
Task: {9BAA5A82-F3DC-4819-9866-D3140790EA9A} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_171_pepper.exe [2018-05-09] (Adobe Systems Incorporated)
Task: {A425B03E-2CE5-4CC9-ABBD-533218656BB0} - System32\Tasks\{339DBEDB-0D8C-47A1-8555-9F0DF6C41717} => C:\windows\system32\pcalua.exe -a "C:\Program Files (x86)\DAZ 3D\DAZ3DIM1\DAZ3DIM.exe" -d "C:\Program Files (x86)\DAZ 3D\DAZ3DIM1"
Task: {A78098FA-EB5D-4ED5-8FEF-5D59D1527899} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3910636834-3735429815-1665592217-1001UA => C:\Users\dburkhead\AppData\Local\Google\Update\GoogleUpdate.exe [2015-10-31] (Google Inc.)
Task: {B11A1679-7A80-4FDE-9E0D-DF03FE970A82} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-02-23] (NVIDIA Corporation)
Task: {B216B3ED-712E-42A3-8B15-2B1D4B49EB12} - System32\Tasks\{6A35C5F7-EA35-473D-97B4-1D1C17D6B1F1} => C:\stars!\STARS.EXE
Task: {B4D0DA1E-2A9B-4312-9651-9DC5ABB22D19} - System32\Tasks\{073D1439-5E23-4F56-BA70-834789758EA9} => C:\Users\dburkhead\Downloads\games\stars26i.exe
Task: {C808576A-57A8-4794-9C6A-EFFDB6508FB9} - System32\Tasks\{8A09080A-653F-432D-B8A2-0F083D1FF264} => C:\Users\dburkhead\Downloads\games\stars26i.exe
Task: {CD4DA1F1-6F4B-4383-86B0-248DC70C400F} - System32\Tasks\Windows Codec Update Service => C:\Program Files (x86)\Essentials Codec Pack\WECPUpdate.exe [2011-02-21] (MediaCodec.Org)
Task: {D159897B-857F-4EF5-BB1A-B0C51AEB208C} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {D8A4E13D-584B-481B-B5F5-581CD287D1CF} - System32\Tasks\{5BFC7617-6C13-47F2-A0BB-A4A39B5005A8} => C:\stars!\STARS.EXE
Task: {DF961A85-C2DF-4DF5-9549-6FB08822C0C9} - System32\Tasks\{9BDC3CEE-C9F2-431D-B751-7935B893F4BE} => C:\windows\system32\pcalua.exe -a "C:\Users\dburkhead\Documents\My eBooks\InstallWizard101.exe" -d "C:\Users\dburkhead\Documents\My eBooks"
Task: {E5ADFE9E-4896-416B-A2A7-CE6A528D75DB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-02-18] (Google Inc.)
Task: {E9F15641-9980-43D3-90AB-CE973F3AFA4C} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-02-23] (NVIDIA Corporation)
Task: {F30D64C7-1105-45E3-8FBB-E12C2C71ABBD} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {F709C20D-878C-4315-B7BE-FF41C1BBCD0A} - System32\Tasks\{AB8EBFFD-EED1-4885-8D0E-A117D03177BA} => C:\stars!\STARS.EXE
Task: {F9227C6E-688A-4031-A0C6-4860475B215E} - System32\Tasks\{7376E036-BD11-4A39-B9ED-3023ABD10413} => C:\stars!\STARS.EXE
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\windows\Tasks\G2MUpdateTask-S-1-5-21-3910636834-3735429815-1665592217-1001.job => C:\Users\dburkhead\AppData\Local\GoToMeeting\8557\g2mupdate.exe
Task: C:\windows\Tasks\G2MUploadTask-S-1-5-21-3910636834-3735429815-1665592217-1001.job => C:\Users\dburkhead\AppData\Local\GoToMeeting\8557\g2mupload.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Users\dburkhead\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DAZ 3D\DAZ Install Manager\DAZ Install Manager Read Me.lnk -> hxxp:docs.daz3d.com\doku.php\public\read_me\index\1481
 
