Jump to content
Due to inclement weather in Southwest Florida, our Clearwater support team is offline. Our other offices are available to assist you, however their responses may be delayed. We appreciate your patience and understanding during this time. ×

Trojan.Agent.Trace help!


Recommended Posts

Hi guys,

Foudn a Torjan.Agent.Trace on my PC and I'm not sure if it's fully gone. Original log below:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 10/03/2016
Scan Time: 19:21
Logfile: trojam.txt
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2016.03.09.05
Rootkit Database: v2016.02.27.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Cam
 
Scan Type: Hyper Scan
Result: Completed
Objects Scanned: 280086
Time Elapsed: 2 min, 15 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Disabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 1
Trojan.Agent.Trace, C:\Users\Cam\Desktop\.url, Quarantined, [5168f194c1d8a5919cf00f2efc086f91], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
 
I then quarantined it, and ran a new scan, log below:
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 10/03/2016
Scan Time: 19:36
Logfile: traojam2.txt
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2016.03.10.05
Rootkit Database: v2016.02.27.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Cam
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 363534
Time Elapsed: 17 min, 3 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
Link to post
Share on other sites

I followed the 

I'm infected - What do I do now?

Post and downloaded Farbar - logs below:

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Cam (administrator) on CAM-PC (10-03-2016 20:30:41)
Running from C:\Users\Cam\Desktop
Loaded Profiles: Cam (Available Profiles: Cam)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Malwarebytes) D:\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) D:\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\Pingzapper\PZService.exe
(Razer Inc.) C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Malwarebytes) D:\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
() C:\Users\Cam\AppData\Local\Amazon Music\Amazon Music Helper.exe
(AAA Internet Publishing, Inc.) D:\WTFast\WTFast.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.292\SSScheduler.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(uWebb Software) D:\RealTemp_370\RealTempGT.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [438784 2010-12-17] ()
HKLM-x32\...\Run: [RzWizard] => C:\Program Files (x86)\Razer\RzWizard\RzWizard.exe
HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-13] (Adobe Systems Incorporated)
HKU\S-1-5-21-2328723661-2757072449-2482796673-1001\...\Run: [Facebook Update] => "C:\Users\Cam\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
HKU\S-1-5-21-2328723661-2757072449-2482796673-1001\...\Run: [EADM] => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
HKU\S-1-5-21-2328723661-2757072449-2482796673-1001\...\Run: [EpicScale] => 0
HKU\S-1-5-21-2328723661-2757072449-2482796673-1001\...\Run: [steam] => D:\Steam\steam.exe [3013712 2015-12-14] (Valve Corporation)
HKU\S-1-5-21-2328723661-2757072449-2482796673-1001\...\Run: [Amazon Music] => C:\Users\Cam\AppData\Local\Amazon Music\Amazon Music Helper.exe [5907944 2016-03-04] ()
HKU\S-1-5-21-2328723661-2757072449-2482796673-1001\...\Run: [WTFast Tray] => D:\WTFast\WTFast.exe [7381000 2016-02-23] (AAA Internet Publishing, Inc.)
HKU\S-1-5-21-2328723661-2757072449-2482796673-1001\...\MountPoints2: {7c5f3ec8-0c8f-11e3-8e67-806e6f6e6963} - E:\Setup.exe
HKU\S-1-5-21-2328723661-2757072449-2482796673-1001\...\MountPoints2: {be5c9887-82b3-11e5-b0e9-20cf303e5b15} - K:\DTLplus_Launcher.exe
HKU\S-1-5-21-2328723661-2757072449-2482796673-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [sPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-08-24] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-02-20]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.292\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk [2014-10-31]
ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}\Icon09DB8A851.exe ()
Startup: C:\Users\Cam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-03-10]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{56208167-CE58-4540-B178-A0F12991CAC2}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKU\S-1-5-21-2328723661-2757072449-2482796673-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://uk.msn.com/?rd=1&ucc=GB&dcc=GB&opt=0&ocid=iehp
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-02-05] (Microsoft Corporation)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-10-25] (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-21] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-02-09] (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-10-25] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://akamaicdn.webex.com/client/WBXclient-T30L10NSP1-10038/support/ieatgpc1.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-04] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-04] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - D:\Office15\MSOSB.DLL [2015-08-12] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-04] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-04] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-10-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-10-25] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-08-24] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-02-04] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-12-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2328723661-2757072449-2482796673-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Cam\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Users\Cam\AppData\Roaming\mozilla\plugins\npatgpc.dll [2015-09-28] (Cisco WebEx LLC)
 
