Jump to content

Recommended Posts

This is logs posted as requested following up on post:

forums.malwarebytes.org/topic/185098-finds-problems-but-wont-list-or-remove-them/

I didn't mention there that malwarebytes also fails to make any log of the scan.

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-06-2016
Ran by Assistant2 (2016-06-28 12:39:13)
Running from C:\Users\Assistant2\Downloads
Microsoft Windows 7 Professional  Service Pack 1 (X86) (2014-08-04 18:54:45)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Admin (S-1-5-21-491372964-234954144-3230604657-1002 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-491372964-234954144-3230604657-500 - Administrator - Disabled)
Assistant2 (S-1-5-21-491372964-234954144-3230604657-1003 - Limited - Enabled) => C:\Users\Assistant2
GhostUser (S-1-5-21-491372964-234954144-3230604657-1006 - Administrator - Enabled) => C:\Users\GhostUser
Guest (S-1-5-21-491372964-234954144-3230604657-501 - Limited - Disabled)
system32 (S-1-5-21-491372964-234954144-3230604657-1005 - Administrator - Enabled) => C:\Users\system32
User (S-1-5-21-491372964-234954144-3230604657-1004 - Administrator - Enabled) => C:\Users\User
user1 (S-1-5-21-491372964-234954144-3230604657-1007 - Administrator - Enabled) => C:\Users\user1

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Total Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AS: Kaspersky Total Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Total Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adblock Plus for IE (32-bit) (HKLM\...\{A243D0E2-D027-4340-AA12-6B13B2A96AC0}) (Version: 1.4 - Eyeo GmbH)
Adobe Acrobat  9 Standard (HKLM\...\{AC76BA86-1033-0000-BA7E-000000000004}{AC76BA86-1033-0000-BA7E-000000000004}) (Version: 9.0.0 - Adobe Systems)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Common Desktop Agent (Version: 1.62.0 - OEM) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
EPSON WorkForce 545 Series Printer Uninstall (HKLM\...\EPSON WorkForce 545 Series) (Version:  - SEIKO EPSON Corporation)
Fax Upload (HKLM\...\Fax Upload) (Version:  - )
FileLocator Lite (HKLM\...\{16B89C6C-17B6-47ED-9E56-4557B339C580}) (Version: 7.0.828.1 - Mythicsoft Ltd)
Google Chrome (HKLM\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.30.3 - Google Inc.) Hidden
Java 8 Update 77 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Total Security (HKLM\...\InstallWIX_{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}) (Version: 16.0.0.614 - Kaspersky Lab)
Kaspersky Total Security (Version: 16.0.0.614 - Kaspersky Lab) Hidden
Malwarebytes Anti-Exploit version 1.8.1.2563 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.2563 - Malwarebytes)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Standard 2013 (HKLM\...\Office15.STANDARD) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5981 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA nView Desktop Manager (HKLM\...\NVIDIA nView Desktop Manager) (Version: 6.14.10.13065 - NVIDIA Corporation)
Office@Hand Meetings (HKU\S-1-5-21-491372964-234954144-3230604657-1003\...\ATTMeetings) (Version: 3.5 - Zoom Video Communications, Inc., AT&T and RingCentral Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
QuickBooks (Version: 24.0.4003.2403 - Intuit Inc.) Hidden
QuickBooks Pro 2014 (HKLM\...\{4A21D17E-2FE8-42CD-88B7-ACF8E8860834}) (Version: 24.0.4003.2403 - Intuit Inc.)
Samsung Easy Document Creator (HKLM\...\Samsung Easy Document Creator) (Version: 1.06.46 (10/30/2014) - Samsung Electronics Co., Ltd.)
Samsung Easy Printer Manager (HKLM\...\Samsung Easy Printer Manager) (Version: 1.05.81.00(5/25/2015) - Samsung Electronics Co., Ltd.)
Samsung M288x Series (HKLM\...\Samsung M288x Series) (Version: 1.14 (7/16/2015) - Samsung Electronics Co., Ltd.)
Samsung Network PC Fax (HKLM\...\Samsung Network PC Fax) (Version: 1.11.14 (11/4/2014) - Samsung Electronics Co., Ltd.)
Samsung Printer Diagnostics (HKLM\...\Samsung Printer Diagnostics) (Version: 1.0.1.6.02 - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Samsung Scan Process Machine (Version: 1.03.05.18 - Samsung Electronics Co., Ltd.) Hidden
SNS Upload for Easy Document Creator (HKLM\...\{B6B5F07C-88D5-49D3-A1A7-A6D4BC37DCCC}) (Version: 1.0.0 - Samsung Electronics Co.,Ltd)
View User's Guide (HKLM\...\View User Guide) (Version: 3.60.45.0 - )
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Yahoo Search Set (HKLM\...\Yahoo! SearchSet) (Version:  - Yahoo Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job =>  <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job =>  <==== ATTENTION