==================== Loaded Modules (Whitelisted) ==============
 
2018-05-03 21:26 - 2017-02-23 04:28 - 000134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-01-01 20:57 - 2013-10-23 16:24 - 000087600 _____ () C:\windows\System32\cpwmon64.dll
2016-06-10 23:51 - 2014-03-05 11:18 - 000040448 _____ () C:\windows\System32\pdf995mon64.dll
2016-09-01 18:12 - 2016-09-01 18:12 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-13 14:56 - 2017-01-13 14:56 - 001353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2018-05-03 21:29 - 2017-02-23 14:34 - 001148984 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2018-05-03 21:29 - 2017-02-23 14:34 - 004490808 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2018-05-21 15:49 - 2018-05-21 15:49 - 046281240 _____ () C:\Program Files\Google\Drive\googledrivesync.exe
2018-04-10 07:35 - 2018-03-12 15:09 - 002300192 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-04-10 07:35 - 2018-03-27 13:47 - 002492704 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2009-08-19 16:49 - 2009-08-19 16:49 - 000049152 _____ () C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\Memeo.API.dll
2009-02-25 15:18 - 2009-02-25 15:18 - 001196032 _____ () C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\sqlite3.DLL
2010-12-19 21:19 - 2005-09-10 13:25 - 000243200 _____ () C:\Users\dburkhead\Documents\rsc-1.5\randomSIG.exe
2018-05-28 01:13 - 2018-05-28 01:13 - 000113152 _____ () C:\Users\dburkhead\AppData\Local\Temp\_MEI30962\_ctypes.pyd
2018-05-28 01:13 - 2018-05-28 01:13 - 000080896 _____ () C:\Users\dburkhead\AppData\Local\Temp\_MEI30962\bz2.pyd
2018-05-28 01:13 - 2018-05-28 01:13 - 001585152 _____ () C:\Users\dburkhead\AppData\Local\Temp\_MEI30962\_hashlib.pyd
2018-05-28 01:14 - 2018-05-28 01:14 - 000128512 _____ () C:\Users\dburkhead\AppData\Local\Temp\_MEI30962\win32api.pyd
2018-05-28 01:14 - 2018-05-28 01:14 - 000137728 _____ () C:\Users\dburkhead\AppData\Local\Temp\_MEI30962\pywintypes27.dll
2018-05-28 01:14 - 2018-05-28 01:14 - 000548864 _____ () C:\Users\dburkhead\AppData\Local\Temp\_MEI30962\pythoncom27.dll
2018-05-28 01:14 - 2018-05-28 01:14 - 000689664 _____ () C:\Users\dburkhead\AppData\Local\Temp\_MEI30962\unicodedata.pyd
2018-05-28 01:14 - 2018-05-28 01:14 - 000438784 _____ () C:\Users\dburkhead\AppData\Local\Temp\_MEI30962\win32com.shell.shell.pyd
2018-05-28 01:14 - 2018-05-28 01:14 - 001489408 _____ () C:\Users\dburkhead\AppData\Local\Temp\_MEI30962\wx._core_.pyd
2018-05-28 01:14 - 2018-05-28 01:14 - 001007104 _____ () C:\Users\dburkhead\AppData\Local\Temp\_MEI30962\wx._gdi_.pyd
2018-05-28 01:14 - 2018-05-28 01:14 - 001039872 _____ () C:\Users\dburkhead\AppData\Local\Temp\_MEI30962\wx._windows_.pyd
2018-05-28 01:14 - 2018-05-28 01:14 - 001325056 _____ () C:\Users\dburkhead\AppData\Local\Temp\_MEI30962\wx._controls_.pyd
2018-05-28 01:14 - 2018-05-28 01:14 - 000916992 _____ () C:\Users\dburkhead\AppData\Local\Temp\_MEI30962\wx._misc_.pyd
2018-05-28 01:14 - 2018-05-28 01:14 - 001084416 _____ () C:\Users\dburkhead\AppData\Local\Temp\_MEI30962\pysqlite2._sqlite.pyd
2018-05-28 01:14 - 2018-05-28 01:14 - 000149504 _____ () C:\Users\dburkhead\AppData\Local\Temp\_MEI30962\win32file.pyd
2018-05-28 01:14 - 2018-05-28 01:14 - 000136192 _____ () C:\Users\dburkhead\AppData\Local\Temp\_MEI30962\win32security.pyd