Chrome: 
=======
CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll => No File
CHR Profile: C:\Users\Cam\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Rapport) - C:\Users\Cam\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2016-02-09]
CHR Extension: (Bing) - C:\Users\Cam\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2015-07-03]
CHR Extension: (Free Visio Viewer (Mac, Windows, Linux)) - C:\Users\Cam\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcpmofnlkemfkhgngcdppgbhncoflmpe [2016-02-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Cam\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25]
CHR HKU\S-1-5-21-2328723661-2757072449-2482796673-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2328723661-2757072449-2482796673-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2804976 2016-02-04] (Microsoft Corporation)
R2 MBAMScheduler; D:\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; D:\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.292\McCHSvc.exe [293128 2016-02-05] (McAfee, Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3916368 2016-01-09] (INCA Internet Co., Ltd.)
R2 PingzapperSvc; C:\Program Files (x86)\Pingzapper\PZService.exe [679424 2012-06-11] () [File not signed]
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2266160 2016-03-03] (IBM Corp.)
R2 RzWizardService; C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe [368128 2015-02-17] (Razer Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-03-10] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
R1 RapportCerberus_1507082; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1507082.sys [972896 2016-03-07] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [514336 2016-03-03] (IBM Corp.)
R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [152320 2016-03-03] (IBM Corp.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [407168 2016-03-03] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [507424 2016-03-03] (IBM Corp.)
R3 WinRing0_1_2_0; D:\RealTemp_370\WinRing0x64.sys [14544 2016-01-07] (OpenLibSys.org)
R2 WtfEngineDrv; C:\Windows\System32\DRIVERS\WtfEngineDrv.sys [27392 2016-02-01] (AAA Internet Publishing, Inc.)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-10 20:30 - 2016-03-10 20:30 - 00017164 _____ C:\Users\Cam\Desktop\FRST.txt
2016-03-10 20:30 - 2016-03-10 20:30 - 00000000 ____D C:\FRST
2016-03-10 20:28 - 2016-03-10 20:29 - 02374144 _____ (Farbar) C:\Users\Cam\Desktop\FRST64.exe
2016-03-10 20:20 - 2016-03-10 20:21 - 01309184 _____ C:\Users\Cam\Desktop\zoek.exe
2016-03-10 19:58 - 2016-03-10 19:58 - 00001053 _____ C:\traojam2.txt
2016-03-10 19:51 - 2016-03-10 19:51 - 00001116 _____ C:\trojam.txt
2016-03-10 17:27 - 2016-03-10 17:27 - 02163981 _____ C:\Users\Cam\Downloads\Consumer Portal Mark-up CBCG V2 120216 (2).pptx
2016-03-10 13:33 - 2016-03-10 13:33 - 00053804 _____ C:\Users\Cam\Downloads\The late Joyce Daphne Munro - Deed of Variation.zip
2016-03-10 12:11 - 2016-03-10 12:11 - 00026409 _____ C:\Users\Cam\Downloads\Chris Lawrence employment reference 10th March 16.pdf
2016-03-10 11:26 - 2016-03-10 11:26 - 00000000 ____D C:\Windows\rescache
2016-03-10 07:03 - 2016-03-10 07:03 - 00151600 _____ C:\Users\Cam\Downloads\Email and SMS Metro January 2015 (2).xlsx
2016-03-10 05:33 - 2016-03-10 13:33 - 00101050 _____ C:\Users\Cam\Downloads\DOV 10 mar 16.pdf
2016-03-09 18:20 - 2016-02-12 18:52 - 03169792 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-03-09 18:20 - 2016-02-12 18:52 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-03-09 18:20 - 2016-02-12 18:52 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-03-09 18:20 - 2016-02-12 18:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-03-09 18:20 - 2016-02-12 18:39 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-03-09 18:20 - 2016-02-12 18:22 - 02610688 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-03-09 18:20 - 2016-02-12 18:19 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-03-09 18:20 - 2016-02-12 18:18 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-03-09 18:20 - 2016-02-12 18:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-03-09 18:20 - 2016-02-12 18:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-03-09 18:20 - 2016-02-12 18:18 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-03-09 18:20 - 2016-02-12 18:18 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-03-09 18:20 - 2016-02-12 18:06 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-03-09 18:20 - 2016-02-12 18:05 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-03-09 18:20 - 2016-02-12 18:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-03-09 18:20 - 2016-02-12 18:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-03-09 18:20 - 2016-02-09 06:53 - 00387792 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-03-09 18:20 - 2016-02-09 06:10 - 00341200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-03-09 18:20 - 2016-02-08 21:05 - 20352512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-03-09 18:20 - 2016-02-08 20:51 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-03-09 18:20 - 2016-02-08 20:39 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-03-09 18:20 - 2016-02-08 20:39 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-03-09 18:20 - 2016-02-08 20:38 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-03-09 18:20 - 2016-02-08 20:38 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-03-09 18:20 - 2016-02-08 20:37 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-03-09 18:20 - 2016-02-08 20:34 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-03-09 18:20 - 2016-02-08 20:32 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-03-09 18:20 - 2016-02-08 20:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-03-09 18:20 - 2016-02-08 20:30 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-03-09 18:20 - 2016-02-08 20:28 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-03-09 18:20 - 2016-02-08 20:28 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-03-09 18:20 - 2016-02-08 20:28 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-03-09 18:20 - 2016-02-08 20:20 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-03-09 18:20 - 2016-02-08 20:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-03-09 18:20 - 2016-02-08 20:15 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-03-09 18:20 - 2016-02-08 20:13 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-03-09 18:20 - 2016-02-08 20:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-03-09 18:20 - 2016-02-08 20:11 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-03-09 18:20 - 2016-02-08 20:10 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-03-09 18:20 - 2016-02-08 20:10 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-03-09 18:20 - 2016-02-08 20:03 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-03-09 18:20 - 2016-02-08 20:02 - 13012480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-03-09 18:20 - 2016-02-08 20:02 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-03-09 18:20 - 2016-02-08 20:01 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-03-09 18:20 - 2016-02-08 20:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-03-09 18:20 - 2016-02-08 19:43 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-03-09 18:20 - 2016-02-08 19:39 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-03-09 18:20 - 2016-02-08 19:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-03-09 18:20 - 2016-02-08 18:41 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-03-09 18:20 - 2016-02-08 18:41 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-03-09 18:20 - 2016-02-08 18:27 - 02887680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-03-09 18:20 - 2016-02-08 18:27 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-03-09 18:20 - 2016-02-08 18:26 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-03-09 18:20 - 2016-02-08 18:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-03-09 18:20 - 2016-02-08 18:26 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-03-09 18:20 - 2016-02-08 18:19 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-03-09 18:20 - 2016-02-08 18:18 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-03-09 18:20 - 2016-02-08 18:16 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-03-09 18:20 - 2016-02-08 18:15 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-03-09 18:20 - 2016-02-08 18:14 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-03-09 18:20 - 2016-02-08 18:14 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-03-09 18:20 - 2016-02-08 18:13 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-03-09 18:20 - 2016-02-08 18:13 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-03-09 18:20 - 2016-02-08 18:06 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-03-09 18:20 - 2016-02-08 18:03 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-03-09 18:20 - 2016-02-08 17:55 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-03-09 18:20 - 2016-02-08 17:54 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-03-09 18:20 - 2016-02-08 17:51 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-03-09 18:20 - 2016-02-08 17:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-03-09 18:20 - 2016-02-08 17:47 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-03-09 18:20 - 2016-02-08 17:37 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-03-09 18:20 - 2016-02-08 17:35 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-03-09 18:20 - 2016-02-08 17:34 - 00798720 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-03-09 18:20 - 2016-02-08 17:33 - 14613504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-03-09 18:20 - 2016-02-08 17:33 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-03-09 18:20 - 2016-02-08 17:33 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-03-09 18:20 - 2016-02-08 17:19 - 02597376 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-03-09 18:20 - 2016-02-08 17:07 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-03-09 18:20 - 2016-02-08 16:55 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-03-09 18:20 - 2016-02-04 17:52 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-03-09 18:20 - 2016-02-03 18:58 - 00862208 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-03-09 18:20 - 2016-02-03 18:52 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-03-09 18:20 - 2016-02-03 18:49 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-03-09 18:20 - 2016-02-03 18:43 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-03-09 18:20 - 2016-02-03 18:07 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2016-03-09 18:20 - 2016-01-11 19:11 - 01684416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2016-03-09 18:20 - 2015-11-19 14:07 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-03-09 18:20 - 2015-11-19 14:07 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-03-09 18:20 - 2015-11-19 14:07 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-03-09 18:20 - 2015-11-19 14:07 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-03-09 18:20 - 2015-11-19 14:07 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-03-09 18:20 - 2015-11-19 14:07 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-03-09 18:20 - 2015-11-19 14:07 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-03-09 18:20 - 2015-11-19 14:07 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-03-09 18:20 - 2015-11-19 14:07 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-03-09 18:20 - 2015-11-19 14:07 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-03-09 18:20 - 2015-11-19 14:07 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-03-09 18:20 - 2015-11-19 14:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-03-09 18:20 - 2015-11-19 14:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-03-09 18:20 - 2015-11-19 14:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-03-09 18:20 - 2015-11-19 14:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-03-09 18:20 - 2015-11-19 14:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-03-09 18:20 - 2015-11-19 14:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-03-09 18:20 - 2015-11-19 14:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-03-09 18:20 - 2015-11-19 14:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-03-09 18:20 - 2015-11-19 14:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-03-09 18:20 - 2015-11-19 14:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-03-09 18:20 - 2015-11-19 14:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-03-09 18:20 - 2015-11-19 14:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2016-03-09 18:20 - 2015-11-19 14:06 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2016-03-09 18:20 - 2015-11-19 14:06 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-03-09 18:20 - 2015-11-19 14:06 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-03-09 18:20 - 2015-11-19 14:06 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-03-09 18:20 - 2015-11-19 14:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-03-09 18:20 - 2015-11-19 14:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-03-09 18:20 - 2015-11-19 14:06 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-03-09 18:20 - 2015-11-19 14:06 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-03-09 18:20 - 2015-11-19 14:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-03-09 18:20 - 2015-11-19 14:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2016-03-09 18:20 - 2015-11-19 14:06 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-03-09 18:20 - 2015-11-19 14:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-03-09 18:20 - 2015-11-19 14:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-03-09 18:20 - 2015-11-19 14:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-03-09 18:20 - 2015-11-19 14:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-03-09 18:20 - 2015-11-19 14:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-03-09 18:20 - 2015-11-19 14:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-03-09 18:20 - 2015-11-19 14:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2016-03-09 18:20 - 2015-11-19 14:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2016-03-09 18:20 - 2015-11-19 14:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2016-03-09 18:20 - 2015-11-19 14:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2016-03-09 18:20 - 2015-11-19 14:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2016-03-09 18:20 - 2015-11-19 14:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2016-03-09 18:19 - 2016-02-11 18:56 - 05572032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-03-09 18:19 - 2016-02-11 18:56 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-03-09 18:19 - 2016-02-11 18:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-03-09 18:19 - 2016-02-11 18:52 - 01733592 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-03-09 18:19 - 2016-02-11 18:49 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-03-09 18:19 - 2016-02-11 18:49 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-03-09 18:19 - 2016-02-11 18:49 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-03-09 18:19 - 2016-02-11 18:49 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-03-09 18:19 - 2016-02-11 18:49 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-03-09 18:19 - 2016-02-11 18:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-03-09 18:19 - 2016-02-11 18:49 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-03-09 18:19 - 2016-02-11 18:49 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-03-09 18:19 - 2016-02-11 18:48 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-03-09 18:19 - 2016-02-11 18:48 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-03-09 18:19 - 2016-02-11 18:48 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-03-09 18:19 - 2016-02-11 18:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-03-09 18:19 - 2016-02-11 18:48 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-03-09 18:19 - 2016-02-11 18:47 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-03-09 18:19 - 2016-02-11 18:45 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-03-09 18:19 - 2016-02-11 18:45 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-03-09 18:19 - 2016-02-11 18:45 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-03-09 18:19 - 2016-02-11 18:45 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-03-09 18:19 - 2016-02-11 18:44 - 03994560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-03-09 18:19 - 2016-02-11 18:44 - 03938240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-03-09 18:19 - 2016-02-11 18:44 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-03-09 18:19 - 2016-02-11 18:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-03-09 18:19 - 2016-02-11 18:44 - 00730112 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-03-09 18:19 - 2016-02-11 18:44 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-03-09 18:19 - 2016-02-11 18:42 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-03-09 18:19 - 2016-02-11 18:42 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-03-09 18:19 - 2016-02-11 18:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-03-09 18:19 - 2016-02-11 18:41 - 01314328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-03-09 18:19 - 2016-02-11 18:41 - 00880128 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-03-09 18:19 - 2016-02-11 18:41 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-03-09 18:19 - 2016-02-11 18:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-03-09 18:19 - 2016-02-11 18:41 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:41 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:41 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:41 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:38 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-03-09 18:19 - 2016-02-11 18:38 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-03-09 18:19 - 2016-02-11 18:38 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-03-09 18:19 - 2016-02-11 18:38 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-03-09 18:19 - 2016-02-11 18:38 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-03-09 18:19 - 2016-02-11 18:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-03-09 18:19 - 2016-02-11 18:38 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-03-09 18:19 - 2016-02-11 18:37 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-03-09 18:19 - 2016-02-11 18:37 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-03-09 18:19 - 2016-02-11 18:37 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-03-09 18:19 - 2016-02-11 18:35 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-03-09 18:19 - 2016-02-11 18:35 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-03-09 18:19 - 2016-02-11 18:35 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-03-09 18:19 - 2016-02-11 18:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-03-09 18:19 - 2016-02-11 18:33 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-03-09 18:19 - 2016-02-11 18:31 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-03-09 18:19 - 2016-02-11 18:30 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-03-09 18:19 - 2016-02-11 18:30 - 00642560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-03-09 18:19 - 2016-02-11 18:30 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-03-09 18:19 - 2016-02-11 18:30 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 17:48 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-03-09 18:19 - 2016-02-11 17:43 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-03-09 18:19 - 2016-02-11 17:41 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-03-09 18:19 - 2016-02-11 17:40 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-03-09 18:19 - 2016-02-11 17:34 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-03-09 18:19 - 2016-02-11 17:34 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-03-09 18:19 - 2016-02-11 17:33 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-03-09 18:19 - 2016-02-11 17:32 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-03-09 18:19 - 2016-02-11 17:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-03-09 18:19 - 2016-02-11 17:32 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-03-09 18:19 - 2016-02-11 17:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-03-09 18:19 - 2016-02-11 17:32 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-03-09 18:19 - 2016-02-11 17:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-03-09 18:19 - 2016-02-11 17:31 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-03-09 18:19 - 2016-02-11 17:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 17:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 17:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 17:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-03-09 18:19 - 2016-02-08 20:05 - 25816576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-03-09 18:19 - 2016-02-08 18:26 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-03-09 18:19 - 2016-02-08 17:52 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-03-09 18:18 - 2016-02-19 19:02 - 00038336 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-03-09 18:18 - 2016-02-19 18:54 - 01168896 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-03-09 18:18 - 2016-02-19 14:07 - 01373184 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-03-09 18:18 - 2016-02-11 14:07 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-03-09 18:18 - 2016-02-09 09:57 - 14634496 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-03-09 18:18 - 2016-02-09 09:57 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-03-09 18:18 - 2016-02-09 09:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2016-03-09 18:18 - 2016-02-09 09:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2016-03-09 18:18 - 2016-02-09 09:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
2016-03-09 18:18 - 2016-02-09 09:54 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2016-03-09 18:18 - 2016-02-09 09:51 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2016-03-09 18:18 - 2016-02-09 09:51 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-03-09 18:18 - 2016-02-09 09:13 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2016-03-09 18:18 - 2016-02-09 09:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2016-03-09 18:18 - 2016-02-09 09:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2016-03-09 18:18 - 2016-02-05 18:54 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-03-09 18:18 - 2016-02-05 18:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-03-09 18:18 - 2016-02-05 18:53 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-03-09 18:18 - 2016-02-05 18:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-03-09 18:18 - 2016-02-05 18:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-03-09 18:18 - 2016-02-05 18:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-03-09 18:18 - 2016-02-05 18:42 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-03-09 18:18 - 2016-02-05 17:48 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-03-09 18:18 - 2016-02-05 17:43 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-03-09 18:18 - 2016-02-05 17:43 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-03-09 18:18 - 2016-02-05 14:07 - 00696832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-03-09 18:18 - 2016-02-05 14:07 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-03-09 18:18 - 2016-02-05 14:07 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-03-09 18:18 - 2016-02-05 01:19 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2016-03-09 18:18 - 2016-02-04 18:41 - 00296448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2016-03-08 17:03 - 2016-03-08 17:07 - 00000000 ____D C:\Program Files (x86)\TweakBit
2016-03-08 17:03 - 2016-03-08 17:03 - 00000000 ____D C:\ProgramData\TweakBit
2016-03-08 17:03 - 2016-03-08 17:03 - 00000000 ____D C:\ProgramData\BSD
2016-03-08 17:02 - 2016-03-08 17:02 - 00241896 _____ (TweakBit) C:\Users\Cam\Downloads\internet-optimizer-setup.exe
2016-03-07 08:07 - 2016-03-07 08:07 - 00016501 _____ C:\Users\Cam\Downloads\Metro Consumer Review BAMM Retest 04032016 (1).xlsx
2016-03-07 08:06 - 2016-03-07 08:06 - 00016501 _____ C:\Users\Cam\Downloads\Metro Consumer Review BAMM Retest 04032016.xlsx
2016-03-07 08:04 - 2016-03-07 08:04 - 02163981 _____ C:\Users\Cam\Downloads\Consumer Portal Mark-up CBCG V2 120216 (1).pptx
2016-03-04 10:35 - 2016-03-04 10:35 - 00000397 _____ C:\Users\Cam\Desktop\ST.txt
2016-03-04 09:21 - 2016-03-04 09:21 - 00895137 _____ C:\Users\Cam\Downloads\BAMMTest_STB NDA 1.pdf
2016-03-03 11:52 - 2016-03-03 11:52 - 00000172 _____ C:\Users\Cam\Downloads\Metro march quote.txt
2016-03-02 10:54 - 2016-03-02 10:54 - 00041162 _____ C:\Users\Cam\Downloads\Client DIP Script.xlsx
2016-03-02 10:54 - 2016-03-02 10:54 - 00030296 _____ C:\Users\Cam\Downloads\Client FMA Script.xlsx
2016-03-02 10:53 - 2016-03-02 10:55 - 00302566 _____ C:\Users\Cam\Downloads\Summary.xlsx
2016-03-02 10:53 - 2016-03-02 10:53 - 00337670 _____ C:\Users\Cam\Downloads\Client Summary (2).xlsx
2016-03-02 10:52 - 2016-03-02 10:52 - 00335301 _____ C:\Users\Cam\Downloads\Client Summary.xlsx
2016-03-02 10:52 - 2016-03-02 10:52 - 00335301 _____ C:\Users\Cam\Downloads\Client Summary (1).xlsx
2016-03-02 10:51 - 2016-03-02 10:51 - 00038635 _____ C:\Users\Cam\Downloads\Client Intermediary TS.xlsx
2016-03-02 10:51 - 2016-03-02 10:51 - 00012768 _____ C:\Users\Cam\Downloads\Client Task Script.xlsx
2016-03-02 10:51 - 2016-03-02 10:51 - 00012768 _____ C:\Users\Cam\Downloads\Client Task Script (1).xlsx
2016-03-01 22:49 - 2016-03-01 22:50 - 25866616 _____ (Initex & AAA Internet Publishing ) C:\Users\Cam\Downloads\WTFastSetup.4.0.7.692.exe
2016-03-01 22:25 - 2016-03-01 22:25 - 00026583 _____ C:\Users\Cam\Desktop\idc_debug_log.txt
2016-03-01 14:12 - 2016-03-01 14:12 - 00382012 _____ C:\Users\Cam\Downloads\Mortgage BTL rates - existing customers - 1217 OF S3324 - 03.16  v2 (2).pdf
2016-02-29 16:19 - 2016-02-29 16:19 - 00218637 _____ C:\Users\Cam\Downloads\cv a browne (1).pdf
2016-02-28 01:04 - 2016-02-28 01:04 - 00000022 _____ C:\Windows\cmm.dat
2016-02-28 01:03 - 2016-02-28 01:19 - 00003508 _____ C:\Windows\System32\Tasks\Clean System Memory
2016-02-28 01:03 - 2016-02-28 01:05 - 03348185 _____ C:\Users\Cam\Downloads\cleanmem_setup (2).exe
2016-02-28 01:03 - 2016-02-28 01:03 - 00000000 ____D C:\Windows\CleanMem
2016-02-28 01:03 - 2016-02-28 01:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CleanMem
2016-02-28 01:02 - 2016-02-28 01:05 - 03348185 _____ C:\Users\Cam\Downloads\cleanmem_setup (1).exe
2016-02-28 01:02 - 2016-02-28 01:03 - 00014523 _____ C:\Windows\CleanMem Setup Log.txt
2016-02-28 01:00 - 2016-02-28 01:02 - 03348185 _____ C:\Users\Cam\Downloads\cleanmem_setup.exe
2016-02-28 00:37 - 2016-02-28 00:37 - 00054015 _____ C:\Users\Cam\Downloads\51008673.htm
2016-02-27 17:20 - 2016-02-27 17:20 - 00037785 _____ C:\Users\Cam\Downloads\signin.htm
2016-02-26 13:35 - 2016-02-26 13:35 - 00001117 _____ C:\Users\Public\Desktop\XSplit Broadcaster.lnk
2016-02-26 13:35 - 2016-02-26 13:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit
2016-02-26 13:31 - 2016-02-26 13:31 - 00000000 ____D C:\ProgramData\SplitMediaLabs
2016-02-26 13:26 - 2016-02-26 13:26 - 00382012 _____ C:\Users\Cam\Downloads\Mortgage BTL rates - existing customers - 1217 OF S3324 - 03.16  v2 (1).pdf
2016-02-26 13:26 - 2016-02-26 13:26 - 00069137 _____ C:\Users\Cam\Downloads\Buy to Let Mortgage Range_321_OF - S3323 - 03.16 v2.pdf
2016-02-26 13:22 - 2016-02-26 13:22 - 00382012 _____ C:\Users\Cam\Downloads\Mortgage BTL rates - existing customers - 1217 OF S3324 - 03.16  v2.pdf
2016-02-25 16:20 - 2016-02-26 08:13 - 00018295 _____ C:\Users\Cam\Downloads\ServicingHubScenarios 25022016.xlsx
2016-02-25 10:35 - 2016-02-25 10:35 - 00030287 _____ C:\Users\Cam\Downloads\160224 - Draft Spec to Christian (1).xlsx
2016-02-25 07:10 - 2016-02-25 07:10 - 00030287 _____ C:\Users\Cam\Downloads\160224 - Draft Spec to Christian.xlsx
2016-02-24 04:50 - 2016-03-01 22:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WTFast
2016-02-24 04:50 - 2016-02-24 04:50 - 00000534 _____ C:\Users\Public\Desktop\WTFast.lnk
2016-02-24 04:50 - 2016-02-24 04:50 - 00000000 ____D C:\Users\Cam\AppData\Local\AAA_Internet_Publishing,_
2016-02-24 04:50 - 2016-02-01 12:17 - 00027392 _____ (AAA Internet Publishing, Inc.) C:\Windows\system32\Drivers\WtfEngineDrv.sys
2016-02-24 04:48 - 2016-02-24 04:48 - 25862544 _____ (Initex & AAA Internet Publishing ) C:\Users\Cam\Downloads\WTFastSetup.4.0.6.679.exe
2016-02-23 14:22 - 2016-02-23 14:22 - 00126624 _____ C:\Users\Cam\Downloads\41000172 (1).pdf
2016-02-23 14:17 - 2016-02-23 14:17 - 00125896 _____ C:\Users\Cam\Downloads\40001427 (1).pdf
2016-02-23 14:14 - 2016-02-23 14:14 - 00125896 _____ C:\Users\Cam\Downloads\40001427.pdf
2016-02-23 14:13 - 2016-02-23 14:13 - 00043695 _____ C:\Users\Cam\Downloads\40001427 request.txt
2016-02-23 13:59 - 2016-02-23 13:59 - 00126624 _____ C:\Users\Cam\Downloads\41000172.pdf
2016-02-22 09:23 - 2016-02-22 09:23 - 00309961 _____ C:\Users\Cam\Downloads\mark wallace cv-2.pdf
2016-02-22 08:41 - 2016-02-22 08:41 - 00218637 _____ C:\Users\Cam\Downloads\cv a browne.pdf
2016-02-22 08:01 - 2016-02-22 08:01 - 00015742 _____ C:\Users\Cam\Downloads\ServicingHubScenarios19022016.xlsx
2016-02-22 07:43 - 2016-02-22 07:43 - 00001400 _____ C:\Users\Cam\Downloads\Phone call.txt
2016-02-22 00:21 - 2016-02-24 06:06 - 00007610 _____ C:\Users\Cam\AppData\Local\Resmon.ResmonCfg
2016-02-20 09:32 - 2016-02-20 09:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2016-02-18 13:59 - 2016-02-18 14:04 - 02465158 _____ C:\Users\Cam\Downloads\Consumer Portal Mark-up CBCG V2.1 160216.pptx
2016-02-18 10:13 - 2016-02-18 10:13 - 00443593 _____ C:\Users\Cam\Downloads\zeeshan_shabir_software_tester (1).pdf
2016-02-17 15:50 - 2016-02-17 15:50 - 00007574 _____ C:\Users\Cam\Downloads\Astra-Vaughn.pdf
2016-02-17 10:36 - 2016-02-17 10:36 - 00000382 _____ C:\Users\Cam\Desktop\Monitoring Testing 18022016.txt
2016-02-15 14:46 - 2016-02-15 14:46 - 00653455 _____ C:\Users\Cam\Downloads\MT1001350140 - Offer_eabe6dbb-abe0-460c-a323-f76580874f47.pdf
2016-02-12 16:48 - 2016-02-12 16:48 - 00216371 _____ C:\Users\Cam\Downloads\EMCD change.pptx
2016-02-12 14:44 - 2016-02-12 14:44 - 00151600 _____ C:\Users\Cam\Downloads\Email and SMS Metro January 2015 (1).xlsx
2016-02-12 10:52 - 2016-02-12 10:52 - 00015314 _____ C:\Users\Cam\Downloads\Metro Consumer Review 10 02 2016 CB Comments 11.2.16.xlsx
2016-02-12 10:44 - 2016-02-12 10:44 - 02163105 _____ C:\Users\Cam\Downloads\Consumer Portal Mark-up CBCG V2 120216.pptx
2016-02-12 08:18 - 2016-02-12 08:18 - 00000000 ____D C:\Users\Cam\Downloads\Recruitment
2016-02-11 18:45 - 2016-02-11 18:45 - 02123054 _____ C:\Users\Cam\Downloads\JB33100004 (2).pdf
2016-02-11 13:02 - 2016-02-11 13:02 - 00000453 _____ C:\Users\Cam\Downloads\Metro_Properties_08-02-2016.csv
2016-02-11 13:02 - 2016-02-11 13:02 - 00000432 _____ C:\Users\Cam\Downloads\Metro_Contacts_08-02-2016.csv
2016-02-11 13:01 - 2016-02-11 13:01 - 00000796 _____ C:\Users\Cam\Downloads\Metro_Accounts_08-02-2016.csv
2016-02-11 12:33 - 2016-02-11 12:33 - 00023037 _____ C:\Users\Cam\Downloads\Second Cycle Test Status.xlsx
2016-02-11 12:33 - 2016-02-11 12:33 - 00020657 _____ C:\Users\Cam\Downloads\Third Cycle Test Status.xlsx
2016-02-11 12:32 - 2016-02-11 12:32 - 00012194 _____ C:\Users\Cam\Downloads\Fourth Cycle Test Status.xlsx
2016-02-11 11:17 - 2016-02-11 11:17 - 00045180 _____ C:\Users\Cam\Downloads\BTL Advised Factfind Questions for DPR v5.1.xlsx
2016-02-11 10:32 - 2016-02-11 10:32 - 01045435 _____ C:\Users\Cam\Downloads\Bullets-BespokeBRDv1 1Approved.pdf
2016-02-11 09:10 - 2016-02-11 09:10 - 00041882 _____ C:\Users\Cam\Downloads\BTL Product Advice Factfind Questions for DPR v1.3.xlsx
2016-02-11 09:10 - 2016-02-11 09:10 - 00038912 _____ C:\Users\Cam\Downloads\CR36 Fact Find and Suitability Letter v0 1.xls
2016-02-11 09:08 - 2016-02-11 09:08 - 01128448 _____ C:\Users\Cam\Downloads\CR47 Collective WRITING.xls
2016-02-11 08:58 - 2016-02-11 08:58 - 00410107 _____ C:\Users\Cam\Downloads\Store Advice.xlsx
2016-02-11 08:57 - 2016-02-11 08:57 - 00574822 _____ C:\Users\Cam\Downloads\Metro Bank CR47 Collective CRs.xlsx
2016-02-10 14:38 - 2016-02-10 14:38 - 00086974 _____ C:\Users\Cam\Downloads\Post a Job Search CVs Online Recruitment - Monster UK.pdf
2016-02-10 14:33 - 2016-02-10 14:33 - 00000022 _____ C:\Users\Cam\Desktop\Monster.txt
2016-02-10 12:41 - 2016-01-06 19:02 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-02-10 12:41 - 2016-01-06 19:02 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-02-10 12:41 - 2016-01-06 18:41 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-02-10 12:40 - 2016-01-16 19:01 - 02085888 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-02-10 12:40 - 2016-01-16 18:36 - 01413632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-02-10 12:40 - 2016-01-07 17:42 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-02-10 12:40 - 2015-12-20 18:50 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2016-02-10 12:40 - 2015-12-20 18:50 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2016-02-10 12:40 - 2015-12-20 14:08 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2016-02-10 12:39 - 2016-01-22 06:18 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2016-02-10 12:39 - 2016-01-22 06:18 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2016-02-10 12:39 - 2016-01-22 06:17 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-02-10 12:39 - 2016-01-22 06:04 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2016-02-10 12:39 - 2016-01-22 06:04 - 00535040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2016-02-10 12:39 - 2016-01-22 06:02 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-02-10 12:39 - 2016-01-22 06:02 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-02-10 12:38 - 2016-01-22 06:19 - 14179840 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-02-10 12:38 - 2016-01-22 06:15 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-02-10 12:38 - 2016-01-22 06:12 - 01940992 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-02-10 12:38 - 2016-01-22 06:05 - 12877824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-02-10 12:38 - 2016-01-22 06:00 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-02-10 12:38 - 2016-01-22 05:59 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-02-10 12:38 - 2016-01-22 05:19 - 03231232 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-02-10 12:38 - 2016-01-22 05:12 - 02973184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-02-10 07:30 - 2016-02-14 20:46 - 00000000 ____D C:\Users\Cam\AppData\Roaming\PlaysTV
2016-02-10 07:29 - 2016-02-10 07:30 - 00000000 ____D C:\Program Files (x86)\Raptr Inc
2016-02-09 17:12 - 2016-02-09 17:12 - 00130749 _____ C:\Users\Cam\Downloads\Consumer Portal Marked up Offer.pdf
2016-02-09 17:12 - 2016-02-09 17:12 - 00130749 _____ C:\Users\Cam\Downloads\Consumer Portal Marked up Offer (1).pdf
2016-02-09 13:24 - 2016-02-09 13:24 - 04798361 _____ C:\Users\Cam\Downloads\Consumer Portal - mark-up 050116.pptx
2016-02-09 10:52 - 2016-02-09 10:52 - 00034837 _____ C:\Users\Cam\Downloads\Home page graphic Consumer.pptx
2016-02-09 09:57 - 2016-02-09 12:12 - 00003758 _____ C:\Users\Cam\Downloads\Consumer Portal Issues 09022016.txt
2016-02-09 09:37 - 2016-02-09 09:37 - 02142339 _____ C:\Users\Cam\Downloads\Consumer Portal Mark-up CB%26CG 040216.pptx
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-10 20:28 - 2009-07-14 04:45 - 00019984 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-10 20:28 - 2009-07-14 04:45 - 00019984 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-10 20:20 - 2009-07-14 05:13 - 00798694 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-10 20:20 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\inf
2016-03-10 20:14 - 2014-05-19 19:21 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-03-10 20:14 - 2013-08-23 23:55 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-10 20:14 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-10 20:08 - 2014-06-04 06:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-03-10 12:11 - 2016-02-05 21:59 - 00000000 ____D C:\Users\Cam\AppData\Local\Amazon Music
2016-03-10 12:03 - 2016-02-05 21:59 - 00001124 _____ C:\Users\Cam\Desktop\Amazon Music.lnk
2016-03-10 05:49 - 2009-07-14 04:45 - 00456832 _____ C:\Windows\system32\FNTCACHE.DAT
2016-03-09 23:47 - 2013-08-24 00:48 - 00000000 ____D C:\Windows\system32\MRT
2016-03-09 23:43 - 2014-12-11 18:24 - 00000000 ____D C:\Windows\system32\appraiser
2016-03-09 23:43 - 2013-08-24 00:48 - 143659408 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-03-08 17:03 - 2009-07-14 02:34 - 00000466 _____ C:\Windows\win.ini
2016-03-07 06:41 - 2014-05-31 12:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2016-03-03 11:19 - 2015-06-08 06:47 - 00152320 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportHades64.sys
2016-03-03 11:19 - 2014-05-31 12:17 - 00407168 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportKE64.sys
2016-03-01 21:52 - 2009-07-14 05:08 - 00032528 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-02-28 18:42 - 2011-01-11 01:23 - 00000197 _____ C:\Windows\SysWOW64\CleanMem.ini
2016-02-28 01:27 - 2014-12-27 22:24 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-02-28 01:26 - 2013-09-23 22:31 - 00000920 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2328723661-2757072449-2482796673-1001UA.job
2016-02-28 01:26 - 2013-09-23 22:31 - 00000898 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2328723661-2757072449-2482796673-1001Core.job
2016-02-28 01:13 - 2013-09-23 22:31 - 00003904 _____ C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2328723661-2757072449-2482796673-1001UA
2016-02-28 01:13 - 2013-09-23 22:31 - 00003536 _____ C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2328723661-2757072449-2482796673-1001Core
2016-02-27 22:33 - 2014-06-04 06:26 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-02-27 22:32 - 2015-09-25 08:30 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-02-26 16:55 - 2015-04-04 17:34 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-02-26 16:55 - 2015-04-04 17:34 - 00000000 ___SD C:\Windows\system32\GWX
2016-02-26 13:36 - 2013-11-23 21:07 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2016-02-24 06:07 - 2013-10-16 23:39 - 00001945 _____ C:\Windows\epplauncher.mif
2016-02-24 06:07 - 2013-08-23 23:44 - 00002125 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-02-24 06:07 - 2013-08-23 23:44 - 00000000 ____D C:\Program Files\Microsoft Security Client
2016-02-24 06:07 - 2013-08-23 23:44 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2016-02-24 04:50 - 2015-04-11 22:06 - 00000000 ____D C:\ProgramData\Package Cache
2016-02-20 09:32 - 2015-11-15 21:08 - 00000000 ____D C:\Program Files\McAfee Security Scan
2016-02-20 09:32 - 2013-09-15 06:23 - 00001972 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2016-02-19 21:30 - 2013-08-23 23:56 - 00002220 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-19 21:30 - 2013-08-23 23:56 - 00002191 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-18 00:31 - 2013-08-24 00:32 - 00790816 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-02-11 13:01 - 2016-02-03 14:30 - 00004279 _____ C:\Users\Cam\Desktop\Feb test cycle.txt
2016-02-11 04:44 - 2014-05-06 21:41 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-02-11 04:44 - 2009-07-14 07:45 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-10 18:39 - 2015-04-11 22:10 - 00000000 ____D C:\Users\Cam\AppData\Roaming\Raptr
 