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-09-15 14:58 - 2015-09-15 14:58 - 08901184 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-09-08 13:30 - 2014-09-08 13:30 - 00351968 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
2014-08-22 00:09 - 2014-08-22 00:09 - 03650048 _____ () C:\Program Files\Samsung\Easy Printer Manager\CDAS2PC\sf.dll
2014-08-22 00:09 - 2014-08-22 00:09 - 00300032 _____ () C:\Program Files\Samsung\Easy Printer Manager\CDAS2PC\log4cplus.dll
2014-09-08 13:32 - 2014-09-08 13:32 - 00050688 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
2016-06-24 18:39 - 2012-09-13 14:59 - 00637952 _____ () C:\Users\Assistant2\AppData\Local\Temp\tlx_app\PSPARTS.BPL
2016-06-24 18:39 - 2012-10-04 12:13 - 00527360 _____ () C:\Users\Assistant2\AppData\Local\Temp\tlx_app\FR6.BPL
2016-06-24 18:39 - 2004-04-20 16:28 - 00100864 ____R () C:\Users\Assistant2\AppData\Local\Temp\tlx_app\ZLIB32.DLL
2016-06-24 18:39 - 2011-01-11 09:02 - 00051200 ____R () C:\Users\Assistant2\AppData\Local\Temp\tlx_app\TLXDBENG.DLL
2016-06-24 18:39 - 2013-05-30 16:26 - 00572928 ____R () C:\Users\Assistant2\AppData\Local\Temp\tlx_app\TLXDBLIB.DLL
2014-12-02 13:20 - 2015-06-26 08:21 - 01325568 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\ssa7mdu.dll
2015-10-13 15:07 - 2015-10-13 15:07 - 01032360 _____ () C:\Program Files\Microsoft Office\Office15\ADDINS\UmOutlookAddin.dll
2015-05-13 18:31 - 2015-05-13 18:31 - 00125088 _____ () C:\Program Files\Microsoft Office\Office15\OUTLCTL.DLL
2016-06-27 09:34 - 2016-01-06 19:35 - 36646400 _____ () C:\PREVAIL_CLIENT\Prevail.exe
2014-10-30 00:02 - 2014-10-30 00:02 - 00537088 _____ () C:\Program Files\Samsung\Easy Document Creator\EDCAddin.dll
2014-10-30 00:02 - 2014-10-30 00:02 - 00626176 _____ () C:\Program Files\Samsung\Easy Document Creator\EDCOffice.dll
2014-10-30 00:02 - 2014-10-30 00:02 - 00098816 _____ () C:\Program Files\Samsung\Easy Document Creator\EDCFaxEngine.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:04 - 2009-06-10 14:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-491372964-234954144-3230604657-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Assistant2\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: CDAServer => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{0878F646-9ADD-4307-9C02-308FB5B036FA}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{F2A46496-33D1-4906-8804-0FE0C770680D}] => (Allow) LPort=2869
FirewallRules: [{FF3AA63C-06E8-4D14-A344-6446AF16D0D7}] => (Allow) LPort=1900
