Jump to content

chrissythepoet

Honorary Members
  • Posts

    21
  • Joined

  • Last visited

Reputation

0 Neutral

Recent Profile Visitors

781 profile views
  1. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:22-05-2016 01 Ran by maggiemay (administrator) on MAGGIEMAY-PC (22-05-2016 19:00:12) Running from C:\Users\maggiemay\Downloads Loaded Profiles: maggiemay (Available Profiles: maggiemay) Platform: Microsoft Windows 10 Pro Version 1511 (X86) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officeclicktorun.exe () C:\Program Files\Canon\IJPLM\ijplmsvc.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe (Investintech.com Inc.) C:\Program Files\Investintech.com Inc\Able2Extract 9.0\Able2Extract.PrnDisp.exe (CyberLink Corp.) C:\Program Files\CyberLink\YouCam7\YouCamService7.exe (CANON INC.) C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Google, Inc) C:\Users\maggiemay\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe (Spotify Ltd) C:\Users\maggiemay\AppData\Roaming\Spotify\SpotifyWebHelper.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Google) C:\Program Files\Google\Drive\googledrivesync.exe (Google) C:\Program Files\Google\Drive\googledrivesync.exe (CANON INC.) C:\Program Files\Canon\Quick Menu\CNQMUPDT.EXE (CANON INC.) C:\Program Files\Canon\Quick Menu\CNQMSWCS.EXE (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\NetworkUXBroker.exe (Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe (Microsoft Corporation) C:\Windows\System32\WWAHost.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11602.1.26.0_x86__8wekyb3d8bbwe\WinStore.Mobile.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Desktop.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM\...\Run: [Able2Extract 9.0 Print Dispatcher] => C:\Program Files\Investintech.com Inc\Able2Extract 9.0\Able2Extract.PrnDisp.exe [9109320 2015-11-17] (Investintech.com Inc.) HKLM\...\Run: [YouCam Service7] => C:\Program Files\CyberLink\YouCam7\YouCamService7.exe [454072 2015-06-22] (CyberLink Corp.) HKLM\...\Run: [CanonQuickMenu] => C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE [1284680 2014-01-17] (CANON INC.) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation) HKU\S-1-5-21-2283885129-1122399038-1014182919-1000\...\Run: [Google Update] => C:\Users\maggiemay\AppData\Local\Google\Update\GoogleUpdate.exe [154440 2016-03-27] (Google Inc.) HKU\S-1-5-21-2283885129-1122399038-1014182919-1000\...\Run: [Google Photos Backup] => C:\Users\maggiemay\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe [3790936 2016-04-08] (Google, Inc) HKU\S-1-5-21-2283885129-1122399038-1014182919-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6675672 2016-04-15] (Piriform Ltd) HKU\S-1-5-21-2283885129-1122399038-1014182919-1000\...\Run: [Spotify Web Helper] => C:\Users\maggiemay\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1525360 2016-05-15] (Spotify Ltd) HKU\S-1-5-21-2283885129-1122399038-1014182919-1000\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [23484296 2016-04-25] (Google) HKU\S-1-5-21-2283885129-1122399038-1014182919-1000\...\MountPoints2: {0826e35e-0f3c-11e6-ba09-a4badbb0e4f7} - "F:\LG_PC_Programs.exe" ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-04-25] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-04-25] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-04-25] (Google) ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-04-21] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-04-21] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-04-21] (Microsoft Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.) Hosts: Hosts file not detected in the default directory Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.203.226 Tcpip\..\Interfaces\{06e54b54-3baa-4ebf-b86b-d4ba8e1137f8}: [DhcpNameServer] 192.168.0.1 205.171.203.226 Tcpip\..\Interfaces\{3afccbf6-601e-414c-ba67-b3176e8fd1b6}: [DhcpNameServer] 192.168.0.1 205.171.203.226 205.171.2.226 Tcpip\..\Interfaces\{4b91b5f4-3341-4071-92ee-15c4aea528ef}: [DhcpNameServer] 192.168.42.129 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-d2d80eff SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-d2d80eff&q={searchTerms} SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-d2d80eff&q={searchTerms} SearchScopes: HKU\S-1-5-21-2283885129-1122399038-1014182919-1000 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-d2d80eff&q={searchTerms} SearchScopes: HKU\S-1-5-21-2283885129-1122399038-1014182919-1000 -> {5C0F13CB-C721-43A4-98AF-2CDECC1AA8F6} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default SearchScopes: HKU\S-1-5-21-2283885129-1122399038-1014182919-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-d2d80eff&q={searchTerms} BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-03-16] (Microsoft Corporation) BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.) BHO: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-05-18] (Oracle Corporation) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-04] (Google Inc.) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-04-21] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-18] (Oracle Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-04] (Google Inc.) Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.) Toolbar: HKU\S-1-5-21-2283885129-1122399038-1014182919-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-04] (Google Inc.) Toolbar: HKU\S-1-5-21-2283885129-1122399038-1014182919-1000 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-12-14] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\maggiemay\AppData\Roaming\Mozilla\Firefox\Profiles\bl9p3d73.default FF DefaultSearchEngine: Bing® FF DefaultSearchEngine.US: Bing® FF SelectedSearchEngine: Bing® FF Homepage: hxxp://www.google.com/ FF Session Restore: -> is enabled. FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-12] () FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.) FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-18] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-18] (Oracle Corporation) FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-12-14] (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-12-14] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-12] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-12] (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-03] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2283885129-1122399038-1014182919-1000: @tools.google.com/GoogleUpdate;version=3 -> C:\Users\maggiemay\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-12] (Google Inc.) FF Plugin HKU\S-1-5-21-2283885129-1122399038-1014182919-1000: @tools.google.com/GoogleUpdate;version=9 -> C:\Users\maggiemay\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-12] (Google Inc.) FF SearchPlugin: C:\Users\maggiemay\AppData\Roaming\Mozilla\Firefox\Profiles\bl9p3d73.default\searchplugins\bing-lavasoft.xml [2016-05-08] FF Extension: WOT - C:\Users\maggiemay\AppData\Roaming\Mozilla\Firefox\Profiles\bl9p3d73.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2016-05-13] FF Extension: Adblock Plus - C:\Users\maggiemay\AppData\Roaming\Mozilla\Firefox\Profiles\bl9p3d73.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-05-13] Chrome: ======= CHR HomePage: Default -> bing.com/?mkt=en-US&pc=__PARAM__ CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3320418&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPE46737A2-8CE5-4A19-A6D9-B6569B11F37B&SSPV= ","hxxp://search.yahoo.com/?type=AC6CABBA6ED3B4F86BCF_s55_g_e&fr=conduit ","hxxp://www.bing.com/search?FORM=INCOH1&PC=IC03&PTAG=ICO-d2d80eff ","hxxp://www.google.com/" CHR Profile: C:\Users\maggiemay\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Yahoo Web) - C:\Users\maggiemay\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaffhmecfaelkngcbnfdkcckmillnoki [2016-01-19] [UpdateUrl: hxxps://clients2.googlee.com/service/update2/crx ] <==== ATTENTION CHR Extension: (Google Slides) - C:\Users\maggiemay\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-23] CHR Extension: (Google Docs) - C:\Users\maggiemay\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-23] CHR Extension: (Google Drive) - C:\Users\maggiemay\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-23] CHR Extension: (YouTube) - C:\Users\maggiemay\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-23] CHR Extension: (Norton Security Toolbar) - C:\Users\maggiemay\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2016-03-04] CHR Extension: (Google Search) - C:\Users\maggiemay\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-23] CHR Extension: (Google Sheets) - C:\Users\maggiemay\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-23] CHR Extension: (Google Docs Offline) - C:\Users\maggiemay\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-29] CHR Extension: (Avast Online Security) - C:\Users\maggiemay\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-02-20] CHR Extension: (Norton Identity Safe) - C:\Users\maggiemay\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2016-02-19] CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\maggiemay\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-05-19] CHR Extension: (Chrome Web Store Payments) - C:\Users\maggiemay\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-20] CHR Extension: (Yahoo Partner) - C:\Users\maggiemay\AppData\Local\Google\Chrome\User Data\Default\Extensions\nogdfjjfhknacchjpiccacoimeelkajb [2016-05-20] CHR Extension: (Gmail) - C:\Users\maggiemay\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-23] CHR HKLM\...\Chrome\Extension: [aaffhmecfaelkngcbnfdkcckmillnoki] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [nogdfjjfhknacchjpiccacoimeelkajb] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-2283885129-1122399038-1014182919-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-2283885129-1122399038-1014182919-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nfedoihopcjdfjihhhojdclnfdgomdho] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1917680 2016-03-08] (Microsoft Corporation) R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [84616 2013-06-28] () R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [7032080 2016-05-12] (TeamViewer GmbH) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [280376 2015-10-30] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23256 2015-10-30] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 BCM43XX; C:\WINDOWS\System32\drivers\bcmwl63l.sys [4715008 2015-10-30] (Broadcom Corporation) R1 CLMirrorDriver; C:\WINDOWS\system32\DRIVERS\CLMirrorDriver.sys [21264 2015-05-20] (CyberLink) R3 clwvd7; C:\WINDOWS\system32\DRIVERS\clwvd7.sys [36824 2015-03-24] (CyberLink Corporation) R1 MpKsl1cfb1f81; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D9CF5842-C569-4F0C-A27C-BD1A220D3BBC}\MpKsl1cfb1f81.sys [39168 2016-05-22] (Microsoft Corporation) S3 tsusbhub; C:\WINDOWS\System32\drivers\tsusbhub.sys [112640 2010-11-20] (Microsoft Corporation) [File not signed] S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [37400 2015-10-30] (Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [246104 2015-10-30] (Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [98648 2015-10-30] (Microsoft Corporation) R3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [163328 2015-10-30] (Microsoft Corporation) R3 yukonw8; C:\WINDOWS\System32\drivers\yk63x86.sys [242688 2015-10-30] (Marvell) U3 idsvc; no ImagePath U3 wpcsvc; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-05-22 18:59 - 2016-05-22 18:59 - 00000000 ____D C:\Users\maggiemay\Downloads\FRST-OlderVersion 2016-05-19 12:43 - 2016-05-19 12:44 - 00041539 _____ C:\Users\maggiemay\Downloads\Addition.txt 2016-05-19 12:41 - 2016-05-22 19:00 - 00018412 _____ C:\Users\maggiemay\Downloads\FRST.txt 2016-05-19 11:52 - 2016-05-22 18:59 - 00001528 _____ C:\Users\maggiemay\Desktop\FRST - Shortcut.lnk 2016-05-19 11:50 - 2016-05-22 18:59 - 01733632 _____ (Farbar) C:\Users\maggiemay\Downloads\FRST.exe 2016-05-19 11:25 - 2016-05-19 11:26 - 05819274 _____ C:\Users\maggiemay\Documents\TOMTHUMBWORKTICKETSFOR5-19-25-2016.pdf 2016-05-19 11:16 - 2016-05-19 11:23 - 05943618 _____ C:\Users\maggiemay\Documents\IMG_20160519_0001.pdf 2016-05-18 21:42 - 2016-05-22 13:06 - 00000000 ___RD C:\Users\maggiemay\Google Drive 2016-05-18 21:42 - 2016-05-18 21:42 - 00001798 _____ C:\Users\maggiemay\Desktop\Google Drive.lnk 2016-05-18 21:35 - 2016-05-18 21:35 - 00001113 _____ C:\Users\Public\Desktop\Google Drive.lnk 2016-05-18 21:35 - 2016-05-18 21:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive 2016-05-18 21:34 - 2016-05-18 21:34 - 00307200 _____ (Secure By Design Inc.) C:\Users\maggiemay\Downloads\Ninite Google Drive Installer.exe 2016-05-18 21:24 - 2016-05-18 21:24 - 00000000 ____D C:\Program Files\Common Files\Java 2016-05-18 21:21 - 2016-05-18 21:21 - 00307200 _____ (Secure By Design Inc.) C:\Users\maggiemay\Desktop\Ninite Java 8 Malwarebytes Spotify Installer.exe 2016-05-18 21:20 - 2016-05-18 21:20 - 00307200 _____ (Secure By Design Inc.) C:\Users\maggiemay\Downloads\Ninite Java 8 Malwarebytes Spotify Installer.exe 2016-05-18 21:14 - 2016-05-18 21:14 - 00307200 _____ (Secure By Design Inc.) C:\Users\maggiemay\Downloads\Ninite Firefox Installer.exe 2016-05-18 21:10 - 2016-05-18 21:11 - 44584432 _____ C:\Users\maggiemay\Downloads\Firefox Setup 46.0.1.exe 2016-05-18 13:54 - 2016-05-18 13:54 - 00093553 _____ C:\Users\maggiemay\Downloads\Kirkland_Washington (2).pdf 2016-05-18 13:38 - 2016-05-18 13:38 - 00093553 _____ C:\Users\maggiemay\Downloads\Kirkland_Washington (1).pdf 2016-05-18 13:30 - 2016-05-18 13:30 - 00093553 _____ C:\Users\maggiemay\Downloads\Kirkland_Washington.pdf 2016-05-17 16:16 - 2016-05-17 16:16 - 00968967 _____ C:\Users\maggiemay\Documents\CHUEYSINVOICES5-17-2016.pdf 2016-05-17 16:14 - 2016-05-17 16:15 - 00976020 _____ C:\Users\maggiemay\Documents\IMG_20160517_0001.pdf 2016-05-17 12:09 - 2016-05-17 12:09 - 00005619 _____ C:\Users\maggiemay\Downloads\smime.p7s 2016-05-16 17:27 - 2016-05-16 17:27 - 00497655 _____ C:\Users\maggiemay\Documents\TOMTHUMB139WORKTICKET.pdf 2016-05-16 17:26 - 2016-05-16 17:26 - 00504216 _____ C:\Users\maggiemay\Documents\IMG_20160516_0002.pdf 2016-05-16 16:53 - 2016-05-16 16:54 - 05326671 _____ C:\Users\maggiemay\Documents\TOMTHUMBINVOICES-5-16-2016.pdf 2016-05-16 16:43 - 2016-05-16 16:51 - 05598220 _____ C:\Users\maggiemay\Documents\IMG_20160516_0001.pdf 2016-05-16 12:44 - 2016-05-16 12:44 - 01104548 _____ C:\Users\maggiemay\Downloads\scan0034.pdf 2016-05-16 11:35 - 2016-05-16 11:35 - 03382020 _____ C:\Users\maggiemay\Downloads\attachments_2016_05_16 (1).zip 2016-05-16 11:33 - 2016-05-16 11:33 - 03382020 _____ C:\Users\maggiemay\Downloads\attachments_2016_05_16.zip 2016-05-16 11:33 - 2016-05-16 11:33 - 00000000 ____D C:\Users\maggiemay\Downloads\attachments_2016_05_16 2016-05-16 11:12 - 2016-05-16 11:12 - 03489116 _____ C:\Users\maggiemay\Downloads\scan0031 (1).pdf 2016-05-15 15:35 - 2016-05-15 15:35 - 00001916 _____ C:\Users\maggiemay\Desktop\Spotify.lnk 2016-05-15 15:35 - 2016-05-15 15:35 - 00001902 _____ C:\Users\maggiemay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk 2016-05-15 15:34 - 2016-05-15 15:34 - 00350936 _____ (Spotify Ltd) C:\Users\maggiemay\Downloads\SpotifySetup (6).exe 2016-05-15 02:17 - 2016-05-15 02:17 - 00001859 _____ C:\Users\maggiemay\Downloads\Printer-Jumpstart.jnlp 2016-05-15 02:17 - 2016-05-15 02:17 - 00001859 _____ C:\Users\maggiemay\Downloads\Printer-Jumpstart (1).jnlp 2016-05-15 00:58 - 2016-05-15 00:58 - 00008816 _____ C:\Users\maggiemay\Downloads\NoActivityAlert.csv 2016-05-14 13:45 - 2016-05-14 13:45 - 00218036 _____ C:\Users\maggiemay\Downloads\SCityHall D15012114020.pdf 2016-05-14 10:30 - 2016-05-14 10:30 - 00001530 _____ C:\Users\maggiemay\Downloads\Untitled 2016-05-13 17:38 - 2016-05-13 17:39 - 00009220 _____ C:\Users\maggiemay\Documents\cc_20160513_173806.reg 2016-05-13 17:23 - 2016-05-13 17:23 - 00001040 _____ C:\Users\Public\Desktop\CCleaner.lnk 2016-05-13 17:23 - 2016-05-13 17:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2016-05-13 17:22 - 2016-05-13 17:23 - 00000000 ____D C:\Program Files\CCleaner 2016-05-13 16:55 - 2016-05-13 17:17 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2016-05-13 16:54 - 2016-05-13 16:54 - 00001135 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2016-05-13 16:54 - 2016-05-13 16:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-05-13 16:54 - 2016-05-13 16:54 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware 2016-05-13 16:54 - 2016-03-10 14:09 - 00053120 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2016-05-13 16:54 - 2016-03-10 14:08 - 00126336 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2016-05-13 16:54 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2016-05-13 16:15 - 2016-05-13 16:15 - 00350936 _____ (Spotify Ltd) C:\Users\maggiemay\Downloads\SpotifySetup (5).exe 2016-05-13 16:12 - 2016-05-13 16:12 - 00350936 _____ (Spotify Ltd) C:\Users\maggiemay\Downloads\SpotifySetup (4).exe 2016-05-13 15:59 - 2016-05-13 15:59 - 00350936 _____ (Spotify Ltd) C:\Users\maggiemay\Downloads\SpotifySetup (3).exe 2016-05-13 15:58 - 2016-05-13 15:58 - 00350936 _____ (Spotify Ltd) C:\Users\maggiemay\Downloads\SpotifySetup (2).exe 2016-05-12 23:18 - 2016-05-12 23:18 - 04780722 _____ C:\Users\maggiemay\Downloads\std-rates.zip 2016-05-12 23:15 - 2016-05-12 23:15 - 05358270 _____ C:\Users\maggiemay\Downloads\std-graph.zip 2016-05-12 19:43 - 2016-05-12 19:45 - 00000000 ____D C:\Users\maggiemay\AppData\Roaming\U3 2016-05-12 17:47 - 2016-04-23 00:31 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2016-05-12 17:47 - 2016-04-23 00:27 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll 2016-05-12 17:46 - 2016-05-06 01:20 - 00077664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdport.sys 2016-05-12 17:46 - 2016-05-06 00:23 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll 2016-05-12 17:46 - 2016-05-06 00:13 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll 2016-05-12 17:46 - 2016-05-06 00:10 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll 2016-05-12 17:46 - 2016-05-06 00:05 - 00487936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll 2016-05-12 17:46 - 2016-05-06 00:05 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll 2016-05-12 17:46 - 2016-05-05 23:49 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll 2016-05-12 17:46 - 2016-04-30 02:53 - 01152000 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2016-05-12 17:46 - 2016-04-30 02:46 - 02974720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2016-05-12 17:46 - 2016-04-23 02:06 - 01232576 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2016-05-12 17:46 - 2016-04-23 02:06 - 00973504 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2016-05-12 17:46 - 2016-04-23 02:06 - 00576192 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2016-05-12 17:46 - 2016-04-23 02:06 - 00440512 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2016-05-12 17:46 - 2016-04-23 02:06 - 00248512 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2016-05-12 17:46 - 2016-04-23 02:06 - 00149696 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe 2016-05-12 17:46 - 2016-04-23 02:06 - 00081088 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2016-05-12 17:46 - 2016-04-23 02:06 - 00042688 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe 2016-05-12 17:46 - 2016-04-23 01:28 - 05796704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2016-05-12 17:46 - 2016-04-23 01:28 - 01561392 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2016-05-12 17:46 - 2016-04-23 01:28 - 01541792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2016-05-12 17:46 - 2016-04-23 01:28 - 00550240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys 2016-05-12 17:46 - 2016-04-23 01:28 - 00545432 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll 2016-05-12 17:46 - 2016-04-23 01:28 - 00278368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys 2016-05-12 17:46 - 2016-04-23 01:28 - 00083808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys 2016-05-12 17:46 - 2016-04-23 01:26 - 00792328 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll 2016-05-12 17:46 - 2016-04-23 01:21 - 00023776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2016-05-12 17:46 - 2016-04-23 01:14 - 00310112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe 2016-05-12 17:46 - 2016-04-23 01:13 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll 2016-05-12 17:46 - 2016-04-23 01:13 - 00306832 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll 2016-05-12 17:46 - 2016-04-23 01:13 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll 2016-05-12 17:46 - 2016-04-23 01:12 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll 2016-05-12 17:46 - 2016-04-23 01:12 - 00451928 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll 2016-05-12 17:46 - 2016-04-23 01:12 - 00104800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufxsynopsys.sys 2016-05-12 17:46 - 2016-04-23 01:11 - 00259424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys 2016-05-12 17:46 - 2016-04-23 01:10 - 02919832 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2016-05-12 17:46 - 2016-04-23 01:09 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2016-05-12 17:46 - 2016-04-23 01:09 - 05240960 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2016-05-12 17:46 - 2016-04-23 01:09 - 04074160 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe 2016-05-12 17:46 - 2016-04-23 01:09 - 00569744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll 2016-05-12 17:46 - 2016-04-23 01:09 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe 2016-05-12 17:46 - 2016-04-23 01:09 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe 2016-05-12 17:46 - 2016-04-23 01:07 - 01536088 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll 2016-05-12 17:46 - 2016-04-23 01:07 - 00192704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe 2016-05-12 17:46 - 2016-04-23 01:07 - 00183904 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll 2016-05-12 17:46 - 2016-04-23 01:02 - 00188256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll 2016-05-12 17:46 - 2016-04-23 01:01 - 01714520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2016-05-12 17:46 - 2016-04-23 01:01 - 00522176 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll 2016-05-12 17:46 - 2016-04-23 01:01 - 00513368 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll 2016-05-12 17:46 - 2016-04-23 01:01 - 00484704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys 2016-05-12 17:46 - 2016-04-23 01:01 - 00336224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys 2016-05-12 17:46 - 2016-04-23 01:00 - 01522152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll 2016-05-12 17:46 - 2016-04-23 01:00 - 01396584 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll 2016-05-12 17:46 - 2016-04-23 01:00 - 01273720 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll 2016-05-12 17:46 - 2016-04-23 01:00 - 00453472 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll 2016-05-12 17:46 - 2016-04-23 01:00 - 00049504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwminit.dll 2016-05-12 17:46 - 2016-04-23 00:55 - 00430432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS 2016-05-12 17:46 - 2016-04-23 00:35 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll 2016-05-12 17:46 - 2016-04-23 00:30 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll 2016-05-12 17:46 - 2016-04-23 00:29 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys 2016-05-12 17:46 - 2016-04-23 00:29 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll 2016-05-12 17:46 - 2016-04-23 00:29 - 00046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys 2016-05-12 17:46 - 2016-04-23 00:29 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ByteCodeGenerator.exe 2016-05-12 17:46 - 2016-04-23 00:29 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll 2016-05-12 17:46 - 2016-04-23 00:27 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll 2016-05-12 17:46 - 2016-04-23 00:26 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll 2016-05-12 17:46 - 2016-04-23 00:25 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll 2016-05-12 17:46 - 2016-04-23 00:25 - 00070144 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe 2016-05-12 17:46 - 2016-04-23 00:24 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll 2016-05-12 17:46 - 2016-04-23 00:24 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\filecrypt.sys 2016-05-12 17:46 - 2016-04-23 00:24 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll 2016-05-12 17:46 - 2016-04-23 00:23 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys 2016-05-12 17:46 - 2016-04-23 00:23 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll 2016-05-12 17:46 - 2016-04-23 00:23 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll 2016-05-12 17:46 - 2016-04-23 00:22 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2016-05-12 17:46 - 2016-04-23 00:22 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll 2016-05-12 17:46 - 2016-04-23 00:22 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll 2016-05-12 17:46 - 2016-04-23 00:21 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll 2016-05-12 17:46 - 2016-04-23 00:21 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll 2016-05-12 17:46 - 2016-04-23 00:21 - 00168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll 2016-05-12 17:46 - 2016-04-23 00:20 - 19344384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2016-05-12 17:46 - 2016-04-23 00:20 - 18676224 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2016-05-12 17:46 - 2016-04-23 00:20 - 00307200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll 2016-05-12 17:46 - 2016-04-23 00:20 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll 2016-05-12 17:46 - 2016-04-23 00:20 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll 2016-05-12 17:46 - 2016-04-23 00:20 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll 2016-05-12 17:46 - 2016-04-23 00:20 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll 2016-05-12 17:46 - 2016-04-23 00:19 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll 2016-05-12 17:46 - 2016-04-23 00:19 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrowserSettingSync.dll 2016-05-12 17:46 - 2016-04-23 00:18 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll 2016-05-12 17:46 - 2016-04-23 00:17 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll 2016-05-12 17:46 - 2016-04-23 00:17 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll 2016-05-12 17:46 - 2016-04-23 00:17 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll 2016-05-12 17:46 - 2016-04-23 00:16 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll 2016-05-12 17:46 - 2016-04-23 00:16 - 00484864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll 2016-05-12 17:46 - 2016-04-23 00:16 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll 2016-05-12 17:46 - 2016-04-23 00:16 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll 2016-05-12 17:46 - 2016-04-23 00:15 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2016-05-12 17:46 - 2016-04-23 00:15 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll 2016-05-12 17:46 - 2016-04-23 00:15 - 00612352 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll 2016-05-12 17:46 - 2016-04-23 00:15 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll 2016-05-12 17:46 - 2016-04-23 00:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll 2016-05-12 17:46 - 2016-04-23 00:14 - 00739328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll 2016-05-12 17:46 - 2016-04-23 00:14 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll 2016-05-12 17:46 - 2016-04-23 00:14 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll 2016-05-12 17:46 - 2016-04-23 00:14 - 00647680 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2016-05-12 17:46 - 2016-04-23 00:14 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2016-05-12 17:46 - 2016-04-23 00:14 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe 2016-05-12 17:46 - 2016-04-23 00:14 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll 2016-05-12 17:46 - 2016-04-23 00:14 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll 2016-05-12 17:46 - 2016-04-23 00:13 - 06295552 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll 2016-05-12 17:46 - 2016-04-23 00:13 - 01028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll 2016-05-12 17:46 - 2016-04-23 00:13 - 00951808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll 2016-05-12 17:46 - 2016-04-23 00:13 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2016-05-12 17:46 - 2016-04-23 00:13 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll 2016-05-12 17:46 - 2016-04-23 00:13 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll 2016-05-12 17:46 - 2016-04-23 00:12 - 00783872 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll 2016-05-12 17:46 - 2016-04-23 00:12 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll 2016-05-12 17:46 - 2016-04-23 00:11 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll 2016-05-12 17:46 - 2016-04-23 00:10 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2016-05-12 17:46 - 2016-04-23 00:10 - 00639488 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll 2016-05-12 17:46 - 2016-04-23 00:09 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2016-05-12 17:46 - 2016-04-23 00:08 - 05324288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2016-05-12 17:46 - 2016-04-23 00:08 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll 2016-05-12 17:46 - 2016-04-23 00:07 - 05205504 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll 2016-05-12 17:46 - 2016-04-23 00:07 - 01793024 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll 2016-05-12 17:46 - 2016-04-23 00:07 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2016-05-12 17:46 - 2016-04-23 00:05 - 01895936 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2016-05-12 17:46 - 2016-04-23 00:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll 2016-05-12 17:46 - 2016-04-23 00:05 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll 2016-05-12 17:46 - 2016-04-23 00:04 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll 2016-05-12 17:46 - 2016-04-23 00:04 - 01733632 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll 2016-05-12 17:46 - 2016-04-23 00:03 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2016-05-12 17:46 - 2016-04-23 00:03 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll 2016-05-12 17:46 - 2016-04-23 00:03 - 02000896 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll 2016-05-12 17:46 - 2016-04-23 00:03 - 01899520 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2016-05-12 17:46 - 2016-04-23 00:03 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll 2016-05-12 17:46 - 2016-04-23 00:03 - 00704000 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll 2016-05-12 17:46 - 2016-04-23 00:03 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll 2016-05-12 17:46 - 2016-04-23 00:01 - 01075200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll 2016-05-12 17:46 - 2016-04-22 22:10 - 00177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll 2016-05-12 17:45 - 2016-04-23 00:28 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll 2016-05-12 17:45 - 2016-04-23 00:28 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll 2016-05-12 17:45 - 2016-04-23 00:27 - 00103424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll 2016-05-12 17:45 - 2016-04-23 00:24 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll 2016-05-12 17:45 - 2016-04-23 00:23 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll 2016-05-12 17:45 - 2016-04-23 00:21 - 00142336 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll 2016-05-12 17:45 - 2016-04-23 00:19 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe 2016-05-12 17:45 - 2016-04-23 00:18 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll 2016-05-12 17:45 - 2016-04-18 18:30 - 00002186 _____ C:\WINDOWS\system32\AppxProvisioning.xml 2016-05-12 16:38 - 2016-05-13 11:02 - 00000000 ____D C:\Program Files\Mozilla Firefox 2016-05-12 14:28 - 2016-05-22 18:57 - 00000000 ____D C:\Users\maggiemay\AppData\Local\Spotify 2016-05-12 14:28 - 2016-05-12 14:28 - 00350936 _____ (Spotify Ltd) C:\Users\maggiemay\Downloads\SpotifySetup (1).exe 2016-05-12 14:27 - 2016-05-22 18:57 - 00000000 ____D C:\Users\maggiemay\AppData\Roaming\Spotify 2016-05-12 14:26 - 2016-05-12 14:26 - 00350936 _____ (Spotify Ltd) C:\Users\maggiemay\Downloads\SpotifySetup.exe 2016-05-11 15:02 - 2016-05-11 15:05 - 00000000 ____D C:\Users\maggiemay\Desktop\J. R. R. Tolkien 2016-05-11 14:52 - 2016-05-11 