[Resolved - K] Search redirect~Search.hdirectionsandmap~ in Chrome browser

  • 9 Replies
  • 189 Views
*

Offline PGB

  • Bronze Member
  • 387
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18858  BrowserJavaVersion: 11.131.2
Run by Phyllis at 19:05:10 on 2018-03-26
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.32706.28525 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {71A27EC9-3DA6-45FC-60A7-004F623C6189}
SP: Microsoft Security Essentials *Disabled/Updated* {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe
C:\Windows\SysWOW64\atashost.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\wbem\WmiPrvSE.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\TeamViewer\TeamViewer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\TeamViewer\tv_w32.exe
C:\Program Files (x86)\TeamViewer\tv_x64.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Windows\System32\StikyNot.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\TechSmith\Jing\Jing.exe
C:\Program Files (x86)\Verizon\Verizon Messages\WinVMAClient.exe
C:\Program Files (x86)\Quicken\bagent.exe
C:\Program Files (x86)\Schwab\StreetSmart Edge\QuickLaunch.exe
C:\Program Files (x86)\Enounce\MySpeed\MySpeed.exe
C:\Program Files\WinZip\FAHWindow64.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\WinZip\WzPreloader.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\program files (x86)\enounce\myspeed\MySpeedx64.exe
C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Wisdom-soft ScreenHunter 6.0 Free\ScreenHunter.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe
C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.stevebrownsellshomes.com/
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe,
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Ghostery Plugin: {6BF739DD-3323-4C6A-975B-C7E00A50B154} - C:\Program Files (x86)\Ghostery\bin\ghostery.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [Dropbox Update] "C:\Users\Phyllis\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
uRun: [Jing] C:\Program Files (x86)\TechSmith\Jing\Jing.exe
uRun: [Zoom] <no file>
uRunOnce: [Application Restart #4] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe  --win-jumplist-action=recently-closed --flag-switches-begin --flag-switches-end --restore-last-session https://www.topproducer8i.com/14.7000.07.00/Calendar/CalendarLanding.aspx?view_id=1&plDate=2015-04-29&assigned_to_id={01829190-3b47-4637-ad7c-4d1c1cbec748}
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
mRun: [RealDownloader] C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
mRun: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
mRun: [AcronisTibMounterMonitor] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
mRun: [Digital Coupon Print Driver] "C:\Program Files (x86)\Digital Coupon Printer\DigitalCouponPrinter.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Phyllis\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Phyllis\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SCREEN~1.LNK - C:\Program Files (x86)\Wisdom-soft ScreenHunter 6.0 Free\ScreenHunter.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FAH.lnk - C:\Program Files\WinZip\FAHConsole.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\REALPL~1.LNK - C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WINZIP~1.LNK - C:\Program Files\WinZip\WzPreloader.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://tradestation.webex.com/client/T29LSP12/support/ieatgpc1.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{73BD1BBB-596A-4971-BC51-8CBFF9CB11DB} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{906C322D-095E-4E70-BD0A-65C0605C3904} : DHCPNameServer = 192.168.1.1 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
x64-mStart Page = hxxp://www.google.com 
x64-mSearch Page = hxxp://www.google.com 
x64-mDefault_Page_URL = hxxp://www.google.com
x64-mDefault_Search_URL = hxxp://www.google.com
x64-BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll
x64-BHO: Ghostery Plugin: {6BF739DD-3323-4C6A-975B-C7E00A50B154} - C:\Program Files (x86)\Ghostery\bin\ghostery64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [RtHDVBg_DTS] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /DTSU2P
x64-Run: [Persistence] "C:\Windows\System32\igfxpers.exe"
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-Run: [IgfxTray] "C:\Windows\System32\igfxtray.exe"
x64-Run: [IAStorIcon] "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
x64-Run: [HotKeysCmds] "C:\Windows\System32\hkcmd.exe"
x64-Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [GwxControlPanelMonitor] "C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe" /traymode
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Phyllis\AppData\Roaming\Mozilla\Firefox\Profiles\3hyawouq.default-1384237558205\
FF - prefs.js: browser.startup.homepage - hxxp://www.stevebrownsellshomes.com
FF - plugin: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll
FF - plugin: c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrlui.dll
FF - plugin: C:\Program Files\thinkorswim\npthinkorswim.dll
FF - plugin: C:\Program Files\thinkorswim\nptossc.dll
FF - plugin: C:\Users\Phyllis\AppData\Local\Fuze Box\Fuze Meeting\npfuzeshare.dll
FF - plugin: C:\Users\Phyllis\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\Users\Phyllis\AppData\Roaming\Zoom\bin\npzoomplugin.dll
FF - plugin: C:\Windows\System32\Macromed\Flash\NPSWF64_27_0_0_183.dll
.
============= SERVICES / DRIVERS ===============
.
R0 asahci64;asahci64;C:\Windows\System32\drivers\asahci64.sys [2013-1-10 47512]
R0 fltsrv;Acronis Storage Filter Management;C:\Windows\System32\drivers\fltsrv.sys [2014-12-11 116000]
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2013-8-7 644968]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2013-8-7 28008]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-4-26 20464]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2016-8-25 295000]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2013-11-4 55024]
R0 SCMNdisP;General NDIS Protocol Driver;C:\Windows\System32\drivers\SCMNdisP.sys [2015-3-11 25056]
R0 tib;Acronis TIB Manager;C:\Windows\System32\drivers\tib.sys [2014-12-11 1120032]
R0 tib_mounter;Acronis TIB Mounter;C:\Windows\System32\drivers\tib_mounter.sys [2014-12-11 198432]
R0 vididr;Acronis Virtual Disk;C:\Windows\System32\drivers\vididr.sys [2014-12-11 161568]
R0 vidsflt;Acronis Disk Storage Filter;C:\Windows\System32\drivers\vidsflt.sys [2014-12-11 117024]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2014-7-22 173472]
R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2014-12-11 3873784]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-3-28 241152]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe [2013-10-30 927232]
R2 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2013-11-12 149752]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 DTSAudioSvc;DTSAudioSvc;C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [2013-10-30 240584]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-8-7 15720]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-5-11 733696]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2013-1-3 183200]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2013-10-30 169432]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2013-10-24 419304]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Windows\System32\drivers\LMIInfo.sys [2017-4-6 30432]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2013-11-12 81088]
R2 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [2012-10-30 230416]
R2 PSI_SVC_2_x64;Protexis Licensing V2 x64;C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2010-11-30 336824]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2014-10-26 39568]
R2 RealPlayer Cloud Service;RealPlayer Cloud Service;C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [2014-11-25 1141848]
R2 RealPlayerUpdateSvc;RealPlayer Update Service;C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [2014-10-30 31856]
R2 syncagentsrv;Acronis Sync Agent Service;C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2014-2-4 7142320]
R2 TeamViewer;TeamViewer 12;C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2015-9-1 10803440]
R2 VIPAppService;VIPAppService;C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [2017-8-17 73768]
R2 WSWNDA3100v2;WSWNDA3100v2;C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [2017-3-4 307928]
R3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2014-12-11 367200]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-10-30 96768]
R3 e1dexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver D;C:\Windows\System32\drivers\e1d62x64.sys [2013-10-30 496400]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-4-26 368112]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-4-26 786416]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2016-11-29 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2016-11-29 125112]
S2 RoxLiveShare10;LiveShare P2P Server 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2008-6-4 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2008-6-4 166384]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;C:\Windows\System32\drivers\bcmwlhigh664.sys [2017-11-1 1256192]
S3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2014-10-16 249856]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2017-12-31 116224]
S3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-5-17 442368]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-5-11 822232]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2015-3-4 135928]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2016-11-14 361816]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-11-15 19456]
S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-6-4 1120752]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2015-3-3 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-11-15 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-10-31 1255736]
.
=============== Created Last 30 ================
.
2018-03-26 14:55:34   14453336   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D37B9FD3-E939-4B99-A388-8D497D73DA05}\mpengine.dll
2018-03-25 14:55:34   14453336   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2018-03-22 14:56:32   1094320   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DB504458-E555-4393-86DA-A409762DCAC1}\gapaengine.dll
2018-03-09 16:42:07   --------   d-----w-   C:\Users\Phyllis\AppData\Local\GoToMeeting
.
==================== Find3M  ====================
.
2018-03-06 14:41:04   114688   ----a-w-   C:\Windows\System32\LMIRfsClientNP.dll
2018-03-06 14:41:04   109024   ----a-w-   C:\Windows\System32\LMIinit.dll
2018-02-23 12:16:40   114688   ----a-w-   C:\Windows\System32\LMIRfsClientNP.dll.000.bak
2018-02-23 12:16:40   109024   ----a-w-   C:\Windows\System32\LMIinit.dll.000.bak
2018-01-28 12:16:40   114688   ----a-w-   C:\Windows\System32\LMIRfsClientNP.dll.001.bak
2018-01-23 18:58:51   548000   ------w-   C:\Windows\System32\MpSigStub.exe
2018-01-23 13:40:16   803328   ----a-w-   C:\Windows\SysWow64\FlashPlayerApp.exe
2018-01-23 13:40:16   144896   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2017-12-31 14:42:21   133326408   -c--a-w-   C:\Windows\System32\MRT-KB890830.exe
.
============= FINISH: 19:05:15.30 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/30/2013 6:58:57 PM
System Uptime: 3/26/2018 6:46:03 PM (1 hours ago)
.
Motherboard: ASUSTeK COMPUTER INC. |  | Z87-PLUS
Processor: Intel(R) Core(TM) i7-4770 CPU @ 3.40GHz | SOCKET 1150 | 3401/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 238 GiB total, 19.66 GiB free.
D: is CDROM ()
Y: is NetworkDisk (NTFS) - 3663 GiB total, 1623.248 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: ROOT\NET\0000
Manufacturer:
Name:
PNP Device ID: ROOT\NET\0000
Service:
.
==== System Restore Points ===================
.
RP596: 3/21/2018 10:55:31 AM - Windows Update
RP597: 3/25/2018 2:24:12 AM - Windows Update
.
==== Installed Programs ======================
.
Acronis True Image 2014
Adobe Acrobat Reader DC
Adobe Flash Player 27 ActiveX
Adobe Flash Player 27 NPAPI
Adobe Flash Player 28 PPAPI
Adobe Refresh Manager
Amazon Kindle
AMD Accelerated Video Transcoding
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Media Foundation Decoders
Apex Investing Toolkit for NinjaTrader
Asmedia ASM106x SATA Host Controller Driver
Brother HL-5250DN
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Cisco WebEx Meetings
Corel PaintShop Pro X6
Creative Content
CrystalDiskMark 3.0.2f
DC-Bass Source 1.3.0
Definition Update for Microsoft Office 2010 (KB3115475) 32-Bit Edition
Digital Coupon Printer
DirectVobSub 2.40.4209
DirectXInstallService
DivX Setup
Dropbox
EMCGadgets64
ERUNT 1.1j
ESET Online Scanner v3
ffdshow
ffdshow v1.1.4399 [2012-03-22]
FOREX.com US
FOREXTraderPro
Fuze Meeting
FXCM MetaTrader 4
FXCM Trading Station
Ghostery
Google Chrome
Google Earth Plug-in
Google Update Helper
GoTo Opener
GoToMeeting 8.23.0.8557
GWX Control Panel
HL-5450DN
Hubb Client Data Manager
IBFX MT4
ICA
Integrated Investor
Intel(R) Management Engine Components
Intel(R) Network Connections 18.1.59.0
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Intel(R) SDK for OpenCL - CPU Only Runtime Package
Intel(R) USB 3.0 eXtensible Host Controller Driver
Intel® Trusted Connect Service Client
IPM_PSP_COM64
iSEEK AnswerWorks English Runtime
Java 8 Update 121
Java 8 Update 131
Java Auto Updater
Jing
Lagarith Lossless Codec (1.3.27)
LAME v3.99.3 (for Windows)
LogMeIn
LogMeIn Client
Message+
MetaTrader 4 at FOREX.com
Microsoft .NET Framework 4.6.1
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Business 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server Compact 4.0 x64 ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215
Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.24215
Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.24215
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Moyea FLV Player version 1.6.2.2
Mozilla Firefox 50.0 (x86 en-US)
Mozilla Firefox 58.0.2 (x64 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MySpeed v5.5.3
NETGEAR WNDA3100v2 wireless USB 2.0 driver
NEW HAMPSHIRE ASSOCIATION REALTORS FORMS
NinjaTrader 7
NinjaTrader 8
Nitro Reader 3
OBS Studio
OpenOffice 4.1.1
OpenSource Flash Video Splitter 1.0.0.5
PipStrider III
PrimoPDF -- brought to you by Nitro PDF Software
PSPPContent
PSPPHelp
PSPPro64
Quicken
Quicken 2012
Quicken 2015
Quicken WillMaker Plus 2012
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer Cloud
Realtek High Definition Audio Driver
RealUpgrade 1.1
Replay Video Capture 7
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio RecordNow 10 Music Lab
Roxio Update Manager
Samsung Magician
Security Update for Microsoft .NET Framework 4.6.1 (KB3122661)
Security Update for Microsoft .NET Framework 4.6.1 (KB3127233)
Security Update for Microsoft .NET Framework 4.6.1 (KB3136000)
Security Update for Microsoft .NET Framework 4.6.1 (KB3136000v2)
Security Update for Microsoft .NET Framework 4.6.1 (KB3142037)
Security Update for Microsoft .NET Framework 4.6.1 (KB3143693)
Security Update for Microsoft .NET Framework 4.6.1 (KB3164025)
Security Update for Microsoft Access 2010 (KB3101544) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB3114414) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553313) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553338) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2837599) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2881029) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2956063) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB3054984) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB3085528) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB3101520) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB3118389) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB3191908) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB3213626) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB3213631) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB4011618) 32-Bit Edition
Security Update for Microsoft OneNote 2010 (KB3114885) 32-Bit Edition
Security Update for Microsoft Outlook 2010 (KB4011196) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB3128027) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB3141537) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB3114872) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2999465) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2965313) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB4011614) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Setup
SHARP MX/DX Series PCL/PS Printer Driver
Simpler Trading Early In-N-Out Indicator TS 1.0
Simpler Trading PSAR Bars Indicator TS 1.0
Skype Click to Call
Skype version 8.12
Sonic CinePlayer Decoder Pack
Speccy
ST_HOLB_LOHB Indicator
ST_MTF_Trend Indicator for Tradestation
StreetSmart Edge®
SUPERAntiSpyware
TeamViewer 12
thinkorswim
Top Producer Outlook Sync
tradable-forex.com 64.2
Trade Navigator
TradeStation 9.5
TTM Squeeze 2.2
TTM Squeeze Radar 3.2
TTM Voodoo Lines
Update for Microsoft .NET Framework 4.6.1 (KB3210136)
Update for Microsoft .NET Framework 4.6.1 (KB4040973)
Update for Microsoft .NET Framework 4.6.1 (KB4041778)
Update for Microsoft Excel 2010 (KB2589348) 32-Bit Edition
Update for Microsoft Excel 2010 (KB4011617) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2999508) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553140) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553347) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553388) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589318) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589386) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597089) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687275) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2791057) 32-Bit Edition
Update for Microsoft Office 2010 (KB2881030) 32-Bit Edition
Update for Microsoft Office 2010 (KB2883019) 32-Bit Edition
Update for Microsoft Office 2010 (KB2889828) 32-Bit Edition
Update for Microsoft Office 2010 (KB2910896) 32-Bit Edition
Update for Microsoft Office 2010 (KB3054873) 32-Bit Edition
Update for Microsoft Office 2010 (KB3054886) 32-Bit Edition
Update for Microsoft Office 2010 (KB3055042) 32-Bit Edition
Update for Microsoft Office 2010 (KB3055047) 32-Bit Edition
Update for Microsoft Office 2010 (KB3114555) 32-Bit Edition
Update for Microsoft Office 2010 (KB3128031) 32-Bit Edition
Update for Microsoft Office 2010 (KB4011188) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2956075) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2760779) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553308) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2880517) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
UpdateService
VC_CRT_x64
VC80CRTRedist - 8.0.50727.6195
VD64Inst
VectorVest 7
Video Downloader
VIP Access
VisualTour Studio
VLC media player
VT Remote Support
VTTrader
WinPcap 4.1.3
WinZip 20.0
Wisdom-soft ScreenHunter 6.0 Free
WST-40
Xvid Video Codec
zipForm6
Zoom
.
==== Event Viewer Messages From Past Week ========
.
3/26/2018 6:46:17 PM, Error: NETLOGON [3095]  - This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration.
3/26/2018 6:45:24 PM, Error: Service Control Manager [7000]  - The Acronis Sync Agent Service service failed to start due to the following error:  The pipe has been ended.
3/26/2018 6:45:15 PM, Error: Schannel [36887]  - The following fatal alert was received: 70.
3/26/2018 6:45:14 PM, Error: Service Control Manager [7034]  - The VIPAppService service terminated unexpectedly.  It has done this 1 time(s).
3/26/2018 6:45:14 PM, Error: Service Control Manager [7034]  - The RealPlayer Update Service service terminated unexpectedly.  It has done this 1 time(s).
3/26/2018 6:45:14 PM, Error: Service Control Manager [7034]  - The RealPlayer Cloud Service service terminated unexpectedly.  It has done this 1 time(s).
3/26/2018 6:45:14 PM, Error: Service Control Manager [7034]  - The RealNetworks Downloader Resolver Service service terminated unexpectedly.  It has done this 1 time(s).
3/26/2018 6:45:14 PM, Error: Service Control Manager [7034]  - The Protexis Licensing V2 x64 service terminated unexpectedly.  It has done this 1 time(s).
3/26/2018 6:45:14 PM, Error: Service Control Manager [7034]  - The Office Software Protection Platform service terminated unexpectedly.  It has done this 1 time(s).
3/26/2018 6:45:14 PM, Error: Service Control Manager [7034]  - The NitroPDFReaderDriverCreatorReadSpool3 service terminated unexpectedly.  It has done this 1 time(s).
3/26/2018 6:45:14 PM, Error: Service Control Manager [7034]  - The LogMeIn Maintenance Service service terminated unexpectedly.  It has done this 1 time(s).
3/26/2018 6:45:14 PM, Error: Service Control Manager [7034]  - The Intel(R) Dynamic Application Loader Host Interface Service service terminated unexpectedly.  It has done this 1 time(s).
3/26/2018 6:45:14 PM, Error: Service Control Manager [7031]  - The WSWNDA3100v2 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
3/26/2018 6:45:14 PM, Error: Service Control Manager [7031]  - The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/26/2018 6:45:14 PM, Error: Service Control Manager [7031]  - The SAS Core Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.
3/26/2018 6:45:14 PM, Error: Service Control Manager [7031]  - The Acronis Sync Agent Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
3/26/2018 6:45:14 PM, Error: Service Control Manager [7031]  - The Acronis Nonstop Backup Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
3/26/2018 6:45:13 PM, Error: Service Control Manager [7034]  - The WebEx Service Host for Support Center service terminated unexpectedly.  It has done this 1 time(s).
3/26/2018 6:45:13 PM, Error: Service Control Manager [7034]  - The Intel(R) PROSet Monitoring Service service terminated unexpectedly.  It has done this 1 time(s).
3/26/2018 6:45:13 PM, Error: Service Control Manager [7034]  - The DTSAudioSvc service terminated unexpectedly.  It has done this 1 time(s).
3/26/2018 6:45:13 PM, Error: Service Control Manager [7034]  - The ASUS Com Service service terminated unexpectedly.  It has done this 1 time(s).
3/26/2018 6:45:13 PM, Error: Service Control Manager [7034]  - The AMD External Events Utility service terminated unexpectedly.  It has done this 1 time(s).
3/26/2018 6:45:13 PM, Error: Service Control Manager [7034]  - The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).
3/26/2018 6:45:13 PM, Error: Service Control Manager [7031]  - The Intel(R) Capability Licensing Service Interface service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
3/26/2018 6:45:13 PM, Error: Service Control Manager [7031]  - The Acronis Scheduler2 Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
3/25/2018 1:20:42 PM, Error: Schannel [36887]  - The following fatal alert was received: 40.
.
==== End Of File ===========================