FirewallRules: [{56812BDE-50F1-4DF7-85C5-E8B999964D69}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{30E5470D-A414-4F80-877B-4680A71E5265}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{149A5C47-0D79-40B0-B5DF-74CC629C405B}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{1F87D08A-EF6B-422E-87AE-4992C9B58B56}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{1C19A6E2-4D32-4806-9731-48A3C3031811}] => (Allow) C:\Windows\twain_32\Samsung\SLM288x\ScanCDLM\ScanCDLM.exe
FirewallRules: [{E552974E-6EEC-4DF9-BC7D-4340FDAD074A}] => (Allow) C:\Windows\twain_32\Samsung\SLM288x\ScanCDLM\ScanCDLM.exe
FirewallRules: [TCP Query User{DBBE19B2-5BC8-41D3-A91B-4C3921A51038}C:\program files\common files\common desktop agent\cdasrv.exe] => (Allow) C:\program files\common files\common desktop agent\cdasrv.exe
FirewallRules: [UDP Query User{F51E5224-A6F4-4E3B-8C1B-7D4667151111}C:\program files\common files\common desktop agent\cdasrv.exe] => (Allow) C:\program files\common files\common desktop agent\cdasrv.exe
FirewallRules: [{F8C0240D-15AC-4F26-AC52-1AF5730399A9}] => (Allow) C:\Program Files\Samsung\Easy Document Creator\EDC.exe
FirewallRules: [{D4A09F55-62B5-4154-8292-DC6DD1AEFE8E}] => (Allow) C:\Program Files\Samsung\Easy Document Creator\EDC.exe
FirewallRules: [{475BAAF6-0CCB-456D-A607-590BBDDDEAA8}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{1D093E84-DECF-4E4C-A6C2-40D6298E141A}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{74E6A098-B3FE-4D7E-8CF7-D80A512B0537}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{BBB77926-0FFD-46AE-8FC2-89BE458D2767}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\uninstall.exe
FirewallRules: [{2D738D47-B916-4A69-B7EB-583121140968}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{2EE30B18-B135-4901-BB02-42D2FD184057}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\CDAS2PC\ScanProcess.exe
FirewallRules: [{D754E037-5F71-4260-ADB5-7186CEB5F4AD}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\CDAS2PC\Scan2PCNotify.exe
FirewallRules: [TCP Query User{AE704F67-032D-4497-9CF7-6A8B7E547EAE}C:\program files\common files\common desktop agent\cdasrv.exe] => (Block) C:\program files\common files\common desktop agent\cdasrv.exe
FirewallRules: [UDP Query User{A91052F3-1507-4B2C-9FA5-ADF528958AE0}C:\program files\common files\common desktop agent\cdasrv.exe] => (Block) C:\program files\common files\common desktop agent\cdasrv.exe
FirewallRules: [{9CE8B091-A0C4-4C82-9ECA-55B4AE1EE5E6}] => (Allow) LPort=3389
FirewallRules: [{B8772483-6577-4788-8216-A94BA070AA63}] => (Allow) LPort=3395
FirewallRules: [{CA51C6BB-E6BA-4838-B083-50E7AE31628A}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled
Check "winmgmt" service or repair WMI.