==================== Files in the root of some directories =======
 
2015-11-20 14:13 - 2015-11-20 14:13 - 0000816 _____ () C:\Users\Cam\AppData\Local\recently-used.xbel
2016-02-22 00:21 - 2016-02-24 06:06 - 0007610 _____ () C:\Users\Cam\AppData\Local\Resmon.ResmonCfg
 
Some files in TEMP:
====================
C:\Users\Cam\AppData\Local\Temp\driver-updater-setup.exe
C:\Users\Cam\AppData\Local\Temp\playstv_patch.exe
C:\Users\Cam\AppData\Local\Temp\tmpCAED.exe
C:\Users\Cam\AppData\Local\Temp\xmlUpdater.exe
C:\Users\Cam\AppData\Local\Temp\{1A25243D-7AB1-4DAF-97FD-F5B7D83593E2}-45.0.2454.101_45.0.2454.99_chrome_updater.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-03-09 19:49
 
==================== End of FRST.txt ============================
Link to post
Share on other sites

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Cam (2016-03-10 20:31:12)
Running from C:\Users\Cam\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2013-08-23 23:41:29)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2328723661-2757072449-2482796673-500 - Administrator - Disabled)
Cam (S-1-5-21-2328723661-2757072449-2482796673-1001 - Administrator - Enabled) => C:\Users\Cam
Guest (S-1-5-21-2328723661-2757072449-2482796673-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2328723661-2757072449-2482796673-1002 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-2328723661-2757072449-2482796673-1001\...\uTorrent) (Version: 3.4.5.41162 - BitTorrent Inc.)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.14) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.14 - Adobe Systems Incorporated)
Age of Empires III: Complete Collection (HKLM-x32\...\GFWL_{4541091F-1F3D-4BA3-A5A3-F71000000100}) (Version: 1.0.0000.1 - Microsoft Game Studios)
Age of Empires III: Complete Collection (x32 Version: 1.0.0000.1 - Microsoft Game Studios) Hidden
AION Free-to-Play (HKLM-x32\...\{82E73E8D-E1E7-45A4-A311-6D31492AA913}_is1) (Version:  - Gameforge)
Amazon Music (HKU\S-1-5-21-2328723661-2757072449-2482796673-1001\...\Amazon Amazon Music) (Version: 4.2.0.1281 - Amazon Services LLC)
AMD Catalyst Install Manager (HKLM\...\{7E5DC2C5-115A-322B-976C-219237FAED66}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Archeage Beta (HKLM-x32\...\Glyph Archeage Beta) (Version:  - Trion Worlds, Inc.)
AVS Video Editor 6.5 (HKLM-x32\...\AVS Video Editor_is1) (Version: 6.5.1.246 - Online Media Technologies Ltd.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Blade & Soul (HKLM-x32\...\InstallShield_{C3F383C1-D050-4A40-843F-8171A6A02C3A}) (Version: 1.0.63.237 - NC Interactive, LLC)
Blade & Soul (x32 Version: 1.0.63.237 - NC Interactive, LLC) Hidden
Blade and Soul (HKLM-x32\...\{CEF766E5-6E15-441F-B14A-C44CB168DBE7}) (Version: 1.0.0 - PlayBns.com)
Cisco Systems VPN Client 5.0.07.0440 (HKLM\...\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}) (Version: 5.0.7 - Cisco Systems, Inc.)
Cisco WebEx Meetings (HKU\S-1-5-21-2328723661-2757072449-2482796673-1001\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
CleanMem (HKLM-x32\...\CleanMem) (Version: v2.5.0 - PcWinTech.com)
Common Desktop Agent (Version: 1.53.0 - OEM) Hidden
Defiance (HKLM-x32\...\Glyph Defiance) (Version:  - Trion Worlds, Inc.)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Facebook Video Calling 1.2.0.287 (HKLM-x32\...\{B92C5909-1D37-4C51-8397-A28BB28E5DC3}) (Version: 1.2.287 - Skype Limited)
FINAL FANTASY XIV - A Realm Reborn (HKLM-x32\...\{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Gameforge Live 2.0.8 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.8 - Gameforge)
Glyph (HKLM-x32\...\Glyph) (Version:  - Trion Worlds, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
HOTSLogsUploader (HKU\S-1-5-21-2328723661-2757072449-2482796673-1001\...\99a83d131490dc73) (Version: 1.0.0.11 - HOTSLogsUploader)
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Java SE Development Kit 7 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170450}) (Version: 1.7.0.450 - Oracle)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Logitech Gaming Software 8.50 (HKLM\...\Logitech Gaming Software) (Version: 8.50.281 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.292.3 - McAfee, Inc.)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.6568.2025 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2328723661-2757072449-2482796673-1001\...\OneDriveSetup.exe) (Version: 17.0.4023.1211 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visio Professional 2013 (HKLM-x32\...\Office15.VISPROR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version:  - NCSOFT)
NetBeans IDE 7.4 (HKLM\...\nbi-nb-base-7.4.0.0.201310111528) (Version: 7.4 - NetBeans.org)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.8 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6528.1011 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6528.1011 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6528.1011 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.3.11.2762 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 1.0.0.29055 - Grinding Gear Games)
Pingzapper version 2.0.1 (HKLM-x32\...\{7FD61982-5436-439B-B5D0-36F0536FF8BF}_is1) (Version: 2.0.1 - Pingzapper)
PokerStars (HKLM-x32\...\PokerStars) (Version:  - PokerStars)
Python 2.7.11 (HKLM-x32\...\{16E52445-1392-469F-9ADB-FC03AF00CD61}) (Version: 2.7.11150 - Python Software Foundation)
Rapport (x32 Version: 3.5.1507.113 - Trusteer) Hidden
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.02.06.07 - Samsung Electronics Co., Ltd.)
Samsung ML-2160 Series (HKLM-x32\...\Samsung ML-2160 Series) (Version: 1.08 (24/08/2012) - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
StarCraft II - Legacy of the Void Beta (HKLM-x32\...\StarCraft II - Legacy of the Void Beta) (Version:  - Blizzard Entertainment)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Sublime Text 2.0.2 (HKLM\...\Sublime Text 2_is1) (Version:  - )
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.11 - TeamSpeak Systems GmbH)
TERA (HKLM-x32\...\{A2F166A0-F031-4E27-A057-C69733219434}_is1) (Version: 28 - Gameforge Productions GmbH)
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 1.0.0.0 - Zenimax Online Studios)
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1507.113 - Trusteer)
Update for Skype for Business 2015 (KB3114831) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.VISPROR_{BAEE7A38-3C9E-44DC-9E43-19FC94DD77E2}) (Version:  - Microsoft)
WildStar (HKLM-x32\...\WildStar) (Version:  - NCSOFT)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
WTFast 4.0 (HKLM-x32\...\{12B4121D-5221-4AFC-9EDC-63B0CA139856}_is1) (Version: 4.0.7.692 - Initex & AAA Internet Publishing)
XSplit Broadcaster (HKLM-x32\...\{6F937E75-B6D6-4C2C-B864-90AA91EFF8B2}) (Version: 1.3.1403.1202 - SplitmediaLabs)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0283162A-E867-49CE-BB8F-203B838346DB} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-02-04] (Microsoft Corporation)
Task: {0789BACF-946A-4B59-97C7-307DE1716D18} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {1188DD89-5561-4A6B-B1CB-FC4C0A21112D} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {224DF208-6076-454C-B2FD-E08CEB077D6F} - System32\Tasks\Clean System Memory => C:\Windows\syswow64\CleanMem.exe [2014-08-20] (PcWinTech.com)
Task: {2FC43B22-1968-4A0E-8E64-7DA11BEA1040} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {46EC8E3F-1296-448C-833C-C8A3EDCD0ED3} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-02-27] (Microsoft Corporation)
Task: {73773E0D-3943-4CC8-AD71-657D0EFC3ECE} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2328723661-2757072449-2482796673-1001UA => C:\Users\Cam\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {7463303D-5F99-4FB5-B195-E3FB724F80CC} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-02-04] (Microsoft Corporation)
Task: {93826E1A-4BD0-4A45-8BBA-9BD6D1359D6B} - System32\Tasks\{348F76F9-D165-4E1F-B831-2B4C70E6B8B2} => pcalua.exe -a "C:\Users\Cam\Downloads\vpnclient-win-msi-5.0.07.0410-k9 - Copy.exe" -d C:\Users\Cam\Downloads
Task: {A6E675AA-832B-4245-AE90-1D322955D16C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {ADF89DDB-D041-44EA-A6D4-7D14B95405E9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-21] (Microsoft Corporation)
Task: {E6313315-D8D0-4B3E-944F-2B9D7FF5E93D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-21] (Microsoft Corporation)
Task: {F90D584E-90EA-4FD9-B297-FD8301899AD7} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2328723661-2757072449-2482796673-1001Core => C:\Users\Cam\AppData\Local\Facebook\Update\FacebookUpdate.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2328723661-2757072449-2482796673-1001Core.job => C:\Users\Cam\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2328723661-2757072449-2482796673-1001UA.job => C:\Users\Cam\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2013-06-28 12:12 - 2013-06-28 11:12 - 00034304 _____ () C:\Windows\System32\ssj1mlm.dll
2015-09-25 08:30 - 2016-02-04 05:51 - 00173256 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2014-10-24 18:16 - 2012-06-11 10:57 - 00679424 ___SH () C:\Program Files (x86)\Pingzapper\PZService.exe
2015-09-15 13:58 - 2015-09-15 13:58 - 08901184 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2010-12-17 17:13 - 2010-12-17 17:13 - 00438784 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
2010-12-17 17:13 - 2010-12-17 17:13 - 00050688 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
2016-02-05 21:59 - 2016-03-04 21:34 - 05907944 _____ () C:\Users\Cam\AppData\Local\Amazon Music\Amazon Music Helper.exe
2011-03-04 12:49 - 2011-03-04 12:49 - 00202752 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll
2015-07-21 16:02 - 2015-07-21 16:02 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2014-01-03 19:03 - 2014-01-03 19:03 - 07816192 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\avcodec-54.dll
2014-01-03 19:03 - 2014-01-03 19:03 - 00188416 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\avutil-52.dll
2014-01-03 19:03 - 2014-01-03 19:03 - 01425920 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\avformat-54.dll
2014-01-03 19:03 - 2014-01-03 19:03 - 00336896 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\swscale-2.dll
2014-01-03 19:03 - 2014-01-03 19:03 - 00096256 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\swresample-0.dll
2016-02-19 21:30 - 2016-02-18 04:14 - 01630360 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\libglesv2.dll
2016-02-19 21:30 - 2016-02-18 04:14 - 00085656 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 02:34 - 2016-02-20 09:32 - 00000862 ____A C:\Windows\system32\Drivers\etc\hosts
 