I did not know how to disconnect from the internet, but DID disable Microsoft Security Essentials for the scans.  It's just been a few days, but my Chrome browser opens to this default; and even if I change the shortcut, it puts this Target back as the address to open. 

« Last Edit: March 28, 2018, 07:20:21 AM by kevinf80 »

*

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • 7695
Hello PGB and welcome to SpywareHammer,

Continue with the following:

Download Malwarebytes version 3 from the following link:

https://www.malwarebytes.com/mwb-download/thankyou/

Double click on the installer and follow the prompts. If necessary select the Blue Help tab for video instructions....

When the install completes and is updated do the following:

Open Malwarebytes, select > "settings" > "protection tab"

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Go back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes deal with any found entries...

To get the log from Malwarebytes do the following:

  • Click on the Report tab > from main interface.
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have two options:

      Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
      Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
     

  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…

Next,

Download AdwCleaner by Malwarebytes onto your Desktop.

Or from this Mirror

  • Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all the active processes
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply

Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...

  • Double-click to run it. When the tool opens click Yes to disclaimer.
    (Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"



  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt)  Please attach that log to your reply.
Let me see those logs in your next reply,

Kevin...


*

Offline PGB

  • Bronze Member
  • 387
 Hi Kevin,
After the first scan: MB, the redirect was no longer in my Chrome browser.
All scans completed; Reports below:
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 3/27/18
Scan Time: 1:55 PM
Log File: 0adace20-31e8-11e8-9171-74d02b954d43.json
Administrator: Yes

-Software Information-
Version: 3.4.4.2398
Components Version: 1.0.322
Update Package Version: 1.0.4512
License: Premium

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Phyllis-PC\Phyllis

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 318273
Threats Detected: 36
Threats Quarantined: 36
Time Elapsed: 4 min, 43 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 12
PUP.Optional.Spigot.Generic, C:\USERS\PHYLLIS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Extension Settings\bpdibfmlbajfnmckeilfabebmijjdfob, Quarantined, [227], [495178],1.0.4512
PUP.Optional.Spigot.Generic, C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpdibfmlbajfnmckeilfabebmijjdfob\6.4_0\_locales\en, Quarantined, [227], [495178],1.0.4512
PUP.Optional.Spigot.Generic, C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpdibfmlbajfnmckeilfabebmijjdfob\6.4_0\html\popup, Quarantined, [227], [495178],1.0.4512
PUP.Optional.Spigot.Generic, C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpdibfmlbajfnmckeilfabebmijjdfob\6.4_0\_metadata, Quarantined, [227], [495178],1.0.4512
PUP.Optional.Spigot.Generic, C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpdibfmlbajfnmckeilfabebmijjdfob\6.4_0\js\popup, Quarantined, [227], [495178],1.0.4512
PUP.Optional.Spigot.Generic, C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpdibfmlbajfnmckeilfabebmijjdfob\6.4_0\_locales, Quarantined, [227], [495178],1.0.4512
PUP.Optional.Spigot.Generic, C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpdibfmlbajfnmckeilfabebmijjdfob\6.4_0\newtab, Quarantined, [227], [495178],1.0.4512
PUP.Optional.Spigot.Generic, C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpdibfmlbajfnmckeilfabebmijjdfob\6.4_0\html, Quarantined, [227], [495178],1.0.4512
PUP.Optional.Spigot.Generic, C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpdibfmlbajfnmckeilfabebmijjdfob\6.4_0\css, Quarantined, [227], [495178],1.0.4512
PUP.Optional.Spigot.Generic, C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpdibfmlbajfnmckeilfabebmijjdfob\6.4_0\js, Quarantined, [227], [495178],1.0.4512
PUP.Optional.Spigot.Generic, C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpdibfmlbajfnmckeilfabebmijjdfob\6.4_0, Quarantined, [227], [495178],1.0.4512
PUP.Optional.Spigot.Generic, C:\USERS\PHYLLIS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\BPDIBFMLBAJFNMCKEILFABEBMIJJDFOB, Quarantined, [227], [495178],1.0.4512

File: 24
PUP.Optional.Spigot.Generic, C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bpdibfmlbajfnmckeilfabebmijjdfob\000003.log, Quarantined, [227], [495178],1.0.4512
PUP.Optional.Spigot.Generic, C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bpdibfmlbajfnmckeilfabebmijjdfob\CURRENT, Quarantined, [227], [495178],1.0.4512
PUP.Optional.Spigot.Generic, C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bpdibfmlbajfnmckeilfabebmijjdfob\LOCK, Quarantined, [227], [495178],1.0.4512
PUP.Optional.Spigot.Generic, C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bpdibfmlbajfnmckeilfabebmijjdfob\LOG, Quarantined, [227], [495178],1.0.4512
PUP.Optional.Spigot.Generic, C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bpdibfmlbajfnmckeilfabebmijjdfob\LOG.old, Quarantined, [227], [495178],1.0.4512
PUP.Optional.Spigot.Generic, C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bpdibfmlbajfnmckeilfabebmijjdfob\MANIFEST-000001, Quarantined, [227], [495178],1.0.4512
PUP.Optional.Spigot.Generic, C:\USERS\PHYLLIS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [227], [495178],1.0.4512
PUP.Optional.Spigot.Generic, C:\USERS\PHYLLIS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [227], [495178],1.0.4512
PUP.Optional.Spigot.Generic, C:\USERS\PHYLLIS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\BPDIBFMLBAJFNMCKEILFABEBMIJJDFOB\6.4_0\BACKGROUND.JS, Quarantined, [227], [495178],1.0.4512
PUP.Optional.Spigot.Generic, C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpdibfmlbajfnmckeilfabebmijjdfob\6.4_0\css\description.css, Quarantined, [227], [495178],1.0.4512
PUP.Optional.Spigot.Generic, C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpdibfmlbajfnmckeilfabebmijjdfob\6.4_0\css\popup.css, Quarantined, [227], [495178],1.0.4512
PUP.Optional.Spigot.Generic, C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpdibfmlbajfnmckeilfabebmijjdfob\6.4_0\html\popup\description.html, Quarantined, [227], [495178],1.0.4512
PUP.Optional.Spigot.Generic, C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpdibfmlbajfnmckeilfabebmijjdfob\6.4_0\html\popup\popup.html, Quarantined, [227], [495178],1.0.4512
PUP.Optional.Spigot.Generic, C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpdibfmlbajfnmckeilfabebmijjdfob\6.4_0\js\popup\popup.js, Quarantined, [227], [495178],1.0.4512
PUP.Optional.Spigot.Generic, C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpdibfmlbajfnmckeilfabebmijjdfob\6.4_0\js\userNewTab.js, Quarantined, [227], [495178],1.0.4512
PUP.Optional.Spigot.Generic, C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpdibfmlbajfnmckeilfabebmijjdfob\6.4_0\newtab\slim_product.html, Quarantined, [227], [495178],1.0.4512
PUP.Optional.Spigot.Generic, C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpdibfmlbajfnmckeilfabebmijjdfob\6.4_0\_locales\en\messages.json, Quarantined, [227], [495178],1.0.4512
PUP.Optional.Spigot.Generic, C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpdibfmlbajfnmckeilfabebmijjdfob\6.4_0\_metadata\computed_hashes.json, Quarantined, [227], [495178],1.0.4512
PUP.Optional.Spigot.Generic, C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpdibfmlbajfnmckeilfabebmijjdfob\6.4_0\_metadata\verified_contents.json, Quarantined, [227], [495178],1.0.4512
PUP.Optional.Spigot.Generic, C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpdibfmlbajfnmckeilfabebmijjdfob\6.4_0\after.js, Quarantined, [227], [495178],1.0.4512
PUP.Optional.Spigot.Generic, C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpdibfmlbajfnmckeilfabebmijjdfob\6.4_0\chromeRestore.js, Quarantined, [227], [495178],1.0.4512
PUP.Optional.Spigot.Generic, C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpdibfmlbajfnmckeilfabebmijjdfob\6.4_0\contentscript.js, Quarantined, [227], [495178],1.0.4512
PUP.Optional.Spigot.Generic, C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpdibfmlbajfnmckeilfabebmijjdfob\6.4_0\icon.png, Quarantined, [227], [495178],1.0.4512
PUP.Optional.Spigot.Generic, C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpdibfmlbajfnmckeilfabebmijjdfob\6.4_0\manifest.json, Quarantined, [227], [495178],1.0.4512

Physical Sector: 0
(No malicious items detected)

(end)
# AdwCleaner 7.0.8.0 - Logfile created on Tue Mar 27 18:14:09 2018
# Updated on 2018/08/02 by Malwarebytes
# Running on Windows 7 Professional (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

No malicious folders deleted.

***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

No malicious registry entries deleted.