14:52 - 00000000 ____D C:\Users\maggiemay\Desktop\review documents 2016-05-11 14:51 - 2016-05-11 14:51 - 00000000 ____D C:\Users\maggiemay\Desktop\FileHistory 2016-05-11 14:46 - 2016-05-12 15:11 - 00000000 ____D C:\Users\maggiemay\Desktop\contractors enterprises 2016-05-11 12:00 - 2016-05-11 12:00 - 00000000 ____D C:\Users\maggiemay\Documents\CASHAMERICA-PAPERWORK 2016-05-10 16:25 - 2016-05-10 16:25 - 00000000 ____D C:\Users\maggiemay\Documents\Custom Office Templates 2016-05-09 17:42 - 2016-05-09 17:42 - 00000000 ____D C:\Users\maggiemay\AppData\Local\TempTaskUpdateDetection7496A0A6-705C-4841-B925-861076BCC9B5 2016-05-09 11:55 - 2016-05-09 11:55 - 00000000 ____D C:\Users\maggiemay\AppData\Local\TempTaskUpdateDetection8E4FF7C8-4928-41AF-AE63-C15834121033 2016-05-09 11:49 - 2016-05-09 11:49 - 00004591 _____ C:\Users\maggiemay\Downloads\Attachment_CONTRACTORSENTERPRISES_20160509.csv 2016-05-09 11:47 - 2016-05-09 11:47 - 00010994 _____ C:\Users\maggiemay\Downloads\InvoiceNoBackup.csv 2016-05-08 18:36 - 2016-05-08 18:36 - 00000000 ____D C:\Users\maggiemay\AppData\Local\OurrarUdl 2016-05-08 18:32 - 2016-05-08 18:32 - 00000000 ____D C:\Users\maggiemay\AppData\Roaming\Digiarty 2016-05-08 18:31 - 2016-05-08 18:31 - 00000000 ____D C:\Video 2016-05-08 18:30 - 2016-05-08 18:30 - 00345360 _____ (Lavasoft Limited) C:\WINDOWS\system32\LavasoftTcpService.dll 2016-05-08 18:30 - 2016-05-08 18:30 - 00002976 _____ C:\WINDOWS\system32\LavasoftTcpServiceOff.ini 2016-05-08 18:29 - 2016-05-08 18:37 - 00000000 ____D C:\Users\maggiemay\AppData\Local\YouTubeDownloaderGuru 2016-05-08 18:28 - 2016-05-08 18:28 - 00776544 _____ (YoutubeDownloader.guru LLC. ) C:\Users\maggiemay\Downloads\music_downloader_guru.exe 2016-05-08 18:28 - 2016-05-08 18:28 - 00776544 _____ (YoutubeDownloader.guru LLC. ) C:\Users\maggiemay\Downloads\Music_Downloader_Guru (1).exe 2016-05-08 17:28 - 2016-05-08 17:28 - 00000000 ____D C:\Users\maggiemay\Documents\.DataStorage 2016-05-07 12:27 - 2016-05-07 12:27 - 00000000 ____D C:\Users\maggiemay\AppData\LocalLow\Canon Easy-WebPrint EX2 2016-05-07 12:27 - 2016-05-07 12:27 - 00000000 ____D C:\Users\maggiemay\AppData\LocalLow\Canon Easy-WebPrint EX 2016-05-04 14:22 - 2016-05-04 14:22 - 01133556 _____ C:\Users\maggiemay\Documents\signedPEPBOYSWORKTICKETS5-4-2016.pdf 2016-05-04 14:06 - 2016-05-04 14:06 - 01129845 _____ C:\Users\maggiemay\Downloads\scan0032.pdf 2016-05-03 17:40 - 2016-05-04 15:22 - 00000000 ___HD C:\ProgramData\CanonIJMIG 2016-05-03 17:30 - 2016-05-03 17:30 - 00185148 _____ C:\Users\maggiemay\Documents\Tom Thumb CLEANING SERVICE TICKET pdf copy.pdf 2016-05-03 17:28 - 2016-05-03 17:28 - 00188612 _____ C:\Users\maggiemay\Downloads\Tom Thumb CLEANING SERVICE TICKET pdf copy.pdf 2016-05-03 17:23 - 2016-05-11 17:29 - 00000000 ____D C:\ProgramData\CanonIJPLM 2016-05-03 17:21 - 2016-05-03 17:21 - 00002046 _____ C:\Users\Public\Desktop\Canon Quick Menu.lnk 2016-05-03 17:21 - 2016-05-03 17:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG5600 series User Registration 2016-05-03 17:16 - 2016-05-03 17:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities 2016-05-03 17:16 - 2016-05-03 17:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG5600 series Manual 2016-05-03 17:15 - 2016-05-03 17:15 - 00000000 ___HD C:\ProgramData\CanonBJ 2016-05-03 17:15 - 2016-05-03 17:15 - 00000000 ___HD C:\Program Files\CanonBJ 2016-05-03 17:15 - 2014-02-04 15:28 - 00296448 _____ (CANON INC.) C:\WINDOWS\system32\CNC_CAC.dll 2016-05-03 17:15 - 2014-02-04 15:28 - 00097280 _____ (CANON INC.) C:\WINDOWS\system32\CNC_CAI.dll 2016-05-03 17:15 - 2014-01-21 13:15 - 00336896 _____ (CANON INC.) C:\WINDOWS\system32\CNC_CAL.dll 2016-05-02 13:47 - 2016-05-02 13:47 - 14875383 _____ C:\Users\maggiemay\Downloads\scan0031.pdf 2016-04-29 16:31 - 2016-04-29 16:31 - 05023789 _____ C:\Users\maggiemay\Downloads\attachments_2016_04_29.zip 2016-04-28 10:25 - 2016-04-28 10:25 - 08388199 _____ C:\Users\maggiemay\Downloads\TOMTHUMBINVOICES4-11-2016.pdf 2016-04-28 10:23 - 2016-04-28 10:23 - 01674261 _____ C:\Users\maggiemay\Downloads\attachments_2016_04_28.zip 2016-04-26 16:53 - 2016-05-18 21:24 - 00000000 ____D C:\Users\maggiemay\.oracle_jre_usage 2016-04-25 15:41 - 2014-03-18 05:00 - 00330752 _____ (CANON INC.) C:\WINDOWS\system32\CNMXLMCA.DLL 2016-04-25 15:33 - 2014-03-18 05:00 - 00329216 _____ (CANON INC.) C:\WINDOWS\system32\CNMLMCA.DLL 2016-04-25 15:33 - 2013-12-02 12:51 - 00096000 _____ C:\WINDOWS\system32\CNC177FD.TBL ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-05-22 19:01 - 2015-11-22 18:31 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2016-05-22 19:00 - 2016-01-19 15:22 - 00000000 ____D C:\FRST 2016-05-22 17:52 - 2016-03-27 13:37 - 00000950 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2283885129-1122399038-1014182919-1000UA.job 2016-05-22 17:32 - 2015-11-22 18:45 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2016-05-22 13:52 - 2016-03-27 13:37 - 00000898 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2283885129-1122399038-1014182919-1000Core.job 2016-05-22 11:37 - 2015-11-22 18:55 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2016-05-22 11:24 - 2015-11-22 18:31 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2016-05-21 17:19 - 2015-10-30 01:48 - 00000000 ____D C:\WINDOWS\system32\NDF 2016-05-21 11:38 - 2016-02-24 13:15 - 00000000 ____D C:\Users\maggiemay\AppData\Local\CrashDumps 2016-05-21 10:55 - 2015-10-30 01:48 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-05-21 00:05 - 2016-01-19 13:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WeatherBug® 2016-05-20 23:57 - 2016-02-29 16:14 - 00000000 ____D C:\WINDOWS\system32\appmgmt 2016-05-20 23:55 - 2016-02-19 16:04 - 00000000 ____D C:\ProgramData\boost_interprocess 2016-05-20 23:50 - 2016-02-19 16:21 - 00000000 ____D C:\ProgramData\Norton 2016-05-20 23:50 - 2015-12-03 22:48 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-05-20 23:49 - 2015-12-03 22:37 - 00000000 ____D C:\Users\maggiemay 2016-05-20 23:49 - 2015-10-30 01:13 - 00524288 ___SH C:\WINDOWS\system32\config\BBI 2016-05-20 23:42 - 2015-12-03 23:46 - 00000000 ____D C:\Users\maggiemay\AppData\Local\Packages 2016-05-20 23:00 - 2015-10-30 01:48 - 00000000 ___HD C:\WINDOWS\ELAMBKUP 2016-05-20 23:00 - 2015-10-30 01:13 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM 2016-05-20 22:55 - 2015-10-30 01:48 - 00000000 ___HD C:\Program Files\WindowsApps 2016-05-19 13:55 - 2015-11-22 18:31 - 00000000 ____D C:\Users\maggiemay\AppData\Local\Google 2016-05-18 21:35 - 2015-11-22 18:31 - 00000000 ____D C:\Program Files\Google 2016-05-18 21:26 - 2016-01-19 13:08 - 00001076 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk 2016-05-18 21:26 - 2016-01-19 13:08 - 00000000 ____D C:\Program Files\TeamViewer 2016-05-18 21:25 - 2016-01-19 11:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2016-05-18 21:25 - 2016-01-19 11:43 - 00000000 ____D C:\Program Files\Java 2016-05-18 21:24 - 2016-01-19 11:44 - 00095808 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll 2016-05-18 12:55 - 2015-10-30 01:47 - 00000000 ____D C:\WINDOWS\INF 2016-05-14 12:14 - 2015-10-30 01:48 - 00000000 ____D C:\WINDOWS\rescache 2016-05-14 11:05 - 2015-10-30 01:39 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-05-13 17:34 - 2016-04-11 10:23 - 00000000 ____D C:\WINDOWS\Minidump 2016-05-13 17:34 - 2015-12-04 01:30 - 00000000 ___DC C:\WINDOWS\Panther 2016-05-13 14:40 - 2015-12-03 23:47 - 00000000 __RHD C:\Users\Public\AccountPictures 2016-05-13 14:34 - 2015-10-30 02:58 - 00000000 ____D C:\Program Files\Windows Journal 2016-05-13 14:34 - 2015-10-30 01:48 - 00000000 ____D C:\WINDOWS\system32\oobe 2016-05-13 14:34 - 2015-10-30 01:48 - 00000000 ____D C:\WINDOWS\system32\appraiser 2016-05-13 14:34 - 2015-10-30 01:48 - 00000000 ____D C:\WINDOWS\Provisioning 2016-05-13 14:34 - 2015-10-30 01:48 - 00000000 ____D C:\WINDOWS\bcastdvr 2016-05-13 13:13 - 2015-10-30 01:48 - 00015703 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml 2016-05-13 13:08 - 2015-12-09 16:43 - 00000000 ____D C:\WINDOWS\system32\MRT 2016-05-13 12:55 - 2015-12-09 16:43 - 136686448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2016-05-13 11:02 - 2016-01-19 11:37 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2016-05-12 20:59 - 2016-02-20 19:12 - 00002208 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-05-12 20:59 - 2015-11-22 18:33 - 00002220 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-05-12 19:46 - 2015-12-03 22:48 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-05-12 18:33 - 2015-12-03 23:48 - 00000000 ____D C:\Users\maggiemay\AppData\Local\Publishers 2016-05-11 15:57 - 2015-10-30 01:49 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2016-05-11 15:57 - 2015-10-30 01:49 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2016-05-11 14:59 - 2015-12-04 15:13 - 00000000 ____D C:\Users\maggiemay\Documents\MAGGIES IMPORTANT PAPER WORK 2016-05-09 13:32 - 2015-12-03 12:54 - 00000000 ____D C:\Program Files\Common Files\AV 2016-05-07 11:54 - 2015-10-30 01:48 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2016-05-07 11:52 - 2015-12-14 10:06 - 00000000 ____D C:\Program Files\Microsoft Office 15 2016-05-04 18:01 - 2015-11-30 15:26 - 00000000 ___RD C:\Users\maggiemay\Documents\Scanned Documents 2016-05-04 14:07 - 2015-12-06 15:30 - 00000000 ____D C:\Users\maggiemay\MAGGIESIMPORTANTPAPERWORK 2016-05-03 17:39 - 2015-12-06 15:30 - 00000000 ___HD C:\ProgramData\CanonIJScan 2016-05-03 17:39 - 2015-12-02 21:29 - 00000000 ____D C:\Users\maggiemay\AppData\Roaming\canon 2016-05-03 17:22 - 2015-12-02 21:12 - 00000000 ____D C:\Program Files\Canon 2016-05-03 17:22 - 2015-10-30 01:48 - 00000000 __RSD C:\WINDOWS\Media 2016-05-03 17:21 - 2015-12-02 21:20 - 00000000 ____D C:\ProgramData\CanonIJWSpt 2016-05-03 17:13 - 2015-11-23 03:04 - 00000000 ___HD C:\Program Files\InstallShield Installation Information 2016-05-03 11:16 - 2015-10-30 01:48 - 00000000 ____D C:\WINDOWS\system32\FxsTmp 2016-05-02 14:24 - 2015-12-08 16:32 - 00000000 ____D C:\Users\maggiemay\Documents\MAGGIESPICTURES 2016-04-26 16:50 - 2015-12-03 23:51 - 00002425 _____ C:\Users\maggiemay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2016-04-26 16:50 - 2015-12-03 23:51 - 00000000 ___RD C:\Users\maggiemay\OneDrive 2016-04-22 15:11 - 2015-12-03 22:31 - 00342088 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2016-04-22 03:57 - 2015-11-29 21:54 - 00374944 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe ==================== Files in the root of some directories ======= 2016-01-19 14:06 - 2016-01-21 12:06 - 0000100 _____ () C:\Users\maggiemay\AppData\Roaming\WB.CFG 2015-11-23 22:45 - 2015-11-23 22:45 - 0003584 _____ () C:\Users\maggiemay\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-11-30 15:58 - 2015-11-30 15:59 - 0000660 _____ () C:\ProgramData\LMADGscan.log Some files in TEMP: ==================== C:\Users\maggiemay\AppData\Local\Temp\SpotifyUninstall.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-05-19 12:59 ==================== End of FRST.txt ============================
  2. Additional scan result of Farbar Recovery Scan Tool (x86) Version:22-05-2016 01 Ran by maggiemay (2016-05-22 19:01:49) Running from C:\Users\maggiemay\Downloads Microsoft Windows 10 Pro Version 1511 (X86) (2015-12-04 03:46:37) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2283885129-1122399038-1014182919-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-2283885129-1122399038-1014182919-503 - Limited - Disabled) Guest (S-1-5-21-2283885129-1122399038-1014182919-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2283885129-1122399038-1014182919-1004 - Limited - Enabled) maggiemay (S-1-5-21-2283885129-1122399038-1014182919-1000 - Administrator - Enabled) => C:\Users\maggiemay ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Able2Extract 9.0 (HKLM\...\{98A71953-B535-4E63-897B-EC9B2FC46376}_is1) (Version: 9.0 - Investintech.com Inc.) Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20041 - Adobe Systems Incorporated) Adobe Flash Player 21 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated) Apple Application Support (32-bit) (HKLM\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{9A629DCB-415D-4A50-85B9-5C2E4F8F74A8}) (Version: 9.1.0.6 - Apple Inc.) Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.) Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.) Canon IJ Scan Utility (HKLM\...\Canon_IJ_Scan_Utility) (Version: 1.1.10.15 - Canon Inc.) Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM\...\CANONIJPLM100) (Version: 4.2.0 - Canon Inc.) Canon MG5600 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5600_series) (Version: 1.00 - Canon Inc.) Canon MG5600 series On-screen Manual (HKLM\...\Canon MG5600 series On-screen Manual) (Version: 7.7.0 - Canon Inc.) Canon MG5600 series User Registration (HKLM\...\Canon MG5600 series User Registration) (Version: - ‭Canon Inc.) Canon My Image Garden (HKLM\...\Canon My Image Garden) (Version: 3.0.0 - Canon Inc.) Canon My Image Garden Design Files (HKLM\...\Canon My Image Garden Design Files) (Version: 3.0.0 - Canon Inc.) Canon My Printer (HKLM\...\CanonMyPrinter) (Version: 3.2.1 - Canon Inc.) Canon Quick Menu (HKLM\...\CanonQuickMenu) (Version: 2.4.0 - Canon Inc.) CCleaner (HKLM\...\CCleaner) (Version: 5.17 - Piriform) CyberLink YouCam 7 (HKLM\...\{0078CD4D-B146-4D77-8CF0-268B36C1A3EC}) (Version: 7.0.0623.0 - CyberLink Corp.) Google Chrome (HKLM\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.) Google Drive (HKLM\...\{D7269C20-B3CE-4CD0-8E88-3D307D3BD41A}) (Version: 1.29.2074.1528 - Google, Inc.) Google Photos Backup (HKU\S-1-5-21-2283885129-1122399038-1014182919-1000\...\Google Photos Backup) (Version: 1.1.2.13 - Google, Inc.) Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.) Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (Version: 1.3.21.169 - Google Inc.) Hidden Google Update Helper (Version: 1.3.30.3 - Google Inc.) Hidden Java 8 Update 91 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4815.1002 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation) Mozilla Firefox 46.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 46.0.1 (x86 en-US)) (Version: 46.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 46.0.1.5966 - Mozilla) Office 15 Click-to-Run Extensibility Component (Version: 15.0.4815.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4815.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (Version: 15.0.4815.1002 - Microsoft Corporation) Hidden Spotify (HKU\S-1-5-21-2283885129-1122399038-1014182919-1000\...\Spotify) (Version: 1.0.28.87.g8f9312a4 - Spotify AB) TeamViewer 11 (HKLM\...\TeamViewer) (Version: 11.0.59518 - TeamViewer) Yahoo Search Set (HKLM\...\Yahoo! SearchSet) (Version: - Yahoo Inc.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2283885129-1122399038-1014182919-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\maggiemay\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-2283885129-1122399038-1014182919-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\maggiemay\AppData\Local\Google\Update\1.3.30.3\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-2283885129-1122399038-1014182919-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\maggiemay\AppData\Local\Google\Update\1.3.30.3\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-2283885129-1122399038-1014182919-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\maggiemay\AppData\Local\Google\Update\1.3.30.3\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-2283885129-1122399038-1014182919-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\maggiemay\AppData\Local\Google\Update\1.3.30.3\psuser.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-2283885129-1122399038-1014182919-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\maggiemay\AppData\Local\Google\Update\1.3.29.5\psuser.dll => No File CustomCLSID: HKU\S-1-5-21-2283885129-1122399038-1014182919-1000_Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\localserver32 -> C:\Users\maggiemay\AppData\Local\Chromium\Application\46.0.2480.0\delegate_execute.exe (The Chromium Authors) <==== ATTENTION CustomCLSID: HKU\S-1-5-21-2283885129-1122399038-1014182919-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\maggiemay\AppData\Local\Google\Update\1.3.22.3\psuser.dll => No File CustomCLSID: HKU\S-1-5-21-2283885129-1122399038-1014182919-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\maggiemay\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-2283885129-1122399038-1014182919-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\maggiemay\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-2283885129-1122399038-1014182919-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\maggiemay\AppData\Local\Google\Update\1.3.30.3\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-2283885129-1122399038-1014182919-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\maggiemay\AppData\Local\Google\Update\1.3.30.3\psuser.dll (Google Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {01A64A25-7B49-4DF8-963D-C831D7339251} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {06448386-9526-4DA2-9EED-BF5EB6CC5E6D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated) Task: {06D5CC5F-5B9F-4A1B-952F-E54FC801A880} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {079DCB07-F075-424F-900D-2165D0338E78} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe Task: {08F14201-C5A4-4252-9203-4AB8B09F8DF3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-04-15] (Piriform Ltd) Task: {0B4BE768-FE52-4888-828D-51164B246C80} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-12-14] (Microsoft Corporation) Task: {0EA463C2-6838-402B-BF3B-5D7F3263FD06} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe Task: {1E4B04AD-D235-401E-A6C2-9F6C96CED5A3} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-05-13] (Microsoft Corporation) Task: {1F4CBF51-37C1-4570-B416-290C979F1771} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {1F67F9EA-AD44-49FB-9261-79CAED2EC6D3} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe Task: {2133B62D-41F0-46EC-A6FC-9E642DE05F7A} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {29542824-B54D-4121-92D9-30B1827BF68C} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe Task: {299D17A3-D645-4DBD-9D76-AAB0D29C8240} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe Task: {2B7E36C1-DCD1-470C-BBA5-48F24DD6CCDE} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe Task: {30DC797F-462C-4CB9-8C8A-A73D187BDE9F} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe Task: {3160AE1C-9D11-4B44-A296-F46CA9152539} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-11-22] (Google Inc.) Task: {3D0934F7-8B0F-4997-B32F-CBBD64B6E6EF} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {434A20EA-81AE-4889-895A-B09E224E0678} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation) Task: {440B7E95-8C01-4A3A-8056-DCABAC4139AB} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe Task: {44DEA1E8-A591-4A31-A92B-9078D0637CA9} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe Task: {47FE7A1B-E3EB-4950-B8BC-126095ACC4B8} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {48D9D12C-5DF3-4556-AEDC-9BFD532683F5} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {57564713-744E-48B2-8949-73557D9F5170} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe Task: {5869BA52-6847-487A-829E-2996C9B71E6B} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe Task: {61CA0174-3E3E-4CE2-BC27-F817098F4DD2} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe Task: {6334311B-FEC5-4D78-8C1A-EB638918F686} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-11-22] (Google Inc.) Task: {715D9304-F0EF-49B7-859C-49036A5F7D39} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION Task: {79C877E9-8E4F-444C-9D72-DDE2C60D4EDA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-12-14] (Microsoft Corporation) Task: {7C6B1C11-3341-41A7-880B-BE67CB638168} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe Task: {88366F40-D11A-4866-81C9-8B23C980E01C} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe Task: {883EB3B8-49FD-44BE-9472-FDD669BEC9C3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-12] (Adobe Systems Incorporated) Task: {88ADF8F0-F71F-4623-BE56-D1C6CEA1B9D5} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {93C0E1CB-925B-4D1F-B98D-F5174E40D6F2} - System32\Tasks\{DC5E2EA2-99E9-4657-9293-ADD97F0E24BD} => pcalua.exe -a C:\Users\maggiemay\Downloads\iCloudBypasser.exe -d C:\Users\maggiemay\Downloads Task: {9A8A98A5-0E5E-4391-B068-4C2ADBC77016} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe Task: {9B75AF69-36F4-4316-9479-64B55754EEF9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2283885129-1122399038-1014182919-1000UA => C:\Users\maggiemay\AppData\Local\Google\Update\GoogleUpdate.exe [2016-03-27] (Google Inc.) Task: {9D1E4C4C-E7CA-4C0D-BA77-C3766CF9763A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {BD9C3024-1B14-4708-BB46-3AD2C164A17E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {BFFAD844-10C2-4A03-B3F1-AAB17625E5EF} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation) Task: {C94A8A8B-B292-4281-8425-932A814113DC} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-03-16] (Microsoft Corporation) Task: {CC672DB6-F3CB-4BC5-BA87-C9E18C3ED909} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {CCFFC9CD-8951-46C7-B0D0-0B1218FC74E9} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe Task: {CD4CA1B3-ECEB-4E65-B118-EC63E447CBCA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {CE80A561-4CE2-4BE7-8C20-642CE6EF3617} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2283885129-1122399038-1014182919-1000Core => C:\Users\maggiemay\AppData\Local\Google\Update\GoogleUpdate.exe [2016-03-27] (Google Inc.) Task: {D3DEE23B-E676-497D-834B-90D334E2C8C4} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe Task: {DE63A686-6746-4488-82D3-DCE965C21B04} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe Task: {E20476A8-0947-49A1-91E4-F439EDB13FB6} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {F9116118-513A-4BDB-BC57-6A37A68B85D3} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {F9BF70EA-5DBE-40BF-AE81-87DE8F19244C} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2283885129-1122399038-1014182919-1000Core.job => C:\Users\maggiemay\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2283885129-1122399038-1014182919-1000UA.job => C:\Users\maggiemay\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2015-10-30 01:44 - 2015-10-30 01:44 - 00022528 _____ () C:\WINDOWS\SYSTEM32\efsext.dll 2015-12-14 10:06 - 2015-10-13 03:43 - 00080040 _____ () C:\Program Files\Microsoft Office 15\ClientX86\ApiClient.dll 2016-05-03 17:24 - 2013-06-28 11:28 - 00084616 _____ () C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE 2015-12-17 19:39 - 2015-12-17 19:39 - 00073512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2015-12-17 19:39 - 2015-12-17 19:39 - 01040144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2015-10-30 01:44 - 2015-10-30 01:44 - 00149504 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-04-18 11:15 - 2016-03-29 05:37 - 01862008 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-04-18 11:15 - 2016-03-29 05:37 - 01862008 _____ () C:\Windows\System32\CoreUIComponents.dll 2016-04-18 11:15 - 2016-03-29 05:37 - 01862008 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2016-04-26 16:50 - 2016-04-26 16:50 - 00679624 _____ () C:\Users\maggiemay\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\ClientTelemetry.dll 2015-12-14 10:07 - 2015-12-14 10:11 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll 2015-12-18 12:29 - 2015-12-07 00:11 - 00070656 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2016-05-12 17:45 - 2016-04-23 00:20 - 00316416 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2016-05-12 17:45 - 2016-04-23 00:05 - 05340672 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-05-12 17:45 - 2016-04-22 23:58 - 00471552 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-05-12 17:46 - 2016-04-22 23:58 - 02366976 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-05-12 17:46 - 2016-04-23 00:01 - 02656768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2015-11-22 21:39 - 2014-09-25 15:49 - 00883496 _____ () C:\Program Files\Investintech.com Inc\Able2Extract 9.0\platforms\qwindows.dll 2015-11-22 21:39 - 2014-09-25 15:49 - 00022312 _____ () C:\Program Files\Investintech.com Inc\Able2Extract 9.0\imageformats\qsvg.dll 2016-04-08 18:35 - 2016-04-08 18:35 - 03481600 _____ () C:\Users\maggiemay\AppData\Local\Programs\Google\Google Photos Backup\gpuploader_i18n.dll 2016-05-22 11:24 - 2016-05-22 11:24 - 00098816 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI35642\win32api.pyd 2016-05-22 11:24 - 2016-05-22 11:24 - 00110080 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI35642\pywintypes27.dll 2016-05-22 11:24 - 2016-05-22 11:24 - 00364544 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI35642\pythoncom27.dll 2016-05-22 11:24 - 2016-05-22 11:24 - 00320512 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI35642\win32com.shell.shell.pyd 2016-05-22 11:24 - 2016-05-22 11:24 - 00776704 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI35642\_hashlib.pyd 2016-05-22 11:24 - 2016-05-22 11:24 - 01176576 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI35642\wx._core_.pyd 2016-05-22 11:24 - 2016-05-22 11:24 - 00806400 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI35642\wx._gdi_.pyd 2016-05-22 11:24 - 2016-05-22 11:25 - 00816128 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI35642\wx._windows_.pyd 2016-05-22 11:24 - 2016-05-22 11:24 - 01067008 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI35642\wx._controls_.pyd 2016-05-22 11:24 - 2016-05-22 11:24 - 00733184 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI35642\wx._misc_.pyd 2016-05-22 11:24 - 2016-05-22 11:24 - 00682496 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI35642\pysqlite2._sqlite.pyd 2016-05-22 11:24 - 2016-05-22 11:24 - 00088064 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI35642\_ctypes.pyd 2016-05-22 11:24 - 2016-05-22 11:24 - 00119808 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI35642\win32file.pyd 2016-05-22 11:24 - 2016-05-22 11:24 - 00108544 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI35642\win32security.pyd 2016-05-22 11:24 - 2016-05-22 11:24 - 00007168 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI35642\hashobjs_ext.pyd 2016-05-22 11:24 - 2016-05-22 11:24 - 00017920 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI35642\thumbnails_ext.pyd 2016-05-22 11:24 - 2016-05-22 11:24 - 00088064 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI35642\usb_ext.pyd 2016-05-22 11:24 - 2016-05-22 11:24 - 00167936 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI35642\win32gui.pyd 2016-05-22 11:24 - 2016-05-22 11:24 - 00018432 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI35642\win32event.pyd 2016-05-22 11:24 - 2016-05-22 11:24 - 00046080 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI35642\_socket.pyd 2016-05-22 11:24 - 2016-05-22 11:24 - 01208320 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI35642\_ssl.pyd 2016-05-22 11:24 - 2016-05-22 11:24 - 00128512 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI35642\_elementtree.pyd 2016-05-22 11:24 - 2016-05-22 11:24 - 00127488 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI35642\pyexpat.pyd 2016-05-22 11:24 - 2016-05-22 11:24 - 00012288 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI35642\common.time34.pyd 2016-05-22 11:24 - 2016-05-22 11:24 - 00038912 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI35642\win32inet.pyd 2016-05-22 11:24 - 2016-05-22 11:24 - 00036864 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI35642\_psutil_windows.pyd 2016-05-22 11:24 - 2016-05-22 11:24 - 00525208 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI35642\windows._lib_cacheinvalidation.pyd 2016-05-22 11:24 - 2016-05-22 11:24 - 00011264 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI35642\win32crypt.pyd 2016-05-22 11:24 - 2016-05-22 11:24 - 00077312 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI35642\wx._html2.pyd 2016-05-22 11:24 - 2016-05-22 11:24 - 00027136 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI35642\_multiprocessing.pyd 2016-05-22 11:24 - 2016-05-22 11:24 - 00020480 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI35642\_yappi.pyd 2016-05-22 11:24 - 2016-05-22 11:24 - 00035840 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI35642\win32process.pyd 2016-05-22 11:24 - 2016-05-22 11:24 - 00686080 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI35642\unicodedata.pyd 2016-05-22 11:24 - 2016-05-22 11:24 - 00078848 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI35642\wx._animate.pyd 2016-05-22 11:25 - 2016-05-22 11:25 - 00123392 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI35642\wx._wizard.pyd 2016-05-22 11:24 - 2016-05-22 11:24 - 00024064 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI35642\win32pipe.pyd 2016-05-22 11:24 - 2016-05-22 11:24 - 00010240 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI35642\select.pyd 2016-05-22 11:24 - 2016-05-22 11:24 - 00025600 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI35642\win32pdh.pyd 2016-05-22 11:24 - 2016-05-22 11:24 - 00017408 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI35642\win32profile.pyd 2016-05-22 11:24 - 2016-05-22 11:24 - 00022528 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI35642\win32ts.pyd 2016-04-22 15:24 - 2016-04-22 15:24 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe 2016-04-22 15:24 - 2016-04-22 15:24 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll 2016-04-22 15:24 - 2016-04-22 15:24 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll 2016-03-30 10:55 - 2016-03-30 10:55 - 00017408 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe 2016-03-30 10:55 - 2016-03-30 10:55 - 14568448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x86__8wekyb3d8bbwe\Microsoft.Photos.dll 2016-03-04 12:30 - 2016-03-04 12:30 - 00180224 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x86__8wekyb3d8bbwe\StoreRatingPromotion.dll 2016-04-30 21:11 - 2016-04-30 21:12 - 06383616 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11602.1.26.0_x86__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-2283885129-1122399038-1014182919-1000\...\localhost -> localhost IE trusted site: HKU\S-1-5-21-2283885129-1122399038-1014182919-1000\...\sharepoint.com -> hxxps://ashedu-files.sharepoint.com IE trusted site: HKU\S-1-5-21-2283885129-1122399038-1014182919-1000\...\webcompanion.com -> hxxp://webcompanion.