2018-05-28 01:13 - 2018-05-28 01:13 - 000007680 _____ () C:\Users\dburkhead\AppData\Local\Temp\_MEI30962\hashobjs_ext.pyd
2018-05-28 01:14 - 2018-05-28 01:14 - 000020992 _____ () C:\Users\dburkhead\AppData\Local\Temp\_MEI30962\thumbnails_ext.pyd
2018-05-28 01:14 - 2018-05-28 01:14 - 000118784 _____ () C:\Users\dburkhead\AppData\Local\Temp\_MEI30962\usb_ext.pyd
2018-05-28 01:13 - 2018-05-28 01:13 - 000047616 _____ () C:\Users\dburkhead\AppData\Local\Temp\_MEI30962\_socket.pyd
2018-05-28 01:13 - 2018-05-28 01:13 - 002224640 _____ () C:\Users\dburkhead\AppData\Local\Temp\_MEI30962\_ssl.pyd
2018-05-28 01:13 - 2018-05-28 01:13 - 000014848 _____ () C:\Users\dburkhead\AppData\Local\Temp\_MEI30962\common.time34.pyd
2018-05-28 01:14 - 2018-05-28 01:14 - 000023040 _____ () C:\Users\dburkhead\AppData\Local\Temp\_MEI30962\win32event.pyd
2018-05-28 01:14 - 2018-05-28 01:14 - 000034304 _____ () C:\Users\dburkhead\AppData\Local\Temp\_MEI30962\windows.conditional.pyd
2018-05-28 01:14 - 2018-05-28 01:14 - 000020480 _____ () C:\Users\dburkhead\AppData\Local\Temp\_MEI30962\windows.winwrap.pyd
2018-05-28 01:14 - 2018-05-28 01:14 - 000110080 _____ () C:\Users\dburkhead\AppData\Local\Temp\_MEI30962\windows.volumes.pyd
2018-05-28 01:14 - 2018-05-28 01:14 - 000223232 _____ () C:\Users\dburkhead\AppData\Local\Temp\_MEI30962\win32gui.pyd
2018-05-28 01:13 - 2018-05-28 01:13 - 000173568 _____ () C:\Users\dburkhead\AppData\Local\Temp\_MEI30962\_elementtree.pyd
2018-05-28 01:14 - 2018-05-28 01:14 - 000169472 _____ () C:\Users\dburkhead\AppData\Local\Temp\_MEI30962\pyexpat.pyd
2018-05-28 01:14 - 2018-05-28 01:14 - 000048128 _____ () C:\Users\dburkhead\AppData\Local\Temp\_MEI30962\win32inet.pyd
2018-05-28 01:14 - 2018-05-28 01:14 - 000103424 _____ () C:\Users\dburkhead\AppData\Local\Temp\_MEI30962\wx._html2.pyd
2018-05-28 01:13 - 2018-05-28 01:13 - 000046080 _____ () C:\Users\dburkhead\AppData\Local\Temp\_MEI30962\_psutil_windows.pyd
2018-05-28 01:14 - 2018-05-28 01:14 - 000633272 _____ () C:\Users\dburkhead\AppData\Local\Temp\_MEI30962\windows._cacheinvalidation.pyd
2018-05-28 01:14 - 2018-05-28 01:14 - 000011776 _____ () C:\Users\dburkhead\AppData\Local\Temp\_MEI30962\win32crypt.pyd
2018-05-28 01:13 - 2018-05-28 01:13 - 000301568 _____ () C:\Users\dburkhead\AppData\Local\Temp\_MEI30962\PIL._imaging.pyd
2018-05-28 01:13 - 2018-05-28 01:13 - 000032256 _____ () C:\Users\dburkhead\AppData\Local\Temp\_MEI30962\_multiprocessing.pyd
2018-05-28 01:13 - 2018-05-28 01:13 - 005458944 _____ () C:\Users\dburkhead\AppData\Local\Temp\_MEI30962\cello.pyd
2018-05-28 01:13 - 2018-05-28 01:13 - 000026112 _____ () C:\Users\dburkhead\AppData\Local\Temp\_MEI30962\_yappi.pyd
2018-05-28 01:14 - 2018-05-28 01:14 - 000044032 _____ () C:\Users\dburkhead\AppData\Local\Temp\_MEI30962\win32process.pyd
2018-05-28 01:14 - 2018-05-28 01:14 - 000027648 _____ () C:\Users\dburkhead\AppData\Local\Temp\_MEI30962\win32pipe.pyd
2018-05-28 01:14 - 2018-05-28 01:14 - 000010752 _____ () C:\Users\dburkhead\AppData\Local\Temp\_MEI30962\select.pyd
2018-05-28 01:14 - 2018-05-28 01:14 - 000029696 _____ () C:\Users\dburkhead\AppData\Local\Temp\_MEI30962\win32pdh.pyd
2018-05-28 01:14 - 2018-05-28 01:14 - 000038400 _____ () C:\Users\dburkhead\AppData\Local\Temp\_MEI30962\windows.connectivity.pyd