***** [ Firefox (and derivatives) ] *****

Plugin deleted: BeFrugal.com Add-On -


***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [2212 B] - [2018/3/26 22:45:15]
C:/AdwCleaner/AdwCleaner[S0].txt - [1332 B] - [2015/5/27 14:41:33]
C:/AdwCleaner/AdwCleaner[S1].txt - [2211 B] - [2018/3/26 22:45:0]
C:/AdwCleaner/AdwCleaner[S2].txt - [1185 B] - [2018/3/27 18:13:20]


########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt ##########
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by Phyllis (administrator) on PHYLLIS-PC (27-03-2018 14:20:56)
Running from C:\Users\Phyllis\Desktop
Loaded Profiles: Phyllis (Available Profiles: Phyllis)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe
(Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
() C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(UltimateOutsider) C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Jing\Jing.exe
(Verizon) C:\Program Files (x86)\Verizon\Verizon Messages\WinVMAClient.exe
(Quicken Inc.) C:\Program Files (x86)\Quicken\bagent.exe
(Charles Schwab & Co., Inc.) C:\Program Files (x86)\Schwab\StreetSmart Edge\QuickLaunch.exe
(Enounce Incorporated) C:\Program Files (x86)\Enounce\MySpeed\MySpeed.exe
(Nico Mak Computing) C:\Program Files\WinZip\FAHWindow64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Enounce Incorporated) C:\Program Files (x86)\Enounce\MySpeed\MySpeedx64.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(Dropbox, Inc.) C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
(Wisdom Software Inc. ) C:\Program Files (x86)\Wisdom-soft ScreenHunter 6.0 Free\ScreenHunter.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Dropbox, Inc.) C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Dropbox, Inc.) C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\Dropbox.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-10-30] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-10-30] (Realtek Semiconductor)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [423424 2017-04-06] (LogMeIn, Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [518424 2013-07-18] (Acronis)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [GwxControlPanelMonitor] => C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe [4596296 2016-04-02] (UltimateOutsider)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-10-30] (Intel Corporation)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7805936 2014-02-04] (Acronis)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296520 2014-11-25] (RealNetworks, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe [244208 2008-06-04] (Sonic Solutions)
HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [560192 2014-10-29] ()
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2014-04-03] (DivX, LLC)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2678784 2011-10-18] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1102192 2013-10-10] (Acronis International GmbH)
HKLM-x32\...\Run: [Digital Coupon Print Driver] => "C:\Program Files (x86)\Digital Coupon Printer\DigitalCouponPrinter.exe"
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4249353033-2772040276-2529461727-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [8887216 2018-03-24] (SUPERAntiSpyware)
HKU\S-1-5-21-4249353033-2772040276-2529461727-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-4249353033-2772040276-2529461727-1000\...\Run: [Dropbox Update] => C:\Users\Phyllis\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
HKU\S-1-5-21-4249353033-2772040276-2529461727-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8455960 2015-08-19] (Piriform Ltd)
HKU\S-1-5-21-4249353033-2772040276-2529461727-1000\...\Run: [Jing] => C:\Program Files (x86)\TechSmith\Jing\Jing.exe [2911224 2015-09-11] (TechSmith Corporation)
HKU\S-1-5-21-4249353033-2772040276-2529461727-1000\...\Run: [Zoom] => [X]
HKU\S-1-5-21-4249353033-2772040276-2529461727-1000\...\Run: [AutoStartVMA] => C:\Program Files (x86)\Verizon\Verizon Messages\WinVMAClient.exe [12900864 2015-09-10] (Verizon)
HKU\S-1-5-21-4249353033-2772040276-2529461727-1000\...\Run: [QuickenScheduledUpdates] => C:\Program Files (x86)\Quicken\bagent.exe [77216 2018-03-01] (Quicken Inc.)
HKU\S-1-5-21-4249353033-2772040276-2529461727-1000\...\Run: [QuickLaunch] => C:\Program Files (x86)\Schwab\StreetSmart Edge\QuickLaunch.exe [12800 2017-09-28] (Charles Schwab & Co., Inc.)
HKU\S-1-5-21-4249353033-2772040276-2529461727-1000\...\Run: [3xAV] => C:\Program Files (x86)\Enounce\MySpeed\MySpeed.exe [1345288 2016-08-06] (Enounce Incorporated)
HKU\S-1-5-21-4249353033-2772040276-2529461727-1000\...\RunOnce: [Application Restart #4] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1589592 2018-03-20] (Google Inc.)
HKU\S-1-5-21-4249353033-2772040276-2529461727-1000\...\MountPoints2: {45fba176-e451-11e4-8343-74d02b954d43} - E:\VZW_Software_upgrade_assistant.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2015-11-28]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAHConsole.exe (Nico Mak Computing)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Genie.lnk [2017-11-01]
ShortcutTarget: NETGEAR WNDA3100v2 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk [2014-11-25]
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2015-11-28]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
Startup: C:\Users\Phyllis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2018-03-16]
ShortcutTarget: Dropbox.lnk -> C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Phyllis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ScreenHunter 6.0 Free.lnk [2015-07-18]
ShortcutTarget: ScreenHunter 6.0 Free.lnk -> C:\Program Files (x86)\Wisdom-soft ScreenHunter 6.0 Free\ScreenHunter.exe (Wisdom Software Inc. )

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{73BD1BBB-596A-4971-BC51-8CBFF9CB11DB}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{906C322D-095E-4E70-BD0A-65C0605C3904}: [DhcpNameServer] 192.168.1.1 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com 
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-4249353033-2772040276-2529461727-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.stevebrownsellshomes.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4249353033-2772040276-2529461727-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2014-10-27] (RealDownloader)
BHO: Ghostery Plugin -> {6BF739DD-3323-4C6A-975B-C7E00A50B154} -> C:\Program Files (x86)\Ghostery\bin\ghostery64.dll [2015-10-30] (Ghostery, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2014-10-27] (RealDownloader)
BHO-x32: Ghostery Plugin -> {6BF739DD-3323-4C6A-975B-C7E00A50B154} -> C:\Program Files (x86)\Ghostery\bin\ghostery.dll [2015-10-30] (Ghostery, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-04-23] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-23] (Oracle Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://tradestation.webex.com/client/T29LSP12/support/ieatgpc1.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File

FireFox:
========
FF DefaultProfile: 3hyawouq.default-1384237558205
FF ProfilePath: C:\Users\Phyllis\AppData\Roaming\Mozilla\Firefox\Profiles\3hyawouq.default-1384237558205 [2018-03-27]
FF Homepage: Mozilla\Firefox\Profiles\3hyawouq.default-1384237558205 -> hxxp://www.stevebrownsellshomes.com
FF Extension: (Name) - C:\Users\Phyllis\AppData\Roaming\Mozilla\Firefox\Profiles\3hyawouq.default-1384237558205\Extensions\firefox@ghostery.com.xpi [2018-03-14]
FF Extension: (LogMeIn, Inc. Remote Access Plugin) - C:\Users\Phyllis\AppData\Roaming\Mozilla\Firefox\Profiles\3hyawouq.default-1384237558205\Extensions\LogMeInClient@logmein.com [2014-11-04] [Legacy] [not signed]
FF Extension: (BeFrugal.com Add-On) - C:\Users\Phyllis\AppData\Roaming\Mozilla\Firefox\Profiles\3hyawouq.default-1384237558205\Extensions\shopcbtoolbar2@befrugal.com.xpi [2017-11-13]
FF HKLM-x32\...\Firefox\Extensions: [{338950EA-82DB-44C1-930D-0C28E023C9F0}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: (RealDownloader) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-11-25] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_183.dll [2017-10-25] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-04] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_183.dll [2017-10-25] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2013-09-17] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-04-17] (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-23] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll [2012-10-30] (Nitro PDF)
FF Plugin-x32: @real.com/nppl3260;version=17.0.15.10 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2014-11-25] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.15 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-10-27] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.15.10 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2014-11-25] (RealPlayer Cloud)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-02-11] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4249353033-2772040276-2529461727-1000: @fuzebox.com/Fuze Meeting NPAPI Plugin,version=1.0.0.1 -> C:\Users\Phyllis\AppData\Local\Fuze Box\Fuze Meeting\npfuzeshare.dll [2014-01-03] ( )
FF Plugin HKU\S-1-5-21-4249353033-2772040276-2529461727-1000: @zoom.us/ZoomVideoPlugin -> C:\Users\Phyllis\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2018-01-14] (Zoom Video Communications, Inc.)
FF Plugin HKU\S-1-5-21-4249353033-2772040276-2529461727-1000: tdameritrade.com/thinkorswim -> C:\Program Files\thinkorswim\npthinkorswim.dll [2017-12-18] (TD Ameritrade)
FF Plugin HKU\S-1-5-21-4249353033-2772040276-2529461727-1000: tdameritrade.com/tossc -> C:\Program Files\thinkorswim\nptossc.dll [2017-12-18] (TD Ameritrade)
FF Plugin ProgramFiles/Appdata: C:\Users\Phyllis\AppData\Roaming\mozilla\plugins\npatgpc.dll [2015-01-09] (Cisco WebEx LLC)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.bing.com/?pc=U223
CHR Profile: C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default [2018-03-27]
CHR Extension: (Simpler Stocks Scan |) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaicobaocdlncdhcklmnphpmjffmghob [2016-04-26]
CHR Extension: (Pivot Point Calculator) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\adckbcbemgpnbckkbjdegdopigjjhoeb [2016-04-24]
CHR Extension: (StartPage Search Engine) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aikpehchfofgobeobmadodfnilfliilj [2016-06-27]
CHR Extension: (Google Drive) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (Weekly Cash Cow - Member Login) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\appdnjpbjlahjibbhkhcfficfldlcjcd [2016-05-05]
CHR Extension: (Quicken Screen Share) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgpaeeojilnknmcpkoppclocpdfpndbj [2017-12-26]
CHR Extension: (YouTube) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Forex Calendar @ Forex Factory) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\dglhmekaggonnpbognlfcnnabebknldc [2016-04-24]
CHR Extension: (Adobe Acrobat) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-11-28]
CHR Extension: (Calendars) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgneolchnmgmjgmflbljpmpkkoppldmo [2016-04-24]
CHR Extension: (Currency Strength | OANDA) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhfbhgebkmkkhlelnnkckobmfgkmnlhm [2016-04-24]
CHR Extension: (S&P Sector ETFs: PerfChart - StockCha...) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\filojfaapjokpiofafmflpckdkebblae [2016-04-24]
CHR Extension: (Settlements) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gambdkmfggikanaggdmdgnoblnklgeip [2016-04-24]
CHR Extension: (Google Docs Offline) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (L.E.A.R.N. - Home) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\holhjbkmljlkpccmmdlgihhepkjfbfbn [2016-04-26]
CHR Extension: (Current affairs, news, comment & opin...) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihndkeilecppfbeonkaheljeebmiocml [2016-04-24]
CHR Extension: (Grid Sight Index (GSI)) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmocpdkllnfapolgmkadcnbjefgfheh [2016-07-21]
CHR Extension: (Cisco WebEx Extension) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2017-07-17]
CHR Extension: (Skype) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-12-04]
CHR Extension: (High Short Interest Stocks) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkoaoafekeppdolfkjhcfjdemggbgmhk [2016-04-24]
CHR Extension: (Market 24h clock) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\llionicoenlbfmjhkdiniialfjehakla [2016-04-24]
CHR Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2018-03-09]
CHR Extension: (CME Equity Indexces) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nanhfabblgagneapjkdfmnblnkbhipmi [2016-04-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-25]
CHR Extension: (Piotroski) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbgafeoiddlojnjfkhcmglidbahecah [2016-04-24]
CHR Extension: (Pivot Points Calculator - Trading Res...) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\npcbogaenjnidfhhbpmallcnhjbolknh [2016-04-24]
CHR Extension: (Gmail) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
CHR Extension: (Chrome Media Router) - C:\Users\Phyllis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-22]
CHR HKU\S-1-5-21-4249353033-2772040276-2529461727-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-04-05] (SUPERAntiSpyware.com)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe [927232 2012-10-29] ()
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [249856 2011-11-15] (Brother Industries, Ltd.) [File not signed]
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [240584 2013-10-30] (DTS, Inc)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [419304 2018-03-06] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [525288 2018-03-06] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2013-04-30] (LogMeIn, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6440736 2018-03-03] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2012-10-30] (Nitro PDF Software)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-10-26] ()
R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-11-25] (RealNetworks, Inc.)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [31856 2014-10-30] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2018-03-01] (TeamViewer GmbH)
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [73768 2017-08-17] (Symantec Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WSWNDA3100v2; C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [307928 2013-12-30] ()