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2283885129-1122399038-1014182919-1000\Control Panel\Desktop\\Wallpaper -> DNS Servers: 192.168.0.1 - 205.171.203.226 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\StartupFolder: => "PlutoTV.lnk" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{75FB35ED-F562-4373-B8C6-9569B96D0519}] => (Allow) C:\Program Files\Lexmark\WirelessSetup\LMwpss.exe FirewallRules: [{E87C009C-667A-4D79-BE5B-79FC2A468873}] => (Allow) C:\Program Files\Lexmark\WirelessSetup\LMwpss.exe FirewallRules: [{D5E675B5-8F4A-47BD-9999-F2DB341A3FAC}] => (Allow) C:\Program Files\Lexmark\PSU\lmpsu.exe FirewallRules: [{2A75765D-3648-4760-A808-48EE99FF3340}] => (Allow) C:\Program Files\Lexmark\PSU\lmpsu.exe FirewallRules: [{B92DAB99-2A60-4037-AFA9-7CA17F7DFF0E}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe FirewallRules: [{9A6FF38B-0CEE-4C31-B186-5EAA537D9D53}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe FirewallRules: [{FB6AE5F0-4877-46B2-9BE0-641499024B2E}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe FirewallRules: [{4DAB04C8-8EEA-4257-8A2C-B4F9127E474A}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe FirewallRules: [{BB923985-99A4-4DAC-94B2-8D87AE288162}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe FirewallRules: [{8C96EBE3-4F92-42C6-AFA6-B0B92DE0CB58}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{D9DF2B21-3B20-4E4C-A820-882B684681CA}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{10157C97-B3AA-461F-956F-6E2193857954}] => (Allow) C:\Users\maggiemay\AppData\Local\Chromium\Application\chrome.exe FirewallRules: [{147F52A3-44D3-407D-978D-E67D5714DD66}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe FirewallRules: [{E7793820-9B9E-4F03-86B3-5EC071906D57}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe FirewallRules: [{69698BD3-1159-4553-A88B-C922B6C044A0}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe FirewallRules: [{4A5EB03C-C3F7-4376-93B1-FF57CA2D24A1}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe FirewallRules: [TCP Query User{7401B997-B4A0-4212-8E22-29CBD106B15B}C:\program files\symantec\norton online backup\nobuclient.exe] => (Allow) C:\program files\symantec\norton online backup\nobuclient.exe FirewallRules: [UDP Query User{7DDC348C-380F-48B2-B63A-6CF2B069ADB9}C:\program files\symantec\norton online backup\nobuclient.exe] => (Allow) C:\program files\symantec\norton online backup\nobuclient.exe FirewallRules: [{9FD189DF-7227-4E7A-A719-31AFD42077F0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{A66B50BB-A77E-4C5F-B5AB-C7FB3BA3F1AE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [TCP Query User{6939B40D-3377-401A-A664-054251CDED8C}C:\program files\symantec\norton online backup\nobuclient.exe] => (Allow) C:\program files\symantec\norton online backup\nobuclient.exe FirewallRules: [UDP Query User{3E5E8331-D832-4544-B651-A13591C6E90E}C:\program files\symantec\norton online backup\nobuclient.exe] => (Allow) C:\program files\symantec\norton online backup\nobuclient.exe FirewallRules: [{C3CC6217-8FA8-4137-BED0-43EBDA713C96}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe FirewallRules: [{A3AE9F80-65CE-4408-A35F-26B3E5E447E4}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe FirewallRules: [{14AC0574-92C2-4E88-AB04-8DCDE5EC2967}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe FirewallRules: [{8C3ABC2F-F917-44E7-B3E1-4771449DD014}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe FirewallRules: [{2C905C8B-3D9D-454A-BFD6-30004E69652C}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe FirewallRules: [TCP Query User{310A284E-6FCD-4D0F-BE41-A04165A9913A}C:\users\maggiemay\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\maggiemay\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{C5EC6D2A-3DCB-4CD9-A23E-1C0FDFDAAD46}C:\users\maggiemay\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\maggiemay\appdata\roaming\spotify\spotify.exe ==================== Restore Points ========================= 20-05-2016 23:53:46 Removed Norton Online Backup ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (05/22/2016 05:56:20 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1484 Error: (05/22/2016 05:56:20 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 1484 Error: (05/22/2016 05:56:20 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (05/22/2016 01:55:30 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 2937 Error: (05/22/2016 01:55:30 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 2937 Error: (05/22/2016 01:55:30 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (05/22/2016 01:55:29 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1422 Error: (05/22/2016 01:55:29 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 1422 Error: (05/22/2016 01:55:29 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (05/21/2016 10:46:57 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 5266 System errors: ============= Error: (05/22/2016 05:56:20 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: ) Description: 4 Error: (05/22/2016 01:55:30 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: ) Description: 4 Error: (05/21/2016 11:26:14 PM) (Source: DCOM) (EventID: 10010) (User: MAGGIEMAY-PC) Description: {0002DF02-0000-0000-C000-000000000046} Error: (05/21/2016 11:26:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The User Data Access_c1bf4a service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (05/21/2016 11:26:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The User Data Storage_c1bf4a service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (05/21/2016 11:26:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Contact Data_c1bf4a service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (05/21/2016 11:26:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Sync Host_c1bf4a service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (05/21/2016 10:46:58 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: ) Description: 4 Error: (05/21/2016 10:43:06 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY) Description: There was an error while attempting to read the local hosts file. Error: (05/21/2016 01:14:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The User Data Access_4c4197 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. CodeIntegrity: =================================== Date: 2016-05-18 12:49:26.890 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-05-14 13:10:52.264 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-05-14 11:13:07.425 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll that did not meet the Microsoft signing level requirements. Date: 2016-05-14 11:13:07.351 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll that did not meet the Microsoft signing level requirements. Date: 2016-05-14 11:13:07.253 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll that did not meet the Microsoft signing level requirements. Date: 2016-05-14 11:13:07.086 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll that did not meet the Microsoft signing level requirements. Date: 2016-05-14 11:13:07.043 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll that did not meet the Microsoft signing level requirements. Date: 2016-05-14 11:13:06.986 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll that did not meet the Microsoft signing level requirements. Date: 2016-05-14 11:13:05.353 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements. Date: 2016-05-14 11:13:05.037 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements. ==================== Memory info =========================== Processor: Pentium(R) Dual-Core CPU T4400 @ 2.20GHz Percentage of memory in use: 45% Total physical RAM: 3544.36 MB Available physical RAM: 1932.69 MB Total Virtual: 7128.36 MB Available Virtual: 5196.5 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:224.2 GB) (Free:160.46 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: F0000000) Partition 1: (Not Active) - (Size=78 MB) - (Type=DE) Partition 2: (Active) - (Size=8.6 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=224.2 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================
  3. I think i have a hijack i think that's what you call it because my homepage doesn't look normal here are my files Additional scan result of Farbar Recovery Scan Tool (x86) Version:18-05-2016 Ran by maggiemay (2016-05-19 12:43:37) Running from C:\Users\maggiemay\Downloads Microsoft Windows 10 Pro Version 1511 (X86) (2015-12-04 03:46:37) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2283885129-1122399038-1014182919-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-2283885129-1122399038-1014182919-503 - Limited - Disabled) Guest (S-1-5-21-2283885129-1122399038-1014182919-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2283885129-1122399038-1014182919-1004 - Limited - Enabled) maggiemay (S-1-5-21-2283885129-1122399038-1014182919-1000 - Administrator - Enabled) => C:\Users\maggiemay ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Norton Internet Security Online (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Norton Internet Security Online (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66} FW: Norton Internet Security Online (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Able2Extract 9.0 (HKLM\...\{98A71953-B535-4E63-897B-EC9B2FC46376}_is1) (Version: 9.0 - Investintech.com Inc.) Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20039 - Adobe Systems Incorporated) Adobe Flash Player 21 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated) Apple Application Support (32-bit) (HKLM\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{9A629DCB-415D-4A50-85B9-5C2E4F8F74A8}) (Version: 9.1.0.6 - Apple Inc.) Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.) Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.) Canon IJ Scan Utility (HKLM\...\Canon_IJ_Scan_Utility) (Version: 1.1.10.15 - Canon Inc.) Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM\...\CANONIJPLM100) (Version: 4.2.0 - Canon Inc.) Canon MG5600 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5600_series) (Version: 1.00 - Canon Inc.) Canon MG5600 series On-screen Manual (HKLM\...\Canon MG5600 series On-screen Manual) (Version: 7.7.0 - Canon Inc.) Canon MG5600 series User Registration (HKLM\...\Canon MG5600 series User Registration) (Version: - ‭Canon Inc.) Canon My Image Garden (HKLM\...\Canon My Image Garden) (Version: 3.0.0 - Canon Inc.) Canon My Image Garden Design Files (HKLM\...\Canon My Image Garden Design Files) (Version: 3.0.0 - Canon Inc.) Canon My Printer (HKLM\...\CanonMyPrinter) (Version: 3.2.1 - Canon Inc.) Canon Quick Menu (HKLM\...\CanonQuickMenu) (Version: 2.4.0 - Canon Inc.) CCleaner (HKLM\...\CCleaner) (Version: 5.17 - Piriform) CyberLink YouCam 7 (HKLM\...\{0078CD4D-B146-4D77-8CF0-268B36C1A3EC}) (Version: 7.0.0623.0 - CyberLink Corp.) Google Chrome (HKLM\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.) Google Drive (HKLM\...\{D7269C20-B3CE-4CD0-8E88-3D307D3BD41A}) (Version: 1.29.2074.1528 - Google, Inc.) Google Photos Backup (HKU\S-1-5-21-2283885129-1122399038-1014182919-1000\...\Google Photos Backup) (Version: 1.1.2.13 - Google, Inc.) Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.) Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (Version: 1.3.21.169 - Google Inc.) Hidden Google Update Helper (Version: 1.3.30.3 - Google Inc.) Hidden Java 8 Update 91 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4815.1002 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation) Mozilla Firefox 46.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 46.0.1 (x86 en-US)) (Version: 46.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 46.0.1.5966 - Mozilla) Norton Internet Security Online (HKLM\...\NIS) (Version: 22.6.0.142 - Symantec Corporation) Norton Online Backup (HKLM\...\{1969BD50-331D-4B7A-8116-29A7DC6D45B4}) (Version: 2.10.3.20 - Symantec Corporation) Office 15 Click-to-Run Extensibility Component (Version: 15.0.4815.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4815.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (Version: 15.0.4815.1002 - Microsoft Corporation) Hidden Spotify (HKU\S-1-5-21-2283885129-1122399038-1014182919-1000\...\Spotify) (Version: 1.0.28.87.g8f9312a4 - Spotify AB) TeamViewer 11 (HKLM\...\TeamViewer) (Version: 11.0.59518 - TeamViewer) Yahoo Search Set (HKLM\...\Yahoo! SearchSet) (Version: - Yahoo Inc.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2283885129-1122399038-1014182919-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\maggiemay\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-2283885129-1122399038-1014182919-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\maggiemay\AppData\Local\Google\Update\1.3.30.3\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-2283885129-1122399038-1014182919-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\maggiemay\AppData\Local\Google\Update\1.3.30.3\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-2283885129-1122399038-1014182919-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\maggiemay\AppData\Local\Google\Update\1.3.30.3\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-2283885129-1122399038-1014182919-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\maggiemay\AppData\Local\Google\Update\1.3.30.3\psuser.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-2283885129-1122399038-1014182919-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\maggiemay\AppData\Local\Google\Update\1.3.29.5\psuser.dll => No File CustomCLSID: HKU\S-1-5-21-2283885129-1122399038-1014182919-1000_Classes\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}\localserver32 -> C:\Users\maggiemay\AppData\Local\Chromium\Application\46.0.2480.0\delegate_execute.exe (The Chromium Authors) <==== ATTENTION CustomCLSID: HKU\S-1-5-21-2283885129-1122399038-1014182919-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\maggiemay\AppData\Local\Google\Update\1.3.22.3\psuser.dll => No File CustomCLSID: HKU\S-1-5-21-2283885129-1122399038-1014182919-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\maggiemay\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-2283885129-1122399038-1014182919-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\maggiemay\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-2283885129-1122399038-1014182919-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\maggiemay\AppData\Local\Google\Update\1.3.30.3\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-2283885129-1122399038-1014182919-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\maggiemay\AppData\Local\Google\Update\1.3.30.3\psuser.dll (Google Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {01A64A25-7B49-4DF8-963D-C831D7339251} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {06448386-9526-4DA2-9EED-BF5EB6CC5E6D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated) Task: {06D5CC5F-5B9F-4A1B-952F-E54FC801A880} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {079DCB07-F075-424F-900D-2165D0338E78} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe Task: {08F14201-C5A4-4252-9203-4AB8B09F8DF3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-04-15] (Piriform Ltd) Task: {0B4BE768-FE52-4888-828D-51164B246C80} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-12-14] (Microsoft Corporation) Task: {0EA463C2-6838-402B-BF3B-5D7F3263FD06} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe Task: {1E4B04AD-D235-401E-A6C2-9F6C96CED5A3} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-05-13] (Microsoft Corporation) Task: {1F4CBF51-37C1-4570-B416-290C979F1771} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {1F67F9EA-AD44-49FB-9261-79CAED2EC6D3} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe Task: {2133B62D-41F0-46EC-A6FC-9E642DE05F7A} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {29542824-B54D-4121-92D9-30B1827BF68C} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe Task: {299D17A3-D645-4DBD-9D76-AAB0D29C8240} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe Task: {2B7E36C1-DCD1-470C-BBA5-48F24DD6CCDE} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe Task: {30DC797F-462C-4CB9-8C8A-A73D187BDE9F} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe Task: {3160AE1C-9D11-4B44-A296-F46CA9152539} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-11-22] (Google Inc.) Task: {3939EC7D-A8C0-4E81-B389-3B7E92A17FD6} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files\Norton Internet Security\Engine\22.6.0.142\SymErr.exe [2016-02-10] (Symantec Corporation) Task: {3A43200A-A7C5-4097-AC56-3B54A5005472} - System32\Tasks\Norton Internet Security\Norton Autofix => C:\Program Files\Norton Internet Security\Engine\22.6.0.142\SymErr.exe [2016-02-10] (Symantec Corporation) Task: {3D0934F7-8B0F-4997-B32F-CBBD64B6E6EF} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {434A20EA-81AE-4889-895A-B09E224E0678} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation) Task: {440B7E95-8C01-4A3A-8056-DCABAC4139AB} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe Task: {44A319ED-4CCD-403E-93F3-867ECD9F8522} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Internet Security\Engine\22.6.0.142\WSCStub.exe [2016-02-26] (Symantec Corporation) Task: {44DEA1E8-A591-4A31-A92B-9078D0637CA9} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe Task: {47FE7A1B-E3EB-4950-B8BC-126095ACC4B8} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {48D9D12C-5DF3-4556-AEDC-9BFD532683F5} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {57564713-744E-48B2-8949-73557D9F5170} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe Task: {5869BA52-6847-487A-829E-2996C9B71E6B} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe Task: {61CA0174-3E3E-4CE2-BC27-F817098F4DD2} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe Task: {6334311B-FEC5-4D78-8C1A-EB638918F686} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-11-22] (Google Inc.) Task: {715D9304-F0EF-49B7-859C-49036A5F7D39} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION Task: {79C877E9-8E4F-444C-9D72-DDE2C60D4EDA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-12-14] (Microsoft Corporation) Task: {7C6B1C11-3341-41A7-880B-BE67CB638168} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe Task: {88366F40-D11A-4866-81C9-8B23C980E01C} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe Task: {883EB3B8-49FD-44BE-9472-FDD669BEC9C3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-12] (Adobe Systems Incorporated) Task: {88ADF8F0-F71F-4623-BE56-D1C6CEA1B9D5} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {93C0E1CB-925B-4D1F-B98D-F5174E40D6F2} - System32\Tasks\{DC5E2EA2-99E9-4657-9293-ADD97F0E24BD} => pcalua.exe -a C:\Users\maggiemay\Downloads\iCloudBypasser.exe -d C:\Users\maggiemay\Downloads Task: {9A8A98A5-0E5E-4391-B068-4C2ADBC77016} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe Task: {9B75AF69-36F4-4316-9479-64B55754EEF9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2283885129-1122399038-1014182919-1000UA => C:\Users\maggiemay\AppData\Local\Google\Update\GoogleUpdate.exe [2016-03-27] (Google Inc.) Task: {9D1E4C4C-E7CA-4C0D-BA77-C3766CF9763A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {A9E334FB-0745-4DCC-9A3F-E30B8735204A} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files\Norton Internet Security\Engine\22.6.0.142\SymErr.exe [2016-02-10] (Symantec Corporation) Task: {B2BFB37B-B124-4E3A-8B95-F14848A12DA6} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security Online\Upgrade.exe [2016-02-26] (Symantec Corporation) Task: {BD9C3024-1B14-4708-BB46-3AD2C164A17E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {BFFAD844-10C2-4A03-B3F1-AAB17625E5EF} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation) Task: {C94A8A8B-B292-4281-8425-932A814113DC} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-03-16] (Microsoft Corporation) Task: {CC672DB6-F3CB-4BC5-BA87-C9E18C3ED909} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {CCFFC9CD-8951-46C7-B0D0-0B1218FC74E9} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe Task: {CD4CA1B3-ECEB-4E65-B118-EC63E447CBCA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {CE80A561-4CE2-4BE7-8C20-642CE6EF3617} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2283885129-1122399038-1014182919-1000Core => C:\Users\maggiemay\AppData\Local\Google\Update\GoogleUpdate.exe [2016-03-27] (Google Inc.) Task: {D3DEE23B-E676-497D-834B-90D334E2C8C4} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe Task: {DE63A686-6746-4488-82D3-DCE965C21B04} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe Task: {E20476A8-0947-49A1-91E4-F439EDB13FB6} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {F9116118-513A-4BDB-BC57-6A37A68B85D3} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {F9BF70EA-5DBE-40BF-AE81-87DE8F19244C} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2283885129-1122399038-1014182919-1000Core.job => C:\Users\maggiemay\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2283885129-1122399038-1014182919-1000UA.job => C:\Users\maggiemay\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2015-10-30 01:44 - 2015-10-30 01:44 - 00022528 _____ () C:\WINDOWS\SYSTEM32\efsext.dll 2015-10-30 01:44 - 2015-10-30 01:44 - 00149504 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2015-12-17 19:39 - 2015-12-17 19:39 - 00073512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2015-12-17 19:39 - 2015-12-17 19:39 - 01040144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2015-12-14 10:06 - 2015-10-13 03:43 - 00080040 _____ () C:\Program Files\Microsoft Office 15\ClientX86\ApiClient.dll 2016-05-03 17:24 - 2013-06-28 11:28 - 00084616 _____ () C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE 2016-04-18 11:15 - 2016-03-29 05:37 - 01862008 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-04-18 11:15 - 2016-03-29 05:37 - 01862008 _____ () C:\Windows\System32\CoreUIComponents.dll 2016-04-18 11:15 - 2016-03-29 05:37 - 01862008 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2016-04-26 16:50 - 2016-04-26 16:50 - 00679624 _____ () C:\Users\maggiemay\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\ClientTelemetry.dll 2015-12-14 10:07 - 2015-12-14 10:11 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll 2015-12-18 12:29 - 2015-12-07 00:11 - 00070656 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2016-05-12 17:45 - 2016-04-23 00:20 - 00316416 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2016-05-12 17:45 - 2016-04-23 00:05 - 05340672 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-05-12 17:45 - 2016-04-22 23:58 - 00471552 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-05-12 17:46 - 2016-04-22 23:58 - 02366976 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-05-12 17:46 - 2016-04-23 00:01 - 02656768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2015-11-22 21:39 - 2014-09-25 15:49 - 00883496 _____ () C:\Program Files\Investintech.com Inc\Able2Extract 9.0\platforms\qwindows.dll 2015-11-22 21:39 - 2014-09-25 15:49 - 00022312 _____ () C:\Program Files\Investintech.com Inc\Able2Extract 9.0\imageformats\qsvg.dll 2016-05-19 00:08 - 2016-05-19 00:08 - 00098816 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI59002\win32api.pyd 2016-05-19 00:08 - 2016-05-19 00:08 - 00110080 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI59002\pywintypes27.dll 2016-05-19 00:08 - 2016-05-19 00:08 - 00364544 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI59002\pythoncom27.dll 2016-05-19 00:08 - 2016-05-19 00:08 - 00320512 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI59002\win32com.shell.shell.pyd 2016-05-19 00:08 - 2016-05-19 00:08 - 00776704 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI59002\_hashlib.pyd 2016-05-19 00:08 - 2016-05-19 00:08 - 01176576 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI59002\wx._core_.pyd 2016-05-19 00:08 - 2016-05-19 00:08 - 00806400 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI59002\wx._gdi_.pyd 2016-05-19 00:08 - 2016-05-19 00:08 - 00816128 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI59002\wx._windows_.pyd 2016-05-19 00:08 - 2016-05-19 00:08 - 01067008 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI59002\wx._controls_.pyd 2016-05-19 00:08 - 2016-05-19 00:08 - 00733184 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI59002\wx._misc_.pyd 2016-05-19 00:08 - 2016-05-19 00:08 - 00682496 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI59002\pysqlite2._sqlite.pyd 2016-05-19 00:08 - 2016-05-19 00:08 - 00088064 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI59002\_ctypes.pyd 2016-05-19 00:08 - 2016-05-19 00:08 - 00119808 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI59002\win32file.pyd 2016-05-19 00:08 - 2016-05-19 00:08 - 00108544 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI59002\win32security.pyd 2016-05-19 00:08 - 2016-05-19 00:08 - 00007168 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI59002\hashobjs_ext.pyd 2016-05-19 00:08 - 2016-05-19 00:08 - 00017920 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI59002\thumbnails_ext.pyd 2016-05-19 00:08 - 2016-05-19 00:08 - 00088064 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI59002\usb_ext.pyd 2016-05-19 00:08 - 2016-05-19 00:08 - 00167936 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI59002\win32gui.pyd 2016-05-19 00:08 - 2016-05-19 00:08 - 00018432 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI59002\win32event.pyd 2016-05-19 00:08 - 2016-05-19 00:08 - 00046080 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI59002\_socket.pyd 2016-05-19 00:08 - 2016-05-19 00:08 - 01208320 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI59002\_ssl.pyd 2016-05-19 00:08 - 2016-05-19 00:08 - 00128512 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI59002\_elementtree.pyd 2016-05-19 00:08 - 2016-05-19 00:08 - 00127488 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI59002\pyexpat.pyd 2016-05-19 00:08 - 2016-05-19 00:08 - 00012288 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI59002\common.time34.pyd 2016-05-19 00:08 - 2016-05-19 00:08 - 00038912 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI59002\win32inet.pyd 2016-05-19 00:08 - 2016-05-19 00:08 - 00036864 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI59002\_psutil_windows.pyd 2016-05-19 00:08 - 2016-05-19 00:08 - 00525208 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI59002\windows._lib_cacheinvalidation.pyd 2016-05-19 00:08 - 2016-05-19 00:08 - 00011264 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI59002\win32crypt.pyd 2016-05-19 00:08 - 2016-05-19 00:08 - 00077312 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI59002\wx._html2.pyd 2016-05-19 00:08 - 2016-05-19 00:08 - 00027136 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI59002\_multiprocessing.pyd 2016-05-19 00:08 - 2016-05-19 00:08 - 00020480 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI59002\_yappi.pyd 2016-05-19 00:08 - 2016-05-19 00:08 - 00035840 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI59002\win32process.pyd 2016-05-19 00:08 - 2016-05-19 00:08 - 00686080 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI59002\unicodedata.pyd 2016-05-19 00:08 - 2016-05-19 00:08 - 00078848 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI59002\wx._animate.pyd 2016-05-19 00:08 - 2016-05-19 00:08 - 00123392 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI59002\wx._wizard.pyd 2016-05-19 00:08 - 2016-05-19 00:08 - 00024064 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI59002\win32pipe.pyd 2016-05-19 00:08 - 2016-05-19 00:08 - 00010240 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI59002\select.pyd 2016-05-19 00:08 - 2016-05-19 00:08 - 00025600 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI59002\win32pdh.pyd 2016-05-19 00:08 - 2016-05-19 00:08 - 00017408 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI59002\win32profile.pyd 2016-05-19 00:08 - 2016-05-19 00:08 - 00022528 ____R () C:\Users\maggiemay\AppData\Local\Temp\_MEI59002\win32ts.pyd 2016-04-22 15:24 - 2016-04-22 15:24 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe 2016-04-22 15:24 - 2016-04-22 15:24 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll 2016-04-22 15:24 - 2016-04-22 15:24 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll 2016-03-30 10:55 - 2016-03-30 10:55 - 00017408 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe 2016-03-30 10:55 - 2016-03-30 10:55 - 14568448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x86__8wekyb3d8bbwe\Microsoft.Photos.dll 2016-03-04 12:30 - 2016-03-04 12:30 - 00180224 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x86__8wekyb3d8bbwe\StoreRatingPromotion.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-2283885129-1122399038-1014182919-1000\...\localhost -> localhost IE trusted site: HKU\S-1-5-21-2283885129-1122399038-1014182919-1000\...\sharepoint.com -> hxxps://ashedu-files.sharepoint.com IE trusted site: HKU\S-1-5-21-2283885129-1122399038-1014182919-1000\...\webcompanion.com -> hxxp://webcompanion.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2283885129-1122399038-1014182919-1000\Control Panel\Desktop\\Wallpaper -> DNS Servers: 192.168.0.1 - 205.171.203.226 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\StartupFolder: => "PlutoTV.lnk" HKLM\...\StartupApproved\Run: => "YouCam Service7" HKU\S-1-5-21-2283885129-1122399038-1014182919-1000\...\StartupApproved\Run: => "WeatherBug" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{75FB35ED-F562-4373-B8C6-9569B96D0519}] => (Allow) C:\Program Files\Lexmark\WirelessSetup\LMwpss.exe FirewallRules: [{E87C009C-667A-4D79-BE5B-79FC2A468873}] => (Allow) C:\Program Files\Lexmark\WirelessSetup\LMwpss.exe FirewallRules: [{D5E675B5-8F4A-47BD-9999-F2DB341A3FAC}] => (Allow) C:\Program Files\Lexmark\PSU\lmpsu.exe FirewallRules: [{2A75765D-3648-4760-A808-48EE99FF3340}] => (Allow) C:\Program Files\Lexmark\PSU\lmpsu.exe FirewallRules: [{B92DAB99-2A60-4037-AFA9-7CA17F7DFF0E}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe FirewallRules: [{9A6FF38B-0CEE-4C31-B186-5EAA537D9D53}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe FirewallRules: [{FB6AE5F0-4877-46B2-9BE0-641499024B2E}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe FirewallRules: [{4DAB04C8-8EEA-4257-8A2C-B4F9127E474A}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe FirewallRules: [{BB923985-99A4-4DAC-94B2-8D87AE288162}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe FirewallRules: [{8C96EBE3-4F92-42C6-AFA6-B0B92DE0CB58}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{D9DF2B21-3B20-4E4C-A820-882B684681CA}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{10157C97-B3AA-461F-956F-6E2193857954}] => (Allow) C:\Users\maggiemay\AppData\Local\Chromium\Application\chrome.exe FirewallRules: [{147F52A3-44D3-407D-978D-E67D5714DD66}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe FirewallRules: [{E7793820-9B9E-4F03-86B3-5EC071906D57}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe FirewallRules: [{69698BD3-1159-4553-A88B-C922B6C044A0}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe FirewallRules: [{4A5EB03C-C3F7-4376-93B1-FF57CA2D24A1}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe FirewallRules: [TCP Query User{7401B997-B4A0-4212-8E22-29CBD106B15B}C:\program files\symantec\norton online backup\nobuclient.exe] => (Allow) C:\program files\symantec\norton online backup\nobuclient.exe FirewallRules: [UDP Query User{7DDC348C-380F-48B2-B63A-6CF2B069ADB9}C:\program files\symantec\norton online backup\nobuclient.exe] => (Allow) C:\program files\symantec\norton online backup\nobuclient.exe FirewallRules: [{9FD189DF-7227-4E7A-A719-31AFD42077F0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{A66B50BB-A77E-4C5F-B5AB-C7FB3BA3F1AE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [TCP Query User{6939B40D-3377-401A-A664-054251CDED8C}C:\program files\symantec\norton online backup\nobuclient.exe] => (Allow) C:\program files\symantec\norton online backup\nobuclient.exe FirewallRules: [UDP Query User{3E5E8331-D832-4544-B651-A13591C6E90E}C:\program files\symantec\norton online backup\nobuclient.exe] => (Allow) C:\program files\symantec\norton online backup\nobuclient.exe FirewallRules: [{C3CC6217-8FA8-4137-BED0-43EBDA713C96}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe FirewallRules: [{A3AE9F80-65CE-4408-A35F-26B3E5E447E4}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe FirewallRules: [{14AC0574-92C2-4E88-AB04-8DCDE5EC2967}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe FirewallRules: [{8C3ABC2F-F917-44E7-B3E1-4771449DD014}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe FirewallRules: [{2C905C8B-3D9D-454A-BFD6-30004E69652C}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe ==================== Restore Points ========================= ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (05/19/2016 10:17:13 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: svchost.exe_StiSvc, version: 10.0.10586.0, time stamp: 0x5632d73f Faulting module name: CNC_CAL.dll, version: 1.0.2.0, time stamp: 0x52ddf466 Exception code: 0xc0000005 Fault offset: 0x00034de0 Faulting process id: 0x8ac Faulting application start time: 0xsvchost.exe_StiSvc0 Faulting application path: svchost.exe_StiSvc1 Faulting module path: svchost.exe_StiSvc2 Report Id: svchost.exe_StiSvc3 Faulting package full name: svchost.exe_StiSvc4 Faulting package-relative application ID: svchost.exe_StiSvc5 Error: (05/19/2016 03:55:27 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 10805453 Error: (05/19/2016 03:55:27 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 10805453 Error: (05/19/2016 03:55:27 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (05/19/2016 12:55:27 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 4734 Error: (05/19/2016 12:55:27 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 4734 Error: (05/19/2016 12:55:27 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (05/19/2016 12:55:25 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 3265 Error: (05/19/2016 12:55:25 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 3265 Error: (05/19/2016 12:55:25 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second System errors: ============= Error: (05/19/2016 10:19:28 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Windows Image Acquisition (WIA) service terminated unexpectedly. It has done this 1 time(s). Error: (05/19/2016 12:55:28 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: ) Description: 4 Error: (05/19/2016 12:04:42 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY) Description: There was an error while attempting to read the local hosts file. Error: (05/19/2016 12:04:32 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY) Description: There was an error while attempting to read the local hosts file. Error: (05/19/2016 12:03:24 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Sync Host_244ba80 service to connect. Error: (05/19/2016 12:03:24 AM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Data Storage_244ba80 service, but this action failed with the following error: %%1056 Error: (05/19/2016 12:03:24 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the User Data Storage_244ba80 service to connect. Error: (05/19/2016 12:03:14 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The User Data Access_244ba80 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (05/19/2016 12:03:14 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The User Data Storage_244ba80 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (05/19/2016 12:03:14 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Contact Data_244ba80 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. CodeIntegrity: =================================== Date: 2016-05-18 12:49:26.890 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-05-14 13:10:52.264 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-05-14 11:13:07.425 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll that did not meet the Microsoft signing level requirements. Date: 2016-05-14 11:13:07.351 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll that did not meet the Microsoft signing level requirements. Date: 2016-05-14 11:13:07.253 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll that did not meet the Microsoft signing level requirements. Date: 2016-05-14 11:13:07.086 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll that did not meet the Microsoft signing level requirements. Date: 2016-05-14 11:13:07.043 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll that did not meet the Microsoft signing level requirements. Date: 2016-05-14 11:13:06.986 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll that did not meet the Microsoft signing level requirements. Date: 2016-05-14 11:13:05.353 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements. Date: 2016-05-14 11:13:05.037 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume3\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements. ==================== Memory info =========================== Processor: Pentium(R) Dual-Core CPU T4400 @ 2.20GHz Percentage of memory in use: 42% Total physical RAM: 3544.36 MB Available physical RAM: 2052.91 MB Total Virtual: 7128.36 MB Available Virtual: 5111.6 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:224.2 GB) (Free:160.44 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: F0000000) Partition 1: (Not Active) - (Size=78 MB) - (Type=DE) Partition 2: (Active) - (Size=8.6 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=224.2 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================ Here is the other file Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:18-05-2016 Ran by maggiemay (administrator) on MAGGIEMAY-PC (19-05-2016 12:41:59) Running from C:\Users\maggiemay\Downloads Loaded Profiles: maggiemay (Available Profiles: maggiemay) Platform: Microsoft Windows 10 Pro Version 1511 (X86) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officeclicktorun.exe () C:\Program Files\Canon\IJPLM\ijplmsvc.exe (Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\22.6.0.142\nis.