2018-05-28 01:14 - 2018-05-28 01:14 - 000073216 _____ () C:\Users\dburkhead\AppData\Local\Temp\_MEI30962\windows.device_monitor.pyd
2018-05-28 01:14 - 2018-05-28 01:14 - 000020480 _____ () C:\Users\dburkhead\AppData\Local\Temp\_MEI30962\win32profile.pyd
2018-05-28 01:14 - 2018-05-28 01:14 - 000026624 _____ () C:\Users\dburkhead\AppData\Local\Temp\_MEI30962\win32ts.pyd
2018-05-15 15:46 - 2018-05-14 23:13 - 004443992 _____ () C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.181\libglesv2.dll
2018-05-15 15:46 - 2018-05-14 23:13 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.181\libegl.dll
2015-11-17 13:44 - 2015-11-17 13:44 - 000117248 _____ () C:\Users\dburkhead\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
2015-11-17 13:45 - 2015-11-17 13:45 - 000234496 _____ () C:\Users\dburkhead\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
2015-11-17 13:45 - 2015-11-17 13:45 - 000253440 _____ () C:\Users\dburkhead\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
2015-11-17 13:44 - 2015-11-17 13:44 - 000344064 _____ () C:\Users\dburkhead\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
2018-05-03 21:29 - 2017-02-23 14:33 - 000020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2018-05-03 21:29 - 2017-02-23 14:34 - 000901688 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2018-05-03 21:29 - 2017-02-23 14:34 - 003776056 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2017-12-11 17:59 - 2018-05-18 16:41 - 001790592 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\ffmpeg.dll
2018-05-26 12:04 - 2018-05-18 16:41 - 000097224 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\keytar\build\Release\keytar.node
2010-11-02 14:02 - 2009-07-16 12:20 - 000032768 _____ () C:\Program Files (x86)\jmesoft\Keyhook.dll
2010-11-02 14:02 - 2007-12-31 13:27 - 000007168 _____ () C:\Program Files (x86)\jmesoft\VistaVolume.dll
2017-12-11 17:59 - 2018-05-18 16:41 - 002723968 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\libglesv2.dll
2017-12-11 17:59 - 2018-05-18 16:41 - 000031872 _____ () C:\Program Files (x86)\Microsoft\Skype for Desktop\libegl.dll
2018-05-26 12:04 - 2018-05-18 16:41 - 000219080 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\electron-ssid\build\Release\electron-ssid.node
2018-05-26 12:04 - 2018-05-18 16:41 - 000409544 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\@paulcbetts\spellchecker\build\Release\spellchecker.node
2018-05-26 12:04 - 2018-05-18 16:41 - 000138696 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\keyboard-layout\build\Release\keyboard-layout-manager.node
2018-05-26 12:04 - 2018-05-18 16:41 - 002288080 _____ () \\?\C:\Program Files (x86)\Microsoft\Skype for Desktop\resources\app.asar.unpacked\node_modules\slimcore\bin\skypert.dll
2018-05-03 21:29 - 2017-02-23 10:30 - 000338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2018-05-03 21:29 - 2017-02-23 10:30 - 000252352 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2018-05-03 21:29 - 2017-02-23 10:30 - 002443320 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2018-05-03 21:29 - 2017-02-23 10:30 - 000385592 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2018-05-03 21:29 - 2017-02-23 10:30 - 000543288 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2018-05-03 21:29 - 2017-02-23 10:30 - 000468536 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)