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [47512 2013-01-10] (Asmedia Technology)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-21] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2013-10-30] ()
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [496400 2013-02-26] (Intel Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [76200 2018-01-18] ()
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-07] (Intel Corporation)
R2 LMIInfo; C:\Windows\system32\drivers\LMIInfo.sys [30432 2017-01-11] (LogMeIn, Inc.)
S4 LMIRfsClientNP; no ImagePath
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193248 2018-03-27] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [109800 2018-03-27] (Malwarebytes)
R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [45960 2018-03-27] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-03-27] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [92280 2018-03-27] (Malwarebytes)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2014-12-11] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [198432 2014-12-11] (Acronis International GmbH)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2014-12-11] (Acronis International GmbH)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-27 14:20 - 2018-03-27 14:21 - 000033481 _____ C:\Users\Phyllis\Desktop\FRST.txt
2018-03-27 14:20 - 2018-03-27 14:20 - 000000000 ____D C:\FRST
2018-03-27 14:19 - 2018-03-27 14:19 - 002403328 _____ (Farbar) C:\Users\Phyllis\Downloads\FRST64.exe
2018-03-27 14:19 - 2018-03-27 14:19 - 002403328 _____ (Farbar) C:\Users\Phyllis\Desktop\FRST64.exe
2018-03-27 14:15 - 2018-03-27 14:15 - 000045960 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-03-27 14:11 - 2018-03-27 14:12 - 008222496 _____ (Malwarebytes) C:\Users\Phyllis\Downloads\adwcleaner_7.0.8.0.exe
2018-03-27 14:10 - 2018-03-27 14:11 - 071454832 _____ (Malwarebytes ) C:\Users\Phyllis\Downloads\mb3-setup-consumer-3.4.4.2398-1.0.322-1.0.4488 (2).exe
2018-03-27 13:54 - 2018-03-27 14:15 - 000109800 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-03-27 13:54 - 2018-03-27 14:15 - 000092280 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-03-27 13:54 - 2018-03-27 13:54 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-03-27 13:54 - 2018-03-27 13:54 - 000193248 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-03-27 13:54 - 2018-03-27 13:54 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-03-27 13:54 - 2018-03-27 13:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-03-27 13:54 - 2018-01-18 09:03 - 000076200 _____ C:\Windows\system32\Drivers\mbae64.sys
2018-03-27 13:53 - 2018-03-27 13:53 - 071454832 _____ (Malwarebytes ) C:\Users\Phyllis\Downloads\mb3-setup-consumer-3.4.4.2398-1.0.322-1.0.4488.exe
2018-03-27 13:53 - 2018-03-27 13:53 - 071454832 _____ (Malwarebytes ) C:\Users\Phyllis\Downloads\mb3-setup-consumer-3.4.4.2398-1.0.322-1.0.4488 (1).exe
2018-03-27 10:54 - 2018-03-27 10:54 - 000358904 _____ C:\Users\Phyllis\Downloads\Deposit copy and supporting doc's.pdf
2018-03-26 20:27 - 2018-03-26 20:27 - 000149830 _____ C:\Users\Phyllis\Downloads\Home Features_for Approval.pdf
2018-03-26 20:26 - 2018-03-26 20:26 - 000114216 _____ C:\Users\Phyllis\Downloads\What we love about this home.pdf
2018-03-26 19:40 - 2018-03-26 19:40 - 000000485 _____ C:\Users\Phyllis\Downloads\134347_7a86dc880dd3c0a589c3ec553f86c669.ics
2018-03-26 18:55 - 2018-03-27 14:18 - 000000000 ____D C:\Users\Phyllis\Desktop\SWH
2018-03-26 18:54 - 2018-03-26 19:05 - 000022704 _____ C:\Users\Phyllis\Desktop\dds.txt
2018-03-26 17:38 - 2018-03-26 17:38 - 000000414 _____ C:\Users\Phyllis\Downloads\The+Options+JumpStarter (1).ics
2018-03-26 17:30 - 2018-03-26 17:30 - 000026904 _____ C:\Users\Phyllis\Downloads\Feedback from 3-26 1215PM.pdf
2018-03-26 17:26 - 2018-03-26 17:26 - 000013769 _____ C:\Users\Phyllis\Downloads\Scanned from a Xerox Multifunction Printer (1).pdf
2018-03-25 16:33 - 2018-03-25 16:33 - 000000495 _____ C:\Users\Phyllis\Downloads\134538_7a86dc880dd3c0a589c3ec553f86c669.ics
2018-03-25 16:29 - 2018-03-25 16:29 - 000087617 _____ C:\Users\Phyllis\Downloads\ReferralExchange Referral Form.pdf
2018-03-25 12:53 - 2018-03-25 12:53 - 000000347 _____ C:\Users\Phyllis\Downloads\The+Options+JumpStarter.ics
2018-03-25 08:13 - 2018-03-25 08:13 - 000527466 _____ C:\Users\Phyllis\Downloads\brownteam@stevebrownsellshomes.com_20180325_074526.pdf
2018-03-24 23:55 - 2017-12-14 09:03 - 000001310 _____ C:\Users\Phyllis\Desktop\Skype.lnk
2018-03-23 15:43 - 2018-03-23 15:43 - 000145900 _____ C:\Users\Phyllis\Downloads\28 Heritage Cir. ALTA.pdf
2018-03-23 15:43 - 2018-03-23 15:43 - 000027492 _____ C:\Users\Phyllis\Downloads\28 Heritage Closing Check.pdf
2018-03-23 15:15 - 2018-03-23 15:15 - 000004243 _____ C:\Users\Phyllis\Downloads\simulacrum.jnlp
2018-03-23 14:37 - 2018-03-23 14:37 - 000209096 _____ C:\Users\Phyllis\Downloads\Deed for 26 Woodland Ave, Manchester NH (1).pdf
2018-03-23 14:37 - 2018-03-23 14:37 - 000197133 _____ C:\Users\Phyllis\Downloads\Deed referenced (1).pdf
2018-03-23 14:15 - 2018-03-23 14:17 - 000197133 _____ C:\Users\Phyllis\Downloads\Deed referenced.pdf
2018-03-23 14:07 - 2018-03-23 14:07 - 000209096 _____ C:\Users\Phyllis\Downloads\Deed for 26 Woodland Ave, Manchester NH.pdf
2018-03-23 13:57 - 2018-03-23 13:57 - 000002655 _____ C:\Users\Phyllis\Downloads\HiIndex.jnlp
2018-03-21 22:47 - 2018-03-21 22:47 - 000147990 _____ C:\Users\Phyllis\Downloads\brownteam@stevebrownsellshomes.com_20180321_221930.pdf
2018-03-21 18:38 - 2018-03-21 18:38 - 000020158 _____ C:\Users\Phyllis\Downloads\Scanned from a Xerox Multifunction Printer.pdf
2018-03-19 17:16 - 2018-03-19 17:16 - 000000495 _____ C:\Users\Phyllis\Downloads\134326_7a86dc880dd3c0a589c3ec553f86c669.ics
2018-03-19 14:48 - 2018-03-19 14:48 - 000269825 _____ C:\Users\Phyllis\Downloads\brownteam@stevebrownsellshomes.com_20180319_133748.pdf
2018-03-19 14:43 - 2018-03-19 14:43 - 000238269 _____ C:\Users\Phyllis\Downloads\12A April Court Disclosures.pdf
2018-03-19 13:19 - 2018-03-19 13:19 - 000001658 _____ C:\Users\Phyllis\Downloads\event (1).ics
2018-03-19 10:24 - 2018-03-19 10:24 - 000041096 _____ C:\Users\Phyllis\Downloads\3695_180318213245_001.pdf
2018-03-18 20:52 - 2018-03-18 20:52 - 000057053 _____ C:\Users\Phyllis\Downloads\Notice re Litigation (1).pdf
2018-03-18 20:51 - 2018-03-18 20:51 - 000057053 _____ C:\Users\Phyllis\Downloads\Notice re Litigation.pdf
2018-03-18 19:38 - 2018-03-18 19:38 - 000027476 _____ C:\Users\Phyllis\Downloads\Feedbacks for 3-18-18.pdf
2018-03-18 16:33 - 2018-03-18 16:33 - 000125256 _____ C:\Users\Phyllis\Downloads\brownteam@stevebrownsellshomes.com_20180318_154452.pdf
2018-03-18 16:32 - 2018-03-18 16:32 - 000125050 _____ C:\Users\Phyllis\Downloads\brownteam@stevebrownsellshomes.com_20180318_154435.pdf
2018-03-18 16:04 - 2018-03-18 16:04 - 003919058 _____ C:\Users\Phyllis\Downloads\hl7guide-1-5-2014-11.pdf
2018-03-18 15:54 - 2018-03-18 15:54 - 000054690 _____ C:\Users\Phyllis\Downloads\hep307approved.pdf
2018-03-18 15:05 - 2018-03-18 15:05 - 000660210 _____ C:\Users\Phyllis\Downloads\59 Greenside Way, Methuen (1).pdf
2018-03-18 15:01 - 2018-03-18 15:01 - 000660210 _____ C:\Users\Phyllis\Downloads\59 Greenside Way, Methuen.pdf
2018-03-18 11:46 - 2018-03-18 11:46 - 000184167 _____ C:\Users\Phyllis\Downloads\Homes under $450,000, 1st fl master and CA last year.pdf
2018-03-16 21:54 - 2018-03-16 21:54 - 001584988 _____ C:\Users\Phyllis\Downloads\Seller'sDisclosureForm.pdf
2018-03-16 21:29 - 2018-03-16 21:29 - 000149215 _____ C:\Users\Phyllis\Downloads\Joseph M. Luszoz_591100.pdf
2018-03-16 14:48 - 2018-03-16 14:48 - 000000000 ____D C:\Users\Phyllis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-03-16 13:37 - 2018-03-16 13:37 - 002319173 _____ C:\Users\Phyllis\Downloads\Comcast Discount flyer.pdf
2018-03-16 13:22 - 2018-03-16 13:22 - 001543242 _____ C:\Users\Phyllis\Downloads\Insight305 April Ad (3).pdf
2018-03-16 11:17 - 2018-03-16 22:17 - 000000000 _____ C:\Users\Phyllis\Desktop\LOG
2018-03-15 11:31 - 2018-03-15 11:31 - 003359190 _____ C:\Users\Phyllis\Downloads\CovenantsandRestrictions.pdf
2018-03-15 11:31 - 2018-03-15 11:31 - 000080288 _____ C:\Users\Phyllis\Downloads\MapofLot (1).pdf
2018-03-15 11:31 - 2018-03-15 11:31 - 000050729 _____ C:\Users\Phyllis\Downloads\PatriotPropertiesAssessor'scard.pdf
2018-03-15 11:24 - 2018-03-15 11:24 - 000080288 _____ C:\Users\Phyllis\Downloads\MapofLot.pdf
2018-03-15 11:22 - 2018-03-15 11:22 - 000368907 _____ C:\Users\Phyllis\Downloads\TourFlyer4157882.pdf
2018-03-15 10:53 - 2018-03-15 10:54 - 001530178 _____ C:\Users\Phyllis\Downloads\Insight305 April Ad (2).pdf
2018-03-15 10:51 - 2018-03-15 10:51 - 001530178 _____ C:\Users\Phyllis\Downloads\Insight305 April Ad.pdf
2018-03-15 10:51 - 2018-03-15 10:51 - 001530178 _____ C:\Users\Phyllis\Downloads\Insight305 April Ad (1).pdf
2018-03-15 10:05 - 2018-03-15 10:05 - 000002439 _____ C:\Users\Phyllis\Desktop\Calendar.lnk
2018-03-11 03:03 - 2018-03-27 10:15 - 000003500 _____ C:\Windows\System32\Tasks\ReclaimerUpdateXML_Phyllis
2018-03-11 03:03 - 2018-03-27 03:15 - 000003506 _____ C:\Windows\System32\Tasks\ReclaimerUpdateFiles_Phyllis
2018-03-11 03:03 - 2018-03-11 03:03 - 000003624 _____ C:\Windows\System32\Tasks\RNUpgradeHelperResumePrompt_Phyllis
2018-03-11 03:03 - 2018-03-11 03:03 - 000003218 _____ C:\Windows\System32\Tasks\RNUpgradeHelperLogonPrompt_Phyllis
2018-03-09 12:42 - 2018-03-23 02:08 - 000000000 ____D C:\Users\Phyllis\AppData\Local\GoToMeeting
2018-03-05 10:40 - 2018-03-05 10:40 - 000276808 _____ C:\Windows\Minidump\030518-16161-01.dmp
2018-02-25 11:41 - 2018-02-25 11:41 - 000276808 _____ C:\Windows\Minidump\022518-16286-01.dmp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-27 14:20 - 2013-11-04 16:25 - 000000000 ____D C:\Users\Phyllis\AppData\Local\CrashDumps
2018-03-27 14:19 - 2009-07-14 01:13 - 000788424 _____ C:\Windows\system32\PerfStringBackup.INI
2018-03-27 14:19 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf
2018-03-27 14:16 - 2014-01-28 19:29 - 000000988 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2018-03-27 14:15 - 2015-07-18 12:39 - 000000000 ____D C:\Users\Phyllis\Documents\SCREENHUNTER
2018-03-27 14:15 - 2013-11-04 17:55 - 000000000 ____D C:\Users\Phyllis\AppData\Roaming\Nitro PDF
2018-03-27 14:14 - 2015-05-27 10:37 - 000000000 ____D C:\AdwCleaner
2018-03-27 14:14 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-03-27 14:14 - 2009-07-14 00:45 - 000022096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-03-27 14:14 - 2009-07-14 00:45 - 000022096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-03-27 14:08 - 2013-10-30 18:58 - 000000000 ____D C:\Users\Phyllis
2018-03-27 13:55 - 2015-06-20 16:28 - 000000926 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-4249353033-2772040276-2529461727-1000UA.job
2018-03-27 13:48 - 2014-02-25 20:00 - 000000546 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-4249353033-2772040276-2529461727-1000.job
2018-03-27 12:46 - 2015-05-30 15:54 - 000000642 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-4249353033-2772040276-2529461727-1000.job
2018-03-27 12:06 - 2014-06-20 07:15 - 000000000 ____D C:\Users\Phyllis\AppData\Local\Deployment
2018-03-27 12:06 - 2013-11-05 11:45 - 000000000 ____D C:\Users\Phyllis\Documents\Outlook Files
2018-03-27 10:57 - 2016-11-17 23:35 - 000000000 ____D C:\Users\Phyllis\AppData\LocalLow\Mozilla
2018-03-27 10:30 - 2016-11-17 23:32 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-03-27 09:43 - 2016-11-01 15:17 - 000000598 _____ C:\Windows\Tasks\TradeStation Backup - Daily.job
2018-03-27 02:06 - 2013-11-24 02:05 - 000000000 ____D C:\Program Files (x86)\TradeStation Archives
2018-03-27 01:54 - 2013-11-12 16:37 - 000000000 ____D C:\ProgramData\LogMeIn
2018-03-26 21:55 - 2015-06-20 16:28 - 000000874 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-4249353033-2772040276-2529461727-1000Core.job
2018-03-26 21:24 - 2013-11-04 10:29 - 000000000 ____D C:\Users\Phyllis\AppData\Roaming\PrimoPDF
2018-03-26 19:05 - 2015-01-27 19:06 - 000015921 _____ C:\Users\Phyllis\Desktop\attach.txt
2018-03-26 18:46 - 2015-01-30 23:35 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2018-03-26 18:39 - 2016-12-29 19:59 - 000000000 ____D C:\Users\Phyllis\AppData\LocalLow\Ghostery
2018-03-24 23:55 - 2015-01-03 13:47 - 000000000 ____D C:\Users\Phyllis\Desktop\19 Southgate Drive  Glastonbury CT  06073
2018-03-24 14:15 - 2013-11-04 10:08 - 000000000 ____D C:\ProgramData\VisualTour
2018-03-24 14:15 - 2013-11-04 10:01 - 000000000 ____D C:\Program Files (x86)\vtstudio
2018-03-24 08:11 - 2016-11-01 15:17 - 000000602 _____ C:\Windows\Tasks\TradeStation Backup - Weekly.job
2018-03-23 02:08 - 2015-05-30 15:54 - 000003680 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-4249353033-2772040276-2529461727-1000
2018-03-23 02:08 - 2014-02-25 20:00 - 000003584 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-4249353033-2772040276-2529461727-1000
2018-03-21 20:24 - 2013-12-06 10:21 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-03-21 20:03 - 2013-11-03 18:32 - 000000000 ____D C:\Program Files (x86)\Replay Video Capture 7
2018-03-19 10:21 - 2013-11-04 09:52 - 000000404 _____ C:\Windows\Tasks\EasyShare Registration Task.job
2018-03-18 20:08 - 2013-11-04 16:39 - 000000000 ___RD C:\Users\Phyllis\Dropbox
2018-03-16 14:48 - 2013-11-04 16:35 - 000000000 ____D C:\Users\Phyllis\AppData\Roaming\Dropbox
2018-03-16 11:20 - 2018-02-18 17:33 - 000000000 ____D C:\ProgramData\Quicken
2018-03-15 23:07 - 2009-07-14 01:32 - 000000000 ____D C:\Windows\system32\FxsTmp
2018-03-14 10:04 - 2017-10-26 10:20 - 000000971 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2018-03-14 10:04 - 2014-06-13 18:54 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-03-06 10:41 - 2013-11-12 16:37 - 000114688 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
2018-03-06 10:41 - 2013-11-12 16:37 - 000109024 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll
2018-03-06 10:41 - 2013-11-12 16:37 - 000000000 ____D C:\Program Files (x86)\LogMeIn
2018-03-05 10:40 - 2015-02-19 23:06 - 000000000 ____D C:\Windows\Minidump
2018-03-04 14:03 - 2016-11-01 15:17 - 000000606 _____ C:\Windows\Tasks\TradeStation Backup - Monthly.job
2018-02-28 21:31 - 2013-11-04 17:19 - 000000000 ____D C:\Users\Phyllis\AppData\Local\Quicken WillMaker Plus 2012
2018-02-28 13:45 - 2016-05-24 15:38 - 000000000 ____D C:\Users\Phyllis\AppData\Local\HockeyCrashes
2018-02-28 12:31 - 2014-12-27 09:02 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2018-02-25 11:54 - 2015-07-14 07:35 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

==================== Files in the root of some directories =======

2016-12-01 13:59 - 2016-11-30 13:02 - 000012542 _____ () C:\Program Files (x86)\Common Files\client.wyc
2013-11-11 13:37 - 2013-11-29 13:49 - 000005116 _____ () C:\Users\Phyllis\AppData\Roaming\AutoTagLog.log
2013-11-11 13:06 - 2014-05-05 14:39 - 000009510 _____ () C:\Users\Phyllis\AppData\Roaming\RegistrationLog.log
2014-05-05 12:17 - 2014-05-05 14:38 - 000001132 _____ () C:\Users\Phyllis\AppData\Roaming\ReplayConverterLog.log
2013-11-11 13:06 - 2013-11-30 01:15 - 000051684 _____ () C:\Users\Phyllis\AppData\Roaming\ReplayMusicLog.log
2013-11-01 16:47 - 2013-11-01 16:47 - 000000320 _____ () C:\Users\Phyllis\AppData\Roaming\SEC517874.trad
2013-11-01 16:29 - 2017-12-01 23:48 - 000000320 _____ () C:\Users\Phyllis\AppData\Roaming\SEC540721.trad
2013-11-11 14:44 - 2013-11-11 14:45 - 000000874 _____ () C:\Users\Phyllis\AppData\Roaming\VideoPadlockLog.log
2014-12-26 21:12 - 2014-12-27 08:12 - 000000063 _____ () C:\Users\Phyllis\AppData\Roaming\WB.CFG
2013-10-30 20:32 - 2014-10-17 09:20 - 000007605 _____ () C:\Users\Phyllis\AppData\Local\resmon.resmoncfg
2013-11-11 14:24 - 2014-12-13 10:33 - 000293012 _____ () C:\Users\Phyllis\AppData\Local\rx_audio.Cache
2013-11-11 14:24 - 2014-11-30 14:15 - 000008424 _____ () C:\Users\Phyllis\AppData\Local\rx_image32.Cache