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe (Symantec Corporation) C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\22.6.0.142\nis.exe (Symantec Corporation) C:\Program Files\Symantec\Norton Online Backup\NOBuClient.exe (Investintech.com Inc.) C:\Program Files\Investintech.com Inc\Able2Extract 9.0\Able2Extract.PrnDisp.exe (CANON INC.) C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Spotify Ltd) C:\Users\maggiemay\AppData\Roaming\Spotify\SpotifyWebHelper.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe (Google) C:\Program Files\Google\Drive\googledrivesync.exe (Google) C:\Program Files\Google\Drive\googledrivesync.exe (CANON INC.) C:\Program Files\Canon\Quick Menu\CNQMUPDT.EXE (CANON INC.) C:\Program Files\Canon\Quick Menu\CNQMSWCS.EXE () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe (CyberLink Corp.) C:\Program Files\CyberLink\YouCam7\YouCamService7.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe (Microsoft Corporation) C:\Windows\System32\WWAHost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\NetworkUXBroker.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Desktop.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM\...\Run: [Able2Extract 9.0 Print Dispatcher] => C:\Program Files\Investintech.com Inc\Able2Extract 9.0\Able2Extract.PrnDisp.exe [9109320 2015-11-17] (Investintech.com Inc.) HKLM\...\Run: [YouCam Service7] => C:\Program Files\CyberLink\YouCam7\YouCamService7.exe [454072 2015-06-22] (CyberLink Corp.) HKLM\...\Run: [CanonQuickMenu] => C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE [1284680 2014-01-17] (CANON INC.) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation) HKU\S-1-5-21-2283885129-1122399038-1014182919-1000\...\Run: [WeatherBug] => C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exe [146736 2014-09-23] () HKU\S-1-5-21-2283885129-1122399038-1014182919-1000\...\Run: [Google Update] => C:\Users\maggiemay\AppData\Local\Google\Update\GoogleUpdate.exe [154440 2016-03-27] (Google Inc.) HKU\S-1-5-21-2283885129-1122399038-1014182919-1000\...\Run: [Google Photos Backup] => C:\Users\maggiemay\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe [3790936 2016-04-08] (Google, Inc) HKU\S-1-5-21-2283885129-1122399038-1014182919-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6675672 2016-04-15] (Piriform Ltd) HKU\S-1-5-21-2283885129-1122399038-1014182919-1000\...\Run: [Spotify Web Helper] => C:\Users\maggiemay\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1525360 2016-05-15] (Spotify Ltd) HKU\S-1-5-21-2283885129-1122399038-1014182919-1000\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [23484296 2016-04-25] (Google) HKU\S-1-5-21-2283885129-1122399038-1014182919-1000\...\MountPoints2: {0826e35e-0f3c-11e6-ba09-a4badbb0e4f7} - "F:\LG_PC_Programs.exe" ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-04-25] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-04-25] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-04-25] (Google) ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Internet Security\Engine\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation) ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Internet Security\Engine\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation) ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Internet Security\Engine\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation) ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-04-21] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-04-21] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-04-21] (Microsoft Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.) Hosts: Hosts file not detected in the default directory Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.203.226 Tcpip\..\Interfaces\{06e54b54-3baa-4ebf-b86b-d4ba8e1137f8}: [DhcpNameServer] 192.168.0.1 205.171.203.226 Tcpip\..\Interfaces\{3afccbf6-601e-414c-ba67-b3176e8fd1b6}: [DhcpNameServer] 192.168.0.1 205.171.203.226 205.171.2.226 Tcpip\..\Interfaces\{4b91b5f4-3341-4071-92ee-15c4aea528ef}: [DhcpNameServer] 192.168.42.129 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-d2d80eff HKU\S-1-5-21-2283885129-1122399038-1014182919-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.bing.com/?pc=U280 SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-d2d80eff&q={searchTerms} SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-d2d80eff&q={searchTerms} SearchScopes: HKU\S-1-5-21-2283885129-1122399038-1014182919-1000 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-d2d80eff&q={searchTerms} SearchScopes: HKU\S-1-5-21-2283885129-1122399038-1014182919-1000 -> {5C0F13CB-C721-43A4-98AF-2CDECC1AA8F6} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default SearchScopes: HKU\S-1-5-21-2283885129-1122399038-1014182919-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-d2d80eff&q={searchTerms} BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-03-16] (Microsoft Corporation) BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.) BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Internet Security\Engine\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-05-18] (Oracle Corporation) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-04] (Google Inc.) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-04-21] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-18] (Oracle Corporation) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-04] (Google Inc.) Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.) Toolbar: HKU\S-1-5-21-2283885129-1122399038-1014182919-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-04] (Google Inc.) Toolbar: HKU\S-1-5-21-2283885129-1122399038-1014182919-1000 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-12-14] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\maggiemay\AppData\Roaming\Mozilla\Firefox\Profiles\bl9p3d73.default FF DefaultSearchEngine: Bing® FF DefaultSearchEngine.US: Bing® FF SelectedSearchEngine: Bing® FF Homepage: hxxp://www.google.com/ FF Session Restore: -> is enabled. FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-12] () FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.) FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-18] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-18] (Oracle Corporation) FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-12-14] (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-12-14] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-12] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-12] (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-03] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2283885129-1122399038-1014182919-1000: @tools.google.com/Google Update;version=3 -> C:\Users\maggiemay\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-12] (Google Inc.) FF Plugin HKU\S-1-5-21-2283885129-1122399038-1014182919-1000: @tools.google.com/Google Update;version=9 -> C:\Users\maggiemay\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-12] (Google Inc.) FF SearchPlugin: C:\Users\maggiemay\AppData\Roaming\Mozilla\Firefox\Profiles\bl9p3d73.default\searchplugins\bing-lavasoft.xml [2016-05-08] FF Extension: WOT - C:\Users\maggiemay\AppData\Roaming\Mozilla\Firefox\Profiles\bl9p3d73.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2016-05-13] FF Extension: Adblock Plus - C:\Users\maggiemay\AppData\Roaming\Mozilla\Firefox\Profiles\bl9p3d73.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-05-13] FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.2.15\coFFAddon FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.2.15\coFFAddon [2016-05-09] Chrome: ======= CHR HomePage: Default -> bing.com/?mkt=en-US&pc=__PARAM__ CHR StartupUrls: Default -> "hxxp://search.conduit.com/?ctid=CT3320418&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPE46737A2-8CE5-4A19-A6D9-B6569B11F37B&SSPV=","hxxp://search.yahoo.com/?type=AC6CABBA6ED3B4F86BCF_s55_g_e&fr=conduit","hxxp://www.bing.com/search?FORM=INCOH1&PC=IC03&PTAG=ICO-d2d80eff","hxxp://www.google.com/" CHR Profile: C:\Users\maggiemay\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Yahoo Web) - C:\Users\maggiemay\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaffhmecfaelkngcbnfdkcckmillnoki [2016-01-19] [UpdateUrl: hxxps://clients2.googlee.com/service/update2/crx] <==== ATTENTION CHR Extension: (Google Slides) - C:\Users\maggiemay\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-23] CHR Extension: (Google Docs) - C:\Users\maggiemay\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-23] CHR Extension: (Google Drive) - C:\Users\maggiemay\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-23] CHR Extension: (YouTube) - C:\Users\maggiemay\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-23] CHR Extension: (Norton Security Toolbar) - C:\Users\maggiemay\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2016-03-04] CHR Extension: (Google Search) - C:\Users\maggiemay\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-23] CHR Extension: (Google Sheets) - C:\Users\maggiemay\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-23] CHR Extension: (Google Docs Offline) - C:\Users\maggiemay\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-29] CHR Extension: (Avast Online Security) - C:\Users\maggiemay\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-02-20] CHR Extension: (Norton Identity Safe) - C:\Users\maggiemay\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2016-02-19] CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\maggiemay\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-05-19] CHR Extension: (Chrome Web Store Payments) - C:\Users\maggiemay\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-19] CHR Extension: (Yahoo Partner) - C:\Users\maggiemay\AppData\Local\Google\Chrome\User Data\Default\Extensions\nogdfjjfhknacchjpiccacoimeelkajb [2016-05-19] CHR Extension: (Gmail) - C:\Users\maggiemay\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-23] CHR HKLM\...\Chrome\Extension: [aaffhmecfaelkngcbnfdkcckmillnoki] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Internet Security\Engine\22.6.0.142\Exts\Chrome.crx [2016-02-21] CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [nogdfjjfhknacchjpiccacoimeelkajb] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-2283885129-1122399038-1014182919-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-2283885129-1122399038-1014182919-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nfedoihopcjdfjihhhojdclnfdgomdho] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1917680 2016-03-08] (Microsoft Corporation) R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [84616 2013-06-28] () R2 NIS; C:\Program Files\Norton Internet Security\Engine\22.6.0.142\NIS.exe [289080 2016-02-26] (Symantec Corporation) R2 NOBU; C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe [3544336 2016-01-22] (Symantec Corporation) R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [7032080 2016-05-12] (TeamViewer GmbH) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [280376 2015-10-30] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23256 2015-10-30] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 BCM43XX; C:\WINDOWS\System32\drivers\bcmwl63l.sys [4715008 2015-10-30] (Broadcom Corporation) R1 BHDrvx86; C:\Program Files\Norton Internet Security\NortonData\22.5.2.15\Definitions\BASHDefs\20160502.001\BHDrvx86.sys [1269488 2016-03-03] (Symantec Corporation) R1 ccSet_NIS; C:\WINDOWS\system32\drivers\NIS\1606000.08E\ccSetx86.sys [137456 2015-07-10] (Symantec Corporation) R1 CLMirrorDriver; C:\WINDOWS\system32\DRIVERS\CLMirrorDriver.sys [21264 2015-05-20] (CyberLink) R3 clwvd7; C:\WINDOWS\system32\DRIVERS\clwvd7.sys [36824 2015-03-24] (CyberLink Corporation) R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [388848 2016-05-04] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [124144 2016-05-04] (Symantec Corporation) R1 IDSVix86; C:\Program Files\Norton Internet Security\NortonData\22.5.2.15\Definitions\IPSDefs\20160518.001\IDSvix86.sys [667352 2016-05-13] (Symantec Corporation) R3 NAVENG; C:\Program Files\Norton Internet Security\NortonData\22.5.2.15\Definitions\VirusDefs\20160518.020\NAVENG.SYS [104408 2016-05-16] (Symantec Corporation) R3 NAVEX15; C:\Program Files\Norton Internet Security\NortonData\22.5.2.15\Definitions\VirusDefs\20160518.020\NAVEX15.SYS [1647192 2016-05-16] (Symantec Corporation) R1 SRTSP; C:\WINDOWS\System32\Drivers\NIS\1606000.08E\SRTSP.SYS [713968 2016-02-23] (Symantec Corporation) R1 SRTSPX; C:\WINDOWS\system32\drivers\NIS\1606000.08E\SRTSPX.SYS [44792 2015-07-10] (Symantec Corporation) R0 SymEFASI; C:\WINDOWS\System32\drivers\NIS\1606000.08E\SYMEFASI.SYS [1287408 2016-02-23] (Symantec Corporation) S0 SymELAM; C:\WINDOWS\System32\drivers\NIS\1606000.08E\SYMELAM.SYS [22144 2015-07-10] (Symantec Corporation) R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [103152 2016-02-19] (Symantec Corporation) R1 SymIRON; C:\WINDOWS\system32\drivers\NIS\1606000.08E\Ironx86.SYS [234736 2016-02-23] (Symantec Corporation) R1 SymNetS; C:\WINDOWS\System32\Drivers\NIS\1606000.08E\SYMNETS.SYS [431328 2016-02-23] (Symantec Corporation) S3 tsusbhub; C:\WINDOWS\System32\drivers\tsusbhub.sys [112640 2010-11-20] (Microsoft Corporation) [File not signed] S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [37400 2015-10-30] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [246104 2015-10-30] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [98648 2015-10-30] (Microsoft Corporation) R3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [163328 2015-10-30] (Microsoft Corporation) R3 yukonw8; C:\WINDOWS\System32\drivers\yk63x86.sys [242688 2015-10-30] (Marvell) U3 idsvc; no ImagePath U3 wpcsvc; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-05-19 12:41 - 2016-05-19 12:42 - 00021860 _____ C:\Users\maggiemay\Downloads\FRST.txt 2016-05-19 11:52 - 2016-05-19 12:38 - 00001528 _____ C:\Users\maggiemay\Desktop\FRST - Shortcut.lnk 2016-05-19 11:50 - 2016-05-19 12:41 - 01733120 _____ (Farbar) C:\Users\maggiemay\Downloads\FRST.exe 2016-05-19 11:25 - 2016-05-19 11:26 - 05819274 _____ C:\Users\maggiemay\Documents\TOMTHUMBWORKTICKETSFOR5-19-25-2016.pdf 2016-05-19 11:16 - 2016-05-19 11:23 - 05943618 _____ C:\Users\maggiemay\Documents\IMG_20160519_0001.pdf 2016-05-18 21:42 - 2016-05-19 11:01 - 00000000 ___RD C:\Users\maggiemay\Google Drive 2016-05-18 21:42 - 2016-05-18 21:42 - 00001798 _____ C:\Users\maggiemay\Desktop\Google Drive.lnk 2016-05-18 21:35 - 2016-05-18 21:35 - 00002075 _____ C:\Users\Public\Desktop\Google Slides.lnk 2016-05-18 21:35 - 2016-05-18 21:35 - 00002073 _____ C:\Users\Public\Desktop\Google Sheets.lnk 2016-05-18 21:35 - 2016-05-18 21:35 - 00002063 _____ C:\Users\Public\Desktop\Google Docs.lnk 2016-05-18 21:35 - 2016-05-18 21:35 - 00001113 _____ C:\Users\Public\Desktop\Google Drive.lnk 2016-05-18 21:35 - 2016-05-18 21:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive 2016-05-18 21:34 - 2016-05-18 21:34 - 00307200 _____ (Secure By Design Inc.) C:\Users\maggiemay\Downloads\Ninite Google Drive Installer.exe 2016-05-18 21:24 - 2016-05-18 21:24 - 00000000 ____D C:\Program Files\Common Files\Java 2016-05-18 21:21 - 2016-05-18 21:21 - 00307200 _____ (Secure By Design Inc.) C:\Users\maggiemay\Desktop\Ninite Java 8 Malwarebytes Spotify Installer.exe 2016-05-18 21:20 - 2016-05-18 21:20 - 00307200 _____ (Secure By Design Inc.) C:\Users\maggiemay\Downloads\Ninite Java 8 Malwarebytes Spotify Installer.exe 2016-05-18 21:14 - 2016-05-18 21:14 - 00307200 _____ (Secure By Design Inc.) C:\Users\maggiemay\Downloads\Ninite Firefox Installer.exe 2016-05-18 21:10 - 2016-05-18 21:11 - 44584432 _____ C:\Users\maggiemay\Downloads\Firefox Setup 46.0.1.exe 2016-05-18 13:54 - 2016-05-18 13:54 - 00093553 _____ C:\Users\maggiemay\Downloads\Kirkland_Washington (2).pdf 2016-05-18 13:38 - 2016-05-18 13:38 - 00093553 _____ C:\Users\maggiemay\Downloads\Kirkland_Washington (1).pdf 2016-05-18 13:30 - 2016-05-18 13:30 - 00093553 _____ C:\Users\maggiemay\Downloads\Kirkland_Washington.pdf 2016-05-17 16:16 - 2016-05-17 16:16 - 00968967 _____ C:\Users\maggiemay\Documents\CHUEYSINVOICES5-17-2016.pdf 2016-05-17 16:14 - 2016-05-17 16:15 - 00976020 _____ C:\Users\maggiemay\Documents\IMG_20160517_0001.pdf 2016-05-17 12:09 - 2016-05-17 12:09 - 00005619 _____ C:\Users\maggiemay\Downloads\smime.p7s 2016-05-16 17:27 - 2016-05-16 17:27 - 00497655 _____ C:\Users\maggiemay\Documents\TOMTHUMB139WORKTICKET.pdf 2016-05-16 17:26 - 2016-05-16 17:26 - 00504216 _____ C:\Users\maggiemay\Documents\IMG_20160516_0002.pdf 2016-05-16 16:53 - 2016-05-16 16:54 - 05326671 _____ C:\Users\maggiemay\Documents\TOMTHUMBINVOICES-5-16-2016.pdf 2016-05-16 16:43 - 2016-05-16 16:51 - 05598220 _____ C:\Users\maggiemay\Documents\IMG_20160516_0001.pdf 2016-05-16 12:44 - 2016-05-16 12:44 - 01104548 _____ C:\Users\maggiemay\Downloads\scan0034.pdf 2016-05-16 11:35 - 2016-05-16 11:35 - 03382020 _____ C:\Users\maggiemay\Downloads\attachments_2016_05_16 (1).zip 2016-05-16 11:33 - 2016-05-16 11:33 - 03382020 _____ C:\Users\maggiemay\Downloads\attachments_2016_05_16.zip 2016-05-16 11:33 - 2016-05-16 11:33 - 00000000 ____D C:\Users\maggiemay\Downloads\attachments_2016_05_16 2016-05-16 11:12 - 2016-05-16 11:12 - 03489116 _____ C:\Users\maggiemay\Downloads\scan0031 (1).pdf 2016-05-15 15:35 - 2016-05-15 15:35 - 00001916 _____ C:\Users\maggiemay\Desktop\Spotify.lnk 2016-05-15 15:35 - 2016-05-15 15:35 - 00001902 _____ C:\Users\maggiemay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk 2016-05-15 15:34 - 2016-05-15 15:34 - 00350936 _____ (Spotify Ltd) C:\Users\maggiemay\Downloads\SpotifySetup (6).exe 2016-05-15 02:17 - 2016-05-15 02:17 - 00001859 _____ C:\Users\maggiemay\Downloads\Printer-Jumpstart.jnlp 2016-05-15 02:17 - 2016-05-15 02:17 - 00001859 _____ C:\Users\maggiemay\Downloads\Printer-Jumpstart (1).jnlp 2016-05-15 00:58 - 2016-05-15 00:58 - 00008816 _____ C:\Users\maggiemay\Downloads\NoActivityAlert.csv 2016-05-14 13:45 - 2016-05-14 13:45 - 00218036 _____ C:\Users\maggiemay\Downloads\SCityHall D15012114020.pdf 2016-05-14 10:30 - 2016-05-14 10:30 - 00001530 _____ C:\Users\maggiemay\Downloads\Untitled 2016-05-13 17:38 - 2016-05-13 17:39 - 00009220 _____ C:\Users\maggiemay\Documents\cc_20160513_173806.reg 2016-05-13 17:23 - 2016-05-13 17:23 - 00001040 _____ C:\Users\Public\Desktop\CCleaner.lnk 2016-05-13 17:23 - 2016-05-13 17:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2016-05-13 17:22 - 2016-05-13 17:23 - 00000000 ____D C:\Program Files\CCleaner 2016-05-13 16:55 - 2016-05-13 17:17 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2016-05-13 16:54 - 2016-05-13 16:54 - 00001135 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2016-05-13 16:54 - 2016-05-13 16:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-05-13 16:54 - 2016-05-13 16:54 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware 2016-05-13 16:54 - 2016-03-10 14:09 - 00053120 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2016-05-13 16:54 - 2016-03-10 14:08 - 00126336 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2016-05-13 16:54 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2016-05-13 16:15 - 2016-05-13 16:15 - 00350936 _____ (Spotify Ltd) C:\Users\maggiemay\Downloads\SpotifySetup (5).exe 2016-05-13 16:12 - 2016-05-13 16:12 - 00350936 _____ (Spotify Ltd) C:\Users\maggiemay\Downloads\SpotifySetup (4).exe 2016-05-13 15:59 - 2016-05-13 15:59 - 00350936 _____ (Spotify Ltd) C:\Users\maggiemay\Downloads\SpotifySetup (3).exe 2016-05-13 15:58 - 2016-05-13 15:58 - 00350936 _____ (Spotify Ltd) C:\Users\maggiemay\Downloads\SpotifySetup (2).exe 2016-05-12 23:18 - 2016-05-12 23:18 - 04780722 _____ C:\Users\maggiemay\Downloads\std-rates.zip 2016-05-12 23:15 - 2016-05-12 23:15 - 05358270 _____ C:\Users\maggiemay\Downloads\std-graph.zip 2016-05-12 19:43 - 2016-05-12 19:45 - 00000000 ____D C:\Users\maggiemay\AppData\Roaming\U3 2016-05-12 17:47 - 2016-04-23 00:31 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2016-05-12 17:47 - 2016-04-23 00:27 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll 2016-05-12 17:46 - 2016-05-06 01:20 - 00077664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdport.sys 2016-05-12 17:46 - 2016-05-06 00:23 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll 2016-05-12 17:46 - 2016-05-06 00:13 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll 2016-05-12 17:46 - 2016-05-06 00:10 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll 2016-05-12 17:46 - 2016-05-06 00:05 - 00487936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll 2016-05-12 17:46 - 2016-05-06 00:05 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll 2016-05-12 17:46 - 2016-05-05 23:49 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll 2016-05-12 17:46 - 2016-04-30 02:53 - 01152000 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2016-05-12 17:46 - 2016-04-30 02:46 - 02974720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2016-05-12 17:46 - 2016-04-23 02:06 - 01232576 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2016-05-12 17:46 - 2016-04-23 02:06 - 00973504 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2016-05-12 17:46 - 2016-04-23 02:06 - 00576192 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2016-05-12 17:46 - 2016-04-23 02:06 - 00440512 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2016-05-12 17:46 - 2016-04-23 02:06 - 00248512 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2016-05-12 17:46 - 2016-04-23 02:06 - 00149696 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe 2016-05-12 17:46 - 2016-04-23 02:06 - 00081088 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2016-05-12 17:46 - 2016-04-23 02:06 - 00042688 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe 2016-05-12 17:46 - 2016-04-23 01:28 - 05796704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2016-05-12 17:46 - 2016-04-23 01:28 - 01561392 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2016-05-12 17:46 - 2016-04-23 01:28 - 01541792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2016-05-12 17:46 - 2016-04-23 01:28 - 00550240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys 2016-05-12 17:46 - 2016-04-23 01:28 - 00545432 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll 2016-05-12 17:46 - 2016-04-23 01:28 - 00278368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys 2016-05-12 17:46 - 2016-04-23 01:28 - 00083808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys 2016-05-12 17:46 - 2016-04-23 01:26 - 00792328 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll 2016-05-12 17:46 - 2016-04-23 01:21 - 00023776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2016-05-12 17:46 - 2016-04-23 01:14 - 00310112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe 2016-05-12 17:46 - 2016-04-23 01:13 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll 2016-05-12 17:46 - 2016-04-23 01:13 - 00306832 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll 2016-05-12 17:46 - 2016-04-23 01:13 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll 2016-05-12 17:46 - 2016-04-23 01:12 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll 2016-05-12 17:46 - 2016-04-23 01:12 - 00451928 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll 2016-05-12 17:46 - 2016-04-23 01:12 - 00104800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufxsynopsys.sys 2016-05-12 17:46 - 2016-04-23 01:11 - 00259424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys 2016-05-12 17:46 - 2016-04-23 01:10 - 02919832 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2016-05-12 17:46 - 2016-04-23 01:09 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2016-05-12 17:46 - 2016-04-23 01:09 - 05240960 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2016-05-12 17:46 - 2016-04-23 01:09 - 04074160 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe 2016-05-12 17:46 - 2016-04-23 01:09 - 00569744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll 2016-05-12 17:46 - 2016-04-23 01:09 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe 2016-05-12 17:46 - 2016-04-23 01:09 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe 2016-05-12 17:46 - 2016-04-23 01:07 - 01536088 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll 2016-05-12 17:46 - 2016-04-23 01:07 - 00192704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe 2016-05-12 17:46 - 2016-04-23 01:07 - 00183904 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll 2016-05-12 17:46 - 2016-04-23 01:02 - 00188256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll 2016-05-12 17:46 - 2016-04-23 01:01 - 01714520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2016-05-12 17:46 - 2016-04-23 01:01 - 00522176 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll 2016-05-12 17:46 - 2016-04-23 01:01 - 00513368 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll 2016-05-12 17:46 - 2016-04-23 01:01 - 00484704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys 2016-05-12 17:46 - 2016-04-23 01:01 - 00336224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys 2016-05-12 17:46 - 2016-04-23 01:00 - 01522152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll 2016-05-12 17:46 - 2016-04-23 01:00 - 01396584 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll 2016-05-12 17:46 - 2016-04-23 01:00 - 01273720 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll 2016-05-12 17:46 - 2016-04-23 01:00 - 00453472 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll 2016-05-12 17:46 - 2016-04-23 01:00 - 00049504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwminit.dll 2016-05-12 17:46 - 2016-04-23 00:55 - 00430432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS 2016-05-12 17:46 - 2016-04-23 00:35 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll 2016-05-12 17:46 - 2016-04-23 00:30 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll 2016-05-12 17:46 - 2016-04-23 00:29 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys 2016-05-12 17:46 - 2016-04-23 00:29 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll 2016-05-12 17:46 - 2016-04-23 00:29 - 00046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys 2016-05-12 17:46 - 2016-04-23 00:29 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ByteCodeGenerator.exe 2016-05-12 17:46 - 2016-04-23 00:29 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll 2016-05-12 17:46 - 2016-04-23 00:27 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll 2016-05-12 17:46 - 2016-04-23 00:26 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll 2016-05-12 17:46 - 2016-04-23 00:25 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll 2016-05-12 17:46 - 2016-04-23 00:25 - 00070144 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe 2016-05-12 17:46 - 2016-04-23 00:24 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll 2016-05-12 17:46 - 2016-04-23 00:24 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\filecrypt.sys 2016-05-12 17:46 - 2016-04-23 00:24 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll 2016-05-12 17:46 - 2016-04-23 00:23 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys 2016-05-12 17:46 - 2016-04-23 00:23 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll 2016-05-12 17:46 - 2016-04-23 00:23 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll 2016-05-12 17:46 - 2016-04-23 00:22 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2016-05-12 17:46 - 2016-04-23 00:22 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll 2016-05-12 17:46 - 2016-04-23 00:22 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll 2016-05-12 17:46 - 2016-04-23 00:21 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll 2016-05-12 17:46 - 2016-04-23 00:21 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll 2016-05-12 17:46 - 2016-04-23 00:21 - 00168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll 2016-05-12 17:46 - 2016-04-23 00:20 - 19344384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2016-05-12 17:46 - 2016-04-23 00:20 - 18676224 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2016-05-12 17:46 - 2016-04-23 00:20 - 00307200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll 2016-05-12 17:46 - 2016-04-23 00:20 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll 2016-05-12 17:46 - 2016-04-23 00:20 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll 2016-05-12 17:46 - 2016-04-23 00:20 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll 2016-05-12 17:46 - 2016-04-23 00:20 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll 2016-05-12 17:46 - 2016-04-23 00:19 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll 2016-05-12 17:46 - 2016-04-23 00:19 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrowserSettingSync.dll 2016-05-12 17:46 - 2016-04-23 00:18 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll 2016-05-12 17:46 - 2016-04-23 00:17 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll 2016-05-12 17:46 - 2016-04-23 00:17 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll 2016-05-12 17:46 - 2016-04-23 00:17 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll 2016-05-12 17:46 - 2016-04-23 00:16 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll 2016-05-12 17:46 - 2016-04-23 00:16 - 00484864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll 2016-05-12 17:46 - 2016-04-23 00:16 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll 2016-05-12 17:46 - 2016-04-23 00:16 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll 2016-05-12 17:46 - 2016-04-23 00:15 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2016-05-12 17:46 - 2016-04-23 00:15 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll 2016-05-12 17:46 - 2016-04-23 00:15 - 00612352 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll 2016-05-12 17:46 - 2016-04-23 00:15 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll 2016-05-12 17:46 - 2016-04-23 00:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll 2016-05-12 17:46 - 2016-04-23 00:14 - 00739328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll 2016-05-12 17:46 - 2016-04-23 00:14 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll 2016-05-12 17:46 - 2016-04-23 00:14 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll 2016-05-12 17:46 - 2016-04-23 00:14 - 00647680 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2016-05-12 17:46 - 2016-04-23 00:14 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2016-05-12 17:46 - 2016-04-23 00:14 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe 2016-05-12 17:46 - 2016-04-23 00:14 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll 2016-05-12 17:46 - 2016-04-23 00:14 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll 2016-05-12 17:46 - 2016-04-23 00:13 - 06295552 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll 2016-05-12 17:46 - 2016-04-23 00:13 - 01028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll 2016-05-12 17:46 - 2016-04-23 00:13 - 00951808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll 2016-05-12 17:46 - 2016-04-23 00:13 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2016-05-12 17:46 - 2016-04-23 00:13 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll 2016-05-12 17:46 - 2016-04-23 00:13 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll 2016-05-12 17:46 - 2016-04-23 00:12 - 00783872 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll 2016-05-12 17:46 - 2016-04-23 00:12 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll 2016-05-12 17:46 - 2016-04-23 00:11 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll 2016-05-12 17:46 - 2016-04-23 00:10 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2016-05-12 17:46 - 2016-04-23 00:10 - 00639488 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll 2016-05-12 17:46 - 2016-04-23 00:09 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2016-05-12 17:46 - 2016-04-23 00:08 - 05324288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2016-05-12 17:46 - 2016-04-23 00:08 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll 2016-05-12 17:46 - 2016-04-23 00:07 - 05205504 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll 2016-05-12 17:46 - 2016-04-23 00:07 - 01793024 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll 2016-05-12 17:46 - 2016-04-23 00:07 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2016-05-12 17:46 - 2016-04-23 00:05 - 01895936 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2016-05-12 17:46 - 2016-04-23 00:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll 2016-05-12 17:46 - 2016-04-23 00:05 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll 2016-05-12 17:46 - 2016-04-23 00:04 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll 2016-05-12 17:46 - 2016-04-23 00:04 - 01733632 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll 2016-05-12 17:46 - 2016-04-23 00:03 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2016-05-12 17:46 - 2016-04-23 00:03 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll 2016-05-12 17:46 - 2016-04-23 00:03 - 02000896 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll 2016-05-12 17:46 - 2016-04-23 00:03 - 01899520 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2016-05-12 17:46 - 2016-04-23 00:03 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll 2016-05-12 17:46 - 2016-04-23 00:03 - 00704000 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll 2016-05-12 17:46 - 2016-04-23 00:03 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll 2016-05-12 17:46 - 2016-04-23 00:01 - 01075200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll 2016-05-12 17:46 - 2016-04-22 22:10 - 00177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll 2016-05-12 17:45 - 2016-04-23 00:28 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll 2016-05-12 17:45 - 2016-04-23 00:28 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll 2016-05-12 17:45 - 2016-04-23 00:27 - 00103424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll 2016-05-12 17:45 - 2016-04-23 00:24 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll 2016-05-12 17:45 - 2016-04-23 00:23 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll 2016-05-12 17:45 - 2016-04-23 00:21 - 00142336 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll 2016-05-12 17:45 - 2016-04-23 00:19 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe 2016-05-12 17:45 - 2016-04-23 00:18 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll 2016-05-12 17:45 - 2016-04-18 18:30 - 00002186 _____ C:\WINDOWS\system32\AppxProvisioning.xml 2016-05-12 16:38 - 2016-05-13 11:02 - 00000000 ____D C:\Program Files\Mozilla Firefox 2016-05-12 14:28 - 2016-05-19 12:38 - 00000000 ____D C:\Users\maggiemay\AppData\Local\Spotify 2016-05-12 14:28 - 2016-05-12 14:28 - 00350936 _____ (Spotify Ltd) C:\Users\maggiemay\Downloads\SpotifySetup (1).exe 2016-05-12 14:27 - 2016-05-19 12:34 - 00000000 ____D C:\Users\maggiemay\AppData\Roaming\Spotify 2016-05-12 14:26 - 2016-05-12 14:26 - 00350936 _____ (Spotify Ltd) C:\Users\maggiemay\Downloads\SpotifySetup.exe 2016-05-11 15:02 - 2016-05-11 15:05 - 00000000 ____D C:\Users\maggiemay\Desktop\J. R. R. Tolkien 2016-05-11 14:52 - 2016-05-11 14:52 - 00000000 ____D C:\Users\maggiemay\Desktop\review documents 2016-05-11 14:51 - 2016-05-11 14:51 - 00000000 ____D C:\Users\maggiemay\Desktop\FileHistory 2016-05-11 14:46 - 2016-05-12 15:11 - 00000000 ____D C:\Users\maggiemay\Desktop\contractors enterprises 2016-05-11 12:00 - 2016-05-11 12:00 - 00000000 ____D C:\Users\maggiemay\Documents\CASHAMERICA-PAPERWORK 2016-05-10 16:25 - 2016-05-10 16:25 - 00000000 ____D C:\Users\maggiemay\Documents\Custom Office Templates 2016-05-09 17:42 - 2016-05-09 17:42 - 00000000 ____D C:\Users\maggiemay\AppData\Local\TempTaskUpdateDetection7496A0A6-705C-4841-B925-861076BCC9B5 2016-05-09 11:55 - 2016-05-09 11:55 - 00000000 ____D C:\Users\maggiemay\AppData\Local\TempTaskUpdateDetection8E4FF7C8-4928-41AF-AE63-C15834121033 2016-05-09 11:49 - 2016-05-09 11:49 - 00004591 _____ C:\Users\maggiemay\Downloads\Attachment_CONTRACTORSENTERPRISES_20160509.csv 2016-05-09 11:47 - 2016-05-09 11:47 - 00010994 _____ C:\Users\maggiemay\Downloads\InvoiceNoBackup.csv 2016-05-08 18:36 - 2016-05-08 18:36 - 00000000 ____D C:\Users\maggiemay\AppData\Local\OurrarUdl 2016-05-08 18:32 - 2016-05-08 18:32 - 00000000 ____D C:\Users\maggiemay\AppData\Roaming\Digiarty 2016-05-08 18:31 - 2016-05-08 18:31 - 00000000 ____D C:\Video 2016-05-08 18:30 - 2016-05-08 18:30 - 00345360 _____ (Lavasoft Limited) C:\WINDOWS\system32\LavasoftTcpService.dll 2016-05-08 18:30 - 2016-05-08 18:30 - 00002976 _____ C:\WINDOWS\system32\LavasoftTcpServiceOff.ini 2016-05-08 18:29 - 2016-05-08 18:37 - 00000000 ____D C:\Users\maggiemay\AppData\Local\YouTubeDownloaderGuru 2016-05-08 18:28 - 2016-05-08 18:28 - 00776544 _____ (YoutubeDownloader.guru LLC. ) C:\Users\maggiemay\Downloads\music_downloader_guru.exe 2016-05-08 18:28 - 2016-05-08 18:28 - 00776544 _____ (YoutubeDownloader.guru LLC. ) C:\Users\maggiemay\Downloads\Music_Downloader_Guru (1).exe 2016-05-08 17:28 - 2016-05-08 17:28 - 00000000 ____D C:\Users\maggiemay\Documents\.DataStorage 2016-05-07 12:27 - 2016-05-07 12:27 - 00000000 ____D C:\Users\maggiemay\AppData\LocalLow\Canon Easy-WebPrint EX2 2016-05-07 12:27 - 2016-05-07 12:27 - 00000000 ____D C:\Users\maggiemay\AppData\LocalLow\Canon Easy-WebPrint EX 2016-05-04 14:22 - 2016-05-04 14:22 - 01133556 _____ C:\Users\maggiemay\Documents\signedPEPBOYSWORKTICKETS5-4-2016.pdf 2016-05-04 14:06 - 2016-05-04 14:06 - 01129845 _____ C:\Users\maggiemay\Downloads\scan0032.pdf 2016-05-03 17:40 - 2016-05-04 15:22 - 00000000 ___HD C:\ProgramData\CanonIJMIG 2016-05-03 17:30 - 2016-05-03 17:30 - 00185148 _____ C:\Users\maggiemay\Documents\Tom Thumb CLEANING SERVICE TICKET pdf copy.pdf 2016-05-03 17:28 - 2016-05-03 17:28 - 00188612 _____ C:\Users\maggiemay\Downloads\Tom Thumb CLEANING SERVICE TICKET pdf copy.pdf 2016-05-03 17:23 - 2016-05-11 17:29 - 00000000 ____D C:\ProgramData\CanonIJPLM 2016-05-03 17:21 - 2016-05-03 17:21 - 00002046 _____ C:\Users\Public\Desktop\Canon Quick Menu.lnk 2016-05-03 17:21 - 2016-05-03 17:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG5600 series User Registration 2016-05-03 17:16 - 2016-05-03 17:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities 2016-05-03 17:16 - 2016-05-03 17:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG5600 series Manual 2016-05-03 17:15 - 2016-05-03 17:15 - 00000000 ___HD C:\ProgramData\CanonBJ 2016-05-03 17:15 - 2016-05-03 17:15 - 00000000 ___HD C:\Program Files\CanonBJ 2016-05-03 17:15 - 2014-02-04 15:28 - 00296448 _____ (CANON INC.) C:\WINDOWS\system32\CNC_CAC.dll 2016-05-03 17:15 - 2014-02-04 15:28 - 00097280 _____ (CANON INC.) C:\WINDOWS\system32\CNC_CAI.dll 2016-05-03 17:15 - 2014-01-21 13:15 - 00336896 _____ (CANON INC.) C:\WINDOWS\system32\CNC_CAL.dll 2016-05-02 13:47 - 2016-05-02 13:47 - 14875383 _____ C:\Users\maggiemay\Downloads\scan0031.pdf 2016-04-29 16:31 - 2016-04-29 16:31 - 05023789 _____ C:\Users\maggiemay\Downloads\attachments_2016_04_29.zip 2016-04-28 10:25 - 2016-04-28 10:25 - 08388199 _____ C:\Users\maggiemay\Downloads\TOMTHUMBINVOICES4-11-2016.pdf 2016-04-28 10:23 - 2016-04-28 10:23 - 01674261 _____ C:\Users\maggiemay\Downloads\attachments_2016_04_28.zip 2016-04-26 16:53 - 2016-05-18 21:24 - 00000000 ____D C:\Users\maggiemay\.oracle_jre_usage 2016-04-25 15:41 - 2014-03-18 05:00 - 00330752 _____ (CANON INC.) C:\WINDOWS\system32\CNMXLMCA.DLL 2016-04-25 15:33 - 2014-03-18 05:00 - 00329216 _____ (CANON INC.) C:\WINDOWS\system32\CNMLMCA.DLL 2016-04-25 15:33 - 2013-12-02 12:51 - 00096000 _____ C:\WINDOWS\system32\CNC177FD.TBL ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-05-19 12:41 - 2016-01-19 15:22 - 00000000 ____D C:\FRST 2016-05-19 12:32 - 2015-11-22 18:45 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2016-05-19 12:26 - 2015-10-30 01:48 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-05-19 12:01 - 2015-11-22 18:31 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2016-05-19 11:52 - 2016-03-27 13:37 - 00000950 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2283885129-1122399038-1014182919-1000UA.job 2016-05-19 10:38 - 2015-10-30 01:48 - 00000000 ___HD C:\Program Files\WindowsApps 2016-05-19 00:08 - 2015-11-22 18:31 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2016-05-19 00:06 - 2016-02-19 16:04 - 00000000 ____D C:\ProgramData\boost_interprocess 2016-05-19 00:04 - 2015-12-03 22:48 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-05-19 00:03 - 2015-10-30 01:13 - 00524288 ___SH C:\WINDOWS\system32\config\BBI 2016-05-18 21:42 - 2015-12-03 22:37 - 00000000 ____D C:\Users\maggiemay 2016-05-18 21:35 - 2015-11-22 18:31 - 00000000 ____D C:\Users\maggiemay\AppData\Local\Google 2016-05-18 21:35 - 2015-11-22 18:31 - 00000000 ____D C:\Program Files\Google 2016-05-18 21:26 - 2016-01-19 13:08 - 00001076 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk 2016-05-18 21:26 - 2016-01-19 13:08 - 00000000 ____D C:\Program Files\TeamViewer 2016-05-18 21:25 - 2016-01-19 11:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2016-05-18 21:25 - 2016-01-19 11:43 - 00000000 ____D C:\Program Files\Java 2016-05-18 21:24 - 2016-01-19 11:44 - 00095808 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll 2016-05-18 15:45 - 2015-12-03 23:46 - 00000000 ____D C:\Users\maggiemay\AppData\Local\Packages 2016-05-18 13:52 - 2016-03-27 13:37 - 00000898 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2283885129-1122399038-1014182919-1000Core.job 2016-05-18 12:55 - 2015-10-30 01:47 - 00000000 ____D C:\WINDOWS\INF 2016-05-17 13:02 - 2016-02-24 13:15 - 00000000 ____D C:\Users\maggiemay\AppData\Local\CrashDumps 2016-05-16 17:47 - 2015-10-30 01:13 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM 2016-05-14 12:14 - 2015-10-30 01:48 - 00000000 ____D C:\WINDOWS\rescache 2016-05-14 11:05 - 2015-10-30 01:39 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-05-13 17:34 - 2016-04-11 10:23 - 00000000 ____D C:\WINDOWS\Minidump 2016-05-13 17:34 - 2015-12-04 01:30 - 00000000 ___DC C:\WINDOWS\Panther 2016-05-13 14:40 - 2015-12-03 23:47 - 00000000 __RHD C:\Users\Public\AccountPictures 2016-05-13 14:34 - 2015-10-30 02:58 - 00000000 ____D C:\Program Files\Windows Journal 2016-05-13 14:34 - 2015-10-30 01:48 - 00000000 ____D C:\WINDOWS\system32\oobe 2016-05-13 14:34 - 2015-10-30 01:48 - 00000000 ____D C:\WINDOWS\system32\appraiser 2016-05-13 14:34 - 2015-10-30 01:48 - 00000000 ____D C:\WINDOWS\Provisioning 2016-05-13 14:34 - 2015-10-30 01:48 - 00000000 ____D C:\WINDOWS\bcastdvr 2016-05-13 13:13 - 2015-10-30 01:48 - 00015703 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml 2016-05-13 13:08 - 2015-12-09 16:43 - 00000000 ____D C:\WINDOWS\system32\MRT 2016-05-13 12:55 - 2015-12-09 16:43 - 136686448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2016-05-13 11:02 - 2016-01-19 11:37 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2016-05-12 20:59 - 2016-02-20 19:12 - 00002208 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-05-12 20:59 - 2015-11-22 18:33 - 00002220 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-05-12 19:46 - 2015-12-03 22:48 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-05-12 19:13 - 2015-11-22 18:55 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2016-05-12 18:33 - 2015-12-03 23:48 - 00000000 ____D C:\Users\maggiemay\AppData\Local\Publishers 2016-05-11 15:57 - 2015-10-30 01:49 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2016-05-11 15:57 - 2015-10-30 01:49 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2016-05-11 14:59 - 2015-12-04 15:13 - 00000000 ____D C:\Users\maggiemay\Documents\MAGGIES IMPORTANT PAPER WORK 2016-05-10 10:04 - 2016-02-19 16:21 - 00000000 ____D C:\WINDOWS\system32\Drivers\NIS 2016-05-10 10:04 - 2015-10-30 01:48 - 00000000 ___HD C:\WINDOWS\ELAMBKUP 2016-05-09 13:32 - 2015-12-03 12:54 - 00000000 ____D C:\Program Files\Common Files\AV 2016-05-09 13:29 - 2016-02-19 16:26 - 00002457 _____ C:\Users\Public\Desktop\Norton Internet Security Online.LNK 2016-05-09 13:29 - 2016-02-19 16:21 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security 2016-05-07 11:54 - 2015-10-30 01:48 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2016-05-07 11:52 - 2015-12-14 10:06 - 00000000 ____D C:\Program Files\Microsoft Office 15 2016-05-04 18:01 - 2015-11-30 15:26 - 00000000 ___RD C:\Users\maggiemay\Documents\Scanned Documents 2016-05-04 14:07 - 2015-12-06 15:30 - 00000000 ____D C:\Users\maggiemay\MAGGIESIMPORTANTPAPERWORK 2016-05-03 17:39 - 2015-12-06 15:30 - 00000000 ___HD C:\ProgramData\CanonIJScan 2016-05-03 17:39 - 2015-12-02 21:29 - 00000000 ____D C:\Users\maggiemay\AppData\Roaming\canon 2016-05-03 17:22 - 2015-12-02 21:12 - 00000000 ____D C:\Program Files\Canon 2016-05-03 17:22 - 2015-10-30 01:48 - 00000000 __RSD C:\WINDOWS\Media 2016-05-03 17:21 - 2015-12-02 21:20 - 00000000 ____D C:\ProgramData\CanonIJWSpt 2016-05-03 17:13 - 2015-11-23 03:04 - 00000000 ___HD C:\Program Files\InstallShield Installation Information 2016-05-03 11:16 - 2015-10-30 01:48 - 00000000 ____D C:\WINDOWS\system32\FxsTmp 2016-05-02 14:24 - 2015-12-08 16:32 - 00000000 ____D C:\Users\maggiemay\Documents\MAGGIESPICTURES 2016-04-26 16:50 - 2015-12-03 23:51 - 00002425 _____ C:\Users\maggiemay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2016-04-26 16:50 - 2015-12-03 23:51 - 00000000 ___RD C:\Users\maggiemay\OneDrive 2016-04-22 15:11 - 2015-12-03 22:31 - 00342088 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2016-04-22 03:57 - 2015-11-29 21:54 - 00374944 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2016-04-21 18:11 - 2015-10-30 01:48 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2016-04-21 18:11 - 2015-10-30 01:48 - 00000000 ____D C:\WINDOWS\PolicyDefinitions 2016-04-21 16:43 - 2016-03-23 10:30 - 00000022 _____ C:\Users\maggiemay\Downloads\WO24354120Outside (1).zip ==================== Files in the root of some directories ======= 2016-01-19 14:06 - 2016-01-21 12:06 - 0000100 _____ () C:\Users\maggiemay\AppData\Roaming\WB.CFG 2015-11-23 22:45 - 2015-11-23 22:45 - 0003584 _____ () C:\Users\maggiemay\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-11-30 15:58 - 2015-11-30 15:59 - 0000660 _____ () C:\ProgramData\LMADGscan.log Some files in TEMP: ==================== C:\Users\maggiemay\AppData\Local\Temp\SpotifyUninstall.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-05-09 12:05 ==================== End of FRST.txt ============================
  4. Cross fingers that it lets me attach the files..... it worked! Tell the admin thank you for me Chrissythepoet FRST (1).txt Addition (1).txt
  5. 2015-02-08 02:56 . 2015-02-12 05:02 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2015-02-08 02:52 . 2015-02-08 02:52 -------- d-----w- c:\users\Alice\AppData\Roaming\AVAST Software 2015-02-08 02:43 . 2015-02-13 01:24 -------- d-s---w- c:\windows\system32\CompatTel 2015-02-08 02:43 . 2015-02-13 01:24 -------- d-----w- c:\windows\system32\appraiser 2015-02-08 02:22 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe 2015-02-08 02:22 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe 2015-02-08 02:22 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL 2015-02-08 02:22 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL 2015-02-08 02:22 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll 2015-02-08 01:36 . 2014-07-07 02:06 55808 ----a-w- c:\windows\system32\rrinstaller.exe 2015-02-08 01:36 . 2014-07-07 02:06 24576 ----a-w- c:\windows\system32\mfpmp.exe 2015-02-08 01:36 . 2014-07-07 02:02 2048 ----a-w- c:\windows\system32\mferror.dll 2015-02-08 01:36 . 2014-07-07 01:37 2048 ----a-w- c:\windows\SysWow64\mferror.dll 2015-02-08 01:36 . 2014-10-18 01:33 3209728 ----a-w- c:\windows\SysWow64\mf.dll 2015-02-08 01:36 . 2014-07-07 02:06 206848 ----a-w- c:\windows\system32\mfps.dll 2015-02-08 01:36 . 2014-07-07 01:40 103424 ----a-w- c:\windows\SysWow64\mfps.dll 2015-02-08 01:36 . 2014-07-07 01:39 50176 ----a-w- c:\windows\SysWow64\rrinstaller.exe 2015-02-08 01:36 . 2014-07-07 01:39 23040 ----a-w- c:\windows\SysWow64\mfpmp.exe 2015-02-08 01:36 . 2014-10-18 02:05 4121600 ----a-w- c:\windows\system32\mf.dll 2015-02-08 01:33 . 2014-06-27 02:08 2777088 ----a-w- c:\windows\system32\msmpeg2vdec.dll 2015-02-08 01:33 . 2014-06-27 01:45 2285056 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll 2015-02-08 01:32 . 2014-08-01 11:53 1031168 ----a-w- c:\windows\system32\TSWorkspace.dll 2015-02-08 01:32 . 2014-08-01 11:35 793600 ----a-w- c:\windows\SysWow64\TSWorkspace.dll 2015-02-08 01:30 . 2013-12-04 02:27 485888 ----a-w- c:\windows\system32\secproc_isv.dll 2015-02-08 01:25 . 2014-10-14 02:13 3241984 ----a-w- c:\windows\system32\msi.dll 2015-02-08 01:25 . 2014-10-14 01:50 2363904 ----a-w- c:\windows\SysWow64\msi.dll 2015-02-08 01:18 . 2015-02-08 01:17 267632 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2015-02-08 01:18 . 2015-02-08 01:17 116728 ----a-w- c:\windows\system32\drivers\aswStm.sys 2015-02-08 01:18 . 2015-02-08 01:17 436624 ----a-w- c:\windows\system32\drivers\aswSP.sys 2015-02-08 01:18 . 2015-02-08 01:17 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2015-02-08 01:18 . 2015-02-08 01:17 83280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2015-02-08 01:18 . 2015-02-08 01:17 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys 2015-02-08 01:18 . 2015-02-08 01:17 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2015-02-08 01:18 . 2015-02-10 21:47 1050432 ----a-w- c:\windows\system32\drivers\aswsnx.sys 2015-02-08 01:18 . 2015-02-08 01:17 364512 ----a-w- c:\windows\system32\aswBoot.exe 2015-02-08 01:17 . 2015-02-08 01:17 43152 ----a-w- c:\windows\avastSS.scr 2015-02-08 01:16 . 2015-02-08 01:16 -------- d-----w- c:\program files\AVAST Software 2015-02-08 01:12 . 2015-02-08 01:16 -------- d-----w- c:\programdata\AVAST Software 2015-02-08 01:09 . 2015-02-08 01:09 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware 2015-02-08 01:09 . 2014-11-21 12:54 63704 ----a-w- c:\windows\system32\drivers\mwac.sys 2015-02-08 01:09 . 2014-11-21 12:53 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2015-02-08 01:09 . 2014-11-21 12:53 25816 ----a-w- c:\windows\system32\drivers\mbam.sys 2015-02-08 01:09 . 2015-02-08 01:09 -------- d-----w- c:\users\Alice\AppData\Local\Programs 2015-02-08 01:07 . 2015-02-08 01:07 -------- d-----w- c:\users\Alice\AppData\Roaming\TeamViewer 2015-02-08 01:07 . 2015-02-20 07:41 -------- d-----w- c:\program files (x86)\TeamViewer 2015-02-08 00:54 . 2015-02-08 00:54 -------- d-----w- c:\users\Alice\AppData\Roaming\TuneUp Software 2015-02-07 23:54 . 2015-02-07 23:54 -------- d-----w- C:\6ab20b210d91a621578688 2015-02-07 23:25 . 2015-02-12 05:42 -------- d-----w- c:\windows\system32\MRT 2015-02-07 23:22 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll 2015-02-07 23:22 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe 2015-02-07 23:22 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll 2015-02-07 23:22 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe 2015-02-07 23:22 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll 2015-02-07 23:22 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll 2015-02-07 23:22 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe 2015-02-07 23:22 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe 2015-02-07 23:19 . 2014-09-19 09:42 342016 ----a-w- c:\windows\system32\schannel.dll 2015-02-07 23:19 . 2014-09-19 09:23 248832 ----a-w- c:\windows\SysWow64\schannel.dll 2015-02-07 23:19 . 2014-09-19 09:42 210944 ----a-w- c:\windows\system32\wdigest.dll 2015-02-07 23:19 . 2014-09-19 09:42 86528 ----a-w- c:\windows\system32\TSpkg.dll 2015-02-07 23:19 . 2014-09-19 09:42 314880 ----a-w- c:\windows\system32\msv1_0.dll 2015-02-07 23:19 . 2014-09-19 09:42 309760 ----a-w- c:\windows\system32\ncrypt.dll 2015-02-07 23:19 . 2014-09-19 09:42 22016 ----a-w- c:\windows\system32\credssp.dll 2015-02-07 23:19 . 2014-09-19 09:23 172032 ----a-w- c:\windows\SysWow64\wdigest.dll 2015-02-07 23:19 . 2014-09-19 09:23 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll 2015-02-07 23:19 . 2014-09-19 09:23 221184 ----a-w- c:\windows\SysWow64\ncrypt.dll 2015-02-07 23:19 . 2014-09-19 09:23 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll 2015-02-07 23:19 . 2014-09-19 09:23 17408 ----a-w- c:\windows\SysWow64\credssp.dll 2015-02-07 23:19 . 2014-10-14 02:13 683520 ----a-w- c:\windows\system32\termsrv.dll 2015-02-07 23:17 . 2014-06-18 02:19 449024 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tabskb.dll 2015-02-07 23:16 . 2013-11-27 01:41 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys 2015-02-07 23:15 . 2014-01-29 02:32 484864 ----a-w- c:\windows\system32\wer.dll 2015-02-07 23:11 . 2014-07-14 02:02 1216000 ----a-w- c:\windows\system32\rpcrt4.dll 2015-02-07 23:11 . 2014-07-14 01:40 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll 2015-02-07 22:56 . 2014-08-23 02:07 404480 ----a-w- c:\windows\system32\gdi32.dll 2015-02-07 22:56 . 2014-08-23 01:45 311808 ----a-w- c:\windows\SysWow64\gdi32.dll 2015-02-07 22:52 . 2015-02-07 22:52 -------- d-----w- c:\program files\CCleaner 2015-02-02 18:12 . 2015-02-02 18:12 -------- d-----w- c:\programdata\{18165758-115C-4DC0-9EC2-FF89F725767F} . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2015-02-07 18:31 . 2013-06-03 04:16 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2015-02-07 18:31 . 2013-06-03 04:16 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-12-23 06:41 . 2011-08-19 17:25 298120 ------w- c:\windows\system32\MpSigStub.exe 2014-05-23 23:11 . 2014-05-23 23:11 6103040 ----a-w- c:\program files (x86)\GUT8E7A.tmp . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-09-29 1685048] "AROReminder"="c:\program files (x86)\Advanced Registry Optimizer\ARO.exe" [2010-10-18 2215944] "EPLTarget\P0000000000000001"="c:\windows\system32\spool\DRIVERS\x64\3\E_IATILBE.EXE" [2013-01-24 297024] "CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-01-20 7404312] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040] "EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2012-07-31 1057920] "LTCM Client"="c:\program files (x86)\LTCM Client\ltcmClient.exe" [2011-04-07 2756864] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-03 1021128] "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-02-10 5227112] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.150\SSScheduler.exe [2014-4-9 332016] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "SoftwareSASGeneration"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 lxebCATSCustConnectService;lxebCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxebserv.exe;c:\windows\SYSNATIVE\spool\DRIVERS\x64\3\\lxebserv.exe [x] R2 PGMTrusted;PGMTrusted;c:\users\Alice\New folder\Pogo Games\PGMTrusted.exe;c:\users\Alice\New folder\Pogo Games\PGMTrusted.exe [x] R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x] R3 GamesAppIntegrationService;GamesAppIntegrationService;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [x] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [x] R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x] R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys;c:\windows\SYSNATIVE\DRIVERS\Rts516xIR.sys [x] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x] R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x] R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x] R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x] S0 aswRvrt;avast! Revert; [x] S0 aswVmm;avast! VM Monitor; [x] S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x] S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x] S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x] S2 EPSON_PM_RPCV4_06;EPSON V3 Service4(06);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE [x] S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [x] S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x] S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x] S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x] S2 lxeb_device;lxeb_device;c:\windows\system32\lxebcoms.exe;c:\windows\SYSNATIVE\lxebcoms.exe [x] S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys;c:\windows\SYSNATIVE\DRIVERS\CAXHWAZL.sys [x] S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x] S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2015-02-22 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-03 18:31] . 2015-02-23 c:\windows\Tasks\EPSON XP-310 Series Invitation {2962027C-48FF-4BD0-BFD2-84B1731F3357}.job - c:\windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2014-09-12 00:20] . 2015-02-22 c:\windows\Tasks\EPSON XP-310 Series Invitation {BF3DFE30-9FE7-466C-8A23-88715D66C616}.job - c:\windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2014-09-12 00:20] . 2015-02-23 c:\windows\Tasks\EPSON XP-310 Series Update {2962027C-48FF-4BD0-BFD2-84B1731F3357}.job - c:\windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2014-09-12 00:20] . 2015-02-22 c:\windows\Tasks\EPSON XP-310 Series Update {BF3DFE30-9FE7-466C-8A23-88715D66C616}.job - c:\windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2014-09-12 00:20] . 2015-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-13 00:44] . 2015-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-13 00:44] . 2015-02-21 c:\windows\Tasks\HPCeeScheduleForAlice.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 10:43] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2015-02-08 01:17 860984 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-07-14 495104] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-04-27 171520] "lxebmon.exe"="c:\program files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe" [2009-10-01 766632] "EzPrint"="c:\program files (x86)\Lexmark Pro200-S500 Series\ezprint.exe" [2009-10-01 139944] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "NCPluginUpdater"="c:\program files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" [2015-02-11 21304] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\users\Alice\AppData\Roaming\Mozilla\Firefox\Profiles\fw3rjnrv.default\ . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file) Wow6432Node-HKCU-Run-OutfoxTV - c:\program files\OutfoxTV\OutfoxTV\DesktopContainer.exe Wow6432Node-HKLM-Run-<NO NAME> - (no file) Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} - c:\program files (x86)\InstallShield Installation Information\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}\setup.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.16" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2015-02-23 10:05:39 ComboFix-quarantined-files.txt 2015-02-23 16:05 .im Pre-Run: 180,308,516,864 bytes free Post-Run: 180,903,301,120 bytes free . - - End Of File - - 84ECA7C60994B41664271305E0AA5C01 3E780D3316B7D2FD75FA53BC8AC5E441