0.0.0.1 mssplus.mcafee.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2328723661-2757072449-2482796673-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Cam\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{E4505D9F-B512-476A-8CCC-88F08EED8976}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{B38E00EA-08DA-4412-B348-C9869040BA67}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{CB9AF444-0631-4DA3-AAB2-94D2CBD6D157}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe
FirewallRules: [{A138EAA8-3F75-4D4D-8B8A-7CF1F785DF59}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe
FirewallRules: [{0E6B759C-4D0A-4801-A405-E367449DF077}] => (Allow) C:\Users\Cam\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [TCP Query User{C8F70BB7-4200-4174-BE3D-E5AEE469F84E}C:\program files\java\jdk1.7.0_45\bin\javaw.exe] => (Allow) C:\program files\java\jdk1.7.0_45\bin\javaw.exe
FirewallRules: [uDP Query User{AAECB9FE-96FD-4D09-80C3-B8B05366CEF1}C:\program files\java\jdk1.7.0_45\bin\javaw.exe] => (Allow) C:\program files\java\jdk1.7.0_45\bin\javaw.exe
FirewallRules: [{2E4E128D-B558-48DE-8B8A-E7EC650E5113}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{28533AC7-ED6E-4CDC-A5BA-0A1F4AB26A1B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{85B2CB1D-CEFD-4B75-8FE0-ADC485156F6A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{1D4A10F1-69CB-4B28-A944-BDDA0BF086E7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{B0B4962B-A4E7-4082-B1F9-3F0C6D5293AD}] => (Allow) D:\Program Files (x86)\Microsoft Games\Age of Empires III\age3.exe
FirewallRules: [{EC6FB6AF-8337-4AC5-9A6C-FD9F16295394}] => (Allow) D:\Program Files (x86)\Microsoft Games\Age of Empires III\age3.exe
FirewallRules: [{8C4388CF-7F76-492D-BCF7-D43CC1D63486}] => (Allow) D:\Program Files (x86)\Microsoft Games\Age of Empires III\age3x.exe
FirewallRules: [{3908F9CF-A4E2-4508-A198-7C9DC57E0C6E}] => (Allow) D:\Program Files (x86)\Microsoft Games\Age of Empires III\age3x.exe
FirewallRules: [{28D68B2A-A326-4CA8-8E4B-0E7790E9DAC3}] => (Allow) D:\Program Files (x86)\Microsoft Games\Age of Empires III\age3y.exe
FirewallRules: [{3B3C20FA-7934-465D-9979-F52288EFAAFD}] => (Allow) D:\Program Files (x86)\Microsoft Games\Age of Empires III\age3y.exe
FirewallRules: [{6B77ED28-BC49-4E3E-804B-12C0A734BC77}] => (Allow) D:\Program Files (x86)\Microsoft Games\Age of Empires III\autopatcher.exe
FirewallRules: [{6E8E2F3F-F8CE-4403-8F78-A3CEEC1E8372}] => (Allow) D:\Program Files (x86)\Microsoft Games\Age of Empires III\autopatcher.exe
FirewallRules: [{C41E460E-F3DA-467D-A1CD-62E14612EBC9}] => (Allow) D:\Program Files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe
FirewallRules: [{4B0AD7A8-EB19-4204-974E-5EABDCC85E94}] => (Allow) D:\Program Files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe
FirewallRules: [{9AED55A1-EB7A-4D44-A263-97FADE157245}] => (Allow) D:\Program Files (x86)\Microsoft Games\Age of Empires III\autopatcherx.exe
FirewallRules: [{19BAAD81-D171-4B1A-9315-4864DA1FFE59}] => (Allow) D:\Program Files (x86)\Microsoft Games\Age of Empires III\autopatcherx.exe
FirewallRules: [{741709F1-20A9-4107-80E3-D4574490FADA}] => (Allow) D:\Program Files (x86)\Microsoft Games\Age of Empires III\autopatchery.exe
FirewallRules: [{02E4CCA5-1398-4AC5-A7F2-403157800202}] => (Allow) D:\Program Files (x86)\Microsoft Games\Age of Empires III\autopatchery.exe
FirewallRules: [{9791F3E5-236A-41D1-A046-598729922BB5}] => (Allow) D:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{32B61D83-76E6-4B63-A172-7FFB88AC6CCB}] => (Allow) D:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{F46EC5CC-7EF4-4BB0-95EF-5F2D73218C7C}] => (Allow) D:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [{1FFE4879-02F4-4A85-9999-9F810760207B}] => (Allow) D:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [TCP Query User{319E2DAC-48D3-4FB9-86ED-4682C758E274}D:\program files (x86)\starcraft ii\versions\base26490\sc2.exe] => (Allow) D:\program files (x86)\starcraft ii\versions\base26490\sc2.exe
FirewallRules: [uDP Query User{D9AEA660-8F15-4B1A-AC92-E8FB6A6D18CD}D:\program files (x86)\starcraft ii\versions\base26490\sc2.exe] => (Allow) D:\program files (x86)\starcraft ii\versions\base26490\sc2.exe
FirewallRules: [{40F53FEE-5379-4F49-ACA7-D65AACC73260}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2581\Agent.exe
FirewallRules: [{D1C48A25-7F0C-42A8-AC02-8F15731AF493}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2581\Agent.exe
FirewallRules: [{77DF0A4D-4872-4BAA-B5D6-D913D40DA598}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{01EC0B65-AFB0-48BC-BE16-900BB9DC2B63}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{95FFCD3C-B10B-4C64-930C-E17B0DCA0408}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{4D5DB72B-638E-48CB-837A-63CD6003AA38}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{F022E892-95C6-4A63-B141-3714D5A0B5A6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2638\Agent.exe
FirewallRules: [{BFF51645-C9D3-4323-845B-029A6730FBC5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2638\Agent.exe
FirewallRules: [{7F1E8739-3C60-4FCB-B294-96E88E10E4B9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2680\Agent.exe
FirewallRules: [{A7115822-319B-437D-AF62-B7B417C6E2E1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2680\Agent.exe
FirewallRules: [{491E821E-0110-4259-89D2-D5B53B517527}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe
FirewallRules: [{92641159-4910-466A-8EE7-4942068B4525}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe
FirewallRules: [{0A35D56F-494A-4414-B938-BE51CE4A5023}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe
FirewallRules: [{09120A59-8E47-436B-A84C-D2DDB1E4CBCC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe
FirewallRules: [TCP Query User{BE9AEF8C-E705-4325-9297-71CAFA8E2A2D}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [uDP Query User{D100020F-9AA1-4C2B-A501-47443C197157}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{7D6CA953-1A7F-40B2-B7F6-2B7B6656D66E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{C4167E7E-B3E0-4924-A059-D67BEE63239C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{4A37575F-4CD3-496C-B4E5-EE33A6BF4A0A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{B8A275D4-0FFF-4B2B-AB97-B461F5C645E2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{6FCEE56B-40CA-411D-A5A6-17078978A35D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [{05D2FDDA-77A0-45F5-8962-13D825852553}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [{53FF819A-0F38-400C-AA0F-96A25A0CC1E2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{32E3DBC2-3017-4F86-A8E8-CCECC6579C05}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{41338959-6726-46FC-8C88-B77EA3A23023}] => (Allow) D:\Program Files (x86)\Glyph\GlyphClient.exe
FirewallRules: [{4BAFBE37-7982-406A-8C23-D5D659E9DE6A}] => (Allow) D:\Glyph\Games\ArcheAge\Alpha\bin32\archeage.exe
FirewallRules: [{99ABA3AD-7EED-40F4-8966-333F2B42990E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{BC912DC7-00CD-463F-BCD4-258067B04EB4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [TCP Query User{34E89CC0-EBD5-480D-9579-312F50DF5AF0}D:\program files (x86)\starcraft ii\versions\base28667\sc2.exe] => (Block) D:\program files (x86)\starcraft ii\versions\base28667\sc2.exe
FirewallRules: [uDP Query User{56694036-1B1F-45FE-AAB7-E027A995FA5A}D:\program files (x86)\starcraft ii\versions\base28667\sc2.exe] => (Block) D:\program files (x86)\starcraft ii\versions\base28667\sc2.exe
FirewallRules: [{4DDF8D2A-3E37-4FDB-824A-752DDBEB764C}] => (Allow) C:\Users\Cam\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{E4492219-C729-43ED-93A7-CC3AFDCF09CA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{9BFC3D04-286E-458A-8E49-55EB911C4DBD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{8CB5FC2D-CD0D-4BE9-8AEB-1BD8137952B9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe
FirewallRules: [{87ECDD76-2B94-4E48-B00E-D7DD35D14791}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe
FirewallRules: [{34723ABB-955D-4E52-BF62-ABF9BA7394F8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [{3F7B5D2A-41C0-4F59-A1CD-1609268F3D4D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [{9BDEE801-8D62-4F2C-8886-6EB45BAF777E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{0B120819-C3EB-4F2D-8EE3-3B384D287B9A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [TCP Query User{CA565D27-A757-4A1E-9050-99D7C9E1ED3B}D:\heroes of the storm\versions\base32524\heroesofthestorm.exe] => (Allow) D:\heroes of the storm\versions\base32524\heroesofthestorm.exe
FirewallRules: [uDP Query User{40395E18-1C69-4205-B793-2348D91CE7F5}D:\heroes of the storm\versions\base32524\heroesofthestorm.exe] => (Allow) D:\heroes of the storm\versions\base32524\heroesofthestorm.exe
FirewallRules: [TCP Query User{453E58BF-C268-4952-B160-5BA40327D41B}D:\heroes of the storm\versions\base33182\heroesofthestorm.exe] => (Allow) D:\heroes of the storm\versions\base33182\heroesofthestorm.exe
FirewallRules: [uDP Query User{2D8F7252-2C2D-48E9-984E-39DC3E6F8AD4}D:\heroes of the storm\versions\base33182\heroesofthestorm.exe] => (Allow) D:\heroes of the storm\versions\base33182\heroesofthestorm.exe
FirewallRules: [TCP Query User{BA88EAEF-3415-4992-9386-EB3847B1FD2B}D:\heroes of the storm\versions\base33182\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base33182\heroesofthestorm_x64.exe
FirewallRules: [uDP Query User{0A3CBBB9-0EA6-41FB-9086-837A73D16307}D:\heroes of the storm\versions\base33182\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base33182\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{6A4A2FAB-3C4A-41EB-A6FB-FCC52DF4B226}D:\heroes of the storm\versions\base33353\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base33353\heroesofthestorm_x64.exe
FirewallRules: [uDP Query User{78626983-A31E-4552-B1F0-182C3C9370DE}D:\heroes of the storm\versions\base33353\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base33353\heroesofthestorm_x64.exe
FirewallRules: [{7B2D3B87-BB57-43F0-B348-628DD0C3EF69}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe
FirewallRules: [{0A92EDBF-ADB3-4965-AA21-7A6976346780}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe
FirewallRules: [{3A5BD527-3716-4897-B3A2-C181D4A4C2E0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{9AF1E0F0-B98E-403E-B91C-AF8106F7D3E0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [TCP Query User{6D5A24DB-AC2E-453F-907D-76C834A9B625}D:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => (Allow) D:\program files (x86)\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [uDP Query User{1EDDE0A4-21F8-4665-9D42-739771520482}D:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => (Allow) D:\program files (x86)\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [{97FA1F90-ED25-4F05-8F18-6DB328BC471D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3668\Agent.exe
FirewallRules: [{8392FDA2-BA92-4636-80F3-7900D2C2C2C9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3668\Agent.exe
FirewallRules: [{239CAE05-DFCC-4330-AA5F-358180C4DBB6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
FirewallRules: [{95AAC013-8417-4F77-822A-1AD222BB1B85}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
FirewallRules: [{BD555BFD-3386-4774-8E9B-1DCAA0B89F27}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{42BE78E2-FB79-44E6-8FA9-E02D9AFB6B65}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [TCP Query User{7C2950A2-AAB3-4E06-91C5-901107C35C04}D:\heroes of the storm\versions\base33684\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base33684\heroesofthestorm_x64.exe
FirewallRules: [uDP Query User{931B01D6-D89E-4276-AE2E-87E3227C9086}D:\heroes of the storm\versions\base33684\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base33684\heroesofthestorm_x64.exe
FirewallRules: [{28641155-C3C5-48E3-9D44-FD75E082C729}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [{485ADBD6-9EE4-41C0-B2D4-F39B880DE4D6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [{7D1D9226-1ADE-46C6-81C9-20EF358BA24A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [{1C013DFE-A6B1-4B87-AACE-1BBDA171A0D4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [TCP Query User{DA607C91-9BBF-443F-AC3F-CA66DF63040C}D:\heroes of the storm\versions\base34053\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base34053\heroesofthestorm_x64.exe
FirewallRules: [uDP Query User{713E3459-5AD2-4B59-9C1F-4B9679AEA4F3}D:\heroes of the storm\versions\base34053\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base34053\heroesofthestorm_x64.exe
FirewallRules: [{5FC63424-DC7B-45AC-B0D7-B53E5D13EE1D}] => (Allow) D:\Diablo III\Diablo III.exe
FirewallRules: [{BEC38471-5772-4D64-8BC7-19508CC9FE29}] => (Allow) D:\Diablo III\Diablo III.exe
FirewallRules: [TCP Query User{A8FFAFA3-82DB-4633-A1E6-037D7EE0DFFD}D:\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe
FirewallRules: [uDP Query User{BF1C3EF6-0755-45DB-9BEB-8439262649A2}D:\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{5B2D834A-E92A-48D7-9CDC-0DAB4C19C712}D:\gameforgelive\games\gbr_eng\tera\tera-launcher.exe] => (Allow) D:\gameforgelive\games\gbr_eng\tera\tera-launcher.exe
FirewallRules: [uDP Query User{5CE4AC9F-9A85-479E-A6CF-CF81B38DA10C}D:\gameforgelive\games\gbr_eng\tera\tera-launcher.exe] => (Allow) D:\gameforgelive\games\gbr_eng\tera\tera-launcher.exe
FirewallRules: [TCP Query User{BF1A63C1-0013-4DB5-88D9-89430638B804}D:\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe
FirewallRules: [uDP Query User{4BD85208-FCAA-4755-AEDF-05F15928F198}D:\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe
FirewallRules: [{29A6360E-55FC-4E47-8A0C-A5EECFFC92F2}] => (Allow) D:\riot games\lol.launcher.exe
FirewallRules: [{C2BE3476-43AB-4E43-9053-D4CF626FA5A2}] => (Allow) D:\riot games\lol.launcher.exe
FirewallRules: [{53DEFACD-979B-4D94-8545-13A761FDFA61}] => (Allow) D:\riot games\lol.launcher.exe
FirewallRules: [{F16EA60C-A4B5-4F29-AA87-B47C88886189}] => (Allow) D:\riot games\lol.launcher.exe
FirewallRules: [TCP Query User{BD50DDCD-02BE-4DC8-BD6C-5B9B25EB77A0}D:\heroes of the storm\versions\base35360\heroesofthestorm_x64.exe] => (Block) D:\heroes of the storm\versions\base35360\heroesofthestorm_x64.exe
FirewallRules: [uDP Query User{E4B07BCA-0E0F-4FAE-A22B-1C197323B843}D:\heroes of the storm\versions\base35360\heroesofthestorm_x64.exe] => (Block) D:\heroes of the storm\versions\base35360\heroesofthestorm_x64.exe
FirewallRules: [{6D7BC7EE-0AD8-4BA9-9E22-4BDCC6BF4FAD}] => (Allow) D:\Hearthstone\Hearthstone.exe
FirewallRules: [{7E795D8E-6577-4072-BDEA-5FE3AB442AD2}] => (Allow) D:\Hearthstone\Hearthstone.exe
FirewallRules: [TCP Query User{30840A95-B3EB-498A-9052-AF10335DB67A}D:\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe
FirewallRules: [uDP Query User{1563D725-9965-48A6-9015-5B4F8E3EFC6D}D:\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe
FirewallRules: [{3A35A793-CAD8-42F0-8AD9-5CAC2E56028E}] => (Allow) D:\GameforgeLive\gfl_client.exe
FirewallRules: [TCP Query User{BB0E010E-B3F2-4F9B-858A-3B445CC55867}D:\starcraft ii - legacy of the void beta\versions\base35543\sc2_x64.exe] => (Allow) D:\starcraft ii - legacy of the void beta\versions\base35543\sc2_x64.exe
FirewallRules: [uDP Query User{569291FB-3D0E-4EED-A584-1E829D574F54}D:\starcraft ii - legacy of the void beta\versions\base35543\sc2_x64.exe] => (Allow) D:\starcraft ii - legacy of the void beta\versions\base35543\sc2_x64.exe
FirewallRules: [{7A818534-CFE3-4321-BC38-F02EDD251E90}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{4486C002-D8B8-4325-BDDE-65D5E5CDAB22}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{DFCD6136-E571-4BDA-A750-9CCD94FAF264}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{C61BA8D6-CA35-4400-9148-9AFFB920481D}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{15E1C295-2DBC-4524-97BE-1F7E688344F1}D:\steam\steamapps\common\rocketleague\binaries\win32\rocketleague.exe] => (Block) D:\steam\steamapps\common\rocketleague\binaries\win32\rocketleague.exe
FirewallRules: [uDP Query User{6078D932-2D78-40F4-BD0B-AD2051B191F5}D:\steam\steamapps\common\rocketleague\binaries\win32\rocketleague.exe] => (Block) D:\steam\steamapps\common\rocketleague\binaries\win32\rocketleague.exe
FirewallRules: [{31019334-A8AF-4F3A-8064-D06447BEFA60}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{99F93778-A137-4C7F-8F7E-AB9E507DA208}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{E5B2F8FC-0A00-4537-8BA8-6B4222EA6FE0}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{9499A49F-4A67-4ECE-AAC4-3E4E703DAEC5}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{924F1AE5-3195-4464-983C-EC841487CBD6}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{D337FA04-9D0B-43AB-BF5D-ECF0141B59BB}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{8787B0B2-1ED2-4EAD-825D-B3FF944CEBF7}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{9ED425D9-3C86-4BED-81EB-B54A872A5D7B}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{2E240657-BCAB-4E89-AD88-4268E914710B}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{E6C8BEB4-BD3C-475E-964C-939EE1ABF3D0}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{2EF76339-08DB-4AB5-8542-789AE6600EB9}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{F74EE07C-E148-46CC-8606-F37E8D1CD8D0}] => (Allow) C:\Users\Cam\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{436BE9D5-D8F3-4CE3-B8AE-BFDFC57167E0}] => (Allow) C:\Users\Cam\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3CEC188A-D119-4632-B4B7-0879CBDB0CAB}] => (Allow) C:\Users\Cam\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E39A86F8-041D-4F0C-B772-D024B31046F3}] => (Allow) C:\Users\Cam\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{732D77C8-DDF6-4EFF-8362-296781EBBDF9}] => (Allow) C:\Users\Cam\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{22541EAF-65FA-4058-A8A4-52DBB900D222}] => (Allow) C:\Users\Cam\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{676EA3F7-70F6-47EE-BA6C-CB0FA00481F7}] => (Allow) D:\Blade and Soul\bin\Client.exe
FirewallRules: [{3CE42FEE-6E1A-4257-83E3-C0BD39ED477E}] => (Allow) D:\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{C190EFCC-2375-42FF-A5EF-6C0E92176703}] => (Allow) D:\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{59F0038C-8D22-4BB9-844F-E5831810656D}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{3EA65AE6-17D2-487D-B414-2546ED606E9D}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{62539499-9EEE-4D42-B21D-CD2284ABC9EE}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{97D0B5BC-39D5-4B90-95A9-092E93CA57EE}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{DC0E9E9C-1A9D-48F0-9D3A-D8C8B2B89FB6}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{FA706ABD-FD79-403D-B057-7897B86721E9}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{29C3F244-2B25-4121-B924-2345E877F658}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{0DE39490-6475-402C-A0A7-BF8E2DF7648F}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{84F612BF-F731-44BE-A0F3-71D7A7B24D52}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{1A4C9227-2926-4E4B-AA79-3BDBBBDD18BF}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{4E774270-F06A-462E-9CE6-5D4767858866}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{0007C9A7-C792-46DF-98E5-586532491349}] => (Allow) D:\WTFast\WTFast.exe
FirewallRules: [{B44BFF5A-D172-497E-8125-3216A9929F6B}] => (Allow) D:\WTFast\WTFast.exe
 
==================== Restore Points =========================
 
10-03-2016 20:02:59 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/10/2016 09:22:31 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220
 
Error: (03/09/2016 06:00:12 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220
 
Error: (03/08/2016 09:22:31 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220
 
Error: (03/07/2016 02:18:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program EXCEL.EXE version 16.0.6568.2025 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1d54
 
Start Time: 01d1787662a77ea0
 
Termination Time: 0
 
Application Path: C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE
 
Report Id: 762e4544-e46f-11e5-a319-20cf303e5b15
 
Error: (03/07/2016 09:22:30 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220
 
Error: (03/06/2016 09:22:31 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220
 
Error: (03/05/2016 09:22:31 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220
 
Error: (03/04/2016 09:22:30 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220
 
Error: (03/03/2016 09:22:32 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220
 
Error: (03/03/2016 08:37:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18205, time stamp: 0x56a1b6f6
Faulting module name: atiumdva.dll, version: 8.14.10.513, time stamp: 0x55c01d96
Exception code: 0xc0000005
Fault offset: 0x0000ddc2
Faulting process id: 0x17b8
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
 
 
System errors:
=============
Error: (03/10/2016 07:42:32 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (03/09/2016 11:54:47 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (03/09/2016 06:04:21 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (03/08/2016 09:53:35 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (03/07/2016 04:35:53 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (03/05/2016 10:41:55 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (03/03/2016 09:38:23 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
 
Error: (03/03/2016 09:38:23 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
 
Error: (03/03/2016 09:38:23 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
 
Error: (03/03/2016 09:26:21 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core i7 CPU 880 @ 3.07GHz
Percentage of memory in use: 32%
Total physical RAM: 8190.05 MB
Available physical RAM: 5516.95 MB
Total Virtual: 16378.31 MB
Available Virtual: 13329.5 MB
 
==================== Drives ================================
 
Drive c: (SSD Disk) (Fixed) (Total:55.8 GB) (Free:2.58 GB) NTFS
Drive d: (Large Disk) (Fixed) (Total:931.51 GB) (Free:396.49 GB) NTFS
Drive e: (SAMSUNG_LBP) (CDROM) (Total:0.23 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 49193767)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 55.9 GB) (Disk ID: 1F58BB55)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=55.8 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
Link to post
Share on other sites

Hi guys,

 

I found a Trojan.Agent.Trace and I'm not sure if it's gone completely. I've attached the files for ease as I feel my other post was too long.

 

MB1 = original log where it is found

MB2 = after it was removed from Malware bytes

FRST and Addition scan also attached.

 

If someone could please look at this for me, I would be grateful.

 

 

MB2.txt

MB1.txt

Addition.txt

FRST.txt

Link to post
Share on other sites

  • Root Admin

Hello and :welcome:

Please read the following and post back the logs when ready and we'll see about getting you cleaned up.

General P2P/Piracy Warning:
 
 

 
If you're using
Peer 2 Peer
software such as
uTorrent, BitTorrent
or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have
illegal/cracked software, cracks, keygens etc
. on the system, please remove or uninstall them now and read the policy on
Piracy
.



 
Before we proceed further, please read all of the following instructions carefully.
If there is anything that you do not understand kindly ask before proceeding.
If needed please print out these instructions.
  • Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
  • If the log is too large then you can use attachments by clicking on the More Reply Options button.
  • Please enable your system to show hidden files: How to see hidden files in Windows
  • Make sure you're subscribed to this topic:
    • Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

    [*]Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive [*]Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you. [*]The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone. [*]Perform everything in the correct order. Sometimes one step requires the previous one. [*]If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue. [*]You can check here if you're not sure if your computer is 32-bit or 64-bit [*]Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners. [*]When we are done, I'll give you instructions on how to cleanup all the tools and logs [*]Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. [*]Your topic will be closed if you haven't replied within 3 days [*](If I have not responded within 24 hours, please send me a Private Message as a reminder)


 
STEP 0
RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes
so that your normal security software can then run and clean your computer of infections.
When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies
that stop us from using certain tools. When finished it will display a log file that shows the processes that were
terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot
your computer as any malware processes that are configured to start automatically will just be started again.
Instead, after running RKill you should immediately scan your computer using the requested scans I've included.