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-03-19 00:54

==================== End of FRST.txt ============================

*

Offline PGB

  • Bronze Member
  • 387
Continued from prev post:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by Phyllis (27-03-2018 14:21:16)
Running from C:\Users\Phyllis\Desktop
Windows 7 Professional Service Pack 1 (X64) (2013-10-30 22:58:57)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4249353033-2772040276-2529461727-500 - Administrator - Disabled)
Guest (S-1-5-21-4249353033-2772040276-2529461727-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4249353033-2772040276-2529461727-1002 - Limited - Enabled)
Phyllis (S-1-5-21-4249353033-2772040276-2529461727-1000 - Administrator - Enabled) => C:\Users\Phyllis

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acronis True Image 2014 (HKLM-x32\...\{6B38A7DF-F641-45D5-BBCA-3E676ABCF5C8}) (Version: 17.0.6673 - Acronis) Hidden
Acronis True Image 2014 (HKLM-x32\...\{6B38A7DF-F641-45D5-BBCA-3E676ABCF5C8}Visible) (Version: 17.0.6673 - Acronis)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20038 - Adobe Systems Incorporated)
Adobe Flash Player 27 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 27.0.0.183 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.183 - Adobe Systems Incorporated)
Adobe Flash Player 28 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 28.0.0.137 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-4249353033-2772040276-2529461727-1000\...\Amazon Kindle) (Version: 1.16.0.44025 - Amazon)
AMD Catalyst Install Manager (HKLM\...\{9AB0D5B6-4779-8C4F-CA91-A1FEDB56D7EC}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
Apex Investing Toolkit for NinjaTrader (HKU\S-1-5-21-4249353033-2772040276-2529461727-1000\...\dc645619e58c18cf) (Version: 1.0.1.28 - Apex Investing)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.4.001 - Asmedia Technology)
Brother HL-5250DN (HKLM-x32\...\{3F49A711-98A9-4EB9-8B23-57B323F6DA4F}) (Version: 1.00 - Brother)
CCleaner (HKLM\...\CCleaner) (Version: 5.09 - Piriform)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Corel PaintShop Pro X6 (HKLM-x32\...\_{166D1CB6-DD8A-40DD-9E25-4D31D2D6DE4D}) (Version: 16.2.0.20 - Corel Corporation)
Creative Content (HKLM-x32\...\_{696F7D83-CB87-471A-A37A-E09F758733C9}) (Version: 1.0.0.103 - Corel Corporation) Hidden
Creative Content (HKLM-x32\...\{696F7D83-CB87-471A-A37A-E09F758733C9}) (Version: 1.0.0.103 - Corel Corporation) Hidden
CrystalDiskMark 3.0.2f (HKLM\...\CrystalDiskMark_is1) (Version: 3.0.2f - Crystal Dew World)
DC-Bass Source 1.3.0 (HKLM-x32\...\DC-Bass Source) (Version:  - )
Digital Coupon Printer (HKLM-x32\...\{2CDD20A5-DFDE-4AC0-97DD-F60B1196BF98}) (Version: 3.50.0.0 - Hopster, Inc. an Inmar company)
DirectVobSub 2.40.4209 (HKLM-x32\...\vsfilter_is1) (Version: 2.40.4209 - MPC-HC Team)
DirectXInstallService (HKLM-x32\...\{098122AB-C605-4853-B441-C0A4EB359B75}) (Version: 9.0.2 - Roxio) Hidden
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.8 - DivX, LLC)
Dropbox (HKU\S-1-5-21-4249353033-2772040276-2529461727-1000\...\Dropbox) (Version: 45.4.92 - Dropbox, Inc.)
EMCGadgets64 (HKLM\...\{02AD9D20-03D2-4DE0-8793-E8253026AD86}) (Version: 1.1.138 - Sonic) Hidden
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version:  - Lars Hederer)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
ffdshow (HKLM-x32\...\ffdshow) (Version: 20051124 - Milan Cutka)
ffdshow v1.1.4399 [2012-03-22] (HKLM-x32\...\ffdshow_is1) (Version: 1.1.4399.0 - )
FOREX.com US (HKLM-x32\...\FOREX.com US) (Version: 4.00 - MetaQuotes Software Corp.)
FOREXTraderPro (HKU\S-1-5-21-4249353033-2772040276-2529461727-1000\...\1df0cdb088182ccc) (Version: 3.2.0.28 - FOREXTraderPro)
Fuze Meeting (HKLM-x32\...\{88F800EE-C2E3-49F1-9A61-DB1EE6DD4245}) (Version: 14.1.3326 - Fuze Box, Inc.)
FXCM MetaTrader 4 (HKLM-x32\...\FXCM MetaTrader 4) (Version: 4.00 - MetaQuotes Software Corp.)
FXCM Trading Station (HKLM-x32\...\{494367EC-82A9-4C0D-A788-74A967998E8C}) (Version: 011415 - FXCM) Hidden
FXCM Trading Station (HKLM-x32\...\FXCM Trading Station) (Version: 011415 - )
FXCM Trading Station (HKLM-x32\...\FXTS2) (Version:  - Forex Capital Markets, LLC ("FXCM LLC"))
Ghostery (HKLM-x32\...\Ghostery) (Version:  - Ghostery Inc)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GoTo Opener (HKLM-x32\...\{351B54B2-1AFC-42A7-A8C0-9E05C26F0D1E}) (Version: 1.0.470 - LogMeIn, Inc.)
GoToMeeting 8.23.0.8557 (HKU\S-1-5-21-4249353033-2772040276-2529461727-1000\...\GoToMeeting) (Version: 8.23.0.8557 - LogMeIn, Inc.)
GWX Control Panel (HKLM-x32\...\UltimateOutsider_GwxControlPanel) (Version:  - UltimateOutsider)
HL-5450DN (HKLM-x32\...\{7171B206-5C5A-4B7F-B9E1-1F1827FC769F}) (Version: 1.0.2.0 - Brother Industries, Ltd.)
Hubb Client Data Manager (HKLM-x32\...\{703B26AD-FE4C-4BB8-B34F-A9DF70664534}) (Version: 1.2.0 - Hubb Financial)
IBFX MT4 (HKLM-x32\...\IBFX MT4) (Version: 4.00 - MetaQuotes Software Corp.)
ICA (HKLM-x32\...\{166D1CB6-DD8A-40DD-9E25-4D31D2D6DE4D}) (Version: 16.0.0.113 - Corel Corporation) Hidden
Integrated Investor (HKLM-x32\...\Integrated Investor) (Version:  - )
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Network Connections 18.1.59.0 (HKLM\...\PROSetDX) (Version: 18.1.59.0 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3186 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
IPM_PSP_COM64 (HKLM\...\{1678F86C-889D-4198-8249-F4625058256B}) (Version: 16.0.0.113 - Corel Corporation) Hidden
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Jing (HKLM-x32\...\{8C784F8B-89D0-4A59-A000-7EEF129E1574}) (Version: 2.9.15255.1 - TechSmith Corporation)
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version:  - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LogMeIn (HKLM-x32\...\{53E10F4E-B361-45D7-8DBD-A6BF073236F0}) (Version: 4.1.3430 - LogMeIn, Inc.)
LogMeIn Client (HKLM-x32\...\{26F88B15-E5F0-47D2-8176-1A9312DD44AD}) (Version: 1.3.1648 - LogMeIn, Inc.)
Malwarebytes version 3.4.4.2398 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.4.2398 - Malwarebytes)
Message+ (HKLM-x32\...\{c828830f-53d4-4a2f-ad5a-0b86574bce11}) (Version: 1.0.17.0 - Verizon)
Message+ (HKLM-x32\...\{EBFB7F60-1DF5-47B5-BCF6-8182CB9350D8}) (Version: 1.0.17.0 - Verizon) Hidden
MetaTrader 4 at FOREX.com (HKLM-x32\...\MetaTrader 4 at FOREX.com) (Version: 4.00 - MetaQuotes Software Corp.)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 x64 ENU (HKLM\...\{8424B163-D1E0-48B7-88A2-C7A61767B3D7}) (Version: 4.0.8482.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Moyea FLV Player version 1.6.2.2 (HKLM-x32\...\{6882B3A9-AB98-4ABA-A623-2979FBEA5F9F}_is1) (Version:  - )
Mozilla Firefox 50.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.0 (x86 en-US)) (Version: 50.0 - Mozilla)
Mozilla Firefox 59.0.2 (x64 en-US) (HKU\S-1-5-21-4249353033-2772040276-2529461727-1000\...\Mozilla Firefox 59.0.2 (x64 en-US)) (Version: 59.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.0.0.6152 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MySpeed v5.5.3 (HKLM-x32\...\{0E71BBAE-7AF7-44EB-85F8-2C5C0E4E8950}) (Version: 5.05.0430 - Enounce Incorporated)
NETGEAR WNDA3100v2 wireless USB 2.0 driver (HKLM-x32\...\{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}) (Version: 2.2.0.4 - NETGEAR)
NEW HAMPSHIRE ASSOCIATION REALTORS FORMS (HKLM-x32\...\{73602FD6-3749-461D-870C-D171C510191A}) (Version: ANH00-NH - )
NinjaTrader 7 (HKLM-x32\...\{83F6014E-8E15-48D6-9FFB-D05B6DF6D07A}) (Version: 7.0.1035 - NinjaTrader)
NinjaTrader 8 (HKLM-x32\...\{1215CF1D-9364-449D-B80C-28924E210513}) (Version: 8.0.9.0 - NinjaTrader, LLC)
Nitro Reader 3 (HKLM\...\{3C1F302A-CC25-488D-9C24-A76B95BC916F}) (Version: 3.0.6.3 - Nitro)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 18.0.1 - OBS Project)
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
OpenSource Flash Video Splitter 1.0.0.5 (HKLM-x32\...\OpenSource Flash Video Splitter) (Version: 1.0.0.5 - )
PipStrider III (HKLM-x32\...\PipStrider III) (Version:  - )
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
PSPPContent (HKLM-x32\...\{162BD2D6-6C63-41A7-8151-93188450D36A}) (Version: 16.0.0.113 - Corel Corporation) Hidden
PSPPHelp (HKLM-x32\...\{16346B2A-87BC-407C-9D6B-72A4D21ABF03}) (Version: 16.0.0.113 - Corel Corporation) Hidden
PSPPro64 (HKLM\...\{16582334-495C-4F1C-A66B-3BFD8866B674}) (Version: 16.2.0.20 - Corel Corporation) Hidden
Quicken (HKLM-x32\...\{62D93E3E-2F8E-42BD-9343-896F4F0031D3}) (Version: 27.1.6.12 - Quicken)
Quicken 2012 (HKLM-x32\...\{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}) (Version: 21.1.7.18 - Intuit)
Quicken 2015 (HKLM-x32\...\{00C2D443-43D9-4550-ABEA-318288E23E57}) (Version: 24.1.15.10 - Intuit)
Quicken WillMaker Plus 2012 (HKLM-x32\...\{2B21DAC6-647F-497F-918F-9A389EE24C1D}) (Version: 1.0.0.0 - Nolo)
RealDownloader (HKLM-x32\...\{6FCD4D5A-20B9-4D79-ABA5-4E7048944025}) (Version: 17.0.15.4 - RealNetworks, Inc.) Hidden
RealDownloader (HKLM-x32\...\{e6171278-8759-449d-9e0b-c1825debc2ad}) (Version: 17.0.15.7 - RealNetworks) Hidden
RealDownloader (HKLM-x32\...\{FBEFDC9E-F8FB-4B66-A78B-09B7B380D59D}) (Version: 17.0.15.7 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM-x32\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM\...\{21E47F47-C9A7-4454-BA48-388327B0EA00}) (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM-x32\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.15 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (HKLM-x32\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Replay Video Capture 7 (HKLM-x32\...\Replay Video Capture7.2) (Version: 7.2 - Applian Technologies Inc.)
Roxio RecordNow 10 Music Lab (HKLM-x32\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.1 - Roxio)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Setup (HKLM-x32\...\{16006EE1-DDB7-4E5F-8696-9FEF32C0151A}) (Version: 16.0.0.113 - Corel Corporation) Hidden
SHARP MX/DX Series PCL/PS Printer Driver (HKLM-x32\...\SHARP MX-2300 2700 3500 4500 Series PCL PS Printer Driver) (Version: 1.00.000 - SHARP)
Simpler Trading Early In-N-Out Indicator TS 1.0 (HKLM-x32\...\Simpler Trading Early In-N-Out Indicator TS_is1) (Version:  - Simpler Options, LLC)
Simpler Trading PSAR Bars Indicator TS 1.0 (HKLM-x32\...\PSAR Bars Indicator TS_is1) (Version:  - Simpler Options, LLC)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype version 8.12 (HKLM-x32\...\Skype_is1) (Version: 8.12 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (HKLM-x32\...\{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}) (Version: 4.3.0 - Sonic Solutions) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
ST_HOLB_LOHB Indicator (HKLM-x32\...\ST_HOLB_LOHB Indicator) (Version:  - )
ST_MTF_Trend Indicator for Tradestation (HKLM-x32\...\ST_MTF_Trend Indicator for Tradestation) (Version:  - )
StreetSmart Edge® (HKLM-x32\...\{5646676A-5A97-4B66-BE71-1B1770AD982B}) (Version: 1.52.112.0 - Schwab)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1170 - SUPERAntiSpyware.com)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.95388 - TeamViewer)
thinkorswim (HKLM\...\9968-4488-2169-7623) (Version: desktop - thinkorswim, Inc)
thinkorswim (HKLM-x32\...\9968-4488-2169-7623) (Version: desktop - thinkorswim, Inc)
Top Producer Outlook Sync (HKU\S-1-5-21-4249353033-2772040276-2529461727-1000\...\5E8B0024369F4848DBEB633280341FF9559FB93B) (Version: 1.500.6.0 - Top Producer Systems)
tradable-forex.com 64.2 (HKLM\...\7537-7025-0761-0789) (Version: 64.2 - Tradable)
Trade Navigator (HKLM-x32\...\{384A95F1-EDDA-4BBE-BC6B-7FAA886380F6}) (Version:  - )
TradeStation 9.5 (HKLM-x32\...\{E02A3EE0-1193-454C-8E59-BDFCE6EC7B22}) (Version: 9.05.00.3070 - TradeStation Technologies)
TTM Squeeze 2.2 (HKLM-x32\...\TTM Squeeze_is1) (Version:  - TradeTheMarkets.com)
TTM Squeeze Radar 3.2 (HKLM-x32\...\TTM Squeeze Radar_is1) (Version:  - TradeTheMarkets.com)
TTM Voodoo Lines (HKLM-x32\...\{6F988572-FE9A-48DB-B4B8-0F7C825E164D}) (Version: 1.0.0 - Trade The Markets)
UpdateService (HKLM-x32\...\{E3AE96D6-E196-45B4-AF62-2B41998B9E37}) (Version: 1.0.0 - RealNetworks, Inc.) Hidden
VC_CRT_x64 (HKLM\...\{54F2237F-018C-483B-8884-9FC0D88840C3}) (Version: 1.02.0000 - Intel Corporation) Hidden
VC80CRTRedist - 8.0.50727.6195 (HKLM-x32\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
VD64Inst (HKLM\...\{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}) (Version: 1.00.0000 - Roxio, Inc.) Hidden
VectorVest 7 (HKLM-x32\...\{04996b42-3644-41a7-8d57-0a93d811cdd6}) (Version: 1.33.39.0 - VectorVest, Inc.)
Video Downloader (HKLM-x32\...\{62796191-6F12-4ABE-BA8B-B4D4A266C997}) (Version: 1.0.0 - RealNetworks) Hidden
VIP Access (HKLM-x32\...\{58594A65-ACD7-41A2-B6ED-2597777F2850}) (Version: 2.2.4.44 - Symantec Corporation)
VisualTour Studio (HKLM-x32\...\VisualTour Studio) (Version: 5 - TRF Systems, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
VT Remote Support (HKLM-x32\...\VT Remote Support) (Version:  - TRF Systems, Inc.)
VTTrader (HKU\S-1-5-21-4249353033-2772040276-2529461727-1000\...\VTTrader) (Version:  - VT Systems, LLC)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinZip 20.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240EF}) (Version: 20.0.11659 - WinZip Computing, S.L. )
Wisdom-soft ScreenHunter 6.0 Free (HKLM-x32\...\Wisdom-soft ScreenHunter 6.0 Free) (Version:  - Wisdom Software Inc.)
WST-40 (HKLM-x32\...\WST-40) (Version:  - )
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
zipForm6 (HKLM-x32\...\zipForm6) (Version: 1.0.0.0 - )
Zoom (HKU\S-1-5-21-4249353033-2772040276-2529461727-1000\...\ZoomUMX) (Version: 4.1 - Zoom Video Communications, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4249353033-2772040276-2529461727-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4249353033-2772040276-2529461727-1000_Classes\CLSID\{0C3BA0B1-BC14-4B55-98DC-F1E913C1DA10}\InprocServer32 -> C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\ActiveX64.ocx (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-4249353033-2772040276-2529461727-1000_Classes\CLSID\{6FFA7438-3E00-4176-9717-B3BBE2E704AB}\InprocServer32 -> C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\ActiveX64.ocx (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-4249353033-2772040276-2529461727-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Phyllis\AppData\Local\GoToMeeting\8473\G2MOutlookAddin64.dll (LogMeIn, Inc.)
CustomCLSID: HKU\S-1-5-21-4249353033-2772040276-2529461727-1000_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader64.dll ()
CustomCLSID: HKU\S-1-5-21-4249353033-2772040276-2529461727-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4249353033-2772040276-2529461727-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4249353033-2772040276-2529461727-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4249353033-2772040276-2529461727-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4249353033-2772040276-2529461727-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4249353033-2772040276-2529461727-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4249353033-2772040276-2529461727-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4249353033-2772040276-2529461727-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4249353033-2772040276-2529461727-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4249353033-2772040276-2529461727-1000_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4249353033-2772040276-2529461727-1000_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4249353033-2772040276-2529461727-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers1: [RXDCExtSvr] -> {0FB82570-BB2D-23D3-8D3B-AC2F34F1FA3C} => C:\Program Files\Roxio\Virtual Drive 10\DC_ShellExt64.dll [2008-06-04] (Sonic Solutions)
ContextMenuHandlers1: [VersionsPageShellExt] -> {9E42900A-85F9-4E67-9778-575FBBA0A81C} => C:\Program Files (x86)\Acronis\TrueImageHome\x64\versions_page.dll [2013-10-01] (Acronis)
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-10-27] (WinZip Computing, S.L.)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers2: [RXDCExtSvr] -> {0FB82570-BB2D-23D3-8D3B-AC2F34F1FA3C} => C:\Program Files\Roxio\Virtual Drive 10\DC_ShellExt64.dll [2008-06-04] (Sonic Solutions)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => c:\program files (x86)\real\realplayer\RPDS\Bin64\rpcloudview.dll [2014-11-25] (RealNetworks, Inc.)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers4: [MSSE] -> {0365FE2C-F183-4091-AC82-BFC39FB75C49} =>  -> No File
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-10-27] (WinZip Computing, S.L.)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2013-03-28] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2013-10-30] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes)
ContextMenuHandlers6: [RXDCExtSvr] -> {0FB82570-BB2D-23D3-8D3B-AC2F34F1FA3C} => C:\Program Files\Roxio\Virtual Drive 10\DC_ShellExt64.dll [2008-06-04] (Sonic Solutions)
ContextMenuHandlers6: [VersionsPageShellExt] -> {9E42900A-85F9-4E67-9778-575FBBA0A81C} => C:\Program Files (x86)\Acronis\TrueImageHome\x64\versions_page.dll [2013-10-01] (Acronis)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-10-27] (WinZip Computing, S.L.)
ContextMenuHandlers1_S-1-5-21-4249353033-2772040276-2529461727-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-4249353033-2772040276-2529461727-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-4249353033-2772040276-2529461727-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\DropboxExt64.19.0.dll [2018-03-15] (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03970E84-CCF6-4B48-A9C0-7803EDB5B339} - System32\Tasks\{F285408E-6340-48E8-8567-8CFC779B39C4} => C:\Windows\system32\pcalua.exe -a "C:\Users\Phyllis\Downloads\setup (1).exe" -d C:\Users\Phyllis\Desktop
Task: {0C58EF15-7C83-4E37-A302-20E1D4793A67} - System32\Tasks\G2MUploadTask-S-1-5-21-4249353033-2772040276-2529461727-1000 => C:\Users\Phyllis\AppData\Local\GoToMeeting\8557\g2mupload.exe [2018-03-23] (LogMeIn, Inc.)
Task: {0EA47489-62E6-4709-99BA-66D1AFCCD17D} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
Task: {104BFFA3-8D3F-4E8B-B6BA-50450F7173D0} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4249353033-2772040276-2529461727-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-10-30] (RealNetworks, Inc.)
Task: {14A0E01C-55D7-4BA2-8C91-7BD6B4072102} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-11-14] (Microsoft Corporation)
Task: {278ECCB2-3499-42F2-9932-2F00765682F9} - System32\Tasks\RNUpgradeHelperLogonPrompt_Phyllis => C:\Users\Phyllis\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.10\agent\rnupgagent.exe [2018-03-11] (RealNetworks, Inc.)
Task: {3D2A9C4C-C675-44E7-8AE9-8178159C23DE} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {5142EE16-48D0-4870-AFC0-11E502500E27} - System32\Tasks\ReclaimerUpdateFiles_Phyllis => C:\Users\Phyllis\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.10\agent\rnupgagent.exe [2018-03-11] (RealNetworks, Inc.)
Task: {55A4C3F5-F875-490B-960B-A0590F416F48} - System32\Tasks\ReclaimerUpdateXML_Phyllis => C:\Users\Phyllis\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.10\agent\rnupgagent.exe [2018-03-11] (RealNetworks, Inc.)
Task: {5BC74EEB-B0DA-4FB8-A7C6-CA9ED698284E} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4249353033-2772040276-2529461727-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-10-30] (RealNetworks, Inc.)
Task: {5D0A6D45-CECE-43FF-95E0-2CF0C4578420} - System32\Tasks\EasyShare Registration Task => C:\Windows\system32\rundll32.exe C:\PROGRA~3\Kodak\EasyShareSetup\$REGIS~1\Registration_7.8.30.2.sxt _RegistrationOffer@16
Task: {62E77929-74EE-461C-BF29-739C5A93C7FB} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-4249353033-2772040276-2529461727-1000UA => C:\Users\Phyllis\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {654F60EE-4D8C-49CB-9897-2BC66DFF3839} - System32\Tasks\Reset ShopAtHome BAC => C:\Users\Phyllis\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\SahProcessManager.exe
Task: {671016DE-7FD1-45D7-8616-5AA78CBD137C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {68065003-4CEE-4C43-8B2E-F663DC468E37} - System32\Tasks\RNUpgradeHelperResumePrompt_Phyllis => C:\Users\Phyllis\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.10\agent\rnupgagent.exe [2018-03-11] (RealNetworks, Inc.)
Task: {7D8A25D5-05DE-4462-8B90-398546991B2C} - System32\Tasks\G2MUpdateTask-S-1-5-21-4249353033-2772040276-2529461727-1000 => C:\Users\Phyllis\AppData\Local\GoToMeeting\8557\g2mupdate.exe [2018-03-23] (LogMeIn, Inc.)
Task: {7EEF134E-7F51-40CB-9AE9-0F018639A344} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {8AC15A7B-8059-4E37-B2F2-6D8501F8E00A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {8F9B5592-92D9-42F3-91DF-F23C74CAEA8C} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-4249353033-2772040276-2529461727-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2014-10-27] (RealNetworks, Inc.)
Task: {AFA255DF-144F-45BA-98C1-6B378F7865F5} - System32\Tasks\{CDFDC4BD-99CB-4BAE-B95C-45EFEB402EE3} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\ZipLogix\zipForm6\zipForm6.exe" -d "C:\Program Files (x86)\ZipLogix\zipForm6\"
Task: {B1445166-F976-4E4F-AFAF-F00C3EEF638D} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-4249353033-2772040276-2529461727-1000Core => C:\Users\Phyllis\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {B6E67598-5D24-4A0A-8721-26C4444174B4} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {C2683BFA-65C4-43E1-820A-FD51378326A9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-08-19] (Piriform Ltd)
Task: {CA9A7DC0-957D-4652-ACAC-9DF6FDADBFDE} - System32\Tasks\TradeStation Backup - Daily => C:\Program Files (x86)\TradeStation 9.5\Program\TSBackupRestore.exe [2016-11-09] (TradeStation Technologies, Inc.)
Task: {D262C010-D0D2-460C-A0C1-EA472F29EF24} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {D921D931-A870-4D7E-804A-A31599D9C9CE} - System32\Tasks\TradeStation Backup - Weekly => C:\Program Files (x86)\TradeStation 9.5\Program\TSBackupRestore.exe [2016-11-09] (TradeStation Technologies, Inc.)
Task: {E137B890-2F62-4666-8EC6-149196902095} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [2014-10-29] ()
Task: {E87990BC-9F4F-48CC-833C-096E4FCCCC56} - System32\Tasks\TradeStation Backup - Monthly => C:\Program Files (x86)\TradeStation 9.5\Program\TSBackupRestore.exe [2016-11-09] (TradeStation Technologies, Inc.)
Task: {F782181F-8FE6-4E65-B40F-2684B181F028} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_28_0_0_137_pepper.exe [2018-01-23] (Adobe Systems Incorporated)
Task: {F9B2832A-FC22-4F03-A52B-0DC537799576} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-4249353033-2772040276-2529461727-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2014-10-27] (RealNetworks, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-4249353033-2772040276-2529461727-1000Core.job => C:\Users\Phyllis\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-4249353033-2772040276-2529461727-1000UA.job => C:\Users\Phyllis\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\EasyShare Registration Task.job => rundll32.exe  C:\PROGRA~3\Kodak\EasyShareSetup\$REGIS~1\Registration_7.8.30.2.sxt
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-4249353033-2772040276-2529461727-1000.job => C:\Users\Phyllis\AppData\Local\GoToMeeting\8557\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-4249353033-2772040276-2529461727-1000.job => C:\Users\Phyllis\AppData\Local\GoToMeeting\8557\g2mupload.exe
Task: C:\Windows\Tasks\TradeStation Backup - Daily.job => C:\Program Files (x86)\TradeStation 9.5\Program\TSBackupRestore.exeK/Backup C:\Program Files (x86)\TradeStation 9.5\Templates\Backup\Daily.tsb
Task: C:\Windows\Tasks\TradeStation Backup - Monthly.job => C:\Program Files (x86)\TradeStation 9.5\Program\TSBackupRestore.exeM/Backup C:\Program Files (x86)\TradeStation 9.5\Templates\Backup\Monthly.tsb
Task: C:\Windows\Tasks\TradeStation Backup - Weekly.job => C:\Program Files (x86)\TradeStation 9.5\Program\TSBackupRestore.exeL/Backup C:\Program Files (x86)\TradeStation 9.5\Templates\Backup\Weekly.tsb