#6 TheWriterInBlack

TheWriterInBlack

    Member

  • Full Member
  • Pip
  • 60 posts

Posted 30 May 2018 - 07:46 PM

Part 3:

 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-3910636834-3735429815-1665592217-1001\...\$talisma_url$ -> hxxps://$talisma_url$
IE trusted site: HKU\S-1-5-21-3910636834-3735429815-1665592217-1001\...\dell.com -> dell.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2017-04-25 22:30 - 000000855 _____ C:\windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3910636834-3735429815-1665592217-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\dburkhead\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupreg: doubleTwist => C:\Program Files (x86)\doubleTwist\doubleTwist.Light.exe
MSCONFIG\startupreg: iCloudServices => "C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: SpybotPostWindows10UpgradeReInstall => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{2D999F0D-E63F-47CE-BC80-1E0D1F6D3C9E}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{186F8926-EE7B-49E8-86C5-75131568EF84}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{A27ACA9F-7C22-4A46-A6ED-18774B84D92D}] => (Allow) svchost.exe
FirewallRules: [{3EF67859-8892-4BAB-AC86-E271FF82D72D}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{EEC96D79-BA10-45BB-AC66-6D4FE472A7B1}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{6AFEA5DA-AF5B-47D2-9E89-DB1334AF559C}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [{A7717B01-A6DA-4A57-BA1B-33A0E9706619}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{7F15952F-DCA7-4AC2-9893-B7B00AE4A40D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3C57C177-CB7A-4CF0-A6E4-56EE1F69125E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1F0DBC0A-D4AC-4865-BFFF-74DE17B79792}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E1F785E9-D43C-4292-8F3E-B0DCA6126203}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A67EDD22-6566-4311-9725-7DDBD63E963C}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{83FB43BE-E6BC-4F2E-8202-CCB0730436DA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DA48A452-AFCA-47DD-A6F2-657DAA9A1B13}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{D310E9F8-EC31-436A-A543-44B6A3FFBE39}C:\program files\comicrack\comicrack.exe] => (Allow) C:\program files\comicrack\comicrack.exe
FirewallRules: [UDP Query User{44FBD181-6DC4-4D24-A003-BCA70962B4FD}C:\program files\comicrack\comicrack.exe] => (Allow) C:\program files\comicrack\comicrack.exe
FirewallRules: [{8B148B84-8F3C-4C83-A148-6B77FCAB00E4}] => (Allow) C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe
FirewallRules: [{F8C17AD9-5ABC-4C9B-991E-7EB0E9E5A0D4}] => (Allow) C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe
FirewallRules: [{0936AE49-8685-40D8-85BE-EB93744DDF8B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{13AF2B60-C7EF-4A9D-B6A7-98F3C56AB1B0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{BA9FB2B3-F33B-4D69-9B82-117658311286}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{4C9C069A-6F94-4088-A098-17B72E3F2574}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{E65E2848-C2B3-4E57-BAC6-8492AFB1B32E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{2312F301-6C72-41DA-B13C-40FB1545C14A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{87E0B7A4-C649-430D-8B51-D3909341893F}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{6A6AB379-79A8-4981-84A5-0F4B84A650F7}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{09D16B98-0437-4F7F-81D0-975421FCC960}] => (Allow) C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe
FirewallRules: [{12498784-7C88-434D-9CEC-3F6C48A426D1}] => (Allow) C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe
 