Please download Rkill by Grinler from one of the links below and save it to your desktop.
 


Link 2

  • On Windows XP double-click on the Rkill desktop icon to run the tool.
  • On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.

STEP 01
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.
  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.

    [*]Make sure that at least the first two check boxes are selected. [*]Click on OK [*]Then click on YES to create the folder. [*]Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe


STEP 02
Please run a Threat Scan with MBAM.  If you're unable to run or complete the scan as shown below please see the following:  MBAM Clean Removal Process 2x
When reinstalling the program please try the latest version.

Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.
 
 
 

Link to post
Share on other sites

Hi and thanks,

 

All of the above complete, Threat Scan details below and I've also attached the RKill txt file.

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 13/03/2016
Scan Time: 20:09
Logfile: 
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2016.03.13.04
Rootkit Database: v2016.03.12.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Cam
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 362500
Time Elapsed: 13 min, 31 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

Rkill.txt

Link to post
Share on other sites

  • Root Admin

Please go ahead and run through the following steps and post back the logs when ready.
 
STEP 04
Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus


STEP 05
Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.


STEP 06
Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. Remove any threats found
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.


STEP 07
button_eos.gif

Please go here to run the online antivirus scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology


    [*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.


STEP 08
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

Link to post
Share on other sites

Step04 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.3 (02.09.2016)
Operating System: Windows 7 Home Premium x64 
Ran by Cam (Administrator) on 14/03/2016 at  8:48:20.09
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 26 
 
Successfully deleted: C:\ProgramData\tweakbit (Folder) 
Successfully deleted: C:\Program Files (x86)\tweakbit (Folder) 
Successfully deleted: C:\Users\Cam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Cam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3MLMY7P8 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Cam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Cam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\645OL0X4 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Cam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\69PGOMTV (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Cam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ZY0H651 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Cam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Cam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KIJZ3R6K (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Cam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Cam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NA0013QB (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Cam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R2ZXDNJ7 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Cam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U6LWKYV7 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3MLMY7P8 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\645OL0X4 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\69PGOMTV (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ZY0H651 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KIJZ3R6K (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NA0013QB (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R2ZXDNJ7 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U6LWKYV7 (Temporary Internet Files Folder) 
 
 
 
Registry: 1 
 
Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\EpicScale (Registry Value) 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14/03/2016 at  8:50:41.32
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Link to post
Share on other sites

Step05

 

AdwClean pre-clean  

 

# AdwCleaner v5.102 - Logfile created 14/03/2016 at 08:54:49
# Updated 13/03/2016 by Xplode
# Database : 2016-03-13.2 [server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Cam - CAM-PC
# Running from : C:\Users\Cam\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
Folder Found : C:\Users\Cam\AppData\Local\Steam\htmlcache
Folder Found : C:\Users\Cam\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd
Folder Found : C:\Users\Cam\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcpmofnlkemfkhgngcdppgbhncoflmpe
Folder Found : C:\Users\Cam\AppData\Roaming\RPEng
 
***** [ Files ] *****
 
 
***** [ DLL ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
 
***** [ Web browsers ] *****
 
[C:\Users\Cam\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : bopakagnckmlgajfccecajhnimjiiedh
[C:\Users\Cam\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : fcfenmboojpjinhpgggodefccipikbpd
[C:\Users\Cam\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : mcpmofnlkemfkhgngcdppgbhncoflmpe
 
*************************
 
C:\Program Files (x86)\AdwCleaner\AdwCleaner[s1].txt - [1442 bytes] - [14/03/2016 08:54:49]
 
########## EOF - C:\Program Files (x86)\AdwCleaner\AdwCleaner[s1].txt - [1535 bytes] ##########
 
 
AdwClean post clean 
 
# AdwCleaner v5.102 - Logfile created 14/03/2016 at 08:59:18
# Updated 13/03/2016 by Xplode
# Database : 2016-03-13.2 [server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Cam - CAM-PC
# Running from : C:\Users\Cam\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Users\Cam\AppData\Local\Steam\htmlcache
[-] Folder Deleted : C:\Users\Cam\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd
[-] Folder Deleted : C:\Users\Cam\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcpmofnlkemfkhgngcdppgbhncoflmpe
[-] Folder Deleted : C:\Users\Cam\AppData\Roaming\RPEng
 
***** [ Files ] *****
 
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Cam\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : bopakagnckmlgajfccecajhnimjiiedh
[-] [C:\Users\Cam\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : fcfenmboojpjinhpgggodefccipikbpd
[-] [C:\Users\Cam\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : mcpmofnlkemfkhgngcdppgbhncoflmpe
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
*************************
 
C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [1579 bytes] - [14/03/2016 08:59:18]
C:\Program Files (x86)\AdwCleaner\AdwCleaner[s1].txt - [1634 bytes] - [14/03/2016 08:54:49]
 
########## EOF - C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [1765 bytes] ##########
 
Link to post
Share on other sites

Step06 log - worm found, but removed

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 14/03/2016
Scan Time: 09:05
Logfile: 
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2016.03.14.02
Rootkit Database: v2016.03.12.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Cam
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 361869
Time Elapsed: 13 min, 24 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 1
Worm.Trace, C:\a.txt, Quarantined, [6b3f4d3a18816cca40369e9808fc3ac6], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
Link to post
Share on other sites

Step08 FRST Scan

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Cam (administrator) on CAM-PC (14-03-2016 10:38:51)
Running from C:\Users\Cam\Desktop
Loaded Profiles: Cam (Available Profiles: Cam)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Malwarebytes) D:\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) D:\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\Pingzapper\PZService.exe
(Razer Inc.) C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe
(Malwarebytes) D:\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
() C:\Users\Cam\AppData\Local\Amazon Music\Amazon Music Helper.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(AAA Internet Publishing, Inc.) D:\WTFast\WTFast.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.292\SSScheduler.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ESET) C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [438784 2010-12-17] ()
HKLM-x32\...\Run: [RzWizard] => C:\Program Files (x86)\Razer\RzWizard\RzWizard.exe
HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-13] (Adobe Systems Incorporated)
HKU\S-1-5-21-2328723661-2757072449-2482796673-1001\...\Run: [Facebook Update] => "C:\Users\Cam\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
HKU\S-1-5-21-2328723661-2757072449-2482796673-1001\...\Run: [EADM] => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
HKU\S-1-5-21-2328723661-2757072449-2482796673-1001\...\Run: [steam] => D:\Steam\steam.exe [3013712 2015-12-14] (Valve Corporation)
HKU\S-1-5-21-2328723661-2757072449-2482796673-1001\...\Run: [Amazon Music] => C:\Users\Cam\AppData\Local\Amazon Music\Amazon Music Helper.exe [5907944 2016-03-04] ()
HKU\S-1-5-21-2328723661-2757072449-2482796673-1001\...\Run: [WTFast Tray] => D:\WTFast\WTFast.exe [7381000 2016-02-23] (AAA Internet Publishing, Inc.)
HKU\S-1-5-21-2328723661-2757072449-2482796673-1001\...\MountPoints2: {7c5f3ec8-0c8f-11e3-8e67-806e6f6e6963} - E:\Setup.exe
HKU\S-1-5-21-2328723661-2757072449-2482796673-1001\...\MountPoints2: {be5c9887-82b3-11e5-b0e9-20cf303e5b15} - K:\DTLplus_Launcher.exe
HKU\S-1-5-21-2328723661-2757072449-2482796673-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [sPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-08-24] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-02-20]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.292\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk [2014-10-31]
ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}\Icon09DB8A851.exe ()
Startup: C:\Users\Cam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-03-10]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{56208167-CE58-4540-B178-A0F12991CAC2}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKU\S-1-5-21-2328723661-2757072449-2482796673-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://uk.msn.com/?rd=1&ucc=GB&dcc=GB&opt=0&ocid=iehp
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-02-05] (Microsoft Corporation)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-10-25] (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-21] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-02-09] (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-10-25] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://akamaicdn.webex.com/client/WBXclient-T30L10NSP1-10038/support/ieatgpc1.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-04] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-04] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - D:\Office15\MSOSB.DLL [2015-08-12] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-04] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-04] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-10-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-10-25] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-08-24] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-02-04] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-12-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2328723661-2757072449-2482796673-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Cam\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Users\Cam\AppData\Roaming\mozilla\plugins\npatgpc.dll [2015-09-28] (Cisco WebEx LLC)
 
Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll => No File
CHR Profile: C:\Users\Cam\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Rapport) - C:\Users\Cam\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2016-02-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Cam\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25]
CHR HKU\S-1-5-21-2328723661-2757072449-2482796673-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2804976 2016-02-04] (Microsoft Corporation)
R2 MBAMScheduler; D:\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; D:\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.292\McCHSvc.exe [293128 2016-02-05] (McAfee, Inc.)
S3 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3916368 2016-01-09] (INCA Internet Co., Ltd.)
R2 PingzapperSvc; C:\Program Files (x86)\Pingzapper\PZService.exe [679424 2012-06-11] () [File not signed]
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2266160 2016-03-03] (IBM Corp.)
R2 RzWizardService; C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe [368128 2015-02-17] (Razer Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-03-14] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S3 MpFilter; C:\Windows\system32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
R1 RapportCerberus_1507082; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1507082.sys [972896 2016-03-07] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [514336 2016-03-03] (IBM Corp.)
R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [152320 2016-03-03] (IBM Corp.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [407168 2016-03-03] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [507424 2016-03-03] (IBM Corp.)
R2 WtfEngineDrv; C:\Windows\System32\DRIVERS\WtfEngineDrv.sys [27392 2016-02-01] (AAA Internet Publishing, Inc.)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-14 10:38 - 2016-03-14 10:39 - 00015930 _____ C:\Users\Cam\Desktop\FRST.txt
2016-03-14 10:36 - 2016-03-14 10:36 - 00000214 _____ C:\Users\Cam\Desktop\ESET scan.txt
2016-03-14 09:24 - 2016-03-14 09:24 - 02870984 _____ (ESET) C:\Users\Cam\Desktop\esetsmartinstaller_enu.exe
2016-03-14 09:24 - 2016-03-14 09:24 - 00000000 ____D C:\Program Files (x86)\ESET
2016-03-14 09:01 - 2016-03-14 09:01 - 00001864 _____ C:\Users\Cam\Desktop\AdwCleaner[C1].txt
2016-03-14 08:58 - 2016-03-14 08:58 - 00001634 _____ C:\Users\Cam\Desktop\AdwCleaner[s1].txt
2016-03-14 08:54 - 2016-03-14 08:59 - 00000000 ____D C:\Program Files (x86)\AdwCleaner
2016-03-14 08:50 - 2016-03-14 08:50 - 01527296 _____ C:\Users\Cam\Downloads\AdwCleaner.exe
2016-03-14 08:50 - 2016-03-14 08:50 - 00004690 _____ C:\Users\Cam\Desktop\JRT.txt
2016-03-14 08:43 - 2016-03-14 08:43 - 01609216 _____ (Malwarebytes) C:\Users\Cam\Desktop\JRT.exe
2016-03-14 08:43 - 2016-03-14 08:43 - 01527296 _____ C:\Users\Cam\Desktop\AdwCleaner.exe
2016-03-13 20:07 - 2016-03-13 20:07 - 00000000 ____D C:\Windows\ERDNT
2016-03-13 20:06 - 2016-03-13 20:07 - 00000000 ____D C:\Program Files (x86)\ERUNT
2016-03-13 20:06 - 2016-03-13 20:06 - 00000936 _____ C:\Users\Cam\Desktop\NTREGOPT.lnk
2016-03-13 20:06 - 2016-03-13 20:06 - 00000917 _____ C:\Users\Cam\Desktop\ERUNT.lnk
2016-03-13 20:06 - 2016-03-13 20:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2016-03-13 20:05 - 2016-03-13 20:05 - 00791393 _____ (Lars Hederer ) C:\Users\Cam\Downloads\erunt-setup.exe
2016-03-13 20:03 - 2016-03-13 20:04 - 00002122 _____ C:\Users\Cam\Desktop\Rkill.txt
2016-03-13 20:03 - 2016-03-13 20:03 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\Cam\Desktop\rkill.exe
2016-03-11 20:59 - 2016-03-11 20:59 - 00001118 _____ C:\Users\Cam\Desktop\MB1.txt
2016-03-11 20:59 - 2016-03-11 20:59 - 00001068 _____ C:\Users\Cam\Desktop\MB2.txt
2016-03-10 20:30 - 2016-03-14 10:38 - 00000000 ____D C:\FRST
2016-03-10 20:28 - 2016-03-10 20:29 - 02374144 _____ (Farbar) C:\Users\Cam\Desktop\FRST64.exe
2016-03-10 20:20 - 2016-03-10 20:21 - 01309184 _____ C:\Users\Cam\Desktop\zoek.exe
2016-03-10 19:58 - 2016-03-10 19:58 - 00001053 _____ C:\traojam2.txt
2016-03-10 19:51 - 2016-03-10 19:51 - 00001116 _____ C:\trojam.txt
2016-03-10 17:27 - 2016-03-10 17:27 - 02163981 _____ C:\Users\Cam\Downloads\Consumer Portal Mark-up CBCG V2 120216 (2).pptx
2016-03-10 13:33 - 2016-03-10 13:33 - 00053804 _____ C:\Users\Cam\Downloads\The late Joyce Daphne Munro - Deed of Variation.zip
2016-03-10 12:11 - 2016-03-10 12:11 - 00026409 _____ C:\Users\Cam\Downloads\Chris Lawrence employment reference 10th March 16.pdf
2016-03-10 11:26 - 2016-03-10 11:26 - 00000000 ____D C:\Windows\rescache
2016-03-10 07:03 - 2016-03-10 07:03 - 00151600 _____ C:\Users\Cam\Downloads\Email and SMS Metro January 2015 (2).xlsx
2016-03-10 05:33 - 2016-03-10 13:33 - 00101050 _____ C:\Users\Cam\Downloads\DOV 10 mar 16.pdf
2016-03-09 18:20 - 2016-02-12 18:52 - 03169792 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-03-09 18:20 - 2016-02-12 18:52 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-03-09 18:20 - 2016-02-12 18:52 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-03-09 18:20 - 2016-02-12 18:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-03-09 18:20 - 2016-02-12 18:39 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-03-09 18:20 - 2016-02-12 18:22 - 02610688 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-03-09 18:20 - 2016-02-12 18:19 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-03-09 18:20 - 2016-02-12 18:18 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-03-09 18:20 - 2016-02-12 18:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-03-09 18:20 - 2016-02-12 18:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-03-09 18:20 - 2016-02-12 18:18 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-03-09 18:20 - 2016-02-12 18:18 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-03-09 18:20 - 2016-02-12 18:06 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-03-09 18:20 - 2016-02-12 18:05 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-03-09 18:20 - 2016-02-12 18:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-03-09 18:20 - 2016-02-12 18:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-03-09 18:20 - 2016-02-09 06:53 - 00387792 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-03-09 18:20 - 2016-02-09 06:10 - 00341200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-03-09 18:20 - 2016-02-08 21:05 - 20352512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-03-09 18:20 - 2016-02-08 20:51 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-03-09 18:20 - 2016-02-08 20:39 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-03-09 18:20 - 2016-02-08 20:39 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-03-09 18:20 - 2016-02-08 20:38 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-03-09 18:20 - 2016-02-08 20:38 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-03-09 18:20 - 2016-02-08 20:37 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-03-09 18:20 - 2016-02-08 20:34 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-03-09 18:20 - 2016-02-08 20:32 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-03-09 18:20 - 2016-02-08 20:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-03-09 18:20 - 2016-02-08 20:30 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-03-09 18:20 - 2016-02-08 20:28 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-03-09 18:20 - 2016-02-08 20:28 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-03-09 18:20 - 2016-02-08 20:28 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-03-09 18:20 - 2016-02-08 20:20 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-03-09 18:20 - 2016-02-08 20:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-03-09 18:20 - 2016-02-08 20:15 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-03-09 18:20 - 2016-02-08 20:13 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-03-09 18:20 - 2016-02-08 20:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-03-09 18:20 - 2016-02-08 20:11 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-03-09 18:20 - 2016-02-08 20:10 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-03-09 18:20 - 2016-02-08 20:10 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-03-09 18:20 - 2016-02-08 20:03 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-03-09 18:20 - 2016-02-08 20:02 - 13012480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-03-09 18:20 - 2016-02-08 20:02 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-03-09 18:20 - 2016-02-08 20:01 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-03-09 18:20 - 2016-02-08 20:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-03-09 18:20 - 2016-02-08 19:43 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-03-09 18:20 - 2016-02-08 19:39 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-03-09 18:20 - 2016-02-08 19:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-03-09 18:20 - 2016-02-08 18:41 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-03-09 18:20 - 2016-02-08 18:41 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-03-09 18:20 - 2016-02-08 18:27 - 02887680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-03-09 18:20 - 2016-02-08 18:27 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-03-09 18:20 - 2016-02-08 18:26 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-03-09 18:20 - 2016-02-08 18:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-03-09 18:20 - 2016-02-08 18:26 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-03-09 18:20 - 2016-02-08 18:19 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-03-09 18:20 - 2016-02-08 18:18 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-03-09 18:20 - 2016-02-08 18:16 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-03-09 18:20 - 2016-02-08 18:15 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-03-09 18:20 - 2016-02-08 18:14 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-03-09 18:20 - 2016-02-08 18:14 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-03-09 18:20 - 2016-02-08 18:13 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-03-09 18:20 - 2016-02-08 18:13 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-03-09 18:20 - 2016-02-08 18:06 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-03-09 18:20 - 2016-02-08 18:03 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-03-09 18:20 - 2016-02-08 17:55 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-03-09 18:20 - 2016-02-08 17:54 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-03-09 18:20 - 2016-02-08 17:51 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-03-09 18:20 - 2016-02-08 17:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-03-09 18:20 - 2016-02-08 17:47 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-03-09 18:20 - 2016-02-08 17:37 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-03-09 18:20 - 2016-02-08 17:35 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-03-09 18:20 - 2016-02-08 17:34 - 00798720 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-03-09 18:20 - 2016-02-08 17:33 - 14613504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-03-09 18:20 - 2016-02-08 17:33 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-03-09 18:20 - 2016-02-08 17:33 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-03-09 18:20 - 2016-02-08 17:19 - 02597376 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-03-09 18:20 - 2016-02-08 17:07 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-03-09 18:20 - 2016-02-08 16:55 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-03-09 18:20 - 2016-02-04 17:52 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-03-09 18:20 - 2016-02-03 18:58 - 00862208 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-03-09 18:20 - 2016-02-03 18:52 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-03-09 18:20 - 2016-02-03 18:49 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-03-09 18:20 - 2016-02-03 18:43 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-03-09 18:20 - 2016-02-03 18:07 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2016-03-09 18:20 - 2016-01-11 19:11 - 01684416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2016-03-09 18:20 - 2015-11-19 14:07 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-03-09 18:20 - 2015-11-19 14:07 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-03-09 18:20 - 2015-11-19 14:07 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-03-09 18:20 - 2015-11-19 14:07 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-03-09 18:20 - 2015-11-19 14:07 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-03-09 18:20 - 2015-11-19 14:07 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-03-09 18:20 - 2015-11-19 14:07 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-03-09 18:20 - 2015-11-19 14:07 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-03-09 18:20 - 2015-11-19 14:07 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-03-09 18:20 - 2015-11-19 14:07 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-03-09 18:20 - 2015-11-19 14:07 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-03-09 18:20 - 2015-11-19 14:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-03-09 18:20 - 2015-11-19 14:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-03-09 18:20 - 2015-11-19 14:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-03-09 18:20 - 2015-11-19 14:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-03-09 18:20 - 2015-11-19 14:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-03-09 18:20 - 2015-11-19 14:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-03-09 18:20 - 2015-11-19 14:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-03-09 18:20 - 2015-11-19 14:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-03-09 18:20 - 2015-11-19 14:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-03-09 18:20 - 2015-11-19 14:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-03-09 18:20 - 2015-11-19 14:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-03-09 18:20 - 2015-11-19 14:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2016-03-09 18:20 - 2015-11-19 14:06 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2016-03-09 18:20 - 2015-11-19 14:06 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-03-09 18:20 - 2015-11-19 14:06 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-03-09 18:20 - 2015-11-19 14:06 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-03-09 18:20 - 2015-11-19 14:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-03-09 18:20 - 2015-11-19 14:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-03-09 18:20 - 2015-11-19 14:06 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-03-09 18:20 - 2015-11-19 14:06 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-03-09 18:20 - 2015-11-19 14:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-03-09 18:20 - 2015-11-19 14:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2016-03-09 18:20 - 2015-11-19 14:06 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-03-09 18:20 - 2015-11-19 14:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-03-09 18:20 - 2015-11-19 14:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-03-09 18:20 - 2015-11-19 14:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-03-09 18:20 - 2015-11-19 14:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-03-09 18:20 - 2015-11-19 14:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-03-09 18:20 - 2015-11-19 14:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-03-09 18:20 - 2015-11-19 14:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2016-03-09 18:20 - 2015-11-19 14:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2016-03-09 18:20 - 2015-11-19 14:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2016-03-09 18:20 - 2015-11-19 14:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2016-03-09 18:20 - 2015-11-19 14:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2016-03-09 18:20 - 2015-11-19 14:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2016-03-09 18:19 - 2016-02-11 18:56 - 05572032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-03-09 18:19 - 2016-02-11 18:56 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-03-09 18:19 - 2016-02-11 18:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-03-09 18:19 - 2016-02-11 18:52 - 01733592 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-03-09 18:19 - 2016-02-11 18:49 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-03-09 18:19 - 2016-02-11 18:49 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-03-09 18:19 - 2016-02-11 18:49 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-03-09 18:19 - 2016-02-11 18:49 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-03-09 18:19 - 2016-02-11 18:49 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-03-09 18:19 - 2016-02-11 18:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-03-09 18:19 - 2016-02-11 18:49 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-03-09 18:19 - 2016-02-11 18:49 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-03-09 18:19 - 2016-02-11 18:48 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-03-09 18:19 - 2016-02-11 18:48 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-03-09 18:19 - 2016-02-11 18:48 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-03-09 18:19 - 2016-02-11 18:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-03-09 18:19 - 2016-02-11 18:48 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-03-09 18:19 - 2016-02-11 18:47 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-03-09 18:19 - 2016-02-11 18:45 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-03-09 18:19 - 2016-02-11 18:45 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-03-09 18:19 - 2016-02-11 18:45 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-03-09 18:19 - 2016-02-11 18:45 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-03-09 18:19 - 2016-02-11 18:44 - 03994560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-03-09 18:19 - 2016-02-11 18:44 - 03938240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-03-09 18:19 - 2016-02-11 18:44 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-03-09 18:19 - 2016-02-11 18:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-03-09 18:19 - 2016-02-11 18:44 - 00730112 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-03-09 18:19 - 2016-02-11 18:44 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-03-09 18:19 - 2016-02-11 18:42 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-03-09 18:19 - 2016-02-11 18:42 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-03-09 18:19 - 2016-02-11 18:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-03-09 18:19 - 2016-02-11 18:41 - 01314328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-03-09 18:19 - 2016-02-11 18:41 - 00880128 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-03-09 18:19 - 2016-02-11 18:41 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-03-09 18:19 - 2016-02-11 18:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-03-09 18:19 - 2016-02-11 18:41 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:41 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:41 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:41 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:38 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-03-09 18:19 - 2016-02-11 18:38 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-03-09 18:19 - 2016-02-11 18:38 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-03-09 18:19 - 2016-02-11 18:38 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-03-09 18:19 - 2016-02-11 18:38 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-03-09 18:19 - 2016-02-11 18:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-03-09 18:19 - 2016-02-11 18:38 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-03-09 18:19 - 2016-02-11 18:37 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-03-09 18:19 - 2016-02-11 18:37 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-03-09 18:19 - 2016-02-11 18:37 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-03-09 18:19 - 2016-02-11 18:35 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-03-09 18:19 - 2016-02-11 18:35 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-03-09 18:19 - 2016-02-11 18:35 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-03-09 18:19 - 2016-02-11 18:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-03-09 18:19 - 2016-02-11 18:33 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-03-09 18:19 - 2016-02-11 18:31 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-03-09 18:19 - 2016-02-11 18:30 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-03-09 18:19 - 2016-02-11 18:30 - 00642560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-03-09 18:19 - 2016-02-11 18:30 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-03-09 18:19 - 2016-02-11 18:30 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 18:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 17:48 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-03-09 18:19 - 2016-02-11 17:43 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-03-09 18:19 - 2016-02-11 17:41 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-03-09 18:19 - 2016-02-11 17:40 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-03-09 18:19 - 2016-02-11 17:34 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-03-09 18:19 - 2016-02-11 17:34 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-03-09 18:19 - 2016-02-11 17:33 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-03-09 18:19 - 2016-02-11 17:32 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-03-09 18:19 - 2016-02-11 17:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-03-09 18:19 - 2016-02-11 17:32 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-03-09 18:19 - 2016-02-11 17:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-03-09 18:19 - 2016-02-11 17:32 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-03-09 18:19 - 2016-02-11 17:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-03-09 18:19 - 2016-02-11 17:31 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-03-09 18:19 - 2016-02-11 17:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 17:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 17:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-03-09 18:19 - 2016-02-11 17:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-03-09 18:19 - 2016-02-08 20:05 - 25816576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-03-09 18:19 - 2016-02-08 18:26 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-03-09 18:19 - 2016-02-08 17:52 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-03-09 18:18 - 2016-02-19 19:02 - 00038336 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-03-09 18:18 - 2016-02-19 18:54 - 01168896 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-03-09 18:18 - 2016-02-19 14:07 - 01373184 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-03-09 18:18 - 2016-02-11 14:07 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-03-09 18:18 - 2016-02-09 09:57 - 14634496 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-03-09 18:18 - 2016-02-09 09:57 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-03-09 18:18 - 2016-02-09 09:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2016-03-09 18:18 - 2016-02-09 09:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2016-03-09 18:18 - 2016-02-09 09:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
2016-03-09 18:18 - 2016-02-09 09:54 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2016-03-09 18:18 - 2016-02-09 09:51 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2016-03-09 18:18 - 2016-02-09 09:51 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-03-09 18:18 - 2016-02-09 09:13 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2016-03-09 18:18 - 2016-02-09 09:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2016-03-09 18:18 - 2016-02-09 09:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2016-03-09 18:18 - 2016-02-05 18:54 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-03-09 18:18 - 2016-02-05 18:54 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-03-09 18:18 - 2016-02-05 18:53 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-03-09 18:18 - 2016-02-05 18:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-03-09 18:18 - 2016-02-05 18:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-03-09 18:18 - 2016-02-05 18:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-03-09 18:18 - 2016-02-05 18:42 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-03-09 18:18 - 2016-02-05 17:48 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-03-09 18:18 - 2016-02-05 17:43 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-03-09 18:18 - 2016-02-05 17:43 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-03-09 18:18 - 2016-02-05 14:07 - 00696832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-03-09 18:18 - 2016-02-05 14:07 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-03-09 18:18 - 2016-02-05 14:07 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-03-09 18:18 - 2016-02-05 01:19 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2016-03-09 18:18 - 2016-02-04 18:41 - 00296448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2016-03-08 17:03 - 2016-03-08 17:03 - 00000000 ____D C:\ProgramData\BSD
2016-03-08 17:02 - 2016-03-08 17:02 - 00241896 _____ (TweakBit) C:\Users\Cam\Downloads\internet-optimizer-setup.exe
2016-03-07 08:07 - 2016-03-07 08:07 - 00016501 _____ C:\Users\Cam\Downloads\Metro Consumer Review BAMM Retest 04032016 (1).xlsx
2016-03-07 08:06 - 2016-03-07 08:06 - 00016501 _____ C:\Users\Cam\Downloads\Metro Consumer Review BAMM Retest 04032016.xlsx
2016-03-07 08:04 - 2016-03-07 08:04 - 02163981 _____ C:\Users\Cam\Downloads\Consumer Portal Mark-up CBCG V2 120216 (1).pptx
2016-03-04 10:35 - 2016-03-04 10:35 - 00000397 _____ C:\Users\Cam\Desktop\ST.txt
2016-03-04 09:21 - 2016-03-04 09:21 - 00895137 _____ C:\Users\Cam\Downloads\BAMMTest_STB NDA 1.pdf
2016-03-03 11:52 - 2016-03-03 11:52 - 00000172 _____ C:\Users\Cam\Downloads\Metro march quote.txt
2016-03-02 10:54 - 2016-03-02 10:54 - 00041162 _____ C:\Users\Cam\Downloads\Client DIP Script.xlsx
2016-03-02 10:54 - 2016-03-02 10:54 - 00030296 _____ C:\Users\Cam\Downloads\Client FMA Script.xlsx
2016-03-02 10:53 - 2016-03-02 10:55 - 00302566 _____ C:\Users\Cam\Downloads\Summary.xlsx
2016-03-02 10:53 - 2016-03-02 10:53 - 00337670 _____ C:\Users\Cam\Downloads\Client Summary (2).xlsx
2016-03-02 10:52 - 2016-03-02 10:52 - 00335301 _____ C:\Users\Cam\Downloads\Client Summary.xlsx
2016-03-02 10:52 - 2016-03-02 10:52 - 00335301 _____ C:\Users\Cam\Downloads\Client Summary (1).xlsx
2016-03-02 10:51 - 2016-03-02 10:51 - 00038635 _____ C:\Users\Cam\Downloads\Client Intermediary TS.xlsx
2016-03-02 10:51 - 2016-03-02 10:51 - 00012768 _____ C:\Users\Cam\Downloads\Client Task Script.xlsx
2016-03-02 10:51 - 2016-03-02 10:51 - 00012768 _____ C:\Users\Cam\Downloads\Client Task Script (1).xlsx
2016-03-01 22:49 - 2016-03-01 22:50 - 25866616 _____ (Initex & AAA Internet Publishing ) C:\Users\Cam\Downloads\WTFastSetup.4.0.7.692.exe
2016-03-01 22:25 - 2016-03-01 22:25 - 00026583 _____ C:\Users\Cam\Desktop\idc_debug_log.txt
2016-03-01 14:12 - 2016-03-01 14:12 - 00382012 _____ C:\Users\Cam\Downloads\Mortgage BTL rates - existing customers - 1217 OF S3324 - 03.16  v2 (2).pdf
2016-02-29 16:19 - 2016-02-29 16:19 - 00218637 _____ C:\Users\Cam\Downloads\cv a browne (1).pdf
2016-02-28 01:04 - 2016-02-28 01:04 - 00000022 _____ C:\Windows\cmm.dat
2016-02-28 01:03 - 2016-02-28 01:19 - 00003508 _____ C:\Windows\System32\Tasks\Clean System Memory
2016-02-28 01:03 - 2016-02-28 01:05 - 03348185 _____ C:\Users\Cam\Downloads\cleanmem_setup (2).exe
2016-02-28 01:03 - 2016-02-28 01:03 - 00000000 ____D C:\Windows\CleanMem
2016-02-28 01:03 - 2016-02-28 01:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CleanMem
2016-02-28 01:02 - 2016-02-28 01:05 - 03348185 _____ C:\Users\Cam\Downloads\cleanmem_setup (1).exe
2016-02-28 01:02 - 2016-02-28 01:03 - 00014523 _____ C:\Windows\CleanMem Setup Log.txt
2016-02-28 01:00 - 2016-02-28 01:02 - 03348185 _____ C:\Users\Cam\Downloads\cleanmem_setup.exe
2016-02-28 00:37 - 2016-02-28 00:37 - 00054015 _____ C:\Users\Cam\Downloads\51008673.htm
2016-02-27 17:20 - 2016-02-27 17:20 - 00037785 _____ C:\Users\Cam\Downloads\signin.htm
2016-02-26 13:35 - 2016-02-26 13:35 - 00001117 _____ C:\Users\Public\Desktop\XSplit Broadcaster.lnk
2016-02-26 13:35 - 2016-02-26 13:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit
2016-02-26 13:31 - 2016-02-26 13:31 - 00000000 ____D C:\ProgramData\SplitMediaLabs
2016-02-26 13:26 - 2016-02-26 13:26 - 00382012 _____ C:\Users\Cam\Downloads\Mortgage BTL rates - existing customers - 1217 OF S3324 - 03.16  v2 (1).pdf
2016-02-26 13:26 - 2016-02-26 13:26 - 00069137 _____ C:\Users\Cam\Downloads\Buy to Let Mortgage Range_321_OF - S3323 - 03.16 v2.pdf
2016-02-26 13:22 - 2016-02-26 13:22 - 00382012 _____ C:\Users\Cam\Downloads\Mortgage BTL rates - existing customers - 1217 OF S3324 - 03.16  v2.pdf
2016-02-25 16:20 - 2016-02-26 08:13 - 00018295 _____ C:\Users\Cam\Downloads\ServicingHubScenarios 25022016.xlsx
2016-02-25 10:35 - 2016-02-25 10:35 - 00030287 _____ C:\Users\Cam\Downloads\160224 - Draft Spec to Christian (1).xlsx
2016-02-25 07:10 - 2016-02-25 07:10 - 00030287 _____ C:\Users\Cam\Downloads\160224 - Draft Spec to Christian.xlsx
2016-02-24 04:50 - 2016-03-01 22:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WTFast
2016-02-24 04:50 - 2016-02-24 04:50 - 00000534 _____ C:\Users\Public\Desktop\WTFast.lnk
2016-02-24 04:50 - 2016-02-24 04:50 - 00000000 ____D C:\Users\Cam\AppData\Local\AAA_Internet_Publishing,_
2016-02-24 04:50 - 2016-02-01 12:17 - 00027392 _____ (AAA Internet Publishing, Inc.) C:\Windows\system32\Drivers\WtfEngineDrv.sys
2016-02-24 04:48 - 2016-02-24 04:48 - 25862544 _____ (Initex & AAA Internet Publishing ) C:\Users\Cam\Downloads\WTFastSetup.4.0.6.679.exe
2016-02-23 14:22 - 2016-02-23 14:22 - 00126624 _____ C:\Users\Cam\Downloads\41000172 (1).pdf
2016-02-23 14:17 - 2016-02-23 14:17 - 00125896 _____ C:\Users\Cam\Downloads\40001427 (1).pdf
2016-02-23 14:14 - 2016-02-23 14:14 - 00125896 _____ C:\Users\Cam\Downloads\40001427.pdf
2016-02-23 14:13 - 2016-02-23 14:13 - 00043695 _____ C:\Users\Cam\Downloads\40001427 request.txt
2016-02-23 13:59 - 2016-02-23 13:59 - 00126624 _____ C:\Users\Cam\Downloads\41000172.pdf
2016-02-22 09:23 - 2016-02-22 09:23 - 00309961 _____ C:\Users\Cam\Downloads\mark wallace cv-2.pdf
2016-02-22 08:41 - 2016-02-22 08:41 - 00218637 _____ C:\Users\Cam\Downloads\cv a browne.pdf
2016-02-22 08:01 - 2016-02-22 08:01 - 00015742 _____ C:\Users\Cam\Downloads\ServicingHubScenarios19022016.xlsx
2016-02-22 07:43 - 2016-02-22 07:43 - 00001400 _____ C:\Users\Cam\Downloads\Phone call.txt
2016-02-22 00:21 - 2016-02-24 06:06 - 00007610 _____ C:\Users\Cam\AppData\Local\Resmon.ResmonCfg
2016-02-20 09:32 - 2016-02-20 09:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2016-02-18 13:59 - 2016-02-18 14:04 - 02465158 _____ C:\Users\Cam\Downloads\Consumer Portal Mark-up CBCG V2.1 160216.pptx
2016-02-18 10:13 - 2016-02-18 10:13 - 00443593 _____ C:\Users\Cam\Downloads\zeeshan_shabir_software_tester (1).pdf
2016-02-17 15:50 - 2016-02-17 15:50 - 00007574 _____ C:\Users\Cam\Downloads\Astra-Vaughn.pdf
2016-02-17 10:36 - 2016-02-17 10:36 - 00000382 _____ C:\Users\Cam\Desktop\Monitoring Testing 18022016.txt
2016-02-15 14:46 - 2016-02-15 14:46 - 00653455 _____ C:\Users\Cam\Downloads\MT1001350140 - Offer_eabe6dbb-abe0-460c-a323-f76580874f47.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-14 09:06 - 2009-07-14 04:45 - 00019984 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-14 09:06 - 2009-07-14 04:45 - 00019984 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-14 09:04 - 2014-05-19 19:21 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-03-14 09:04 - 2009-07-14 05:13 - 00798694 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-14 09:04 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\inf
2016-03-14 09:01 - 2015-07-10 21:25 - 00000000 ____D C:\Users\Cam\AppData\Local\Steam
2016-03-14 09:01 - 2013-08-23 23:55 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-14 09:00 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-10 20:08 - 2014-06-04 06:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-03-10 12:11 - 2016-02-05 21:59 - 00000000 ____D C:\Users\Cam\AppData\Local\Amazon Music
2016-03-10 12:03 - 2016-02-05 21:59 - 00001124 _____ C:\Users\Cam\Desktop\Amazon Music.lnk
2016-03-10 05:49 - 2009-07-14 04:45 - 00456832 _____ C:\Windows\system32\FNTCACHE.DAT
2016-03-09 23:47 - 2013-08-24 00:48 - 00000000 ____D C:\Windows\system32\MRT
2016-03-09 23:43 - 2014-12-11 18:24 - 00000000 ____D C:\Windows\system32\appraiser
2016-03-09 23:43 - 2013-08-24 00:48 - 143659408 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-03-08 17:03 - 2009-07-14 02:34 - 00000466 _____ C:\Windows\win.ini
2016-03-07 06:41 - 2014-05-31 12:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2016-03-03 11:19 - 2015-06-08 06:47 - 00152320 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportHades64.sys
2016-03-03 11:19 - 2014-05-31 12:17 - 00407168 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportKE64.sys
2016-03-01 21:52 - 2009-07-14 05:08 - 00032528 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-02-28 18:42 - 2011-01-11 01:23 - 00000197 _____ C:\Windows\SysWOW64\CleanMem.ini
2016-02-28 01:27 - 2014-12-27 22:24 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-02-28 01:26 - 2013-09-23 22:31 - 00000920 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2328723661-2757072449-2482796673-1001UA.job
2016-02-28 01:26 - 2013-09-23 22:31 - 00000898 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2328723661-2757072449-2482796673-1001Core.job
2016-02-28 01:13 - 2013-09-23 22:31 - 00003904 _____ C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2328723661-2757072449-2482796673-1001UA
2016-02-28 01:13 - 2013-09-23 22:31 - 00003536 _____ C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2328723661-2757072449-2482796673-1001Core
2016-02-27 22:33 - 2014-06-04 06:26 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-02-27 22:32 - 2015-09-25 08:30 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-02-26 16:55 - 2015-04-04 17:34 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-02-26 16:55 - 2015-04-04 17:34 - 00000000 ___SD C:\Windows\system32\GWX
2016-02-26 13:36 - 2013-11-23 21:07 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2016-02-24 06:07 - 2013-10-16 23:39 - 00001945 _____ C:\Windows\epplauncher.mif
2016-02-24 06:07 - 2013-08-23 23:44 - 00002125 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-02-24 06:07 - 2013-08-23 23:44 - 00000000 ____D C:\Program Files\Microsoft Security Client
2016-02-24 06:07 - 2013-08-23 23:44 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2016-02-24 04:50 - 2015-04-11 22:06 - 00000000 ____D C:\ProgramData\Package Cache
2016-02-20 09:32 - 2015-11-15 21:08 - 00000000 ____D C:\Program Files\McAfee Security Scan
2016-02-20 09:32 - 2013-09-15 06:23 - 00001972 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2016-02-19 21:30 - 2013-08-23 23:56 - 00002220 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-19 21:30 - 2013-08-23 23:56 - 00002191 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-18 00:31 - 2013-08-24 00:32 - 00790816 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-02-14 20:46 - 2016-02-10 07:30 - 00000000 ____D C:\Users\Cam\AppData\Roaming\PlaysTV
 