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Phyllis\Desktop\Calendar.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --win-jumplist-action=recently-closed hxxps://www.topproducer8i.com/15.8000.00.04/Calendar/CalendarLanding.aspx?view_id=1&plDate=3/14/2018%2010:11:33%20PM&assigned_to_id={01829190-3b47-4637-ad7c-4d1c1cbec748}
ShortcutWithArgument: C:\Users\Phyllis\Desktop\Calendars.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=fgneolchnmgmjgmflbljpmpkkoppldmo
ShortcutWithArgument: C:\Users\Phyllis\Desktop\CME Equity Indexces.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=nanhfabblgagneapjkdfmnblnkbhipmi
ShortcutWithArgument: C:\Users\Phyllis\Desktop\Currency Strength _ OANDA.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=fhfbhgebkmkkhlelnnkckobmfgkmnlhm
ShortcutWithArgument: C:\Users\Phyllis\Desktop\Current affairs, news, comment & opin.._.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=ihndkeilecppfbeonkaheljeebmiocml
ShortcutWithArgument: C:\Users\Phyllis\Desktop\Forex Calendar @ Forex Factory.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=dglhmekaggonnpbognlfcnnabebknldc
ShortcutWithArgument: C:\Users\Phyllis\Desktop\Grid Sight Index (GSI).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=jfmocpdkllnfapolgmkadcnbjefgfheh
ShortcutWithArgument: C:\Users\Phyllis\Desktop\High Short Interest Stocks.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=lkoaoafekeppdolfkjhcfjdemggbgmhk
ShortcutWithArgument: C:\Users\Phyllis\Desktop\L.E.A.R.N. - Home.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=holhjbkmljlkpccmmdlgihhepkjfbfbn
ShortcutWithArgument: C:\Users\Phyllis\Desktop\Market 24h clock.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=llionicoenlbfmjhkdiniialfjehakla
ShortcutWithArgument: C:\Users\Phyllis\Desktop\Piotroski.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=nnbgafeoiddlojnjfkhcmglidbahecah
ShortcutWithArgument: C:\Users\Phyllis\Desktop\Pivot Point Calculator (1).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=adckbcbemgpnbckkbjdegdopigjjhoeb
ShortcutWithArgument: C:\Users\Phyllis\Desktop\Pivot Point Calculator.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=adckbcbemgpnbckkbjdegdopigjjhoeb
ShortcutWithArgument: C:\Users\Phyllis\Desktop\Pivot Points Calculator - Trading Res.._.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=npcbogaenjnidfhhbpmallcnhjbolknh
ShortcutWithArgument: C:\Users\Phyllis\Desktop\S&P Sector ETFs_ PerfChart - StockCha.._.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=filojfaapjokpiofafmflpckdkebblae
ShortcutWithArgument: C:\Users\Phyllis\Desktop\Simpler Stocks Scan _.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=aaicobaocdlncdhcklmnphpmjffmghob
ShortcutWithArgument: C:\Users\Phyllis\Desktop\StartPage Search Engine.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=aikpehchfofgobeobmadodfnilfliilj
ShortcutWithArgument: C:\Users\Phyllis\Desktop\Weekly Cash Cow - Member Login.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=appdnjpbjlahjibbhkhcfficfldlcjcd
ShortcutWithArgument: C:\Users\Phyllis\Desktop\Trading\VectorVest U.S..lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.vectorvest.com/VVLogin/License.aspx?type=1
ShortcutWithArgument: C:\Users\Phyllis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fuze Meeting\Fuze Meeting .lnk -> C:\Users\Phyllis\AppData\Local\Fuze Box\Fuze Meeting\Fuze_Meeting.exe (Fuze Box Inc.) -> hxxps://www.fuzemeeting.com/fuze
ShortcutWithArgument: C:\Users\Phyllis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Calendars.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=fgneolchnmgmjgmflbljpmpkkoppldmo
ShortcutWithArgument: C:\Users\Phyllis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\CME Equity Indexces.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=nanhfabblgagneapjkdfmnblnkbhipmi
ShortcutWithArgument: C:\Users\Phyllis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Currency Strength _ OANDA.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=fhfbhgebkmkkhlelnnkckobmfgkmnlhm
ShortcutWithArgument: C:\Users\Phyllis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Current affairs, news, comment & opin.._.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=ihndkeilecppfbeonkaheljeebmiocml
ShortcutWithArgument: C:\Users\Phyllis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Forex Calendar @ Forex Factory.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=dglhmekaggonnpbognlfcnnabebknldc
ShortcutWithArgument: C:\Users\Phyllis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Grid Sight Index (GSI) (1).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=jfmocpdkllnfapolgmkadcnbjefgfheh
ShortcutWithArgument: C:\Users\Phyllis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Grid Sight Index (GSI).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=jfmocpdkllnfapolgmkadcnbjefgfheh
ShortcutWithArgument: C:\Users\Phyllis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\High Short Interest Stocks.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=lkoaoafekeppdolfkjhcfjdemggbgmhk
ShortcutWithArgument: C:\Users\Phyllis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\L.E.A.R.N. - Home.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=holhjbkmljlkpccmmdlgihhepkjfbfbn
ShortcutWithArgument: C:\Users\Phyllis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Market 24h clock.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=llionicoenlbfmjhkdiniialfjehakla
ShortcutWithArgument: C:\Users\Phyllis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Piotroski.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=nnbgafeoiddlojnjfkhcmglidbahecah
ShortcutWithArgument: C:\Users\Phyllis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Pivot Point Calculator (1).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=adckbcbemgpnbckkbjdegdopigjjhoeb
ShortcutWithArgument: C:\Users\Phyllis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Pivot Point Calculator.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=adckbcbemgpnbckkbjdegdopigjjhoeb
ShortcutWithArgument: C:\Users\Phyllis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Pivot Points Calculator - Trading Res.._.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=npcbogaenjnidfhhbpmallcnhjbolknh
ShortcutWithArgument: C:\Users\Phyllis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\S&P Sector ETFs_ PerfChart - StockCha.._.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=filojfaapjokpiofafmflpckdkebblae
ShortcutWithArgument: C:\Users\Phyllis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Settlements.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=gambdkmfggikanaggdmdgnoblnklgeip
ShortcutWithArgument: C:\Users\Phyllis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Simpler Stocks Scan _.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=aaicobaocdlncdhcklmnphpmjffmghob
ShortcutWithArgument: C:\Users\Phyllis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\StartPage Search Engine.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=aikpehchfofgobeobmadodfnilfliilj
ShortcutWithArgument: C:\Users\Phyllis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Weekly Cash Cow - Member Login.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=appdnjpbjlahjibbhkhcfficfldlcjcd