  6. ComboFix 15-02-16.01 - Alice 02/23/2015 9:49.1.1 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1979.638 [GMT -6:00] Running from: c:\users\Alice\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B} SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\SPL1083.tmp c:\programdata\SPL116D.tmp c:\programdata\SPL1279.tmp c:\programdata\SPL13FC.tmp c:\programdata\SPL147B.tmp c:\programdata\SPL1489.tmp c:\programdata\SPL1528.tmp c:\programdata\SPL1779.tmp c:\programdata\SPL1BC9.tmp c:\programdata\SPL1C75.tmp c:\programdata\SPL1D20.tmp c:\programdata\SPL1EB6.tmp c:\programdata\SPL1EB7.tmp c:\programdata\SPL1F06.tmp c:\programdata\SPL20F7.tmp c:\programdata\SPL2174.tmp c:\programdata\SPL2244.tmp c:\programdata\SPL2329.tmp c:\programdata\SPL2422.tmp c:\programdata\SPL254B.tmp c:\programdata\SPL279C.tmp c:\programdata\SPL27BC.tmp c:\programdata\SPL2A2E.tmp c:\programdata\SPL2AD7.tmp c:\programdata\SPL2B83.tmp c:\programdata\SPL2D75.tmp c:\programdata\SPL2DD.tmp c:\programdata\SPL2DE5.tmp c:\programdata\SPL2EED.tmp c:\programdata\SPL3249.tmp c:\programdata\SPL339D.tmp c:\programdata\SPL33AE.tmp c:\programdata\SPL33CF.tmp c:\programdata\SPL34BA.tmp c:\programdata\SPL3515.tmp c:\programdata\SPL3523.tmp c:\programdata\SPL3532.tmp c:\programdata\SPL360D.tmp c:\programdata\SPL3784.tmp c:\programdata\SPL37E4.tmp c:\programdata\SPL387E.tmp c:\programdata\SPL38CC.tmp c:\programdata\SPL3948.tmp c:\programdata\SPL3C83.tmp c:\programdata\SPL3DDD.tmp c:\programdata\SPL3E67.tmp c:\programdata\SPL3F42.tmp c:\programdata\SPL3F51.tmp c:\programdata\SPL3FF6.tmp c:\programdata\SPL40B8.tmp c:\programdata\SPL420E.tmp c:\programdata\SPL4221.tmp c:\programdata\SPL422E.tmp c:\programdata\SPL427C.tmp c:\programdata\SPL434.tmp c:\programdata\SPL451B.tmp c:\programdata\SPL4604.tmp c:\programdata\SPL47E9.tmp c:\programdata\SPL4A39.tmp c:\programdata\SPL4A67.tmp c:\programdata\SPL4BBF.tmp c:\programdata\SPL4CE7.tmp c:\programdata\SPL4EAE.tmp c:\programdata\SPL4EDB.tmp c:\programdata\SPL5070.tmp c:\programdata\SPL5295.tmp c:\programdata\SPL52A2.tmp c:\programdata\SPL5438.tmp c:\programdata\SPL559E.tmp c:\programdata\SPL560C.tmp c:\programdata\SPL56B8.tmp c:\programdata\SPL56C9.tmp c:\programdata\SPL59B3.tmp c:\programdata\SPL5A52.tmp c:\programdata\SPL5C07.tmp c:\programdata\SPL5DF8.tmp c:\programdata\SPL5F12.tmp c:\programdata\SPL602A.tmp c:\programdata\SPL6163.tmp c:\programdata\SPL626B.tmp c:\programdata\SPL6354.tmp c:\programdata\SPL646D.tmp c:\programdata\SPL648C.tmp c:\programdata\SPL6629.tmp c:\programdata\SPL66BE.tmp c:\programdata\SPL678B.tmp c:\programdata\SPL67F9.tmp c:\programdata\SPL6A69.tmp c:\programdata\SPL6C98.tmp c:\programdata\SPL6D62.tmp c:\programdata\SPL6EDC.tmp c:\programdata\SPL6EE8.tmp c:\programdata\SPL6F08.tmp c:\programdata\SPL6FF4.tmp c:\programdata\SPL70AC.tmp c:\programdata\SPL7261.tmp c:\programdata\SPL7280.tmp c:\programdata\SPL740.tmp c:\programdata\SPL7483.tmp c:\programdata\SPL7494.tmp c:\programdata\SPL74C2.tmp c:\programdata\SPL7501.tmp c:\programdata\SPL753E.tmp c:\programdata\SPL75CB.tmp c:\programdata\SPL7629.tmp c:\programdata\SPL7707.tmp c:\programdata\SPL7770.tmp c:\programdata\SPL77D1.tmp c:\programdata\SPL7A3E.tmp c:\programdata\SPL7AAD.tmp c:\programdata\SPL7ACA.tmp c:\programdata\SPL7BE.tmp c:\programdata\SPL7C43.tmp c:\programdata\SPL7E63.tmp c:\programdata\SPL7F3D.tmp c:\programdata\SPL7F9C.tmp c:\programdata\SPL8122.tmp c:\programdata\SPL821.tmp c:\programdata\SPL82A.tmp c:\programdata\SPL82B7.tmp c:\programdata\SPL8390.tmp c:\programdata\SPL86ED.tmp c:\programdata\SPL8758.tmp c:\programdata\SPL88CE.tmp c:\programdata\SPL894B.tmp c:\programdata\SPL89E7.tmp c:\programdata\SPL8A25.tmp c:\programdata\SPL8AB3.tmp c:\programdata\SPL8E0B.tmp c:\programdata\SPL8E5.tmp c:\programdata\SPL8E80.tmp c:\programdata\SPL8ED6.tmp c:\programdata\SPL8F64.tmp c:\programdata\SPL8FDF.tmp c:\programdata\SPL904E.tmp c:\programdata\SPL906.tmp c:\programdata\SPL91A4.tmp c:\programdata\SPL91EC.tmp c:\programdata\SPL933.tmp c:\programdata\SPL9427.tmp c:\programdata\SPL9453.tmp c:\programdata\SPL95B9.tmp c:\programdata\SPL95CA.tmp c:\programdata\SPL966B.tmp c:\programdata\SPL96B3.tmp c:\programdata\SPL9A9A.tmp c:\programdata\SPL9C.tmp c:\programdata\SPL9E53.tmp c:\programdata\SPL9EBF.tmp c:\programdata\SPL9F0.tmp c:\programdata\SPL9F2D.tmp c:\programdata\SPL9F79.tmp c:\programdata\SPLA19B.tmp c:\programdata\SPLA20A.tmp c:\programdata\SPLA2D5.tmp c:\programdata\SPLA5B0.tmp c:\programdata\SPLA6D9.tmp c:\programdata\SPLA756.tmp c:\programdata\SPLA89D.tmp c:\programdata\SPLA9F6.tmp c:\programdata\SPLAA62.tmp c:\programdata\SPLAB9A.tmp c:\programdata\SPLAC65.tmp c:\programdata\SPLACD1.tmp c:\programdata\SPLAD32.tmp c:\programdata\SPLAD9C.tmp c:\programdata\SPLAF03.tmp c:\programdata\SPLB01E.tmp c:\programdata\SPLB17.tmp c:\programdata\SPLB18.tmp c:\programdata\SPLB367.tmp c:\programdata\SPLB4DE.tmp c:\programdata\SPLB634.tmp c:\programdata\SPLB663.tmp c:\programdata\SPLB846.tmp c:\programdata\SPLB930.tmp c:\programdata\SPLB9AE.tmp c:\programdata\SPLBB63.tmp c:\programdata\SPLBC8A.tmp c:\programdata\SPLBD08.tmp c:\programdata\SPLBD76.tmp c:\programdata\SPLBE30.tmp c:\programdata\SPLBE9F.tmp c:\programdata\SPLBF21.tmp c:\programdata\SPLC11C.tmp c:\programdata\SPLC13C.tmp c:\programdata\SPLC40F.tmp c:\programdata\SPLC438.tmp c:\programdata\SPLC4B5.tmp c:\programdata\SPLC8AC.tmp c:\programdata\SPLC956.tmp c:\programdata\SPLCA02.tmp c:\programdata\SPLCB0B.tmp c:\programdata\SPLCB59.tmp c:\programdata\SPLCCC0.tmp c:\programdata\SPLCD36.tmp c:\programdata\SPLCDEA.tmp c:\programdata\SPLCE27.tmp c:\programdata\SPLCE28.tmp c:\programdata\SPLCFBC.tmp c:\programdata\SPLD03C.tmp c:\programdata\SPLD104.tmp c:\programdata\SPLD21D.tmp c:\programdata\SPLD307.tmp c:\programdata\SPLD364.tmp c:\programdata\SPLD47D.tmp c:\programdata\SPLD529.tmp c:\programdata\SPLD539.tmp c:\programdata\SPLD596.tmp c:\programdata\SPLD72E.tmp c:\programdata\SPLD73B.tmp c:\programdata\SPLD7B8.tmp c:\programdata\SPLD7EA.tmp c:\programdata\SPLD835.tmp c:\programdata\SPLD857.tmp c:\programdata\SPLD9BE.tmp c:\programdata\SPLDA.tmp c:\programdata\SPLDB51.tmp c:\programdata\SPLDB9E.tmp c:\programdata\SPLDBEE.tmp c:\programdata\SPLDCF5.tmp c:\programdata\SPLDD24.tmp c:\programdata\SPLDE7B.tmp c:\programdata\SPLDFA4.tmp c:\programdata\SPLDFC3.tmp c:\programdata\SPLE0AD.tmp c:\programdata\SPLE10B.tmp c:\programdata\SPLE3D9.tmp c:\programdata\SPLE6C5.tmp c:\programdata\SPLE6F4.tmp c:\programdata\SPLE790.tmp c:\programdata\SPLE8C9.tmp c:\programdata\SPLEB9A.tmp c:\programdata\SPLEC51.tmp c:\programdata\SPLED8A.tmp c:\programdata\SPLEDBA.tmp c:\programdata\SPLEEB1.tmp c:\programdata\SPLEEB2.tmp c:\programdata\SPLEF1E.tmp c:\programdata\SPLF131.tmp c:\programdata\SPLF132.tmp c:\programdata\SPLF21B.tmp c:\programdata\SPLF21C.tmp c:\programdata\SPLF23A.tmp c:\programdata\SPLF269.tmp c:\programdata\SPLF314.tmp c:\programdata\SPLF363.tmp c:\programdata\SPLF3A2.tmp c:\programdata\SPLF45C.tmp c:\programdata\SPLF47B.tmp c:\programdata\SPLF5E6.tmp c:\programdata\SPLF640.tmp c:\programdata\SPLF6EB.tmp c:\programdata\SPLF759.tmp c:\programdata\SPLF8FE.tmp c:\programdata\SPLF94C.tmp c:\programdata\SPLFAC2.tmp c:\programdata\SPLFB4F.tmp c:\programdata\SPLFB50.tmp c:\programdata\SPLFB9D.tmp c:\programdata\SPLFBAD.tmp c:\programdata\SPLFBEA.tmp c:\programdata\SPLFBEB.tmp c:\programdata\SPLFC0B.tmp c:\programdata\SPLFCD.tmp c:\programdata\SPLFDCF.tmp c:\programdata\SPLFDE3.tmp c:\users\Alice\AppData\Local\Temp\HP Support Framework\HPSF_Config1.dll . . ((((((((((((((((((((((((( Files Created from 2015-01-23 to 2015-02-23 ))))))))))))))))))))))))))))))) . . 2015-02-23 16:01 . 2015-02-23 16:01 -------- d-----w- c:\users\Default\AppData\Local\temp 2015-02-20 07:42 . 2015-01-29 09:07 11910896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9FAF145C-AA1F-4B0B-9B06-B1DF3D3E72B1}\mpengine.dll 2015-02-14 06:00 . 2015-02-14 06:00 -------- d-----w- c:\users\Alice\AppData\Roaming\iWin 2015-02-13 23:03 . 2015-02-13 23:07 -------- d-----w- C:\AdwCleaner 2015-02-12 05:09 . 2015-01-15 08:09 28160 ----a-w- c:\windows\system32\secur32.dll 2015-02-12 05:09 . 2015-01-15 07:42 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2015-02-12 05:09 . 2015-01-15 07:41 96768 ----a-w- c:\windows\SysWow64\sspicli.dll 2015-02-12 05:09 . 2015-01-15 08:06 60416 ----a-w- c:\windows\system32\msobjs.dll 2015-02-12 05:09 . 2015-01-15 07:39 60416 ----a-w- c:\windows\SysWow64\msobjs.dll 2015-02-12 05:09 . 2015-01-15 08:06 146432 ----a-w- c:\windows\system32\msaudite.dll 2015-02-12 05:09 . 2015-01-15 07:39 146432 ----a-w- c:\windows\SysWow64\msaudite.dll 2015-02-12 05:08 . 2014-12-12 05:31 1480192 ----a-w- c:\windows\system32\crypt32.dll 2015-02-12 05:08 . 2014-07-07 02:07 229376 ----a-w- c:\windows\system32\wintrust.dll 2015-02-12 05:08 . 2014-07-07 02:06 187904 ----a-w- c:\windows\system32\cryptsvc.dll 2015-02-12 05:08 . 2014-12-12 05:07 1174528 ----a-w- c:\windows\SysWow64\crypt32.dll 2015-02-12 05:08 . 2014-07-07 01:40 179200 ----a-w- c:\windows\SysWow64\wintrust.dll 2015-02-12 05:08 . 2014-07-07 01:40 143872 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2015-02-12 05:05 . 2014-12-08 03:09 406528 ----a-w- c:\windows\system32\scesrv.dll 2015-02-12 05:04 . 2014-10-04 02:10 3722752 ----a-w- c:\windows\system32\mstscax.dll 2015-02-12 05:04 . 2014-10-04 01:42 3221504 ----a-w- c:\windows\SysWow64\mstscax.dll 2015-02-12 05:04 . 2014-10-04 01:42 131584 ----a-w- c:\windows\SysWow64\aaclient.dll 2015-02-12 04:51 . 2015-01-09 02:03 3201536 ----a-w- c:\windows\system32\win32k.sys 2015-02-10 22:59 . 2015-02-14 23:59 -------- d-----w- C:\FRST 2015-02-10 21:35 . 2015-01-09 03:14 29696 ----a-w- c:\windows\system32\powertracker.dll 2015-02-10 21:35 . 2015-01-09 03:14 91136 ----a-w- c:\windows\system32\wdi.dll 2015-02-10 21:35 . 2015-01-09 03:14 950272 ----a-w- c:\windows\system32\perftrack.dll 2015-02-10 21:35 . 2015-01-09 02:48 76800 ----a-w- c:\windows\SysWow64\wdi.dll
  7. Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-02-2015 Ran by Alice at 2015-02-14 17:57:53 Running from C:\Users\Alice\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 4 Elements (HKLM-x32\...\4 Elements_is1) (Version: 1.0 - Media Contact LLC) 4 Elements II (HKLM-x32\...\BFG-4 Elements II) (Version: - ) 4 Elements II™ (HKLM-x32\...\4 Elements II™) (Version: 32.0.0.0 - Shockwave.com) Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.) Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Reader X (10.1.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated) Adobe Shockwave Player (HKLM-x32\...\{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}) (Version: 11.0 - Adobe Systems, Inc.) Advanced Registry Optimizer (HKLM-x32\...\Advanced Registry Optimizer_is1) (Version: 6.9 - Sammsoft) Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.0 - Atheros) Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software) Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.2.0.6 - ) Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform) Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.98.60.50 - Conexant) CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2111 - CyberLink Corp.) doPDF 6.2 printer (HKLM\...\doPDF 6 printer_is1) (Version: - Softland) EPSON Connect version 1.0 (HKLM-x32\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.) Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.6.3.0 - SEIKO EPSON CORPORATION) Epson Event Manager (HKLM-x32\...\{10144CFE-D76C-4CFA-81A1-37A1642349A3}) (Version: 3.01.0013 - Seiko Epson Corporation) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) EPSON XP-310 Series Printer Uninstall (HKLM\...\EPSON XP-310 Series) (Version: - SEIKO EPSON Corporation) EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION) ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.4.50 - Conexant Systems) Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.9512.3162 - Hewlett-Packard) HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent) HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.15.1 - Hewlett-Packard Company) HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard) HP Smart Web Printing (HKLM-x32\...\HP Smart Web Printing) (Version: 131.1.35898 - Hewlett-Packard) HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company) HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard) HP User Guides 0156 (HKLM-x32\...\{64A7418C-6BD4-48BE-A2E3-CAEC3BCD9E81}) (Version: 1.02.0001 - Hewlett-Packard) HP Wireless Assistant (HKLM-x32\...\{54CC7901-804D-4155-B353-21F0CC9112AB}) (Version: 3.50.9.1 - Hewlett-Packard) Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.2202 - Intel Corporation) Java 6 Update 15 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416015FF}) (Version: 6.0.150 - Sun Microsystems, Inc.) Java 6 Update 23 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216015FF}) (Version: 6.0.230 - Sun Microsystems, Inc.) Java SE Development Kit 6 Update 15 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0160150}) (Version: 1.6.0.150 - Sun Microsystems, Inc.) Jewel Quest (HKLM-x32\...\{9B0DA03A-8334-4127-B788-CC44F2F462DB}) (Version: 1.00.0000 - Valusoft) Jewel Quest 2 (HKLM-x32\...\{A7E279B1-BEC4-4C2C-A5C4-6EB7982FF0B5}) (Version: 1.00.0000 - Valusoft) Jewel Quest Solitaire (HKLM-x32\...\{D4225A14-873C-4611-B12D-DE4A25B3DDAB}) (Version: 1.00.0000 - Valusoft) Jewel Quest Solitaire 2 (HKLM-x32\...\{ABA496C5-81F7-4B91-A347-A70FE48C116B}) (Version: 1.00.0000 - Valusoft) Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden Lexmark Printable Web (HKLM-x32\...\{D2C5E510-BE6D-42CC-9F61-E4F939078474}) (Version: 1.0.0.0 - ) Lexmark Pro200-S500 Series (HKLM\...\Lexmark Pro200-S500 Series) (Version: - Lexmark International, Inc.) Lexmark Toolbar (HKLM-x32\...\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}) (Version: 4.3.37.0 - ) Lexmark Tools for Office (HKLM-x32\...\{10812DE7-2E57-4740-B226-6B3BE34AF9D7}) (Version: 1.29.0.0 - ) LTCM Client (HKLM-x32\...\{B38E9B55-7136-4E66-A084-320512FF3F6F}) (Version: 1.20.3792 - Leader Technologies Inc) Mahjong Garden Deluxe (HKLM-x32\...\Mahjong Garden Deluxe) (Version: - Pogo.com) Mahjongg Master 4 (HKU\S-1-5-21-271003834-3499182727-1806203241-1000\...\Mahjongg Master 4) (Version: 1.0.0.0 - eGames) Mahjongg Master 5 (HKU\S-1-5-21-271003834-3499182727-1806203241-1000\...\Mahjongg Master 5) (Version: 1.0.0.0 - eGames) Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft IntelliPoint 8.0 (HKLM\...\{563F041C-DFDB-437B-A1E8-E141E0906076}) (Version: 8.0.225.0 - Microsoft) Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.566.0 - Microsoft Live Search Toolbar) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Professional 2007 (HKLM-x32\...\PROR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Ultimate 2007 (HKLM-x32\...\ULTIMATER) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation) Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) muvee Reveal (HKLM-x32\...\{43BA31BA-04BD-2EA3-0A60-A9C54E06D3F2}) (Version: 7.0.43.11502 - muvee Technologies Pte Ltd) Pogo Games (HKLM-x32\...\PogoDGC) (Version: 1.0 - ) <==== ATTENTION Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3311 - CyberLink Corp.) Power2Go (x32 Version: 6.0.3311 - CyberLink Corp.) Hidden PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3311 - CyberLink Corp.) PowerDirector (x32 Version: 7.0.3311 - CyberLink Corp.) Hidden QLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) Hidden Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0007 - Realtek) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30093 - Realtek Semiconductor Corp.) Recovery Manager (x32 Version: 5.5.2214 - CyberLink Corp.) Hidden Software Updater (HKLM-x32\...\{D60071DB-459C-465C-92EF-336E65F1A436}) (Version: 4.0.1 - SEIKO EPSON CORPORATION) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.2.0 - Synaptics Incorporated) TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.38843 - TeamViewer) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies) WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames) (Version: 4.0.5.37 - WildTangent) WildTangent Games App for HP (x32 Version: 4.0.11.2 - WildTangent) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation) Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation) Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation) Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 30-01-2015 20:33:55 Scheduled Checkpoint 02-02-2015 12:12:47 Installed HP Support Assistant 02-02-2015 12:16:52 Windows Modules Installer 02-02-2015 12:17:51 Windows Modules Installer 07-02-2015 17:21:02 Windows Update 07-02-2015 18:57:18 Removed AVG 2011 07-02-2015 19:14:56 avast! antivirus system restore point 07-02-2015 19:32:42 Windows Update 11-02-2015 21:51:45 Windows Update 11-02-2015 23:33:28 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0C9C7B90-A60C-4492-B54F-106DA8E32259} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-07] (Adobe Systems Incorporated) Task: {13537243-4090-4FFF-B9FC-59025AA590D5} - System32\Tasks\HPCeeScheduleForAlice => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard) Task: {1A9840DB-D5EA-4155-835C-56EAD8642C2B} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2010-07-21] (Microsoft Corporation) Task: {235608E5-3DC2-4521-95D1-6F0B29C5144B} - System32\Tasks\EPSON XP-310 Series Invitation {2962027C-48FF-4BD0-BFD2-84B1731F3357} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-02-27] (SEIKO EPSON CORPORATION) Task: {2758D3C8-4B81-442B-9D34-A8824835F190} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-01-21] (Hewlett-Packard) Task: {2CE9C550-2D5C-4512-9630-7582056140E3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.) Task: {318C3E38-77E0-4B71-8460-FAB185C28302} - System32\Tasks\EPSON XP-310 Series Update {BF3DFE30-9FE7-466C-8A23-88715D66C616} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-02-27] (SEIKO EPSON CORPORATION) Task: {49E03D4A-DE90-461A-83A2-1AA8020047C5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.) Task: {6FB11524-5B85-4724-9B1A-774A0B779627} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {74B96B7C-70A5-4DCF-9DBD-89DA1E5966A0} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-02-07] (AVAST Software) Task: {AA42DB14-0F49-4348-96DE-3AABF54EFCD4} - System32\Tasks\{70532EC7-E7D2-4FA9-B733-3CAAB459CB5B} => pcalua.exe -a C:\Users\Alice\Desktop\Install4ElementsII.exe -d C:\Users\Alice\Desktop Task: {B06F36FF-ED62-441D-9BCD-115C02DBA564} - System32\Tasks\EPSON XP-310 Series Invitation {BF3DFE30-9FE7-466C-8A23-88715D66C616} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-02-27] (SEIKO EPSON CORPORATION) Task: {BBDA3083-CE07-4AFC-A55C-EC1DF1398D88} - System32\Tasks\EPSON XP-310 Series Update {2962027C-48FF-4BD0-BFD2-84B1731F3357} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE [2013-02-27] (SEIKO EPSON CORPORATION) Task: {CBDBA733-D3A2-424B-88F6-03AE8A900130} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd) Task: {DF7EFAE5-EA75-4C55-91BB-A667F2ABC6CE} - System32\Tasks\{272CD2FE-971D-47BD-8A9A-33176FEE56CF} => pcalua.exe -a E:\setup.exe -d E:\ Task: {E401BC93-4748-4616-986F-D9CBC31A28D1} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{07F15BE2-A8A5-41DA-825E-FA8F78858683}.exe Task: {E910D2C0-223C-48C6-ACDD-476CAB6DF1B7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company) Task: {F2E1666C-4DDE-4D59-A4B7-8407FE21D5F0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company) Task: {FB3052A7-36B4-4330-ABF9-E846B9928084} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{07F15BE2-A8A5-41DA-825E-FA8F78858683}.exe <==== ATTENTION Task: C:\Windows\Tasks\EPSON XP-310 Series Invitation {2962027C-48FF-4BD0-BFD2-84B1731F3357}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE Task: C:\Windows\Tasks\EPSON XP-310 Series Invitation {BF3DFE30-9FE7-466C-8A23-88715D66C616}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE Task: C:\Windows\Tasks\EPSON XP-310 Series Update {2962027C-48FF-4BD0-BFD2-84B1731F3357}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE Task: C:\Windows\Tasks\EPSON XP-310 Series Update {BF3DFE30-9FE7-466C-8A23-88715D66C616}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLBE.EXE Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\HPCeeScheduleForAlice.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Loaded Modules (whitelisted) ============== 2010-10-28 20:28 - 2009-06-19 03:01 - 00189440 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxebdrpp.dll 2010-04-27 14:02 - 2009-07-06 13:20 - 00247152 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe 2010-10-28 20:20 - 2009-10-01 09:45 - 00766632 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe 2010-10-28 20:20 - 2009-10-01 09:45 - 00139944 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe 2009-07-01 16:44 - 2009-07-01 16:44 - 00632888 _____ () C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe 2015-02-14 14:51 - 2015-02-14 14:51 - 02911744 _____ () C:\Program Files\AVAST Software\Avast\defs\15021402\algo.dll 2010-10-28 20:20 - 2009-07-17 06:32 - 00389120 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebscw.dll 2010-10-28 20:19 - 2009-05-27 06:16 - 00192512 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebdatr.dll 2010-10-28 20:20 - 2009-07-17 06:33 - 01159168 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebDRS.dll 2010-10-28 20:20 - 2009-03-09 23:43 - 00155648 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebcaps.dll 2010-10-28 20:17 - 2009-02-20 02:48 - 00381440 _____ () C:\Windows\system32\lxebsm.dll 2010-10-28 20:17 - 2009-02-20 02:48 - 00023552 _____ () C:\Windows\system32\lxebsmr.dll 2010-10-28 20:20 - 2009-03-30 06:37 - 00708608 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\Epwizard.DLL 2010-10-28 20:20 - 2009-03-30 06:35 - 00159744 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\customui.dll 2010-10-28 20:20 - 2009-03-30 06:35 - 00118784 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\Eputil.DLL 2010-10-28 20:20 - 2009-03-30 06:35 - 00139264 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\Imagutil.DLL 2010-10-28 20:20 - 2009-03-30 06:35 - 00061440 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\Epfunct.DLL 2010-10-28 20:20 - 2009-03-30 06:37 - 02203648 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\EPWizRes.dll 2010-10-28 20:20 - 2009-03-30 06:37 - 00045056 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\epstring.dll 2010-10-28 20:20 - 2009-03-30 06:37 - 00094208 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\EPOEMDll.dll 2010-10-28 20:19 - 2009-04-07 13:25 - 00409600 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\iptk.dll 2010-10-28 20:20 - 2009-03-02 08:25 - 00151552 _____ () C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebptp.dll 2009-09-29 16:25 - 2009-09-29 16:25 - 00061440 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll 2009-09-29 16:25 - 2009-09-29 16:25 - 00131072 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll 2009-09-29 16:25 - 2009-09-29 16:25 - 00040960 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll 2009-09-29 16:25 - 2009-09-29 16:25 - 00005632 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll 2009-09-29 16:25 - 2009-09-29 16:25 - 00018944 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll 2009-09-29 16:25 - 2009-09-29 16:25 - 00036864 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll 2009-09-29 16:25 - 2009-09-29 16:25 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll 2009-09-29 16:25 - 2009-09-29 16:25 - 00007680 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll 2015-02-07 19:17 - 2015-02-07 19:17 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\Temp:2B782FD1 AlternateDataStreams: C:\ProgramData\Temp:2CB9631F AlternateDataStreams: C:\ProgramData\Temp:30E0D641 AlternateDataStreams: C:\ProgramData\Temp:3ED71AF9 AlternateDataStreams: C:\ProgramData\Temp:884C7316 AlternateDataStreams: C:\ProgramData\Temp:A1D3FEF0 AlternateDataStreams: C:\ProgramData\Temp:A3E39C6A AlternateDataStreams: C:\ProgramData\Temp:F1CBBAF0 AlternateDataStreams: C:\ProgramData\Temp:F2337193 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-271003834-3499182727-1806203241-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Alice\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.0.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== Accounts: ============================= Administrator (S-1-5-21-271003834-3499182727-1806203241-500 - Administrator - Disabled) Alice (S-1-5-21-271003834-3499182727-1806203241-1000 - Administrator - Enabled) => C:\Users\Alice Guest (S-1-5-21-271003834-3499182727-1806203241-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-271003834-3499182727-1806203241-1002 - Limited - Enabled) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== System errors: ============= Error: (02/14/2015 05:49:14 PM) (Source: atapi) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Ide\IdePort0. Error: (02/14/2015 05:45:07 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} Error: (02/14/2015 05:31:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The lxebCATSCustConnectService service failed to start due to the following error: %%1053 Error: (02/14/2015 05:31:49 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the lxebCATSCustConnectService service to connect. Error: (02/14/2015 02:57:52 PM) (Source: atapi) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Ide\IdePort0. Error: (02/14/2015 02:51:47 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TeamViewer service. Error: (02/14/2015 02:49:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The lxebCATSCustConnectService service failed to start due to the following error: %%1053 Error: (02/14/2015 02:49:44 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the lxebCATSCustConnectService service to connect. Error: (02/14/2015 02:49:28 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 2:47:11 PM on ?2/?14/?2015 was unexpected. Error: (02/14/2015 02:04:16 PM) (Source: atapi) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Ide\IdePort0. Microsoft Office Sessions: ========================= ==================== Memory info =========================== Processor: Intel® Celeron® CPU 900 @ 2.20GHz Percentage of memory in use: 55% Total physical RAM: 1979.2 MB Available physical RAM: 884.75 MB Total Pagefile: 3958.39 MB Available Pagefile: 2491.37 MB Total Virtual: 8192 MB Available Virtual: 8191.85 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:220.18 GB) (Free:166.97 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive d: (RECOVERY) (Fixed) (Total:12.51 GB) (Free:2.09 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 232.9 GB) (Disk ID: 8FF1E86F) Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=220.2 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=12.5 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  8. ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-271003834-3499182727-1806203241-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1 HKU\S-1-5-21-271003834-3499182727-1806203241-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp URLSearchHook: HKU\S-1-5-21-271003834-3499182727-1806203241-1000 - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File SearchScopes: HKLM -> {D34D052C-60C2-4556-BFD6-501EB193A21E} URL = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> {D34D052C-60C2-4556-BFD6-501EB193A21E} URL = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-271003834-3499182727-1806203241-1000 -> {D34D052C-60C2-4556-BFD6-501EB193A21E} URL = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll (Google Inc.) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard) BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: Lexmark Toolbar -> {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -> C:\Program Files\Lexmark Toolbar\toolband.dll () BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.) BHO-x32: Lexmark Printable Web -> {D2C5E510-BE6D-42CC-9F61-E4F939078474} -> C:\Program Files\Lexmark Printable Web\bho.dll () BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll () Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKU\S-1-5-21-271003834-3499182727-1806203241-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File Toolbar: HKU\S-1-5-21-271003834-3499182727-1806203241-1000 -> No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File Toolbar: HKU\S-1-5-21-271003834-3499182727-1806203241-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\Alice\AppData\Roaming\Mozilla\Firefox\Profiles\fw3rjnrv.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-04-27] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-02-07] FF HKU\S-1-5-21-271003834-3499182727-1806203241-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-02-07] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-02-07] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-02-07] (AVAST Software) R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-16] (Seiko Epson Corporation) R2 EPSON_PM_RPCV4_06; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE [152640 2013-04-15] (SEIKO EPSON CORPORATION) S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2013-12-16] (WildTangent) R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed] S2 lxebCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxebserv.exe [33960 2009-07-29] (Lexmark International, Inc.) R2 lxeb_device; C:\Windows\system32\lxebcoms.exe [1054888 2009-07-29] ( ) R2 lxeb_device; C:\Windows\SysWOW64\lxebcoms.exe [602792 2009-07-29] ( ) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.) R2 PGMTrusted; C:\Users\Alice\New folder\Pogo Games\PGMTrusted.exe [520360 2013-03-25] (iWin Inc.) R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-06] () R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5436176 2015-02-09] (TeamViewer GmbH) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-02-07] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2015-02-07] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-02-07] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-02-07] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-02-10] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-02-07] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-02-07] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-02-07] () U4 eabfiltr; No ImagePath S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X] S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-14 17:55 - 2015-02-14 17:55 - 00000000 ____D () C:\Users\Alice\Desktop\FRST-OlderVersion 2015-02-14 14:10 - 2015-02-14 14:10 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForAlice 2015-02-14 00:00 - 2015-02-14 00:00 - 00000000 ____D () C:\Users\Alice\AppData\Roaming\iWin 2015-02-13 17:03 - 2015-02-13 17:07 - 00000000 ____D () C:\AdwCleaner 2015-02-13 17:00 - 2015-02-13 17:00 - 02112512 _____ () C:\Users\Alice\Desktop\AdwCleaner.exe 2015-02-13 16:29 - 2015-02-13 16:29 - 00004166 _____ () C:\Users\Alice\Desktop\JRT.txt 2015-02-13 16:13 - 2015-02-13 16:13 - 01388274 _____ (Thisisu) C:\Users\Alice\Desktop\JRT.exe 2015-02-11 23:10 - 2015-01-15 02:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-02-11 23:10 - 2015-01-15 02:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-02-11 23:10 - 2015-01-15 02:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-02-11 23:10 - 2015-01-15 02:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-02-11 23:10 - 2015-01-15 02:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-02-11 23:10 - 2015-01-15 02:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-02-11 23:10 - 2015-01-15 02:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-02-11 23:10 - 2015-01-15 02:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-02-11 23:10 - 2015-01-15 01:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-02-11 23:10 - 2015-01-15 01:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-02-11 23:10 - 2015-01-14 22:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2015-02-11 23:10 - 2014-11-25 21:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2015-02-11 23:10 - 2014-11-25 21:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2015-02-11 23:09 - 2015-01-15 02:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-02-11 23:09 - 2015-01-15 02:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-02-11 23:09 - 2015-01-15 02:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-02-11 23:09 - 2015-01-15 01:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-02-11 23:09 - 2015-01-15 01:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-02-11 23:09 - 2015-01-15 01:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-02-11 23:09 - 2015-01-15 01:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-02-11 23:08 - 2014-12-11 23:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2015-02-11 23:08 - 2014-12-11 23:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2015-02-11 23:08 - 2014-07-06 20:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2015-02-11 23:08 - 2014-07-06 20:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2015-02-11 23:08 - 2014-07-06 19:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2015-02-11 23:08 - 2014-07-06 19:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2015-02-11 23:07 - 2015-02-11 23:07 - 00000347 _____ () C:\Users\Alice\Documents\malware test.txt 2015-02-11 23:06 - 2015-02-03 21:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-02-11 23:06 - 2015-02-03 21:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-02-11 23:06 - 2015-02-03 21:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-02-11 23:06 - 2015-02-03 21:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-02-11 23:06 - 2015-02-03 21:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-02-11 23:06 - 2015-02-03 21:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2015-02-11 23:06 - 2015-02-03 21:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-02-11 23:06 - 2015-01-27 17:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe 2015-02-11 23:06 - 2015-01-12 21:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2015-02-11 23:06 - 2015-01-12 20:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2015-02-11 23:06 - 2015-01-11 21:11 - 01188864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-02-11 23:06 - 2015-01-11 21:10 - 12293120 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-02-11 23:06 - 2015-01-11 21:10 - 09056768 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-02-11 23:06 - 2015-01-11 21:10 - 02467328 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-02-11 23:06 - 2015-01-11 21:10 - 01541632 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-02-11 23:06 - 2015-01-11 21:10 - 00735232 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-02-11 23:06 - 2015-01-11 21:10 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-02-11 23:06 - 2015-01-11 21:10 - 00495616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-02-11 23:06 - 2015-01-11 21:10 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-02-11 23:06 - 2015-01-11 21:10 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-02-11 23:06 - 2015-01-11 21:10 - 00134144 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2015-02-11 23:06 - 2015-01-11 21:10 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-02-11 23:06 - 2015-01-11 21:10 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2015-02-11 23:06 - 2015-01-11 21:10 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-02-11 23:06 - 2015-01-11 21:09 - 01538048 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-02-11 23:06 - 2015-01-11 21:09 - 00174592 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-02-11 23:06 - 2015-01-11 21:09 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2015-02-11 23:06 - 2015-01-11 21:09 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2015-02-11 23:06 - 2015-01-11 20:45 - 01267712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-02-11 23:06 - 2015-01-11 20:45 - 00981504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-02-11 23:06 - 2015-01-11 20:45 - 00428544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-02-11 23:06 - 2015-01-11 20:45 - 00132096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2015-02-11 23:06 - 2015-01-11 20:44 - 11020800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-02-11 