==================== Files in the root of some directories =======
 
2015-11-20 14:13 - 2015-11-20 14:13 - 0000816 _____ () C:\Users\Cam\AppData\Local\recently-used.xbel
2016-02-22 00:21 - 2016-02-24 06:06 - 0007610 _____ () C:\Users\Cam\AppData\Local\Resmon.ResmonCfg
 
Some files in TEMP:
====================
C:\Users\Cam\AppData\Local\Temp\driver-updater-setup.exe
C:\Users\Cam\AppData\Local\Temp\playstv_patch.exe
C:\Users\Cam\AppData\Local\Temp\sqlite3.dll
C:\Users\Cam\AppData\Local\Temp\tmpCAED.exe
C:\Users\Cam\AppData\Local\Temp\xmlUpdater.exe
C:\Users\Cam\AppData\Local\Temp\{1A25243D-7AB1-4DAF-97FD-F5B7D83593E2}-45.0.2454.101_45.0.2454.99_chrome_updater.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-03-09 19:49
 
==================== End of FRST.txt ============================
Link to post
Share on other sites

All steps completed:

 

Step08 FRST Addition

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Cam (2016-03-14 10:39:19)
Running from C:\Users\Cam\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2013-08-23 23:41:29)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2328723661-2757072449-2482796673-500 - Administrator - Disabled)
Cam (S-1-5-21-2328723661-2757072449-2482796673-1001 - Administrator - Enabled) => C:\Users\Cam
Guest (S-1-5-21-2328723661-2757072449-2482796673-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2328723661-2757072449-2482796673-1002 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Disabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Disabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.14) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.14 - Adobe Systems Incorporated)
Age of Empires III: Complete Collection (HKLM-x32\...\GFWL_{4541091F-1F3D-4BA3-A5A3-F71000000100}) (Version: 1.0.0000.1 - Microsoft Game Studios)
Age of Empires III: Complete Collection (x32 Version: 1.0.0000.1 - Microsoft Game Studios) Hidden
AION Free-to-Play (HKLM-x32\...\{82E73E8D-E1E7-45A4-A311-6D31492AA913}_is1) (Version:  - Gameforge)
Amazon Music (HKU\S-1-5-21-2328723661-2757072449-2482796673-1001\...\Amazon Amazon Music) (Version: 4.2.0.1281 - Amazon Services LLC)
AMD Catalyst Install Manager (HKLM\...\{7E5DC2C5-115A-322B-976C-219237FAED66}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Archeage Beta (HKLM-x32\...\Glyph Archeage Beta) (Version:  - Trion Worlds, Inc.)
AVS Video Editor 6.5 (HKLM-x32\...\AVS Video Editor_is1) (Version: 6.5.1.246 - Online Media Technologies Ltd.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Blade & Soul (HKLM-x32\...\InstallShield_{C3F383C1-D050-4A40-843F-8171A6A02C3A}) (Version: 1.0.63.237 - NC Interactive, LLC)
Blade & Soul (x32 Version: 1.0.63.237 - NC Interactive, LLC) Hidden
Blade and Soul (HKLM-x32\...\{CEF766E5-6E15-441F-B14A-C44CB168DBE7}) (Version: 1.0.0 - PlayBns.com)
Cisco Systems VPN Client 5.0.07.0440 (HKLM\...\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}) (Version: 5.0.7 - Cisco Systems, Inc.)
Cisco WebEx Meetings (HKU\S-1-5-21-2328723661-2757072449-2482796673-1001\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
CleanMem (HKLM-x32\...\CleanMem) (Version: v2.5.0 - PcWinTech.com)
Common Desktop Agent (Version: 1.53.0 - OEM) Hidden
Defiance (HKLM-x32\...\Glyph Defiance) (Version:  - Trion Worlds, Inc.)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version:  - Lars Hederer)
Facebook Video Calling 1.2.0.287 (HKLM-x32\...\{B92C5909-1D37-4C51-8397-A28BB28E5DC3}) (Version: 1.2.287 - Skype Limited)
FINAL FANTASY XIV - A Realm Reborn (HKLM-x32\...\{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Gameforge Live 2.0.8 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.8 - Gameforge)
Glyph (HKLM-x32\...\Glyph) (Version:  - Trion Worlds, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
HOTSLogsUploader (HKU\S-1-5-21-2328723661-2757072449-2482796673-1001\...\99a83d131490dc73) (Version: 1.0.0.11 - HOTSLogsUploader)
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Java SE Development Kit 7 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170450}) (Version: 1.7.0.450 - Oracle)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Logitech Gaming Software 8.50 (HKLM\...\Logitech Gaming Software) (Version: 8.50.281 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.292.3 - McAfee, Inc.)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.6568.2025 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2328723661-2757072449-2482796673-1001\...\OneDriveSetup.exe) (Version: 17.0.4023.1211 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visio Professional 2013 (HKLM-x32\...\Office15.VISPROR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version:  - NCSOFT)
NetBeans IDE 7.4 (HKLM\...\nbi-nb-base-7.4.0.0.201310111528) (Version: 7.4 - NetBeans.org)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.8 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6528.1011 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6528.1011 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6528.1011 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.3.11.2762 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 1.0.0.29055 - Grinding Gear Games)
Pingzapper version 2.0.1 (HKLM-x32\...\{7FD61982-5436-439B-B5D0-36F0536FF8BF}_is1) (Version: 2.0.1 - Pingzapper)
PokerStars (HKLM-x32\...\PokerStars) (Version:  - PokerStars)
Python 2.7.11 (HKLM-x32\...\{16E52445-1392-469F-9ADB-FC03AF00CD61}) (Version: 2.7.11150 - Python Software Foundation)
Rapport (x32 Version: 3.5.1507.113 - Trusteer) Hidden
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.02.06.07 - Samsung Electronics Co., Ltd.)
Samsung ML-2160 Series (HKLM-x32\...\Samsung ML-2160 Series) (Version: 1.08 (24/08/2012) - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
StarCraft II - Legacy of the Void Beta (HKLM-x32\...\StarCraft II - Legacy of the Void Beta) (Version:  - Blizzard Entertainment)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Sublime Text 2.0.2 (HKLM\...\Sublime Text 2_is1) (Version:  - )
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.11 - TeamSpeak Systems GmbH)
TERA (HKLM-x32\...\{A2F166A0-F031-4E27-A057-C69733219434}_is1) (Version: 28 - Gameforge Productions GmbH)
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 1.0.0.0 - Zenimax Online Studios)
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1507.113 - Trusteer)
Update for Skype for Business 2015 (KB3114831) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.VISPROR_{BAEE7A38-3C9E-44DC-9E43-19FC94DD77E2}) (Version:  - Microsoft)
WildStar (HKLM-x32\...\WildStar) (Version:  - NCSOFT)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
WTFast 4.0 (HKLM-x32\...\{12B4121D-5221-4AFC-9EDC-63B0CA139856}_is1) (Version: 4.0.7.692 - Initex & AAA Internet Publishing)
XSplit Broadcaster (HKLM-x32\...\{6F937E75-B6D6-4C2C-B864-90AA91EFF8B2}) (Version: 1.3.1403.1202 - SplitmediaLabs)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0283162A-E867-49CE-BB8F-203B838346DB} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-02-04] (Microsoft Corporation)
Task: {0789BACF-946A-4B59-97C7-307DE1716D18} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {1188DD89-5561-4A6B-B1CB-FC4C0A21112D} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {224DF208-6076-454C-B2FD-E08CEB077D6F} - System32\Tasks\Clean System Memory => C:\Windows\syswow64\CleanMem.exe [2014-08-20] (PcWinTech.com)
Task: {2FC43B22-1968-4A0E-8E64-7DA11BEA1040} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {46EC8E3F-1296-448C-833C-C8A3EDCD0ED3} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-02-27] (Microsoft Corporation)
Task: {73773E0D-3943-4CC8-AD71-657D0EFC3ECE} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2328723661-2757072449-2482796673-1001UA => C:\Users\Cam\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {7463303D-5F99-4FB5-B195-E3FB724F80CC} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-02-04] (Microsoft Corporation)
Task: {93826E1A-4BD0-4A45-8BBA-9BD6D1359D6B} - System32\Tasks\{348F76F9-D165-4E1F-B831-2B4C70E6B8B2} => pcalua.exe -a "C:\Users\Cam\Downloads\vpnclient-win-msi-5.0.07.0410-k9 - Copy.exe" -d C:\Users\Cam\Downloads
Task: {A6E675AA-832B-4245-AE90-1D322955D16C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {ADF89DDB-D041-44EA-A6D4-7D14B95405E9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-21] (Microsoft Corporation)
Task: {E6313315-D8D0-4B3E-944F-2B9D7FF5E93D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-21] (Microsoft Corporation)
Task: {F90D584E-90EA-4FD9-B297-FD8301899AD7} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2328723661-2757072449-2482796673-1001Core => C:\Users\Cam\AppData\Local\Facebook\Update\FacebookUpdate.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2328723661-2757072449-2482796673-1001Core.job => C:\Users\Cam\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2328723661-2757072449-2482796673-1001UA.job => C:\Users\Cam\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2013-06-28 12:12 - 2013-06-28 11:12 - 00034304 _____ () C:\Windows\System32\ssj1mlm.dll
2015-09-25 08:30 - 2016-02-04 05:51 - 00173256 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2014-10-24 18:16 - 2012-06-11 10:57 - 00679424 ___SH () C:\Program Files (x86)\Pingzapper\PZService.exe
2015-09-15 13:58 - 2015-09-15 13:58 - 08901184 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-04-15 20:13 - 2015-04-15 20:13 - 00222720 _____ () D:\Notepad++\NppShell_06.dll
2010-12-17 17:13 - 2010-12-17 17:13 - 00438784 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
2010-12-17 17:13 - 2010-12-17 17:13 - 00050688 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
2016-02-05 21:59 - 2016-03-04 21:34 - 05907944 _____ () C:\Users\Cam\AppData\Local\Amazon Music\Amazon Music Helper.exe
2011-03-04 12:49 - 2011-03-04 12:49 - 00202752 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll
2015-07-21 16:02 - 2015-07-21 16:02 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2014-01-03 19:03 - 2014-01-03 19:03 - 07816192 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\avcodec-54.dll
2014-01-03 19:03 - 2014-01-03 19:03 - 00188416 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\avutil-52.dll
2014-01-03 19:03 - 2014-01-03 19:03 - 01425920 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\avformat-54.dll
2014-01-03 19:03 - 2014-01-03 19:03 - 00336896 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\swscale-2.dll
2014-01-03 19:03 - 2014-01-03 19:03 - 00096256 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\swresample-0.dll
2016-02-19 21:30 - 2016-02-18 04:14 - 01630360 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\libglesv2.dll
2016-02-19 21:30 - 2016-02-18 04:14 - 00085656 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 02:34 - 2016-02-20 09:32 - 00000862 ____A C:\Windows\system32\Drivers\etc\hosts
 