==================== Restore Points =========================
 
28-05-2018 02:31:26 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/30/2018 07:03:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DAZStudio.exe, version: 4.10.0.123, time stamp: 0x5a2651de
Faulting module name: ntdll.dll, version: 6.1.7601.24094, time stamp: 0x5abee643
Exception code: 0xc0000374
Fault offset: 0x00000000000bf6b2
Faulting process id: 0x90e10
Faulting application start time: 0x01d3e07f4ebbea51
Faulting application path: C:\Program Files\DAZ 3D\DAZStudio4\DAZStudio.exe
Faulting module path: C:\windows\SYSTEM32\ntdll.dll
Report Id: a02b56c3-4cca-11e8-a818-4437e61650d2
 
Error: (04/29/2018 07:17:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DAZStudio.exe, version: 4.10.0.123, time stamp: 0x5a2651de
Faulting module name: ntdll.dll, version: 6.1.7601.24094, time stamp: 0x5abee643
Exception code: 0xc0000374
Fault offset: 0x00000000000bf6b2
Faulting process id: 0x8b158
Faulting application start time: 0x01d3dfeae808ed97
Faulting application path: C:\Program Files\DAZ 3D\DAZStudio4\DAZStudio.exe
Faulting module path: C:\windows\SYSTEM32\ntdll.dll
Report Id: 6f0bf13c-4c03-11e8-a818-4437e61650d2
 
Error: (04/29/2018 07:09:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DAZStudio.exe, version: 4.10.0.123, time stamp: 0x5a2651de
Faulting module name: ntdll.dll, version: 6.1.7601.24094, time stamp: 0x5abee643
Exception code: 0xc0000374
Fault offset: 0x00000000000bf6b2
Faulting process id: 0x8ebac
Faulting application start time: 0x01d3e00be3fdf4bc
Faulting application path: C:\Program Files\DAZ 3D\DAZStudio4\DAZStudio.exe
Faulting module path: C:\windows\SYSTEM32\ntdll.dll
Report Id: 4ecccba2-4c02-11e8-a818-4437e61650d2
 
Error: (04/12/2018 03:01:53 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary MpKsla5810176.
 
System Error:
The system cannot find the file specified.
.
 
Error: (04/09/2018 08:34:35 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary MpKsl22f6a305.
 
System Error:
The system cannot find the file specified.
.
 
Error: (04/06/2018 08:05:10 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary MpKsl9d0a126e.
 
System Error:
The system cannot find the file specified.
.
 
Error: (03/27/2018 10:50:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary MpKsl1cbfffd9.
 
System Error:
The system cannot find the file specified.
.
 
Error: (03/24/2018 09:48:40 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary MpKslc8399558.
 
System Error:
The system cannot find the file specified.
.
 
 
System errors:
=============
Error: (05/28/2018 01:20:16 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.
 
Error: (05/28/2018 01:13:14 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.
 
Error: (05/28/2018 01:13:14 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.
 
Error: (05/28/2018 01:13:13 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.
 
Error: (05/28/2018 01:13:13 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.
 
Error: (05/28/2018 01:13:12 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.
 
Error: (05/26/2018 08:28:29 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (05/26/2018 11:56:12 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.
 