23:06 - 2015-01-11 20:44 - 06027264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-02-11 23:06 - 2015-01-11 20:44 - 02086912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-02-11 23:06 - 2015-01-11 20:44 - 01466368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-02-11 23:06 - 2015-01-11 20:44 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-02-11 23:06 - 2015-01-11 20:44 - 00345600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-02-11 23:06 - 2015-01-11 20:44 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-02-11 23:06 - 2015-01-11 20:44 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-02-11 23:06 - 2015-01-11 20:44 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-02-11 23:06 - 2015-01-11 20:44 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-02-11 23:06 - 2015-01-11 20:44 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2015-02-11 23:06 - 2015-01-11 20:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2015-02-11 23:06 - 2015-01-11 20:44 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-02-11 23:06 - 2015-01-11 20:44 - 00015872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2015-02-11 23:06 - 2015-01-11 20:33 - 00482816 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-02-11 23:06 - 2015-01-11 20:14 - 00386048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-02-11 23:06 - 2015-01-11 20:10 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-02-11 23:06 - 2015-01-11 19:53 - 01638912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-02-11 23:05 - 2015-01-14 00:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-02-11 23:05 - 2015-01-14 00:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-02-11 23:05 - 2015-01-14 00:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-02-11 23:05 - 2015-01-14 00:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-02-11 23:05 - 2015-01-13 23:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-02-11 23:05 - 2015-01-13 23:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-02-11 23:05 - 2015-01-13 23:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-02-11 23:05 - 2014-12-07 21:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll 2015-02-11 23:05 - 2014-12-07 20:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll 2015-02-11 23:05 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL 2015-02-11 23:05 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL 2015-02-11 23:05 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL 2015-02-11 23:05 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL 2015-02-11 23:05 - 2014-07-08 20:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL 2015-02-11 23:05 - 2014-07-08 19:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL 2015-02-11 23:05 - 2014-07-08 19:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL 2015-02-11 23:05 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL 2015-02-11 23:05 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL 2015-02-11 23:05 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL 2015-02-11 23:05 - 2014-07-08 16:38 - 00419992 _____ () C:\Windows\system32\locale.nls 2015-02-11 23:05 - 2014-07-08 16:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls 2015-02-11 23:04 - 2014-10-03 20:10 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2015-02-11 23:04 - 2014-10-03 19:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2015-02-11 23:04 - 2014-10-03 19:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll 2015-02-11 22:51 - 2015-01-08 20:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-02-10 17:01 - 2015-02-10 17:06 - 00031051 _____ () C:\Users\Alice\Desktop\Addition.txt 2015-02-10 16:59 - 2015-02-14 17:56 - 00019102 _____ () C:\Users\Alice\Desktop\FRST.txt 2015-02-10 16:59 - 2015-02-14 17:56 - 00000000 ____D () C:\FRST 2015-02-10 16:57 - 2015-02-14 17:55 - 02134528 _____ (Farbar) C:\Users\Alice\Desktop\FRST64.exe 2015-02-10 15:47 - 2015-02-14 14:49 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleForAlice.job 2015-02-10 15:35 - 2015-01-08 21:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll 2015-02-10 15:35 - 2015-01-08 21:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll 2015-02-10 15:35 - 2015-01-08 21:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll 2015-02-10 15:35 - 2015-01-08 20:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll 2015-02-07 20:56 - 2015-02-11 23:02 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-02-07 20:52 - 2015-02-07 20:52 - 00000000 ____D () C:\Users\Alice\AppData\Roaming\AVAST Software 2015-02-07 20:43 - 2015-02-12 19:24 - 00000000 ___SD () C:\Windows\system32\CompatTel 2015-02-07 20:43 - 2015-02-12 19:24 - 00000000 ____D () C:\Windows\system32\appraiser 2015-02-07 20:22 - 2013-05-09 23:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2015-02-07 20:22 - 2013-05-09 23:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2015-02-07 20:22 - 2013-05-09 22:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2015-02-07 20:22 - 2013-05-09 22:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2015-02-07 19:36 - 2014-10-17 20:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2015-02-07 19:36 - 2014-10-17 19:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2015-02-07 19:36 - 2014-07-06 20:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2015-02-07 19:36 - 2014-07-06 20:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe 2015-02-07 19:36 - 2014-07-06 20:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe 2015-02-07 19:36 - 2014-07-06 20:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll 2015-02-07 19:36 - 2014-07-06 19:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll 2015-02-07 19:36 - 2014-07-06 19:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe 2015-02-07 19:36 - 2014-07-06 19:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe 2015-02-07 19:36 - 2014-07-06 19:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll 2015-02-07 19:33 - 2014-06-26 20:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll 2015-02-07 19:33 - 2014-06-26 19:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll 2015-02-07 19:32 - 2014-08-01 05:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll 2015-02-07 19:32 - 2014-08-01 05:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll 2015-02-07 19:31 - 2014-11-10 19:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys 2015-02-07 19:31 - 2014-10-29 20:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe 2015-02-07 19:31 - 2014-10-29 19:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe 2015-02-07 19:31 - 2014-02-03 20:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys 2015-02-07 19:31 - 2014-02-03 20:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys 2015-02-07 19:31 - 2014-02-03 20:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys 2015-02-07 19:31 - 2014-02-03 20:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll 2015-02-07 19:31 - 2014-02-03 20:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll 2015-02-07 19:31 - 2014-01-23 20:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2015-02-07 19:31 - 2013-12-03 20:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe 2015-02-07 19:31 - 2013-12-03 20:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe 2015-02-07 19:31 - 2013-12-03 20:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe 2015-02-07 19:31 - 2013-12-03 20:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe 2015-02-07 19:31 - 2013-12-03 19:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe 2015-02-07 19:31 - 2013-12-03 19:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe 2015-02-07 19:31 - 2013-12-03 19:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe 2015-02-07 19:31 - 2013-12-03 19:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe 2015-02-07 19:31 - 2013-11-23 12:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2015-02-07 19:31 - 2013-11-23 11:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2015-02-07 19:31 - 2013-10-29 20:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll 2015-02-07 19:31 - 2013-10-29 20:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll 2015-02-07 19:30 - 2014-11-07 21:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2015-02-07 19:30 - 2014-11-07 20:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2015-02-07 19:30 - 2014-10-02 20:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll 2015-02-07 19:30 - 2014-10-02 20:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll 2015-02-07 19:30 - 2014-10-02 20:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll 2015-02-07 19:30 - 2014-10-02 20:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll 2015-02-07 19:30 - 2014-10-02 20:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe 2015-02-07 19:30 - 2014-10-02 19:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll 2015-02-07 19:30 - 2014-10-02 19:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll 2015-02-07 19:30 - 2014-10-02 19:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll 2015-02-07 19:30 - 2014-10-02 19:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll 2015-02-07 19:30 - 2014-10-02 19:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe 2015-02-07 19:30 - 2014-09-24 20:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2015-02-07 19:30 - 2014-09-24 19:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2015-02-07 19:30 - 2014-06-24 20:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2015-02-07 19:30 - 2014-06-24 19:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2015-02-07 19:30 - 2014-06-23 21:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2015-02-07 19:30 - 2014-06-23 20:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2015-02-07 19:30 - 2014-01-27 20:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll 2015-02-07 19:30 - 2013-12-03 20:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll 2015-02-07 19:30 - 2013-12-03 20:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll 2015-02-07 19:30 - 2013-12-03 20:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll 2015-02-07 19:30 - 2013-12-03 20:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll 2015-02-07 19:30 - 2013-12-03 20:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll 2015-02-07 19:30 - 2013-12-03 20:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll 2015-02-07 19:30 - 2013-12-03 20:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll 2015-02-07 19:30 - 2013-12-03 20:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll 2015-02-07 19:30 - 2013-12-03 20:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll 2015-02-07 19:30 - 2013-12-03 20:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll 2015-02-07 19:25 - 2014-10-13 20:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2015-02-07 19:25 - 2014-10-13 19:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2015-02-07 19:20 - 2015-02-07 19:20 - 00001964 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk 2015-02-07 19:20 - 2015-02-07 19:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software 2015-02-07 19:19 - 2015-02-14 13:58 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2015-02-07 19:18 - 2015-02-10 15:47 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys 2015-02-07 19:18 - 2015-02-07 19:17 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2015-02-07 19:18 - 2015-02-07 19:17 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2015-02-07 19:18 - 2015-02-07 19:17 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2015-02-07 19:18 - 2015-02-07 19:17 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2015-02-07 19:18 - 2015-02-07 19:17 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2015-02-07 19:18 - 2015-02-07 19:17 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2015-02-07 19:18 - 2015-02-07 19:17 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2015-02-07 19:18 - 2015-02-07 19:17 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2015-02-07 19:17 - 2015-02-07 19:17 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2015-02-07 19:16 - 2015-02-07 19:16 - 00000000 ____D () C:\Program Files\AVAST Software 2015-02-07 19:12 - 2015-02-07 19:16 - 00000000 ____D () C:\ProgramData\AVAST Software 2015-02-07 19:09 - 2015-02-07 19:09 - 00305664 _____ (Secure By Design Inc.) C:\Users\Alice\Downloads\Ninite Avast Installer.exe 2015-02-07 19:09 - 2015-02-07 19:09 - 00001062 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-02-07 19:09 - 2015-02-07 19:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-02-07 19:09 - 2015-02-07 19:09 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-02-07 19:09 - 2014-11-21 06:54 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-02-07 19:09 - 2014-11-21 06:53 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-02-07 19:09 - 2014-11-21 06:53 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-02-07 19:07 - 2015-02-10 16:32 - 00000931 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk 2015-02-07 19:07 - 2015-02-10 16:32 - 00000919 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk 2015-02-07 19:07 - 2015-02-10 16:32 - 00000000 ____D () C:\Program Files (x86)\TeamViewer 2015-02-07 19:07 - 2015-02-07 19:07 - 00001979 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk 2015-02-07 19:07 - 2015-02-07 19:07 - 00000000 ____D () C:\Users\Alice\AppData\Roaming\TeamViewer 2015-02-07 19:06 - 2015-02-07 19:08 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk 2015-02-07 19:05 - 2015-02-07 19:05 - 00305664 _____ (Secure By Design Inc.) C:\Users\Alice\Downloads\Ninite Avast Malwarebytes TeamViewer Installer.exe 2015-02-07 19:02 - 2015-02-14 17:31 - 00000672 _____ () C:\Windows\setupact.log 2015-02-07 19:02 - 2015-02-07 19:02 - 00000000 _____ () C:\Windows\setuperr.log 2015-02-07 19:01 - 2015-02-12 19:23 - 00048770 _____ () C:\Windows\PFRO.log 2015-02-07 18:54 - 2015-02-07 18:54 - 00000000 ____D () C:\Users\Alice\AppData\Roaming\TuneUp Software 2015-02-07 17:54 - 2015-02-07 17:54 - 00000000 ____D () C:\6ab20b210d91a621578688 2015-02-07 17:25 - 2015-02-11 23:42 - 00000000 ____D () C:\Windows\system32\MRT 2015-02-07 17:25 - 2015-02-11 23:36 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-02-07 17:22 - 2014-06-30 16:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll 2015-02-07 17:22 - 2014-06-30 16:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll 2015-02-07 17:22 - 2014-06-06 00:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe 2015-02-07 17:22 - 2014-06-06 00:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe 2015-02-07 17:22 - 2014-03-09 15:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe 2015-02-07 17:22 - 2014-03-09 15:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll 2015-02-07 17:22 - 2014-03-09 15:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe 2015-02-07 17:22 - 2014-03-09 15:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll 2015-02-07 17:20 - 2014-03-04 03:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll 2015-02-07 17:20 - 2014-03-04 03:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2015-02-07 17:20 - 2014-03-04 03:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll 2015-02-07 17:20 - 2014-03-04 03:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll 2015-02-07 17:20 - 2014-03-04 03:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll 2015-02-07 17:20 - 2014-03-04 03:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll 2015-02-07 17:20 - 2014-03-04 03:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll 2015-02-07 17:20 - 2014-03-04 03:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll 2015-02-07 17:20 - 2014-03-04 03:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll 2015-02-07 17:20 - 2014-03-04 03:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll 2015-02-07 17:20 - 2014-03-04 03:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll 2015-02-07 17:20 - 2014-03-04 03:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll 2015-02-07 17:20 - 2014-03-04 03:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll 2015-02-07 17:20 - 2014-03-04 03:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll 2015-02-07 17:20 - 2014-03-04 03:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll 2015-02-07 17:20 - 2014-03-04 03:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2015-02-07 17:19 - 2014-10-13 20:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2015-02-07 17:19 - 2014-09-19 03:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-02-07 17:19 - 2014-09-19 03:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-02-07 17:19 - 2014-09-19 03:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-02-07 17:19 - 2014-09-19 03:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-02-07 17:19 - 2014-09-19 03:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-02-07 17:19 - 2014-09-19 03:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-02-07 17:19 - 2014-09-19 03:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-02-07 17:19 - 2014-09-19 03:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-02-07 17:19 - 2014-09-19 03:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-02-07 17:19 - 2014-09-19 03:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-02-07 17:19 - 2014-09-19 03:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-02-07 17:19 - 2014-09-19 03:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-02-07 17:18 - 2014-11-10 21:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-02-07 17:18 - 2014-11-10 21:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll 2015-02-07 17:18 - 2014-11-10 20:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-02-07 17:18 - 2014-11-10 20:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll 2015-02-07 17:18 - 2014-10-24 19:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2015-02-07 17:18 - 2014-10-24 19:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2015-02-07 17:18 - 2014-10-02 20:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2015-02-07 17:18 - 2014-10-02 20:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2015-02-07 17:18 - 2014-10-02 20:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2015-02-07 17:18 - 2014-10-02 20:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2015-02-07 17:18 - 2014-10-02 20:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2015-02-07 17:18 - 2014-10-02 19:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2015-02-07 17:18 - 2014-10-02 19:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2015-02-07 17:18 - 2014-10-02 19:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2015-02-07 17:18 - 2014-07-16 20:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe 2015-02-07 17:18 - 2014-07-16 20:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2015-02-07 17:18 - 2014-07-16 20:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll 2015-02-07 17:18 - 2014-07-16 20:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll 2015-02-07 17:18 - 2014-07-16 19:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll 2015-02-07 17:18 - 2014-07-16 19:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe 2015-02-07 17:18 - 2014-07-16 19:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys 2015-02-07 17:18 - 2014-07-16 19:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2015-02-07 17:18 - 2013-11-26 02:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll 2015-02-07 17:18 - 2013-11-22 16:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2015-02-07 17:17 - 2014-06-17 20:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe 2015-02-07 17:17 - 2014-06-17 19:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe 2015-02-07 17:17 - 2014-06-06 04:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2015-02-07 17:17 - 2014-06-06 03:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2015-02-07 17:17 - 2014-05-30 00:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2015-02-07 17:17 - 2014-03-04 03:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2015-02-07 17:17 - 2014-03-04 03:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2015-02-07 17:17 - 2014-03-04 03:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2015-02-07 17:17 - 2014-03-04 03:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2015-02-07 17:17 - 2014-03-04 03:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2015-02-07 17:17 - 2014-03-04 03:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2015-02-07 17:17 - 2014-03-04 03:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2015-02-07 17:17 - 2014-03-04 03:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2015-02-07 17:17 - 2014-03-04 03:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2015-02-07 17:17 - 2014-03-04 02:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2015-02-07 17:17 - 2014-03-04 02:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2015-02-07 17:17 - 2013-10-03 20:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys 2015-02-07 17:17 - 2013-10-03 19:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys 2015-02-07 17:16 - 2014-12-18 21:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-02-07 17:16 - 2014-12-11 11:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-02-07 17:16 - 2014-06-18 16:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll 2015-02-07 17:16 - 2014-06-18 16:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll 2015-02-07 17:16 - 2014-06-18 16:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll 2015-02-07 17:16 - 2014-06-18 16:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll 2015-02-07 17:16 - 2014-06-18 16:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll 2015-02-07 17:16 - 2014-06-18 16:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll 2015-02-07 17:16 - 2014-04-24 20:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll 2015-02-07 17:16 - 2014-04-24 20:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll 2015-02-07 17:16 - 2014-04-04 20:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2015-02-07 17:16 - 2014-04-04 20:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2015-02-07 17:16 - 2014-03-26 08:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2015-02-07 17:16 - 2014-03-26 08:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll 2015-02-07 17:16 - 2014-03-26 08:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2015-02-07 17:16 - 2014-03-26 08:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll 2015-02-07 17:16 - 2013-11-26 19:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2015-02-07 17:16 - 2013-11-26 19:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2015-02-07 17:16 - 2013-11-26 19:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2015-02-07 17:16 - 2013-11-26 19:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2015-02-07 17:16 - 2013-11-26 19:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2015-02-07 17:16 - 2013-11-26 19:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys 2015-02-07 17:16 - 2013-11-26 19:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2015-02-07 17:16 - 2013-11-26 05:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2015-02-07 17:16 - 2013-10-18 20:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll 2015-02-07 17:16 - 2013-10-18 19:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll 2015-02-07 17:15 - 2014-12-18 19:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-02-07 17:15 - 2014-12-05 22:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-02-07 17:15 - 2014-12-05 21:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll 2015-02-07 17:15 - 2014-12-05 21:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll 2015-02-07 17:15 - 2014-09-03 23:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll 2015-02-07 17:15 - 2014-09-03 23:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll 2015-02-07 17:15 - 2014-08-21 00:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2015-02-07 17:15 - 2014-08-21 00:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2015-02-07 17:15 - 2014-08-21 00:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2015-02-07 17:15 - 2014-08-21 00:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2015-02-07 17:15 - 2014-08-11 20:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL 2015-02-07 17:15 - 2014-08-11 19:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL 2015-02-07 17:15 - 2014-06-15 20:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2015-02-07 17:15 - 2014-06-03 04:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2015-02-07 17:15 - 2014-06-03 04:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2015-02-07 17:15 - 2014-06-03 04:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2015-02-07 17:15 - 2014-06-03 03:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2015-02-07 17:15 - 2014-06-03 03:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll 2015-02-07 17:15 - 2014-01-28 20:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2015-02-07 17:15 - 2014-01-28 20:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll 2015-02-07 17:15 - 2013-10-11 20:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx 2015-02-07 17:15 - 2013-10-11 20:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll 2015-02-07 17:15 - 2013-10-11 20:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx 2015-02-07 17:15 - 2013-10-11 20:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll 2015-02-07 17:15 - 2013-10-11 19:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe 2015-02-07 17:15 - 2013-10-11 19:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe 2015-02-07 17:15 - 2013-10-11 19:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe 2015-02-07 17:15 - 2013-10-11 19:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe 2015-02-07 17:15 - 2012-06-15 23:15 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-02-07 17:15 - 2012-06-15 22:26 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-02-07 17:11 - 2014-07-13 20:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2015-02-07 17:11 - 2014-07-13 19:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2015-02-07 16:56 - 2014-08-22 20:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2015-02-07 16:56 - 2014-08-22 19:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2015-02-07 16:52 - 2015-02-07 16:52 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC 2015-02-07 16:52 - 2015-02-07 16:52 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2015-02-07 16:52 - 2015-02-07 16:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2015-02-07 16:52 - 2015-02-07 16:52 - 00000000 ____D () C:\Program Files\CCleaner 2015-02-07 16:50 - 2015-02-07 16:50 - 05325208 _____ (Piriform Ltd) C:\Users\Alice\Downloads\ccsetup502.exe 2015-02-02 12:18 - 2015-02-02 12:18 - 00002177 _____ () C:\Users\Alice\Desktop\HP Support Assistant.lnk 2015-02-02 12:18 - 2015-02-02 12:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support 2015-02-02 12:12 - 2015-02-02 12:12 - 00000000 ____D () C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F} 2015-02-01 01:27 - 2015-02-01 01:27 - 00220645 _____ () C:\Users\Alice\Downloads\ecorrespondence119548479.do 2015-01-31 14:04 - 2015-02-11 23:23 - 00000000 ____D () C:\Users\Alice\Desktop\our stuff 2015-01-31 14:00 - 2015-02-01 01:26 - 00000000 ____D () C:\Users\Alice\Desktop\Bible Studies 2015-01-29 00:51 - 2015-01-29 00:51 - 00266468 _____ () C:\Users\Alice\Downloads\loadStatement(1).do 2015-01-29 00:50 - 2015-01-29 00:50 - 00266468 _____ () C:\Users\Alice\Downloads\loadStatement.do 2015-01-24 22:46 - 2015-02-14 17:46 - 00000911 _____ () C:\Windows\Tasks\EPSON XP-310 Series Update {2962027C-48FF-4BD0-BFD2-84B1731F3357}.job 2015-01-24 22:46 - 2015-02-14 17:46 - 00000725 _____ () C:\Windows\Tasks\EPSON XP-310 Series Invitation {2962027C-48FF-4BD0-BFD2-84B1731F3357}.job 2015-01-24 22:46 - 2015-01-24 22:46 - 00003978 _____ () C:\Windows\System32\Tasks\EPSON XP-310 Series Update {2962027C-48FF-4BD0-BFD2-84B1731F3357} 2015-01-24 22:46 - 2015-01-24 22:46 - 00003792 _____ () C:\Windows\System32\Tasks\EPSON XP-310 Series Invitation {2962027C-48FF-4BD0-BFD2-84B1731F3357} 2015-01-20 14:54 - 2015-01-20 14:54 - 00044194 _____ () C:\Users\Alice\Downloads\StatementPdf 2015-01-19 15:57 - 2015-02-14 14:31 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-01-19 15:57 - 2015-02-07 12:31 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-14 17:52 - 2009-07-13 22:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-02-14 17:52 - 2009-07-13 22:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-02-14 17:48 - 2010-06-15 14:14 - 01638169 _____ () C:\Windows\WindowsUpdate.log 2015-02-14 17:32 - 2013-06-02 18:22 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job 2015-02-14 17:32 - 2011-02-12 18:42 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-02-14 17:32 - 2010-10-28 20:29 - 00310097 _____ () C:\ProgramData\lxebscan.log 2015-02-14 17:31 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-02-14 15:08 - 2014-09-12 20:08 - 00000911 _____ () C:\Windows\Tasks\EPSON XP-310 Series Update {BF3DFE30-9FE7-466C-8A23-88715D66C616}.job 2015-02-14 15:08 - 2014-09-12 20:08 - 00000725 _____ () C:\Windows\Tasks\EPSON XP-310 Series Invitation {BF3DFE30-9FE7-466C-8A23-88715D66C616}.job 2015-02-14 15:04 - 2011-02-12 18:42 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-02-13 19:41 - 2013-09-24 09:30 - 00000000 ____D () C:\Users\Alice\Desktop\Rockhouse 2015-02-12 19:26 - 2009-07-13 22:45 - 00623672 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-02-11 22:55 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\tracing 2015-02-10 16:07 - 2009-07-13 23:13 - 00726444 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-02-10 15:53 - 2010-10-24 22:27 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log 2015-02-10 15:52 - 2011-10-30 12:36 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt 2015-02-07 20:51 - 2009-07-13 23:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD 2015-02-07 20:43 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism 2015-02-07 20:43 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\Dism 2015-02-07 20:43 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\AppCompat 2015-02-07 19:12 - 2010-10-20 22:04 - 00165752 _____ () C:\Users\Alice\AppData\Local\GDIPFONTCACHEV1.DAT 2015-02-07 19:09 - 2012-03-05 19:44 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-02-07 19:06 - 2010-04-27 13:36 - 00000000 ____D () C:\ProgramData\Adobe 2015-02-07 19:06 - 2010-04-27 13:36 - 00000000 ____D () C:\Program Files (x86)\Adobe 2015-02-07 19:01 - 2010-12-20 21:13 - 00000000 ____D () C:\ProgramData\AVG10 2015-02-07 19:00 - 2010-12-20 21:03 - 00000000 ____D () C:\ProgramData\MFAData 2015-02-07 18:56 - 2010-12-20 21:13 - 00000000 ____D () C:\Windows\system32\Drivers\AVG 2015-02-07 18:52 - 2010-11-06 15:01 - 00000000 ____D () C:\Users\Alice\AppData\Local\CrashDumps 2015-02-07 18:52 - 2009-09-06 19:57 - 00000000 ____D () C:\Windows\Panther 2015-02-07 12:31 - 2013-06-02 22:16 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-02-07 12:31 - 2013-06-02 22:16 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-02-07 11:59 - 2011-02-12 18:42 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-02-07 11:59 - 2011-02-12 18:42 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-02-02 12:18 - 2010-04-27 11:59 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-02-02 12:18 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\Help 2015-02-02 12:15 - 2010-06-15 14:30 - 00000000 ____D () C:\Windows\System32\Tasks\Hewlett-Packard 2015-02-02 12:14 - 2010-04-27 11:57 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard 2015-02-02 12:13 - 2010-10-20 22:06 - 00000000 ____D () C:\Users\Alice\AppData\Roaming\hpqlog 2015-02-02 12:10 - 2010-04-27 13:15 - 00000000 ____D () C:\ProgramData\Hewlett-Packard 2015-02-02 12:09 - 2009-09-06 18:40 - 00000000 ____D () C:\SwSetup 2015-01-31 14:05 - 2013-09-24 09:30 - 00000000 ____D () C:\Users\Alice\Desktop\sermon notes 2015-01-31 14:03 - 2013-09-24 09:30 - 00000000 ____D () C:\Users\Alice\Desktop\misc 2015-01-31 14:02 - 2013-09-24 09:30 - 00000000 ____D () C:\Users\Alice\Desktop\Sermons 2015-01-29 01:15 - 2012-06-04 19:05 - 04402176 ___SH () C:\Users\Alice\Desktop\Thumbs.db 2015-01-20 13:05 - 2014-09-12 16:21 - 00000000 ____D () C:\Users\Alice\AppData\Roaming\Epson 2015-01-20 13:05 - 2014-09-11 19:39 - 00000000 ____D () C:\ProgramData\EPSON ==================== Files in the root of some directories ======= 2014-05-23 17:11 - 2014-05-23 17:11 - 6103040 _____ () C:\Program Files (x86)\GUT8E7A.tmp 2011-01-02 15:59 - 2011-01-02 15:59 - 0001854 _____ () C:\Users\Alice\AppData\Roaming\GhostObjGAFix.xml 2010-11-01 21:07 - 2014-11-18 19:15 - 0004166 _____ () C:\Users\Alice\AppData\Roaming\wklnhst.dat 2010-10-20 22:07 - 2010-10-20 