*

Offline PGB

  • Bronze Member
  • 387
Continued: 
==================== Loaded Modules (Whitelisted) ==============

2013-11-04 10:27 - 2011-02-28 18:37 - 000095008 _____ () C:\Windows\System32\Primomonnt.dll
2013-10-30 20:34 - 2012-10-29 03:48 - 000927232 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe
2014-10-26 23:59 - 2014-10-26 23:59 - 000039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-10-30 06:41 - 2014-10-30 06:41 - 000031856 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2017-03-04 18:04 - 2013-12-30 16:07 - 000307928 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
2017-06-17 17:43 - 2018-03-06 10:41 - 002914296 _____ () C:\Program Files (x86)\LogMeIn\x64\ksu.dll
2018-03-27 13:54 - 2018-03-01 11:31 - 002488608 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-03-27 13:54 - 2018-02-05 15:44 - 002299168 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2013-10-01 11:26 - 2013-10-01 11:26 - 002810968 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll
2014-10-29 20:06 - 2014-10-29 20:06 - 000560192 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
2014-01-10 01:26 - 2014-01-10 01:26 - 001861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2018-03-21 20:24 - 2018-03-20 02:00 - 004435288 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\libglesv2.dll
2018-03-21 20:24 - 2018-03-20 02:00 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\65.0.3325.181\libegl.dll
2013-10-30 20:34 - 2018-03-27 14:14 - 000029184 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.01\PEbiosinterface32.dll
2013-10-30 20:34 - 2012-05-07 12:04 - 000104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.01\ATKEX.dll
2014-11-25 11:18 - 2014-11-25 11:18 - 000865880 _____ () c:\program files (x86)\real\realplayer\RPDS\Plugins\cldplin.dll
2014-10-30 06:41 - 2014-10-30 06:41 - 000035976 _____ () C:\Program Files (x86)\Real\UpdateService\DL2UpdatePlugin.dll
2014-10-30 06:41 - 2014-10-30 06:41 - 000039560 _____ () C:\Program Files (x86)\Real\UpdateService\RealDownloaderUpdatePlugin.dll
2014-10-30 06:41 - 2014-10-30 06:41 - 000032888 _____ () C:\Program Files (x86)\Real\UpdateService\RPDSUpdatePlugin.dll
2017-03-04 18:04 - 2013-12-26 17:08 - 000380928 _____ () C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiLib.dll
2014-10-20 20:21 - 2014-10-20 20:21 - 000612152 _____ () C:\Program Files (x86)\Verizon\Verizon Messages\sqlite3.DLL
2015-05-13 04:30 - 2015-05-13 04:30 - 001655296 _____ () C:\Program Files (x86)\Verizon\Verizon Messages\VzMessagingClientLib.dll
2014-02-04 19:25 - 2014-02-04 19:25 - 000036672 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\qt_icontray_ex.dll
2014-02-04 19:25 - 2014-02-04 19:25 - 000028992 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\thread_pool.dll
2018-03-16 14:48 - 2018-03-15 07:50 - 000746312 _____ () C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\dropbox_watchdog.dll
2018-03-16 14:48 - 2018-03-15 07:50 - 002079048 _____ () C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\dropbox_crashpad.dll
2015-12-11 00:39 - 2018-03-15 07:50 - 000100312 _____ () C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2015-12-11 00:39 - 2018-03-15 07:50 - 000018896 _____ () C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\select.pyd
2015-12-11 00:39 - 2018-03-15 07:53 - 000020808 _____ () C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2015-12-11 00:39 - 2018-03-15 07:50 - 000035808 _____ () C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2015-12-11 00:39 - 2018-03-15 07:50 - 000694232 _____ () C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2018-03-16 14:48 - 2018-03-15 07:52 - 000021856 _____ () C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2015-12-11 00:39 - 2018-03-15 07:50 - 000130520 _____ () C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2018-03-16 14:48 - 2018-03-15 07:52 - 001856864 _____ () C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2018-03-16 14:48 - 2018-03-15 07:52 - 000022880 _____ () C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2018-03-16 14:48 - 2018-03-15 07:50 - 000145880 _____ () C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2018-03-16 14:48 - 2018-03-15 07:50 - 000116696 _____ () C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2015-12-11 00:39 - 2018-03-15 07:50 - 000105944 _____ () C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\win32api.pyd
2016-08-05 13:26 - 2018-03-15 07:53 - 000022872 _____ () C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\winffi.crt.compiled._winffi_crt.pyd
2018-03-16 14:48 - 2018-03-15 07:52 - 000063312 _____ () C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2015-12-11 00:39 - 2018-03-15 07:50 - 000024536 _____ () C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\win32event.pyd
2018-03-16 14:48 - 2018-03-15 07:52 - 000077120 _____ () C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\fastpath.pyd
2018-03-16 14:48 - 2018-03-15 07:50 - 000020952 _____ () C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2015-12-11 00:39 - 2018-03-15 07:50 - 000124888 _____ () C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\win32file.pyd
2015-12-11 00:39 - 2018-03-15 07:50 - 000114136 _____ () C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\win32security.pyd
2018-03-16 14:48 - 2018-03-15 07:50 - 000392664 _____ () C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2015-12-11 00:39 - 2018-03-15 07:53 - 000392520 _____ () C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2016-08-05 13:26 - 2018-03-15 07:53 - 000026464 _____ () C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.pyd
2015-12-11 00:39 - 2018-03-15 07:50 - 000043480 _____ () C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\win32process.pyd
2015-12-11 00:39 - 2018-03-15 07:50 - 000024024 _____ () C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2015-12-11 00:39 - 2018-03-15 07:50 - 000175576 _____ () C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\win32gui.pyd
2015-12-11 00:39 - 2018-03-15 07:50 - 000030168 _____ () C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2017-09-21 17:34 - 2018-03-15 07:50 - 000026072 _____ () C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\win32job.pyd
2015-12-11 00:39 - 2018-03-15 07:50 - 000048600 _____ () C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\win32service.pyd
2015-12-11 00:39 - 2018-03-15 07:50 - 000057816 _____ () C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2018-03-16 14:48 - 2018-03-15 07:52 - 000021840 _____ () C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2017-09-08 16:15 - 2018-03-15 07:53 - 000023376 _____ () C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\winshell.compiled._winshell.pyd
2018-03-16 14:48 - 2018-03-15 07:52 - 000022864 _____ () C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\crashpad.compiled._Crashpad.pyd
2017-05-17 13:24 - 2018-03-15 07:53 - 000066400 _____ () C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\winenumhandles.compiled._WinEnumHandles.pyd
2018-03-16 14:48 - 2018-03-15 07:52 - 001798464 _____ () C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2015-12-11 00:39 - 2018-03-15 07:50 - 000084944 _____ () C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\sip.pyd
2018-03-16 14:48 - 2018-03-15 07:52 - 001959232 _____ () C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2018-03-16 14:48 - 2018-03-15 07:52 - 003863880 _____ () C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2018-03-16 14:48 - 2018-03-15 07:52 - 000155472 _____ () C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2018-03-16 14:48 - 2018-03-15 07:52 - 000521544 _____ () C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2018-03-16 14:48 - 2018-03-15 07:52 - 000051024 _____ () C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineCore.pyd
2018-03-16 14:48 - 2018-03-15 07:52 - 000043336 _____ () C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2018-03-16 14:48 - 2018-03-15 07:52 - 000131400 _____ () C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2018-03-16 14:48 - 2018-03-15 07:52 - 000219984 _____ () C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2018-03-16 14:48 - 2018-03-15 07:52 - 000204104 _____ () C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2015-12-11 00:39 - 2018-03-15 07:53 - 000025440 _____ () C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2015-12-11 00:39 - 2018-03-15 07:50 - 000060888 _____ () C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\win32print.pyd
2017-02-27 18:29 - 2018-03-15 07:53 - 000054616 _____ () C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\winrpcserver.compiled._RPCServer.pyd
2015-12-11 00:39 - 2018-03-15 07:50 - 000024024 _____ () C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\win32profile.pyd
2017-01-23 19:47 - 2018-03-15 07:53 - 000022880 _____ () C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\winffi.user32.compiled._winffi_user32.pyd
2015-12-11 00:39 - 2018-03-15 07:50 - 000028632 _____ () C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\win32ts.pyd
2017-01-23 19:47 - 2018-03-15 07:53 - 000022368 _____ () C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-01-23 19:47 - 2018-03-15 07:53 - 000021856 _____ () C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\winffi.winerror.compiled._winffi_winerror.pyd
2017-01-23 19:47 - 2018-03-15 07:53 - 000022368 _____ () C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\winffi.wininet.compiled._winffi_wininet.pyd
2018-03-16 14:48 - 2018-03-15 07:52 - 000027496 _____ () C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2015-12-11 00:39 - 2018-03-15 07:50 - 000349144 _____ () C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2016-02-18 17:39 - 2018-03-15 07:53 - 000023904 _____ () C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2018-03-16 14:48 - 2018-03-15 07:52 - 000025432 _____ () C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2018-03-16 14:48 - 2018-03-15 07:50 - 000036312 _____ () C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\librsync.dll
2018-01-11 15:15 - 2018-03-15 07:53 - 000021856 _____ () C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\winffi.advapi32.compiled._winffi_advapi32.pyd
2018-03-16 14:48 - 2018-03-15 07:52 - 000181064 _____ () C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2016-07-08 15:36 - 2018-03-15 07:53 - 000030544 _____ () C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\wind3d11.compiled._wind3d11.pyd
2018-03-16 14:48 - 2018-03-15 07:52 - 000024384 _____ () C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\libEGL.DLL
2018-03-16 14:48 - 2018-03-15 07:52 - 001638208 _____ () C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2016-08-05 13:26 - 2018-03-15 07:53 - 000026464 _____ () C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.pyd
2018-03-16 14:48 - 2018-03-15 07:52 - 000546632 _____ () C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2018-03-16 14:48 - 2018-03-15 07:52 - 000359744 _____ () C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2018-03-16 14:48 - 2018-03-15 07:52 - 000038216 _____ () C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngine.pyd
2014-10-29 20:01 - 2014-10-29 20:01 - 001382048 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\cpprest100_1_2.dll
2014-01-10 01:28 - 2014-01-10 01:28 - 000100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2013-12-11 00:43 - 2014-09-28 18:59 - 000019872 _____ () C:\Program Files (x86)\Samsung Magician\SAMSUNG_SSD.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 004300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2015-10-27 21:00 - 2015-10-27 21:00 - 000586240 _____ () C:\Program Files\WinZip\adxloader.dll
2013-10-30 18:45 - 2013-09-03 16:52 - 001242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-02-04 19:28 - 2014-02-04 19:28 - 000420160 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2015-09-07 00:19 - 000000855 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4249353033-2772040276-2529461727-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{161A6D1B-1502-4496-B7B7-F3FAD8C8D897}] => (Allow) C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{22C25692-AC39-44E9-A864-6F3229C74074}] => (Allow) C:\Users\Phyllis\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{C7B1C535-6922-4629-B332-34B18E06ABF9}C:\users\phyllis\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\phyllis\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{C4AED3CF-8580-4B64-B54D-21C90C993C25}C:\users\phyllis\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\phyllis\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{79B1ED83-3763-458B-9A88-0233BC619A33}C:\users\phyllis\appdata\local\fuze box\fuze meeting\fuze_meeting.exe] => (Allow) C:\users\phyllis\appdata\local\fuze box\fuze meeting\fuze_meeting.exe
FirewallRules: [UDP Query User{49184BD1-F7C9-47FD-9F8D-4558402BA811}C:\users\phyllis\appdata\local\fuze box\fuze meeting\fuze_meeting.exe] => (Allow) C:\users\phyllis\appdata\local\fuze box\fuze meeting\fuze_meeting.exe
FirewallRules: [{35E3C082-C7E5-41AB-BFF9-1E08383218B5}] => (Allow) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [{44516440-1714-4A28-82FC-73E8FC1BE911}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{51383218-690F-4F75-AAF2-61FE60D692AE}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{7FE5CCCF-2C43-4A07-AAB2-4E1658B3333E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E0F0D305-DA23-46F2-B0D1-BDB8E1FEA245}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{973E2135-532F-4539-8262-288DAF1FD185}C:\users\phyllis\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\phyllis\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [UDP Query User{3AC420A6-B2A5-4374-95BF-49B83A3CC3F2}C:\users\phyllis\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\phyllis\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [{70A8AE1E-921E-45B9-A0EA-B6F7F4266F9B}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{650BC10A-B177-4A64-9E9D-3E6AD45EF074}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{B95839FB-D62C-4052-89BD-123E70E5CB07}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{2228DB8C-1829-48C8-8B59-F56E0CE2990E}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [TCP Query User{EFC6E8BD-893D-4AA2-A7CA-98C0DC02FB4B}C:\program files (x86)\divx\divx media server\divxmediaserver.exe] => (Allow) C:\program files (x86)\divx\divx media server\divxmediaserver.exe
FirewallRules: [UDP Query User{F5ECA390-BEB4-4211-AE37-77D90C1A19EE}C:\program files (x86)\divx\divx media server\divxmediaserver.exe] => (Allow) C:\program files (x86)\divx\divx media server\divxmediaserver.exe
FirewallRules: [TCP Query User{E5F7F77E-2334-473B-8288-0B492B5A5C65}C:\users\phyllis\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\phyllis\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [UDP Query User{FAF2DA84-117C-4D44-8D69-8EE890D1E3AF}C:\users\phyllis\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\phyllis\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [TCP Query User{D28FFFB4-D174-437D-9412-B0EB12821487}C:\users\phyllis\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe] => (Allow) C:\users\phyllis\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe
FirewallRules: [UDP Query User{9CB714FD-34BA-48FA-BBBC-4646E7863E79}C:\users\phyllis\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe] => (Allow) C:\users\phyllis\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe
FirewallRules: [{ECC13D6E-95E5-40A5-A5F4-8048BE052D51}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{620394A4-8F71-4387-BC3C-6648244ECF38}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{1B039E77-6B51-4CB3-A6FE-484535673FD1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E56FDD53-FF00-467F-9D10-1DD2E88CED87}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{461A1428-D7F2-47C8-AEEF-0D93C1618312}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4A071CB2-7CA5-4B3F-9087-65E4D043D1B2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{296E01A4-50CE-46CB-9E6F-3000B493698A}] => (Allow) LPort=15600
FirewallRules: [TCP Query User{04A3D06E-525A-4FD1-B2C0-031566FD276F}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{32847017-9101-4723-B2AD-BC92C526C4B8}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{E4478154-57DA-4CB5-BB25-0E2B81280226}C:\program files (x86)\ninjatrader 8\bin64\ninjatrader.exe] => (Allow) C:\program files (x86)\ninjatrader 8\bin64\ninjatrader.exe
FirewallRules: [UDP Query User{34F2AE62-2D80-4046-B10D-4292D755F065}C:\program files (x86)\ninjatrader 8\bin64\ninjatrader.exe] => (Allow) C:\program files (x86)\ninjatrader 8\bin64\ninjatrader.exe
FirewallRules: [TCP Query User{85F39893-645D-4FD0-83AF-28CAFB85D6EE}C:\program files (x86)\ninjatrader 8\bin\ninjatrader.exe] => (Allow) C:\program files (x86)\ninjatrader 8\bin\ninjatrader.exe
FirewallRules: [UDP Query User{06838070-40ED-431E-B865-FD6FE5239547}C:\program files (x86)\ninjatrader 8\bin\ninjatrader.exe] => (Allow) C:\program files (x86)\ninjatrader 8\bin\ninjatrader.exe
FirewallRules: [TCP Query User{F3F47EDC-9367-4078-8AA2-20CE687BF21D}C:\program files (x86)\ninjatrader 7\bin64\ninjatrader.exe] => (Allow) C:\program files (x86)\ninjatrader 7\bin64\ninjatrader.exe
FirewallRules: [UDP Query User{2001EE13-F6C3-4D71-9C74-21479A98B5DC}C:\program files (x86)\ninjatrader 7\bin64\ninjatrader.exe] => (Allow) C:\program files (x86)\ninjatrader 7\bin64\ninjatrader.exe
FirewallRules: [{54B84138-23B7-4BEF-8308-A67B84F00496}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{FA56AF16-8BA2-4964-B991-08C8D3DE96A0}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
FirewallRules: [{B7A32237-50E7-49C6-BFF4-C4A81335E8B9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{87CA6EA9-3476-4ECD-8A83-AF5DBB463E62}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{98CB740E-C364-4B3E-95BC-F9AC2F831CFF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{683FC5BE-ED5A-448A-BFDC-2C4E273629F4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{279EDF3D-3723-4FF8-9002-CA69ED6DA5F4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