0.0.0.1 mssplus.mcafee.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2328723661-2757072449-2482796673-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Cam\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{E4505D9F-B512-476A-8CCC-88F08EED8976}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{B38E00EA-08DA-4412-B348-C9869040BA67}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{CB9AF444-0631-4DA3-AAB2-94D2CBD6D157}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe
FirewallRules: [{A138EAA8-3F75-4D4D-8B8A-7CF1F785DF59}] => (Allow) C:\Program Files (x86)\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe
FirewallRules: [{0E6B759C-4D0A-4801-A405-E367449DF077}] => (Allow) C:\Users\Cam\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [TCP Query User{C8F70BB7-4200-4174-BE3D-E5AEE469F84E}C:\program files\java\jdk1.7.0_45\bin\javaw.exe] => (Allow) C:\program files\java\jdk1.7.0_45\bin\javaw.exe
FirewallRules: [uDP Query User{AAECB9FE-96FD-4D09-80C3-B8B05366CEF1}C:\program files\java\jdk1.7.0_45\bin\javaw.exe] => (Allow) C:\program files\java\jdk1.7.0_45\bin\javaw.exe
FirewallRules: [{2E4E128D-B558-48DE-8B8A-E7EC650E5113}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{28533AC7-ED6E-4CDC-A5BA-0A1F4AB26A1B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{85B2CB1D-CEFD-4B75-8FE0-ADC485156F6A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{1D4A10F1-69CB-4B28-A944-BDDA0BF086E7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{B0B4962B-A4E7-4082-B1F9-3F0C6D5293AD}] => (Allow) D:\Program Files (x86)\Microsoft Games\Age of Empires III\age3.exe
FirewallRules: [{EC6FB6AF-8337-4AC5-9A6C-FD9F16295394}] => (Allow) D:\Program Files (x86)\Microsoft Games\Age of Empires III\age3.exe
FirewallRules: [{8C4388CF-7F76-492D-BCF7-D43CC1D63486}] => (Allow) D:\Program Files (x86)\Microsoft Games\Age of Empires III\age3x.exe
FirewallRules: [{3908F9CF-A4E2-4508-A198-7C9DC57E0C6E}] => (Allow) D:\Program Files (x86)\Microsoft Games\Age of Empires III\age3x.exe
FirewallRules: [{28D68B2A-A326-4CA8-8E4B-0E7790E9DAC3}] => (Allow) D:\Program Files (x86)\Microsoft Games\Age of Empires III\age3y.exe
FirewallRules: [{3B3C20FA-7934-465D-9979-F52288EFAAFD}] => (Allow) D:\Program Files (x86)\Microsoft Games\Age of Empires III\age3y.exe
FirewallRules: [{6B77ED28-BC49-4E3E-804B-12C0A734BC77}] => (Allow) D:\Program Files (x86)\Microsoft Games\Age of Empires III\autopatcher.exe
FirewallRules: [{6E8E2F3F-F8CE-4403-8F78-A3CEEC1E8372}] => (Allow) D:\Program Files (x86)\Microsoft Games\Age of Empires III\autopatcher.exe
FirewallRules: [{C41E460E-F3DA-467D-A1CD-62E14612EBC9}] => (Allow) D:\Program Files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe
FirewallRules: [{4B0AD7A8-EB19-4204-974E-5EABDCC85E94}] => (Allow) D:\Program Files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe
FirewallRules: [{9AED55A1-EB7A-4D44-A263-97FADE157245}] => (Allow) D:\Program Files (x86)\Microsoft Games\Age of Empires III\autopatcherx.exe
FirewallRules: [{19BAAD81-D171-4B1A-9315-4864DA1FFE59}] => (Allow) D:\Program Files (x86)\Microsoft Games\Age of Empires III\autopatcherx.exe
FirewallRules: [{741709F1-20A9-4107-80E3-D4574490FADA}] => (Allow) D:\Program Files (x86)\Microsoft Games\Age of Empires III\autopatchery.exe
FirewallRules: [{02E4CCA5-1398-4AC5-A7F2-403157800202}] => (Allow) D:\Program Files (x86)\Microsoft Games\Age of Empires III\autopatchery.exe
FirewallRules: [{9791F3E5-236A-41D1-A046-598729922BB5}] => (Allow) D:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{32B61D83-76E6-4B63-A172-7FFB88AC6CCB}] => (Allow) D:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{F46EC5CC-7EF4-4BB0-95EF-5F2D73218C7C}] => (Allow) D:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [{1FFE4879-02F4-4A85-9999-9F810760207B}] => (Allow) D:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [TCP Query User{319E2DAC-48D3-4FB9-86ED-4682C758E274}D:\program files (x86)\starcraft ii\versions\base26490\sc2.exe] => (Allow) D:\program files (x86)\starcraft ii\versions\base26490\sc2.exe
FirewallRules: [uDP Query User{D9AEA660-8F15-4B1A-AC92-E8FB6A6D18CD}D:\program files (x86)\starcraft ii\versions\base26490\sc2.exe] => (Allow) D:\program files (x86)\starcraft ii\versions\base26490\sc2.exe
FirewallRules: [{40F53FEE-5379-4F49-ACA7-D65AACC73260}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2581\Agent.exe
FirewallRules: [{D1C48A25-7F0C-42A8-AC02-8F15731AF493}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2581\Agent.exe
FirewallRules: [{77DF0A4D-4872-4BAA-B5D6-D913D40DA598}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{01EC0B65-AFB0-48BC-BE16-900BB9DC2B63}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{95FFCD3C-B10B-4C64-930C-E17B0DCA0408}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{4D5DB72B-638E-48CB-837A-63CD6003AA38}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{F022E892-95C6-4A63-B141-3714D5A0B5A6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2638\Agent.exe
FirewallRules: [{BFF51645-C9D3-4323-845B-029A6730FBC5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2638\Agent.exe
FirewallRules: [{7F1E8739-3C60-4FCB-B294-96E88E10E4B9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2680\Agent.exe
FirewallRules: [{A7115822-319B-437D-AF62-B7B417C6E2E1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2680\Agent.exe
FirewallRules: [{491E821E-0110-4259-89D2-D5B53B517527}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe
FirewallRules: [{92641159-4910-466A-8EE7-4942068B4525}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe
FirewallRules: [{0A35D56F-494A-4414-B938-BE51CE4A5023}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe
FirewallRules: [{09120A59-8E47-436B-A84C-D2DDB1E4CBCC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2689\Agent.exe
FirewallRules: [TCP Query User{BE9AEF8C-E705-4325-9297-71CAFA8E2A2D}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [uDP Query User{D100020F-9AA1-4C2B-A501-47443C197157}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{7D6CA953-1A7F-40B2-B7F6-2B7B6656D66E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{C4167E7E-B3E0-4924-A059-D67BEE63239C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{4A37575F-4CD3-496C-B4E5-EE33A6BF4A0A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{B8A275D4-0FFF-4B2B-AB97-B461F5C645E2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{6FCEE56B-40CA-411D-A5A6-17078978A35D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [{05D2FDDA-77A0-45F5-8962-13D825852553}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
FirewallRules: [{53FF819A-0F38-400C-AA0F-96A25A0CC1E2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{32E3DBC2-3017-4F86-A8E8-CCECC6579C05}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
FirewallRules: [{41338959-6726-46FC-8C88-B77EA3A23023}] => (Allow) D:\Program Files (x86)\Glyph\GlyphClient.exe
FirewallRules: [{4BAFBE37-7982-406A-8C23-D5D659E9DE6A}] => (Allow) D:\Glyph\Games\ArcheAge\Alpha\bin32\archeage.exe
FirewallRules: [{99ABA3AD-7EED-40F4-8966-333F2B42990E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{BC912DC7-00CD-463F-BCD4-258067B04EB4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [TCP Query User{34E89CC0-EBD5-480D-9579-312F50DF5AF0}D:\program files (x86)\starcraft ii\versions\base28667\sc2.exe] => (Block) D:\program files (x86)\starcraft ii\versions\base28667\sc2.exe
FirewallRules: [uDP Query User{56694036-1B1F-45FE-AAB7-E027A995FA5A}D:\program files (x86)\starcraft ii\versions\base28667\sc2.exe] => (Block) D:\program files (x86)\starcraft ii\versions\base28667\sc2.exe
FirewallRules: [{4DDF8D2A-3E37-4FDB-824A-752DDBEB764C}] => (Allow) C:\Users\Cam\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{E4492219-C729-43ED-93A7-CC3AFDCF09CA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{9BFC3D04-286E-458A-8E49-55EB911C4DBD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{8CB5FC2D-CD0D-4BE9-8AEB-1BD8137952B9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe
FirewallRules: [{87ECDD76-2B94-4E48-B00E-D7DD35D14791}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3109\Agent.exe
FirewallRules: [{34723ABB-955D-4E52-BF62-ABF9BA7394F8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [{3F7B5D2A-41C0-4F59-A1CD-1609268F3D4D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3147\Agent.exe
FirewallRules: [{9BDEE801-8D62-4F2C-8886-6EB45BAF777E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{0B120819-C3EB-4F2D-8EE3-3B384D287B9A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [TCP Query User{CA565D27-A757-4A1E-9050-99D7C9E1ED3B}D:\heroes of the storm\versions\base32524\heroesofthestorm.exe] => (Allow) D:\heroes of the storm\versions\base32524\heroesofthestorm.exe
FirewallRules: [uDP Query User{40395E18-1C69-4205-B793-2348D91CE7F5}D:\heroes of the storm\versions\base32524\heroesofthestorm.exe] => (Allow) D:\heroes of the storm\versions\base32524\heroesofthestorm.exe
FirewallRules: [TCP Query User{453E58BF-C268-4952-B160-5BA40327D41B}D:\heroes of the storm\versions\base33182\heroesofthestorm.exe] => (Allow) D:\heroes of the storm\versions\base33182\heroesofthestorm.exe
FirewallRules: [uDP Query User{2D8F7252-2C2D-48E9-984E-39DC3E6F8AD4}D:\heroes of the storm\versions\base33182\heroesofthestorm.exe] => (Allow) D:\heroes of the storm\versions\base33182\heroesofthestorm.exe
FirewallRules: [TCP Query User{BA88EAEF-3415-4992-9386-EB3847B1FD2B}D:\heroes of the storm\versions\base33182\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base33182\heroesofthestorm_x64.exe
FirewallRules: [uDP Query User{0A3CBBB9-0EA6-41FB-9086-837A73D16307}D:\heroes of the storm\versions\base33182\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base33182\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{6A4A2FAB-3C4A-41EB-A6FB-FCC52DF4B226}D:\heroes of the storm\versions\base33353\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base33353\heroesofthestorm_x64.exe
FirewallRules: [uDP Query User{78626983-A31E-4552-B1F0-182C3C9370DE}D:\heroes of the storm\versions\base33353\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base33353\heroesofthestorm_x64.exe
FirewallRules: [{7B2D3B87-BB57-43F0-B348-628DD0C3EF69}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe
FirewallRules: [{0A92EDBF-ADB3-4965-AA21-7A6976346780}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe
FirewallRules: [{3A5BD527-3716-4897-B3A2-C181D4A4C2E0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{9AF1E0F0-B98E-403E-B91C-AF8106F7D3E0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [TCP Query User{6D5A24DB-AC2E-453F-907D-76C834A9B625}D:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => (Allow) D:\program files (x86)\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [uDP Query User{1EDDE0A4-21F8-4665-9D42-739771520482}D:\program files (x86)\starcraft ii\versions\base32283\sc2.exe] => (Allow) D:\program files (x86)\starcraft ii\versions\base32283\sc2.exe
FirewallRules: [{97FA1F90-ED25-4F05-8F18-6DB328BC471D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3668\Agent.exe
FirewallRules: [{8392FDA2-BA92-4636-80F3-7900D2C2C2C9}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3668\Agent.exe
FirewallRules: [{239CAE05-DFCC-4330-AA5F-358180C4DBB6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
FirewallRules: [{95AAC013-8417-4F77-822A-1AD222BB1B85}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
FirewallRules: [{BD555BFD-3386-4774-8E9B-1DCAA0B89F27}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{42BE78E2-FB79-44E6-8FA9-E02D9AFB6B65}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [TCP Query User{7C2950A2-AAB3-4E06-91C5-901107C35C04}D:\heroes of the storm\versions\base33684\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base33684\heroesofthestorm_x64.exe
FirewallRules: [uDP Query User{931B01D6-D89E-4276-AE2E-87E3227C9086}D:\heroes of the storm\versions\base33684\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base33684\heroesofthestorm_x64.exe
FirewallRules: [{28641155-C3C5-48E3-9D44-FD75E082C729}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [{485ADBD6-9EE4-41C0-B2D4-F39B880DE4D6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [{7D1D9226-1ADE-46C6-81C9-20EF358BA24A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [{1C013DFE-A6B1-4B87-AACE-1BBDA171A0D4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [TCP Query User{DA607C91-9BBF-443F-AC3F-CA66DF63040C}D:\heroes of the storm\versions\base34053\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base34053\heroesofthestorm_x64.exe
FirewallRules: [uDP Query User{713E3459-5AD2-4B59-9C1F-4B9679AEA4F3}D:\heroes of the storm\versions\base34053\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base34053\heroesofthestorm_x64.exe
FirewallRules: [{5FC63424-DC7B-45AC-B0D7-B53E5D13EE1D}] => (Allow) D:\Diablo III\Diablo III.exe
FirewallRules: [{BEC38471-5772-4D64-8BC7-19508CC9FE29}] => (Allow) D:\Diablo III\Diablo III.exe
FirewallRules: [TCP Query User{A8FFAFA3-82DB-4633-A1E6-037D7EE0DFFD}D:\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe
FirewallRules: [uDP Query User{BF1C3EF6-0755-45DB-9BEB-8439262649A2}D:\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base34190\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{5B2D834A-E92A-48D7-9CDC-0DAB4C19C712}D:\gameforgelive\games\gbr_eng\tera\tera-launcher.exe] => (Allow) D:\gameforgelive\games\gbr_eng\tera\tera-launcher.exe
FirewallRules: [uDP Query User{5CE4AC9F-9A85-479E-A6CF-CF81B38DA10C}D:\gameforgelive\games\gbr_eng\tera\tera-launcher.exe] => (Allow) D:\gameforgelive\games\gbr_eng\tera\tera-launcher.exe
FirewallRules: [TCP Query User{BF1A63C1-0013-4DB5-88D9-89430638B804}D:\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe
FirewallRules: [uDP Query User{4BD85208-FCAA-4755-AEDF-05F15928F198}D:\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe
FirewallRules: [{29A6360E-55FC-4E47-8A0C-A5EECFFC92F2}] => (Allow) D:\riot games\lol.launcher.exe
FirewallRules: [{C2BE3476-43AB-4E43-9053-D4CF626FA5A2}] => (Allow) D:\riot games\lol.launcher.exe
FirewallRules: [{53DEFACD-979B-4D94-8545-13A761FDFA61}] => (Allow) D:\riot games\lol.launcher.exe
FirewallRules: [{F16EA60C-A4B5-4F29-AA87-B47C88886189}] => (Allow) D:\riot games\lol.launcher.exe
FirewallRules: [TCP Query User{BD50DDCD-02BE-4DC8-BD6C-5B9B25EB77A0}D:\heroes of the storm\versions\base35360\heroesofthestorm_x64.exe] => (Block) D:\heroes of the storm\versions\base35360\heroesofthestorm_x64.exe
FirewallRules: [uDP Query User{E4B07BCA-0E0F-4FAE-A22B-1C197323B843}D:\heroes of the storm\versions\base35360\heroesofthestorm_x64.exe] => (Block) D:\heroes of the storm\versions\base35360\heroesofthestorm_x64.exe
FirewallRules: [{6D7BC7EE-0AD8-4BA9-9E22-4BDCC6BF4FAD}] => (Allow) D:\Hearthstone\Hearthstone.exe
FirewallRules: [{7E795D8E-6577-4072-BDEA-5FE3AB442AD2}] => (Allow) D:\Hearthstone\Hearthstone.exe
FirewallRules: [TCP Query User{30840A95-B3EB-498A-9052-AF10335DB67A}D:\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe
FirewallRules: [uDP Query User{1563D725-9965-48A6-9015-5B4F8E3EFC6D}D:\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe] => (Allow) D:\heroes of the storm\versions\base35702\heroesofthestorm_x64.exe
FirewallRules: [{3A35A793-CAD8-42F0-8AD9-5CAC2E56028E}] => (Allow) D:\GameforgeLive\gfl_client.exe
FirewallRules: [TCP Query User{BB0E010E-B3F2-4F9B-858A-3B445CC55867}D:\starcraft ii - legacy of the void beta\versions\base35543\sc2_x64.exe] => (Allow) D:\starcraft ii - legacy of the void beta\versions\base35543\sc2_x64.exe
FirewallRules: [uDP Query User{569291FB-3D0E-4EED-A584-1E829D574F54}D:\starcraft ii - legacy of the void beta\versions\base35543\sc2_x64.exe] => (Allow) D:\starcraft ii - legacy of the void beta\versions\base35543\sc2_x64.exe
FirewallRules: [{7A818534-CFE3-4321-BC38-F02EDD251E90}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{4486C002-D8B8-4325-BDDE-65D5E5CDAB22}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{DFCD6136-E571-4BDA-A750-9CCD94FAF264}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{C61BA8D6-CA35-4400-9148-9AFFB920481D}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{15E1C295-2DBC-4524-97BE-1F7E688344F1}D:\steam\steamapps\common\rocketleague\binaries\win32\rocketleague.exe] => (Block) D:\steam\steamapps\common\rocketleague\binaries\win32\rocketleague.exe
FirewallRules: [uDP Query User{6078D932-2D78-40F4-BD0B-AD2051B191F5}D:\steam\steamapps\common\rocketleague\binaries\win32\rocketleague.exe] => (Block) D:\steam\steamapps\common\rocketleague\binaries\win32\rocketleague.exe
FirewallRules: [{31019334-A8AF-4F3A-8064-D06447BEFA60}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{99F93778-A137-4C7F-8F7E-AB9E507DA208}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{E5B2F8FC-0A00-4537-8BA8-6B4222EA6FE0}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{9499A49F-4A67-4ECE-AAC4-3E4E703DAEC5}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{924F1AE5-3195-4464-983C-EC841487CBD6}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{D337FA04-9D0B-43AB-BF5D-ECF0141B59BB}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{8787B0B2-1ED2-4EAD-825D-B3FF944CEBF7}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{9ED425D9-3C86-4BED-81EB-B54A872A5D7B}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{2E240657-BCAB-4E89-AD88-4268E914710B}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{E6C8BEB4-BD3C-475E-964C-939EE1ABF3D0}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{2EF76339-08DB-4AB5-8542-789AE6600EB9}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{676EA3F7-70F6-47EE-BA6C-CB0FA00481F7}] => (Allow) D:\Blade and Soul\bin\Client.exe
FirewallRules: [{3CE42FEE-6E1A-4257-83E3-C0BD39ED477E}] => (Allow) D:\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{C190EFCC-2375-42FF-A5EF-6C0E92176703}] => (Allow) D:\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{59F0038C-8D22-4BB9-844F-E5831810656D}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{3EA65AE6-17D2-487D-B414-2546ED606E9D}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{62539499-9EEE-4D42-B21D-CD2284ABC9EE}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{97D0B5BC-39D5-4B90-95A9-092E93CA57EE}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{DC0E9E9C-1A9D-48F0-9D3A-D8C8B2B89FB6}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{FA706ABD-FD79-403D-B057-7897B86721E9}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{29C3F244-2B25-4121-B924-2345E877F658}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{0DE39490-6475-402C-A0A7-BF8E2DF7648F}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{84F612BF-F731-44BE-A0F3-71D7A7B24D52}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{1A4C9227-2926-4E4B-AA79-3BDBBBDD18BF}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{4E774270-F06A-462E-9CE6-5D4767858866}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{0007C9A7-C792-46DF-98E5-586532491349}] => (Allow) D:\WTFast\WTFast.exe
FirewallRules: [{B44BFF5A-D172-497E-8125-3216A9929F6B}] => (Allow) D:\WTFast\WTFast.exe
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices =============
 
Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/14/2016 09:31:29 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (03/14/2016 09:31:27 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (03/14/2016 09:31:27 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (03/14/2016 09:30:07 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (03/14/2016 09:30:04 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (03/14/2016 09:30:04 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (03/14/2016 09:27:02 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (03/14/2016 09:27:00 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (03/14/2016 09:27:00 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (03/14/2016 09:25:57 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
 
System errors:
=============
Error: (03/14/2016 09:38:26 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (03/14/2016 09:31:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
%%1275
 
Error: (03/14/2016 09:31:57 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Cam\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (03/14/2016 09:31:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
%%1275
 
Error: (03/14/2016 09:31:56 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Cam\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (03/14/2016 09:31:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
%%1275
 
Error: (03/14/2016 09:31:56 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Cam\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (03/14/2016 09:31:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
%%1275
 
Error: (03/14/2016 09:31:56 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Cam\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (03/14/2016 09:31:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
%%1275
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core i7 CPU 880 @ 3.07GHz
Percentage of memory in use: 35%
Total physical RAM: 8190.05 MB
Available physical RAM: 5319.71 MB
Total Virtual: 16378.31 MB
Available Virtual: 13105.89 MB
 
==================== Drives ================================
 
Drive c: (SSD Disk) (Fixed) (Total:55.8 GB) (Free:2.89 GB) NTFS
Drive d: (Large Disk) (Fixed) (Total:931.51 GB) (Free:396.31 GB) NTFS
Drive e: (SAMSUNG_LBP) (CDROM) (Total:0.23 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 49193767)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 55.9 GB) (Disk ID: 1F58BB55)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=55.8 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
Link to post
Share on other sites

Ran a scan this morning and found:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 16/03/2016
Scan Time: 07:34
Logfile: 
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.03.16.01
Rootkit Database: v2016.03.12.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Cam

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 362587
Time Elapsed: 15 min, 32 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.ProCleanerSoftware, HKU\S-1-5-21-2328723661-2757072449-2482796673-1001\SOFTWARE\Caphyon, Quarantined, [89e86b1dcbcea59175141873f212c43c], 

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

The only issue I've found recently, yesterday, was the  PUP.Optional.ProCleanerSoftware, HKU\S-1-5-21-2328723661-2757072449-2482796673-1001\SOFTWARE\Caphyon

However, it seems fine. Should I change passwords etc? I've avoided online banking until this issue was fixed

Link to post
Share on other sites

  • Root Admin

At this time there are no more signs of an infection on your system. You should be okay to change passwords and do banking now.
However if you are still seeing any signs of an infection please let me know.

Let's go ahead and remove the tools and logs we've used during this process.

Most of the tools used are potentially dangerous to use unsupervised or if ran at the wrong time.
They are often updated daily so if you went to use them again in the future they would be outdated anyways.

The following procedures will implement some cleanup procedures to remove these tools.
 
bwebb7v.jpgDownload Delfix from here and save it to your desktop. (you may already have this)

Any other programs or logs that are still remaining, you can manually delete. (right click.....Delete)
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.


  • Ensure Remove disinfection tools is checked.
  • Click the Run button.
  • Reboot


 
If there are any other left over Folders, Files, Logs then you can delete them on your own.
 
Please visit the following link to see how to delete old System Restore Points. Please delete all of them and create a new one at this time.
How to Delete System Protection Restore Points in Windows 7 and Windows 8

Remove all but the most recent Restore Point on Windows XP


As Java seems to get exploited on a regular basis I advise not using Java if possible but to at least disable java in your web browsers
How do I disable Java in my web browser? - Disable Java

A lot of reading here but if you take the time to read a bit of it you'll see why/how infections and general damage are so easily inflicted on the computer. There is also advice on how to prevent it and keep the system working well. Don't forget about good, solid backups of your data to an external drive that is not connected except when backing up your data. If you leave a backup drive connected and you do get infected it can easily damage, encrypt, delete, or corrupt your backups as well and then you'd lose all data.
Nothing is 100% bulletproof but with a little bit of education you can certainly swing things in your favor.

If you're not currently using Malwarebytes Premium then you may want to consider purchasing the product which can also help greatly reduce the risk of a future infection.

 

Link to post
Share on other sites

  • 3 months later...
Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.