22:07 - 0000000 _____ () C:\Users\Alice\AppData\Local\AtStart.txt 2010-10-20 22:07 - 2010-10-20 22:07 - 0000000 _____ () C:\Users\Alice\AppData\Local\DSwitch.txt 2010-10-20 22:07 - 2010-10-20 22:07 - 0000000 _____ () C:\Users\Alice\AppData\Local\QSwitch.txt 2014-08-14 17:37 - 2014-08-14 17:37 - 0000000 _____ () C:\ProgramData\cmn_upld.log 2010-10-28 20:39 - 2010-10-28 20:39 - 0000252 _____ () C:\ProgramData\FastPics.log 2010-10-20 22:07 - 2015-02-14 17:46 - 0000467 _____ () C:\ProgramData\HPWALog.txt 2010-10-28 20:35 - 2014-02-07 15:04 - 0000409 _____ () C:\ProgramData\lxeb.log 2013-02-01 16:36 - 2014-09-10 16:06 - 0001590 _____ () C:\ProgramData\lxebDiagnostics.log 2010-10-28 20:39 - 2014-08-14 17:36 - 1076930 _____ () C:\ProgramData\lxebJSW.log 2010-10-28 20:29 - 2015-02-14 17:32 - 0310097 _____ () C:\ProgramData\lxebscan.log 2014-08-14 17:37 - 2014-08-14 17:37 - 0000000 _____ () C:\ProgramData\LxWbGwLog.log 2010-11-25 11:08 - 2010-11-25 11:08 - 0550823 _____ () C:\ProgramData\SPL1083.tmp 2014-02-10 22:30 - 2014-02-10 22:30 - 1118399 _____ () C:\ProgramData\SPL116D.tmp 2014-03-08 20:33 - 2014-03-08 20:33 - 1283864 _____ () C:\ProgramData\SPL1279.tmp 2014-02-22 18:02 - 2014-02-22 18:02 - 1203388 _____ () C:\ProgramData\SPL13FC.tmp 2013-11-19 20:36 - 2013-11-19 20:36 - 0106150 _____ () C:\ProgramData\SPL147B.tmp 2012-08-18 07:42 - 2012-08-18 07:42 - 0671555 _____ () C:\ProgramData\SPL1489.tmp 2012-07-01 19:53 - 2012-07-01 19:53 - 0610757 _____ () C:\ProgramData\SPL1528.tmp 2013-10-12 19:11 - 2013-10-12 19:11 - 1872263 _____ () C:\ProgramData\SPL1779.tmp 2013-12-04 16:03 - 2013-12-04 16:03 - 0417384 _____ () C:\ProgramData\SPL1BC9.tmp 2012-08-14 21:36 - 2012-08-14 21:36 - 0490643 _____ () C:\ProgramData\SPL1C75.tmp 2012-03-05 18:49 - 2012-03-05 18:49 - 0488512 _____ () C:\ProgramData\SPL1D20.tmp 2013-08-17 22:17 - 2013-08-17 22:17 - 0651822 _____ () C:\ProgramData\SPL1EB6.tmp 2013-12-10 16:27 - 2013-12-10 16:27 - 0529812 _____ () C:\ProgramData\SPL1EB7.tmp 2013-12-29 00:31 - 2013-12-29 00:31 - 0936760 _____ () C:\ProgramData\SPL1F06.tmp 2013-11-23 19:24 - 2013-11-23 19:24 - 0316906 _____ () C:\ProgramData\SPL20F7.tmp 2013-06-23 18:40 - 2013-06-23 18:40 - 0421773 _____ () C:\ProgramData\SPL2174.tmp 2014-04-19 23:21 - 2014-04-19 23:21 - 0569274 _____ () C:\ProgramData\SPL2244.tmp 2012-04-11 20:30 - 2012-04-11 20:30 - 0489098 _____ () C:\ProgramData\SPL2329.tmp 2013-10-17 04:45 - 2013-10-17 04:45 - 28736520 _____ () C:\ProgramData\SPL2422.tmp 2012-03-05 19:01 - 2012-03-05 19:01 - 0488512 _____ () C:\ProgramData\SPL254B.tmp 2013-12-15 00:11 - 2013-12-15 00:11 - 1887724 _____ () C:\ProgramData\SPL279C.tmp 2013-08-24 13:38 - 2013-08-24 13:38 - 0943296 _____ () C:\ProgramData\SPL27BC.tmp 2013-10-06 00:59 - 2013-10-06 00:59 - 7808052 _____ () C:\ProgramData\SPL2A2E.tmp 2012-07-12 17:49 - 2012-07-12 17:49 - 0319154 _____ () C:\ProgramData\SPL2AD7.tmp 2013-09-21 22:01 - 2013-09-21 22:01 - 0097220 _____ () C:\ProgramData\SPL2B83.tmp 2012-08-16 16:14 - 2012-08-16 16:14 - 0490643 _____ () C:\ProgramData\SPL2D75.tmp 2012-03-05 18:20 - 2012-03-05 18:20 - 0488512 _____ () C:\ProgramData\SPL2DD.tmp 2014-02-22 17:41 - 2014-02-22 17:41 - 1203388 _____ () C:\ProgramData\SPL2DE5.tmp 2013-09-14 23:20 - 2013-09-14 23:20 - 0326608 _____ () C:\ProgramData\SPL2EED.tmp 2013-09-27 21:00 - 2013-09-27 21:00 - 7859333 _____ () C:\ProgramData\SPL3249.tmp 2013-12-22 02:53 - 2013-12-22 02:53 - 1023650 _____ () C:\ProgramData\SPL339D.tmp 2013-11-09 13:42 - 2013-11-09 13:42 - 0174057 _____ () C:\ProgramData\SPL33AE.tmp 2013-02-09 23:07 - 2013-02-09 23:07 - 1226554 _____ () C:\ProgramData\SPL33CF.tmp 2014-04-06 02:22 - 2014-04-06 02:22 - 1886724 _____ () C:\ProgramData\SPL34BA.tmp 2013-08-03 23:25 - 2013-08-03 23:25 - 0895610 _____ () C:\ProgramData\SPL3515.tmp 2013-10-17 20:38 - 2013-10-17 20:38 - 28736520 _____ () C:\ProgramData\SPL3523.tmp 2012-04-11 20:43 - 2012-04-11 20:43 - 0489098 _____ () C:\ProgramData\SPL3532.tmp 2012-08-14 21:40 - 2012-08-14 21:40 - 0490643 _____ () C:\ProgramData\SPL360D.tmp 2013-10-05 13:07 - 2013-10-05 13:07 - 0977482 _____ () C:\ProgramData\SPL3784.tmp 2012-07-01 19:59 - 2012-07-01 19:59 - 0610761 _____ () C:\ProgramData\SPL37E4.tmp 2013-09-21 23:14 - 2013-09-21 23:14 - 0398830 _____ () C:\ProgramData\SPL387E.tmp 2013-10-25 20:38 - 2013-10-25 20:38 - 0903054 _____ () C:\ProgramData\SPL38CC.tmp 2012-03-05 18:36 - 2012-03-05 18:36 - 0488512 _____ () C:\ProgramData\SPL3948.tmp 2013-11-18 09:27 - 2013-11-18 09:27 - 0330214 _____ () C:\ProgramData\SPL3C83.tmp 2012-07-01 20:10 - 2012-07-01 20:10 - 0610761 _____ () C:\ProgramData\SPL3DDD.tmp 2013-10-27 00:07 - 2013-10-27 00:07 - 0325629 _____ () C:\ProgramData\SPL3E67.tmp 2014-01-18 23:21 - 2014-01-18 23:21 - 3000826 _____ () C:\ProgramData\SPL3F42.tmp 2013-11-13 16:17 - 2013-11-13 16:17 - 4652944 _____ () C:\ProgramData\SPL3F51.tmp 2013-11-18 18:53 - 2013-11-18 18:53 - 0413323 _____ () C:\ProgramData\SPL3FF6.tmp 2014-03-01 21:26 - 2014-03-01 21:26 - 0247702 _____ () C:\ProgramData\SPL40B8.tmp 2013-11-24 16:04 - 2013-11-24 16:04 - 0063004 _____ () C:\ProgramData\SPL420E.tmp 2012-07-01 20:10 - 2012-07-01 20:10 - 0610761 _____ () C:\ProgramData\SPL4221.tmp 2013-08-03 12:37 - 2013-08-03 12:37 - 0361629 _____ () C:\ProgramData\SPL422E.tmp 2013-07-20 23:03 - 2013-07-20 23:03 - 0537283 _____ () C:\ProgramData\SPL427C.tmp 2013-11-18 19:09 - 2013-11-18 19:09 - 0450086 _____ () C:\ProgramData\SPL434.tmp 2014-02-16 22:30 - 2014-02-16 22:30 - 3440793 _____ () C:\ProgramData\SPL451B.tmp 2012-08-16 16:13 - 2012-08-16 16:13 - 0490643 _____ () C:\ProgramData\SPL4604.tmp 2013-10-27 07:03 - 2013-10-27 07:03 - 0526094 _____ () C:\ProgramData\SPL47E9.tmp 2013-11-17 07:19 - 2013-11-17 07:19 - 0448911 _____ () C:\ProgramData\SPL4A39.tmp 2013-09-28 10:47 - 2013-09-28 10:47 - 8065124 _____ () C:\ProgramData\SPL4A67.tmp 2014-02-07 15:10 - 2014-02-07 15:10 - 12336294 _____ () C:\ProgramData\SPL4BBF.tmp 2012-04-10 17:40 - 2012-04-10 17:40 - 0489098 _____ () C:\ProgramData\SPL4CE7.tmp 2013-07-15 22:14 - 2013-07-15 22:14 - 7566630 _____ () C:\ProgramData\SPL4EAE.tmp 2014-02-02 19:07 - 2014-02-02 19:07 - 0203192 _____ () C:\ProgramData\SPL4EDB.tmp 2012-08-15 20:38 - 2012-08-15 20:38 - 0490643 _____ () C:\ProgramData\SPL5070.tmp 2012-07-01 20:14 - 2012-07-01 20:14 - 0610757 _____ () C:\ProgramData\SPL5295.tmp 2013-08-31 21:03 - 2013-08-31 21:03 - 1121014 _____ () C:\ProgramData\SPL52A2.tmp 2013-09-17 21:10 - 2013-09-17 21:10 - 8153479 _____ () C:\ProgramData\SPL5438.tmp 2012-03-05 18:25 - 2012-03-05 18:25 - 0488512 _____ () C:\ProgramData\SPL559E.tmp 2014-02-15 17:06 - 2014-02-15 17:06 - 0623824 _____ () C:\ProgramData\SPL560C.tmp 2014-04-21 20:32 - 2014-04-21 20:32 - 1003905 _____ () C:\ProgramData\SPL56B8.tmp 2014-01-18 21:58 - 2014-01-18 21:58 - 0718141 _____ () C:\ProgramData\SPL56C9.tmp 2014-05-10 20:50 - 2014-05-10 20:50 - 0435539 _____ () C:\ProgramData\SPL59B3.tmp 2012-07-01 20:14 - 2012-07-01 20:14 - 0610757 _____ () C:\ProgramData\SPL5A52.tmp 2012-07-01 20:07 - 2012-07-01 20:07 - 0610753 _____ () C:\ProgramData\SPL5C07.tmp 2013-07-19 21:29 - 2013-07-19 21:29 - 5446180 _____ () C:\ProgramData\SPL5DF8.tmp 2014-02-15 21:00 - 2014-02-15 21:00 - 0133184 _____ () C:\ProgramData\SPL5F12.tmp 2014-04-26 20:30 - 2014-04-26 20:30 - 0389226 _____ () C:\ProgramData\SPL602A.tmp 2011-07-11 20:44 - 2011-07-11 20:44 - 0497834 _____ () C:\ProgramData\SPL6163.tmp 2013-11-30 16:57 - 2013-11-30 16:57 - 0203372 _____ () C:\ProgramData\SPL626B.tmp 2013-11-13 17:19 - 2013-11-13 17:19 - 4689988 _____ () C:\ProgramData\SPL6354.tmp 2013-08-24 12:24 - 2013-08-24 12:24 - 0634662 _____ () C:\ProgramData\SPL646D.tmp 2013-07-16 21:44 - 2013-07-16 21:44 - 7074838 _____ () C:\ProgramData\SPL648C.tmp 2013-11-23 16:11 - 2013-11-23 16:11 - 0316906 _____ () C:\ProgramData\SPL6629.tmp 2013-11-03 08:27 - 2013-11-03 08:27 - 0630543 _____ () C:\ProgramData\SPL66BE.tmp 2014-01-26 00:43 - 2014-01-26 00:43 - 1568592 _____ () C:\ProgramData\SPL678B.tmp 2012-07-01 20:09 - 2012-07-01 20:09 - 0610757 _____ () C:\ProgramData\SPL67F9.tmp 2014-02-08 20:40 - 2014-02-08 20:40 - 1062694 _____ () C:\ProgramData\SPL6A69.tmp 2013-08-31 22:32 - 2013-08-31 22:32 - 0076070 _____ () C:\ProgramData\SPL6C98.tmp 2014-06-08 07:45 - 2014-06-08 07:45 - 1399964 _____ () C:\ProgramData\SPL6D62.tmp 2012-07-01 20:09 - 2012-07-01 20:09 - 0610757 _____ () C:\ProgramData\SPL6EDC.tmp 2012-03-05 18:50 - 2012-03-05 18:50 - 0488512 _____ () C:\ProgramData\SPL6EE8.tmp 2014-02-15 18:24 - 2014-02-15 18:24 - 1016222 _____ () C:\ProgramData\SPL6F08.tmp 2013-07-21 21:47 - 2013-07-21 21:47 - 0274584 _____ () C:\ProgramData\SPL6FF4.tmp 2013-09-28 10:37 - 2013-09-28 10:38 - 8065192 _____ () C:\ProgramData\SPL70AC.tmp 2012-03-05 09:14 - 2012-03-05 09:14 - 0488512 _____ () C:\ProgramData\SPL7261.tmp 2014-02-15 21:30 - 2014-02-15 21:30 - 5548557 _____ () C:\ProgramData\SPL7280.tmp 2013-12-04 15:31 - 2013-12-04 15:31 - 1736308 _____ () C:\ProgramData\SPL740.tmp 2013-11-30 17:29 - 2013-11-30 17:29 - 0062216 _____ () C:\ProgramData\SPL7483.tmp 2013-10-12 13:53 - 2013-10-12 13:53 - 0220914 _____ () C:\ProgramData\SPL7494.tmp 2013-08-24 21:38 - 2013-08-24 21:38 - 0143384 _____ () C:\ProgramData\SPL74C2.tmp 2013-07-08 20:34 - 2013-07-08 20:34 - 1465602 _____ () C:\ProgramData\SPL7501.tmp 2013-10-16 21:22 - 2013-10-16 21:22 - 28736520 _____ () C:\ProgramData\SPL753E.tmp 2012-04-11 21:16 - 2012-04-11 21:16 - 0489098 _____ () C:\ProgramData\SPL75CB.tmp 2012-03-04 16:31 - 2012-03-04 16:31 - 0488512 _____ () C:\ProgramData\SPL7629.tmp 2014-06-09 21:03 - 2014-06-09 21:03 - 0515508 _____ () C:\ProgramData\SPL7707.tmp 2012-03-04 20:43 - 2012-03-04 20:43 - 0488512 _____ () C:\ProgramData\SPL7770.tmp 2012-07-01 20:04 - 2012-07-01 20:04 - 0610757 _____ () C:\ProgramData\SPL77D1.tmp 2014-01-11 22:48 - 2014-01-11 22:48 - 0377590 _____ () C:\ProgramData\SPL7A3E.tmp 2012-04-09 20:13 - 2012-04-09 20:13 - 0489098 _____ () C:\ProgramData\SPL7AAD.tmp 2010-11-22 21:19 - 2010-11-22 21:19 - 0690168 _____ () C:\ProgramData\SPL7ACA.tmp 2014-02-08 21:56 - 2014-02-08 21:56 - 0316091 _____ () C:\ProgramData\SPL7BE.tmp 2012-07-01 20:07 - 2012-07-01 20:07 - 0610753 _____ () C:\ProgramData\SPL7C43.tmp 2013-10-26 23:21 - 2013-10-26 23:21 - 0662784 _____ () C:\ProgramData\SPL7E63.tmp 2013-01-19 15:16 - 2013-01-19 15:16 - 1528754 _____ () C:\ProgramData\SPL7F3D.tmp 2013-11-30 21:19 - 2013-11-30 21:19 - 1164320 _____ () C:\ProgramData\SPL7F9C.tmp 2014-03-15 21:48 - 2014-03-15 21:48 - 1040696 _____ () C:\ProgramData\SPL8122.tmp 2013-11-11 00:04 - 2013-11-11 00:04 - 0174057 _____ () C:\ProgramData\SPL821.tmp 2012-08-15 20:38 - 2012-08-15 20:38 - 0490643 _____ () C:\ProgramData\SPL82A.tmp 2013-10-26 22:32 - 2013-10-26 22:32 - 0740878 _____ () C:\ProgramData\SPL82B7.tmp 2013-07-16 21:33 - 2013-07-16 21:33 - 7074838 _____ () C:\ProgramData\SPL8390.tmp 2011-07-06 14:47 - 2011-07-06 14:47 - 0723096 _____ () C:\ProgramData\SPL86ED.tmp 2013-07-19 22:02 - 2013-07-19 22:02 - 2758388 _____ () C:\ProgramData\SPL8758.tmp 2013-12-22 02:43 - 2013-12-22 02:43 - 1023650 _____ () C:\ProgramData\SPL88CE.tmp 2011-12-24 23:38 - 2011-12-24 23:38 - 8830772 _____ () C:\ProgramData\SPL894B.tmp 2014-04-13 01:53 - 2014-04-13 01:53 - 2249947 _____ () C:\ProgramData\SPL89E7.tmp 2012-03-05 19:02 - 2012-03-05 19:02 - 0488512 _____ () C:\ProgramData\SPL8A25.tmp 2012-08-02 20:19 - 2012-08-02 20:19 - 0735785 _____ () C:\ProgramData\SPL8AB3.tmp 2012-04-10 17:40 - 2012-04-10 17:40 - 0489098 _____ () C:\ProgramData\SPL8E0B.tmp 2013-12-17 17:18 - 2013-12-17 17:18 - 0484052 _____ () C:\ProgramData\SPL8E5.tmp 2013-06-27 23:30 - 2013-06-27 23:30 - 1566912 _____ () C:\ProgramData\SPL8E80.tmp 2011-12-22 11:09 - 2011-12-22 11:09 - 1424954 _____ () C:\ProgramData\SPL8ED6.tmp 2013-09-07 23:55 - 2013-09-07 23:55 - 1045880 _____ () C:\ProgramData\SPL8F64.tmp 2013-10-23 11:23 - 2013-10-23 11:23 - 0398916 _____ () C:\ProgramData\SPL8FDF.tmp 2010-10-30 09:15 - 2010-10-30 09:15 - 0469579 _____ () C:\ProgramData\SPL904E.tmp 2010-11-22 20:09 - 2010-11-22 20:09 - 4589280 _____ () C:\ProgramData\SPL906.tmp 2013-07-02 12:14 - 2013-07-02 12:14 - 0550374 _____ () C:\ProgramData\SPL91A4.tmp 2013-09-28 20:18 - 2013-09-28 20:18 - 0885144 _____ () C:\ProgramData\SPL91EC.tmp 2012-08-16 20:45 - 2012-08-16 20:45 - 0490643 _____ () C:\ProgramData\SPL933.tmp 2012-07-01 20:05 - 2012-07-01 20:05 - 0610757 _____ () C:\ProgramData\SPL9427.tmp 2013-07-13 21:56 - 2013-07-13 21:56 - 0939856 _____ () C:\ProgramData\SPL9453.tmp 2012-03-04 21:49 - 2012-03-04 21:49 - 0488512 _____ () C:\ProgramData\SPL95B9.tmp 2013-11-16 18:17 - 2013-11-16 18:17 - 0875195 _____ () C:\ProgramData\SPL95CA.tmp 2013-02-09 17:06 - 2013-02-09 17:06 - 0108475 _____ () C:\ProgramData\SPL966B.tmp 2012-04-11 16:00 - 2012-04-11 16:00 - 0489098 _____ () C:\ProgramData\SPL96B3.tmp 2014-03-15 23:21 - 2014-03-15 23:21 - 4626964 _____ () C:\ProgramData\SPL9A9A.tmp 2013-10-16 17:14 - 2013-10-16 17:14 - 1274158 _____ () C:\ProgramData\SPL9C.tmp 2013-10-05 15:12 - 2013-10-05 15:12 - 1455358 _____ () C:\ProgramData\SPL9E53.tmp 2013-07-28 07:41 - 2013-07-28 07:41 - 0210382 _____ () C:\ProgramData\SPL9EBF.tmp 2013-06-22 22:50 - 2013-06-22 22:50 - 0535490 _____ () C:\ProgramData\SPL9F0.tmp 2011-11-27 01:01 - 2011-11-27 01:01 - 1097248 _____ () C:\ProgramData\SPL9F2D.tmp 2013-06-22 23:20 - 2013-06-22 23:20 - 0482144 _____ () C:\ProgramData\SPL9F79.tmp 2013-11-30 17:19 - 2013-11-30 17:19 - 0873960 _____ () C:\ProgramData\SPLA19B.tmp 2013-09-24 10:07 - 2013-09-24 10:07 - 1455358 _____ () C:\ProgramData\SPLA20A.tmp 2013-08-24 12:00 - 2013-08-24 12:00 - 0216549 _____ () C:\ProgramData\SPLA2D5.tmp 2013-08-24 13:56 - 2013-08-24 13:56 - 0588422 _____ () C:\ProgramData\SPLA5B0.tmp 2013-07-13 18:09 - 2013-07-13 18:09 - 0229658 _____ () C:\ProgramData\SPLA6D9.tmp 2013-11-17 08:16 - 2013-11-17 08:16 - 0317992 _____ () C:\ProgramData\SPLA756.tmp 2014-01-26 00:52 - 2014-01-26 00:52 - 0272104 _____ () C:\ProgramData\SPLA89D.tmp 2013-03-02 18:49 - 2013-03-02 18:49 - 1150388 _____ () C:\ProgramData\SPLA9F6.tmp 2013-12-01 08:00 - 2013-12-01 08:00 - 0429288 _____ () C:\ProgramData\SPLAA62.tmp 2012-03-04 16:31 - 2012-03-04 16:31 - 0488512 _____ () C:\ProgramData\SPLAB9A.tmp 2013-11-03 07:35 - 2013-11-03 07:35 - 0040936 _____ () C:\ProgramData\SPLAC65.tmp 2013-02-09 23:15 - 2013-02-09 23:15 - 1226922 _____ () C:\ProgramData\SPLACD1.tmp 2014-03-01 20:14 - 2014-03-01 20:14 - 1198460 _____ () C:\ProgramData\SPLAD32.tmp 2012-03-10 22:14 - 2012-03-10 22:14 - 0178684 _____ () C:\ProgramData\SPLAD9C.tmp 2013-09-09 17:40 - 2013-09-09 17:40 - 0700571 _____ () C:\ProgramData\SPLAF03.tmp 2013-06-23 01:49 - 2013-06-23 01:49 - 0755028 _____ () C:\ProgramData\SPLB01E.tmp 2012-08-04 08:53 - 2012-08-04 08:53 - 0296411 _____ () C:\ProgramData\SPLB17.tmp 2012-08-16 21:29 - 2012-08-16 21:29 - 0754024 _____ () C:\ProgramData\SPLB18.tmp 2011-06-12 20:32 - 2011-06-12 20:32 - 0704881 _____ () C:\ProgramData\SPLB367.tmp 2013-12-14 22:11 - 2013-12-14 22:11 - 1054758 _____ () C:\ProgramData\SPLB4DE.tmp 2013-10-17 19:36 - 2013-10-17 19:36 - 9879332 _____ () C:\ProgramData\SPLB634.tmp 2011-05-06 22:03 - 2011-05-06 22:03 - 0286583 _____ () C:\ProgramData\SPLB663.tmp 2012-03-05 09:14 - 2012-03-05 09:14 - 0488512 _____ () C:\ProgramData\SPLB846.tmp 2012-03-04 20:42 - 2012-03-04 20:42 - 0488512 _____ () C:\ProgramData\SPLB930.tmp 2011-08-25 20:23 - 2011-08-25 20:23 - 0149731 _____ () C:\ProgramData\SPLB9AE.tmp 2013-09-18 22:00 - 2013-09-18 22:00 - 0480176 _____ () C:\ProgramData\SPLBB63.tmp 2013-12-01 07:33 - 2013-12-01 07:33 - 1991236 _____ () C:\ProgramData\SPLBC8A.tmp 2013-07-02 23:51 - 2013-07-02 23:51 - 1729600 _____ () C:\ProgramData\SPLBD08.tmp 2013-09-24 08:45 - 2013-09-24 08:45 - 0295697 _____ () C:\ProgramData\SPLBD76.tmp 2013-03-02 20:28 - 2013-03-02 20:28 - 0806082 _____ () C:\ProgramData\SPLBE30.tmp 2014-02-17 21:16 - 2014-02-17 21:16 - 1321408 _____ () C:\ProgramData\SPLBE9F.tmp 2013-12-22 02:13 - 2013-12-22 02:13 - 1152008 _____ () C:\ProgramData\SPLBF21.tmp 2012-08-14 17:35 - 2012-08-14 17:35 - 0490643 _____ () C:\ProgramData\SPLC11C.tmp 2014-05-10 20:41 - 2014-05-10 20:41 - 0435711 _____ () C:\ProgramData\SPLC13C.tmp 2013-02-17 21:58 - 2013-02-17 21:58 - 5200023 _____ () C:\ProgramData\SPLC40F.tmp 2013-10-17 20:51 - 2013-10-17 20:51 - 28736520 _____ () C:\ProgramData\SPLC438.tmp 2013-11-13 16:27 - 2013-11-13 16:27 - 4658920 _____ () C:\ProgramData\SPLC4B5.tmp 2012-08-03 22:35 - 2012-08-03 22:35 - 0245466 _____ () C:\ProgramData\SPLC8AC.tmp 2012-03-04 21:48 - 2012-03-04 21:48 - 0488512 _____ () C:\ProgramData\SPLC956.tmp 2012-08-14 21:37 - 2012-08-14 21:37 - 0490643 _____ () C:\ProgramData\SPLCA02.tmp 2012-04-11 20:30 - 2012-04-11 20:30 - 0489098 _____ () C:\ProgramData\SPLCB0B.tmp 2014-01-26 01:05 - 2014-01-26 01:05 - 0362236 _____ () C:\ProgramData\SPLCB59.tmp 2013-10-17 19:47 - 2013-10-17 19:47 - 15204866 _____ () C:\ProgramData\SPLCCC0.tmp 2013-11-09 21:56 - 2013-11-09 21:56 - 34391711 _____ () C:\ProgramData\SPLCD36.tmp 2012-04-09 20:14 - 2012-04-09 20:14 - 0489098 _____ () C:\ProgramData\SPLCDEA.tmp 2013-10-17 20:21 - 2013-10-17 20:21 - 15204866 _____ () C:\ProgramData\SPLCE27.tmp 2013-07-08 19:11 - 2013-07-08 19:11 - 2818514 _____ () C:\ProgramData\SPLCE28.tmp 2012-04-11 20:55 - 2012-04-11 20:55 - 0489098 _____ () C:\ProgramData\SPLCFBC.tmp 2014-06-08 17:46 - 2014-06-08 17:46 - 1099731 _____ () C:\ProgramData\SPLD03C.tmp 2012-07-15 08:30 - 2012-07-15 08:30 - 0319154 _____ () C:\ProgramData\SPLD104.tmp 2012-04-11 20:56 - 2012-04-11 20:56 - 0489098 _____ () C:\ProgramData\SPLD21D.tmp 2013-12-04 16:17 - 2013-12-04 16:17 - 3736936 _____ () C:\ProgramData\SPLD307.tmp 2014-04-21 18:34 - 2014-04-21 18:34 - 0830000 _____ () C:\ProgramData\SPLD364.tmp 2012-03-05 18:36 - 2012-03-05 18:36 - 0488512 _____ () C:\ProgramData\SPLD47D.tmp 2011-08-22 19:48 - 2011-08-22 19:48 - 1025010 _____ () C:\ProgramData\SPLD529.tmp 2013-11-30 22:16 - 2013-11-30 22:16 - 0536998 _____ () C:\ProgramData\SPLD539.tmp 2010-11-22 20:31 - 2010-11-22 20:31 - 4591944 _____ () C:\ProgramData\SPLD596.tmp 2011-08-30 12:04 - 2011-08-30 12:04 - 0793761 _____ () C:\ProgramData\SPLD72E.tmp 2013-07-24 14:47 - 2013-07-24 14:47 - 0274584 _____ () C:\ProgramData\SPLD73B.tmp 2013-06-28 20:15 - 2013-06-28 20:15 - 1566865 _____ () C:\ProgramData\SPLD7B8.tmp 2014-06-10 22:45 - 2014-06-10 22:45 - 4532444 _____ () C:\ProgramData\SPLD7EA.tmp 2013-08-04 23:05 - 2013-08-04 23:05 - 0129252 _____ () C:\ProgramData\SPLD835.tmp 2012-07-01 19:53 - 2012-07-01 19:53 - 0610757 _____ () C:\ProgramData\SPLD857.tmp 2013-02-09 20:21 - 2013-02-09 20:21 - 1115064 _____ () C:\ProgramData\SPLD9BE.tmp 2013-07-19 22:16 - 2013-07-19 22:16 - 1813185 _____ () C:\ProgramData\SPLDA.tmp 2013-12-01 08:21 - 2013-12-01 08:21 - 0230232 _____ () C:\ProgramData\SPLDB51.tmp 2014-02-22 17:53 - 2014-02-22 17:53 - 1203388 _____ () C:\ProgramData\SPLDB9E.tmp 2014-03-03 20:42 - 2014-03-03 20:42 - 0780967 _____ () C:\ProgramData\SPLDBEE.tmp 2013-10-17 17:56 - 2013-10-17 17:56 - 28736520 _____ () C:\ProgramData\SPLDCF5.tmp 2013-10-17 18:47 - 2013-10-17 18:47 - 28736520 _____ () C:\ProgramData\SPLDD24.tmp 2012-03-05 18:20 - 2012-03-05 18:20 - 0488512 _____ () C:\ProgramData\SPLDE7B.tmp 2013-10-17 21:34 - 2013-10-17 21:34 - 28736520 _____ () C:\ProgramData\SPLDFA4.tmp 2013-10-17 20:06 - 2013-10-17 20:06 - 15204866 _____ () C:\ProgramData\SPLDFC3.tmp 2012-04-11 20:42 - 2012-04-11 20:42 - 0489098 _____ () C:\ProgramData\SPLE0AD.tmp 2010-11-22 20:38 - 2010-11-22 20:38 - 4598532 _____ () C:\ProgramData\SPLE10B.tmp 2013-06-23 22:24 - 2013-06-23 22:24 - 0820416 _____ () C:\ProgramData\SPLE3D9.tmp 2012-08-14 21:40 - 2012-08-14 21:40 - 0490643 _____ () C:\ProgramData\SPLE6C5.tmp 2013-12-04 15:48 - 2013-12-04 15:48 - 1737076 _____ () C:\ProgramData\SPLE6F4.tmp 2013-09-27 21:34 - 2013-09-27 21:34 - 8068600 _____ () C:\ProgramData\SPLE790.tmp 2013-08-31 21:49 - 2013-08-31 21:49 - 0382473 _____ () C:\ProgramData\SPLE8C9.tmp 2013-08-17 21:57 - 2013-08-17 21:57 - 0336365 _____ () C:\ProgramData\SPLEB9A.tmp 2014-01-26 01:16 - 2014-01-26 01:16 - 0057740 _____ () C:\ProgramData\SPLEC51.tmp 2014-03-15 22:48 - 2014-03-15 22:48 - 1569273 _____ () C:\ProgramData\SPLED8A.tmp 2013-06-28 22:37 - 2013-06-28 22:37 - 2796974 _____ () C:\ProgramData\SPLEDBA.tmp 2011-11-19 10:08 - 2011-11-19 10:08 - 0219162 _____ () C:\ProgramData\SPLEEB1.tmp 2013-07-08 19:18 - 2013-07-08 19:18 - 2818514 _____ () C:\ProgramData\SPLEEB2.tmp 2013-10-16 21:27 - 2013-10-16 21:27 - 28736520 _____ () C:\ProgramData\SPLEF1E.tmp 2012-08-16 20:46 - 2012-08-16 20:46 - 0490643 _____ () C:\ProgramData\SPLF131.tmp 2013-10-16 22:10 - 2013-10-16 22:10 - 28736520 _____ () C:\ProgramData\SPLF132.tmp 2013-10-16 21:48 - 2013-10-16 21:48 - 28736520 _____ () C:\ProgramData\SPLF21B.tmp 2013-08-03 12:14 - 2013-08-03 12:14 - 6867756 _____ () C:\ProgramData\SPLF21C.tmp 2013-10-16 21:41 - 2013-10-16 21:41 - 28736520 _____ () C:\ProgramData\SPLF23A.tmp 2013-12-28 22:15 - 2013-12-28 22:15 - 3002070 _____ () C:\ProgramData\SPLF269.tmp 2013-10-16 21:55 - 2013-10-16 21:55 - 28736520 _____ () C:\ProgramData\SPLF314.tmp 2013-09-09 17:27 - 2013-09-09 17:27 - 0848173 _____ () C:\ProgramData\SPLF363.tmp 2013-11-10 08:01 - 2013-11-10 08:01 - 1678169 _____ () C:\ProgramData\SPLF3A2.tmp 2012-04-11 16:00 - 2012-04-11 16:00 - 0489098 _____ () C:\ProgramData\SPLF45C.tmp 2011-06-05 20:22 - 2011-06-05 20:22 - 1228811 _____ () C:\ProgramData\SPLF47B.tmp 2011-12-21 13:47 - 2011-12-21 13:47 - 0442326 _____ () C:\ProgramData\SPLF5E6.tmp 2012-03-05 18:24 - 2012-03-05 18:24 - 0488512 _____ () C:\ProgramData\SPLF640.tmp 2013-11-30 17:11 - 2013-11-30 17:11 - 0145072 _____ () C:\ProgramData\SPLF6EB.tmp 2013-09-28 11:21 - 2013-09-28 11:21 - 8057016 _____ () C:\ProgramData\SPLF759.tmp 2013-10-17 19:31 - 2013-10-17 19:31 - 0217590 _____ () C:\ProgramData\SPLF8FE.tmp 2013-07-21 18:27 - 2013-07-21 18:27 - 0632483 _____ () C:\ProgramData\SPLF94C.tmp 2014-02-08 21:10 - 2014-02-08 21:10 - 0433004 _____ () C:\ProgramData\SPLFAC2.tmp 2013-11-17 15:22 - 2013-11-17 15:22 - 0429408 _____ () C:\ProgramData\SPLFB4F.tmp 2013-12-08 22:00 - 2013-12-08 22:00 - 1746516 _____ () C:\ProgramData\SPLFB50.tmp 2014-03-01 23:31 - 2014-03-01 23:31 - 0092780 _____ () C:\ProgramData\SPLFB9D.tmp 2013-09-28 10:07 - 2013-09-28 10:07 - 1953564 _____ () C:\ProgramData\SPLFBAD.tmp 2012-08-14 17:34 - 2012-08-14 17:34 - 0490643 _____ () C:\ProgramData\SPLFBEA.tmp 2013-06-25 13:53 - 2013-06-25 13:53 - 0476859 _____ () C:\ProgramData\SPLFBEB.tmp 2013-07-20 22:17 - 2013-07-20 22:17 - 0815602 _____ () C:\ProgramData\SPLFC0B.tmp 2014-03-30 00:31 - 2014-03-30 00:31 - 5837816 _____ () C:\ProgramData\SPLFCD.tmp 2013-07-17 23:37 - 2013-07-17 23:37 - 0404752 _____ () C:\ProgramData\SPLFDCF.tmp 2013-11-24 01:49 - 2013-11-24 01:49 - 0942290 _____ () C:\ProgramData\SPLFDE3.tmp 2010-10-28 20:17 - 2010-10-28 20:17 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt 2010-06-15 14:26 - 2010-06-15 14:26 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log 2010-04-27 14:02 - 2010-04-27 14:03 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log 2010-06-15 14:25 - 2010-06-15 14:25 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log 2010-04-27 13:57 - 2010-04-27 13:58 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log 2010-06-15 14:25 - 2010-06-15 14:25 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log 2010-06-15 14:25 - 2010-06-15 14:25 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log 2010-04-27 13:57 - 2010-04-27 13:57 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log 2010-04-27 13:58 - 2010-04-27 14:02 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log 2010-06-15 14:26 - 2010-06-15 14:26 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log Some content of TEMP: ==================== C:\Users\Alice\AppData\Local\Temp\Quarantine.exe C:\Users\Alice\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-07 13:01 ==================== End Of Log ============================
  9. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-02-2015 Ran by Alice (administrator) on ROCKHOUSE on 14-02-2015 17:55:56 Running from C:\Users\Alice\Desktop Loaded Profiles: Alice (Available profiles: Alice) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 8 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe (Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe ( ) C:\Windows\System32\lxebcoms.exe (iWin Inc.) C:\Users\Alice\New folder\Pogo Games\PGMTrusted.exe () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe () C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe () C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATILBE.EXE (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe (Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe () C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1808168 2009-06-18] (Synaptics Incorporated) HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [495104 2009-07-14] (Conexant Systems, Inc.) HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Java\jre6\bin\jusched.exe [171520 2010-04-27] (Sun Microsystems, Inc.) HKLM\...\Run: [lxebmon.exe] => C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe [766632 2009-10-01] () HKLM\...\Run: [EzPrint] => C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe [139944 2009-10-01] () HKLM\...\Run: [intelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2327952 2010-07-21] (Microsoft Corporation) HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [323640 2009-11-24] ( Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [248552 2010-05-14] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1057920 2012-07-31] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [LTCM Client] => C:\Program Files (x86)\LTCM Client\ltcmClient.exe [2756864 2011-04-07] (Leader Technologies Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-02-10] (AVAST Software) HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2015-02-03] (Hewlett-Packard) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-271003834-3499182727-1806203241-1000\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard) HKU\S-1-5-21-271003834-3499182727-1806203241-1000\...\Run: [AROReminder] => C:\Program Files (x86)\Advanced Registry Optimizer\ARO.exe [2215944 2010-10-18] (Sammsoft) HKU\S-1-5-21-271003834-3499182727-1806203241-1000\...\Run: [OutfoxTV] => C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe HKU\S-1-5-21-271003834-3499182727-1806203241-1000\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILBE.EXE [297024 2013-01-24] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-271003834-3499182727-1806203241-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd) HKU\S-1-5-21-271003834-3499182727-1806203241-1000\...\RunOnce: [Adobe Speed Launcher] => 1423956804 HKU\S-1-5-18\...\RunOnce: [sPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-03-19] (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
  10. hmmm for some reason it won't let me upload any more files. I can't copy and paste it either because it was too long.
  11. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.4.2 (02.02.2015:1) OS: Windows 7 Home Premium x64 Ran by Alice on Fri 02/13/2015 at 16:19:14.84 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\dw7 Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\AboutURLs\\Tabs ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Toolbar.CT1678857 Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Toolbar.CT3292715 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT1678857 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3292715 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\HPSF_Tasks_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\HPSF_Tasks_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\msntask_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\msntask_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mconduitinstaller_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mconduitinstaller_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\HPSF_Tasks_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\HPSF_Tasks_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\msntask_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\msntask_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\mconduitinstaller_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\mconduitinstaller_RASMANCS Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip" Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6449CA8A-DD60-428A-8283-739CA7499564} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8FFEEC8F-E290-4F8D-9B45-445114E75B58} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{8FFEEC8F-E290-4F8D-9B45-445114E75B58} Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} ~~~ Files Successfully deleted: [File] "C:\Users\Alice\desktop\live pc help.lnk" ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\conduit" Failed to delete: [Folder] "C:\Users\Alice\AppData\Roaming\iwin" Successfully deleted: [Folder] "C:\Users\Alice\appdata\local\conduit" Failed to delete: [Folder] "C:\Users\Alice\appdata\locallow\conduit" Successfully deleted: [Folder] "C:\Program Files (x86)\conduit" ~~~ FireFox Emptied folder: C:\Users\Alice\AppData\Roaming\mozilla\firefox\profiles\fw3rjnrv.default\minidumps [144 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Fri 02/13/2015 at 16:29:37.74 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v4.110 - Logfile created 13/02/2015 at 17:07:28 # Updated 05/02/2015 by Xplode # Database : 2015-02-13.1 [server] # Operating system : Windows 7 Home Premium Service Pack 1 (x64) # Username : Alice - ROCKHOUSE # Running from : C:\Users\Alice\Desktop\AdwCleaner.exe # Option : Cleaning ***** [ Services ] ***** [#] Service Deleted : AVG Security Toolbar Service ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\AVG Security Toolbar Folder Deleted : C:\Windows\SysWOW64\SearchProtect Folder Deleted : C:\Users\Alice\AppData\LocalLow\AVG Security Toolbar Folder Deleted : C:\Users\Alice\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Alice\AppData\LocalLow\HPAppData Folder Deleted : C:\Users\Alice\AppData\Roaming\iWin File Deleted : C:\END File Deleted : C:\Users\Public\Desktop\eBay.lnk File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk ***** [ Scheduled tasks ] ***** Task Deleted : BackgroundContainer Startup Task Task Deleted : RunAsStdUser Task ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1 Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8FFEEC8F-E290-4F8D-9B45-445114E75B58} Key Deleted : HKCU\Software\AVG Security Toolbar Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\YahooPartnerToolbar Key Deleted : HKCU\Software\AppDataLow\Software\AVG Security Toolbar Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKLM\SOFTWARE\Conduit Key Deleted : HKLM\SOFTWARE\PIP ***** [ Web browsers ] ***** -\\ Internet Explorer v8.0.7601.18715 -\\ Mozilla Firefox v30.0 (en-US) ************************* AdwCleaner[R0].txt - [4146 bytes] - [13/02/2015 17:03:34] AdwCleaner[s0].txt - [4003 bytes] - [13/02/2015 17:07:28] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [4062 bytes] ##########
  12. this is the only file it gave me I don't understand...shouldn't there be more to this if malware program found 100 or more bad critters in my system? Malwarebytes Anti-Malwarewww.malwarebytes.org Update, 2/11/2015 9:53:36 PM, SYSTEM, ROCKHOUSE, Manual, Malware Database, 2015.2.10.11, 2015.2.12.1, Scan, 2/11/2015 10:53:14 PM, SYSTEM, ROCKHOUSE, Manual, Start:2/11/2015 9:55:08 PM, Duration:56 min 2 sec, Threat Scan, Completed, 0 Malware Detections, 193 Non-Malware Detections, (end)
  13. My mom's computer is super slow.I tried to copy and paste log, but it said it was too long. So they are both attached. Computer is super slow. I can barely play any facebook games on it. Thanks for any help you can provide Chrissy FRST.txt Addition.txt
  14. Results of screen317's Security Check version 0.99.88 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 [b][u]``````````````Antivirus/Firewall Check:``````````````[/b] Windows Firewall Enabled! avast! Antivirus Antivirus up to date! [b][u]`````````Anti-malware/Other Utilities Check:`````````[/b] Java 7 Update 67 Java SE Development Kit 7 Update 60 Google Chrome 37.0.2062.120 Google Chrome 37.0.2062.124 [b][u]````````Process Check: objlist.exe by Laurent````````[/b] AVAST Software Avast AvastSvc.exe AVAST Software Avast avastui.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 6% ````````````````````End of Log``````````````````````
  15. it looks really good. No results were found and my avast is running and malware bytes is running. What do I do to remove all this stuff from my desktop?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.