21-03-2018 10:55:31 Windows Update
25-03-2018 02:24:12 Windows Update

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/27/2018 02:20:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WNDA3100v2.exe, version: 1.0.3.13, time stamp: 0x52a16ce3
Faulting module name: WifiSvcLib.dll_unloaded, version: 0.0.0.0, time stamp: 0x52bbf3d4
Exception code: 0xc0000005
Fault offset: 0x1001b721
Faulting process id: 0x1464
Faulting application start time: 0x01d3c5f78afe3f9e
Faulting application path: C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
Faulting module path: WifiSvcLib.dll
Report Id: 86d22222-31eb-11e8-90a3-74d02b954d43

Error: (03/27/2018 02:12:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WNDA3100v2.exe, version: 1.0.3.13, time stamp: 0x52a16ce3
Faulting module name: WifiSvcLib.dll_unloaded, version: 0.0.0.0, time stamp: 0x52bbf3d4
Exception code: 0xc0000005
Fault offset: 0x1001b721
Faulting process id: 0xe30
Faulting application start time: 0x01d3c5f6c3d4976d
Faulting application path: C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
Faulting module path: WifiSvcLib.dll
Report Id: 6b0cc5fd-31ea-11e8-973e-74d02b954d43

Error: (03/26/2018 06:50:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WNDA3100v2.exe, version: 1.0.3.13, time stamp: 0x52a16ce3
Faulting module name: WifiSvcLib.dll_unloaded, version: 0.0.0.0, time stamp: 0x52bbf3d4
Exception code: 0xc0000005
Fault offset: 0x1001b721
Faulting process id: 0x15d8
Faulting application start time: 0x01d3c554adda71d9
Faulting application path: C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
Faulting module path: WifiSvcLib.dll
Report Id: 262bb9ff-3148-11e8-ba8b-74d02b954d43

Error: (03/16/2018 10:46:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WNDA3100v2.exe, version: 1.0.3.13, time stamp: 0x52a16ce3
Faulting module name: WifiSvcLib.dll_unloaded, version: 0.0.0.0, time stamp: 0x52bbf3d4
Exception code: 0xc0000005
Fault offset: 0x1001b721
Faulting process id: 0x1758
Faulting application start time: 0x01d3bd35540fc5f2
Faulting application path: C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
Faulting module path: WifiSvcLib.dll
Report Id: cb68a296-2928-11e8-8551-74d02b954d43

Error: (03/13/2018 10:06:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WNDA3100v2.exe, version: 1.0.3.13, time stamp: 0x52a16ce3
Faulting module name: WifiSvcLib.dll_unloaded, version: 0.0.0.0, time stamp: 0x52bbf3d4
Exception code: 0xc0000005
Fault offset: 0x1001b721
Faulting process id: 0x1408
Faulting application start time: 0x01d3bad436d769ab
Faulting application path: C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
Faulting module path: WifiSvcLib.dll
Report Id: a7f05b2a-26c7-11e8-8571-74d02b954d43

Error: (03/10/2018 11:54:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WNDA3100v2.exe, version: 1.0.3.13, time stamp: 0x52a16ce3
Faulting module name: WifiSvcLib.dll_unloaded, version: 0.0.0.0, time stamp: 0x52bbf3d4
Exception code: 0xc0000005
Fault offset: 0x1001b721
Faulting process id: 0x1758
Faulting application start time: 0x01d3b887e17d689e
Faulting application path: C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
Faulting module path: WifiSvcLib.dll
Report Id: 56547aba-247b-11e8-8ba1-74d02b954d43

Error: (03/09/2018 10:22:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WNDA3100v2.exe, version: 1.0.3.13, time stamp: 0x52a16ce3
Faulting module name: WifiSvcLib.dll_unloaded, version: 0.0.0.0, time stamp: 0x52bbf3d4
Exception code: 0xc0000005
Fault offset: 0x1001b721
Faulting process id: 0x1414
Faulting application start time: 0x01d3b7b1b8ac743f
Faulting application path: C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
Faulting module path: WifiSvcLib.dll
Report Id: 48ce4a09-23a5-11e8-8c22-74d02b954d43

Error: (03/08/2018 12:41:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WNDA3100v2.exe, version: 1.0.3.13, time stamp: 0x52a16ce3
Faulting module name: WifiSvcLib.dll_unloaded, version: 0.0.0.0, time stamp: 0x52bbf3d4
Exception code: 0xc0000005
Fault offset: 0x1001b721
Faulting process id: 0x17b0
Faulting application start time: 0x01d3b6f0190f0196
Faulting application path: C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
Faulting module path: WifiSvcLib.dll
Report Id: 98f2c761-22ef-11e8-8c92-74d02b954d43


System errors:
=============
Error: (03/27/2018 02:14:53 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (03/27/2018 02:14:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Acronis Sync Agent Service service failed to start due to the following error:
The pipe has been ended.

Error: (03/27/2018 02:14:09 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (03/27/2018 02:14:09 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (03/27/2018 02:14:08 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Software Protection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (03/27/2018 02:14:08 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Dynamic Application Loader Host Interface Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (03/27/2018 02:14:08 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (03/27/2018 02:14:08 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Acronis Sync Agent Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.


CodeIntegrity:
===================================

Date: 2018-03-27 14:15:08.608
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-03-27 14:09:36.511
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-03-27 14:07:51.852
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-03-27 13:54:18.911
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-03-27 13:45:00.064
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-03-27 11:26:45.088
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-03-27 11:14:06.922
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2018-03-27 11:03:47.666
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4770 CPU @ 3.40GHz
Percentage of memory in use: 15%
Total physical RAM: 32705.66 MB
Available physical RAM: 27535.58 MB
Total Virtual: 34751.85 MB
Available Virtual: 29281.93 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:238.37 GB) (Free:17.99 GB) NTFS

\\?\Volume{52c27f0d-422b-11e3-87b7-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 238.5 GB) (Disk ID: 5FBF08C5)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=238.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



*

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • 7695
Thanks for those logs PGB, continue:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

https://www.microsoft.com/en-gb/download/malicious-software-removal-tool-details.aspx


Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and  Click Finish when the scan is done.


Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\mrt.log

The log will include log details for each time MSRT has run, we only need the most recent log by date and time....

Let me see those logs in your reply, also tell me if there are any remaining issues or concerns...

Thank you,

Kevin...


*

Offline PGB

  • Bronze Member
  • 387
Fix result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by Phyllis (27-03-2018 16:12:05) Run:1
Running from C:\Users\Phyllis\Desktop\SWH
Loaded Profiles: Phyllis (Available Profiles: Phyllis)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
cmd: netsh winsock reset
S4 LMIRfsClientNP; no ImagePath
Task: {03970E84-CCF6-4B48-A9C0-7803EDB5B339} - System32\Tasks\{F285408E-6340-48E8-8567-8CFC779B39C4} => C:\Windows\system32\pcalua.exe -a "C:\Users\Phyllis\Downloads\setup (1).exe" -d C:\Users\Phyllis\Desktop
Hosts:
EmptyTemp:
CMD: ipconfig /flushDNS
end




*****************

Processes closed successfully.
Restore point was successfully created.
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000008" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000009" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000008" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000009" => removed successfully

========= netsh winsock reset =========

Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 11003

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========

"HKLM\System\CurrentControlSet\Services\LMIRfsClientNP" => removed successfully
LMIRfsClientNP => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{03970E84-CCF6-4B48-A9C0-7803EDB5B339}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{03970E84-CCF6-4B48-A9C0-7803EDB5B339}" => removed successfully
C:\Windows\System32\Tasks\{F285408E-6340-48E8-8567-8CFC779B39C4} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F285408E-6340-48E8-8567-8CFC779B39C4}" => removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= ipconfig /flushDNS =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========== EmptyTemp: ==========
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 91749284 B
Java, Flash, Steam htmlcache => 524 B
Windows/system/drivers => 97366636 B
Edge => 0 B
Chrome => 409927093 B
Firefox => 31345840 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 78475005 B
Phyllis => 70164682 B

RecycleBin => 9382763451 B
EmptyTemp: => 9.5 GB temporary data Removed.

================================

The system needed a reboot. 

==== End of Fixlog 16:12:30 ====

Microsoft Windows Malicious Software Removal Tool v5.58, March 2018 (build 5.58.14622.1)
Started On Tue Mar 27 16:10:07 2018

Engine: 1.1.14600.4
Signatures: 1.263.2.0
Run Mode: Interactive Graphical Mode
Successfully Submitted Heartbeat Report
Microsoft Windows Malicious Software Removal Tool Finished On Tue Mar 27 16:10:34 2018


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.58, March 2018 (build 5.58.14622.1)
Started On Tue Mar 27 16:16:11 2018

Engine: 1.1.14600.4
Signatures: 1.263.2.0
Run Mode: Interactive Graphical Mode

Results Summary:
----------------
No infection found.


System seems to be working fine.  Thanks :ty!!




*

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • 7695
Excellent, run the following to clean up:

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

If your security program alerts to Delfix either, accept the alert or turn your security off.

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:


  • Remove disinfection tools <----- this will remove tools we may have used.
  • Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created.
  • Reset system settings   <--- this will reset any system settings back to default that were changed either by us during cleansing or malware/infection

Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…

Next,

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... 

*

Offline PGB

  • Bronze Member
  • 387
Thanks!  I greatly appreciate your expertise through this!

*

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • 7695
Since this issue appears to be resolved the topic has been closed. Glad we could help.... :t 

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

The fixes and advice in this thread are for this System only. Do not apply the instructions from this thread to your own System. Please start a new thread describing your issue and someone will be along to assist you.