 
Windows Defender:
===================================
Date: 2011-02-20 22:33:38.543
Description: 
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
Name:Adware:Win32/OpenCandy
ID:159633
Severity:Low
Category:Adware
Path Found:file:C:\Users\dburkhead\Downloads\Utilities\Video\Codecs\WECPSetup.exe;process:pid:3372
Detection Type:Concrete
Detection Source:Real-Time Protection
Status:Unknown
Process Name:
 
Date: 2011-02-20 22:33:36.158
Description: 
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
Name:Adware:Win32/OpenCandy
ID:159633
Severity:Low
Category:Adware
Path Found:file:C:\Users\dburkhead\Downloads\Utilities\Video\Codecs\WECPSetup.exe
Detection Type:Concrete
Detection Source:Real-Time Protection
Status:Unknown
Process Name:
 
Date: 2011-02-20 22:01:58.248
Description: 
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
Name:Adware:Win32/OpenCandy
ID:159633
Severity:Low
Category:Adware
Path Found:file:C:\Users\dburkhead\Downloads\Video\WECPSetup.exe;webfile:C:\Users\dburkhead\Downloads\Video\WECPSetup.exe|http://software-file...e=WECPSetup.exe
Detection Type:Concrete
Detection Source:Downloads and attachments
Status:Unknown
Process Name:C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 
CodeIntegrity:
===================================
 
Date: 2014-02-05 17:31:42.189
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2014-02-03 20:18:43.534
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2014-01-27 09:29:50.177
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2014-01-27 09:18:12.157
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2014-01-27 08:55:55.611
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2014-01-16 06:30:24.534
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2014-01-06 15:06:22.760
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
 
Date: 2013-12-20 07:23:28.072
Description: 
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll because the set of per-page image hashes could not be found on the system.
 
==================== Memory info =========================== 
 
Processor: Pentium® Dual-Core CPU E5700 @ 3.00GHz
Percentage of memory in use: 85%
Total physical RAM: 4095.18 MB
Available physical RAM: 575.09 MB
Total Virtual: 12289.34 MB
Available Virtual: 8740.19 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:571 GB) (Free:62.34 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Nov 20 2017) (CDROM) (Total:4.21 GB) (Free:0 GB) UDF
Drive e: (WD SmartWare) (CDROM) (Total:0.43 GB) (Free:0 GB) UDF
Drive f: () (Removable) (Total:116.82 GB) (Free:41.82 GB) FAT32
Drive g: (My Book) (Fixed) (Total:1862.36 GB) (Free:18.91 GB) NTFS
 
\\?\Volume{6d3c0909-e6aa-11df-8bb6-806e6f6e6963}\ (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 596.2 GB) (Disk ID: DDB5F33A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=571 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=25.1 GB) - (Type=12)
 
========================================================
Disk: 1 (Protective MBR) (Size: 116.8 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 1862.4 GB) (Disk ID: 0005A4E2)
Partition 1: (Not Active) - (Size=1862.4 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#7 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,218 posts

Posted 31 May 2018 - 05:44 AM

Hi,

The Addition.txt log is clean.

Is the issue solved or do you get this error?
Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 11003

The solution is here if you need to repair Winsock.

https://forums.techg...t-help.1017127/

Let me know if you have any questions before proceeding.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#8 TheWriterInBlack

TheWriterInBlack

    Member

  • Full Member
  • Pip
  • 60 posts

Posted 31 May 2018 - 06:10 AM

Much lower CPU usage than before.  I'll want to exercise it a couple of days and see how things run before saying it's completely fixed.



#9 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,218 posts

Posted 31 May 2018 - 11:33 AM

Keep me posted.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#10 TheWriterInBlack

TheWriterInBlack

    Member

  • Full Member
  • Pip
  • 60 posts

Posted 05 June 2018 - 09:15 PM

It's been several days now and everything seems to be fine so I'm calling it fixed.  Thank you.



#11 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,218 posts

Posted 06 June 2018 - 05:13 AM

Hi,

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingc...best-practices/


https://www.bleeping...er-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760




Member of UNITE
Support SpywareInfo Forum - click the button