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/28/2016 09:14:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/28/2016 09:01:43 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/28/2016 09:01:43 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/27/2016 03:17:43 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/27/2016 03:17:43 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/27/2016 03:12:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mbam.exe version 2.3.173.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1250

Start Time: 01d1d0ba6f656007

Termination Time: 0

Application Path: C:\Program Files\Malwarebytes Anti-Malware\mbam.exe

Report Id: 3cfd2544-3cb4-11e6-9640-b8ac6f2a249c

Error: (06/27/2016 02:25:21 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/27/2016 02:25:21 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/27/2016 09:49:26 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/27/2016 12:15:12 AM) (Source: Winlogon) (EventID: 4005) (User: )
Description: The Windows logon process has unexpectedly terminated.


System errors:
=============
Error: (06/28/2016 09:13:06 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000007f (0x00000008, 0x8df39750, 0x00000000, 0x00000000)C:\Windows\MEMORY.DMP062816-18236-01

Error: (06/28/2016 09:13:00 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:11:33 AM on ‎6/‎28/‎2016 was unexpected.

Error: (06/27/2016 12:15:08 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 1203.

Error: (06/27/2016 12:15:08 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 1203.

Error: (06/26/2016 11:59:45 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 1203.

Error: (06/26/2016 11:59:45 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 1203.

Error: (06/26/2016 11:54:23 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 1203.

Error: (06/26/2016 11:54:23 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 1203.

Error: (06/26/2016 08:04:02 AM) (Source: TermDD) (EventID: 56) (User: )
Description: The Terminal Server security layer detected an error in the protocol stream and has disconnected the client.
Client IP: 85.12.249.21.

Error: (06/25/2016 03:13:57 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 1203.


CodeIntegrity:
===================================
  Date: 2016-06-28 12:39:24.900
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sirenacm.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-28 12:39:24.853
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-28 09:16:53.180
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sirenacm.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-28 09:16:53.087
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-28 09:02:00.856
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sirenacm.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-28 09:02:00.810
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-28 08:26:50.033
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sirenacm.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-28 08:26:49.830
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-26 07:55:18.839
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sirenacm.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-26 07:55:18.784
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Processor: Intel(R) Xeon(R) CPU E5620 @ 2.40GHz
Percentage of memory in use: 39%
Total physical RAM: 3005.59 MB
Available physical RAM: 1821.85 MB
Total Virtual: 9003.91 MB
Available Virtual: 6862.41 MB

==================== Drives ================================

Drive c: (OSDisk) (Fixed) (Total:219.15 GB) (Free:163.44 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery) (Fixed) (Total:13.68 GB) (Free:13.31 GB) NTFS

==================== MBR & Partition Table ==================

==================== End of Addition.txt ============================

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-06-2016
Ran by Assistant2 (ATTENTION: The user is not administrator) on PC-CHRISTINA (28-06-2016 12:38:42)
Running from C:\Users\Assistant2\Downloads
Loaded Profiles: Assistant2 (Available Profiles: Admin & Assistant2 & User & system32 & GhostUser & user1)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> wininit.exe
Failed to access process -> services.exe
Failed to access process -> lsass.exe
Failed to access process -> lsm.exe
Failed to access process -> svchost.exe
Failed to access process -> nvvsvc.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> spoolsv.exe
Failed to access process -> svchost.exe
Failed to access process -> avp.exe
Failed to access process -> svchost.exe
Failed to access process -> mbae-svc.exe
Failed to access process -> mbamscheduler.exe
Failed to access process -> mbamservice.exe
Failed to access process -> QBCFMonitorService.exe
Failed to access process -> QBIDPService.exe
Failed to access process -> NetFaxServer.exe
Failed to access process -> msapp.exe
Failed to access process -> WLIDSVC.EXE
Failed to access process -> WLIDSVCM.EXE
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> SearchIndexer.exe
Failed to access process -> csrss.exe
Failed to access process -> winlogon.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Total Security 16.0.0\avpui.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\w32x86\3\NetFaxTray.exe
(ImageMAKER Development Inc.) C:\Program Files\Common Files\ImageMAKER\VSTDAEMON.EXE
(Telexis Software, LLC) C:\Users\Assistant2\AppData\Local\Temp\tlx_app\_PSWIN32.EXE
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
Failed to access process -> wmpnetwk.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
Failed to access process -> nvvsvc.exe
() C:\PREVAIL_CLIENT\Prevail.exe
Failed to access process -> TrustedInstaller.exe
Failed to access process -> FNPLicensingService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\WINWORD.EXE
Failed to access process -> csrss.exe
Failed to access process -> winlogon.exe
Failed to access process -> LogonUI.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
Failed to access process -> nvvsvc.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
Failed to access process -> SearchProtocolHost.exe
Failed to access process -> SearchFilterHost.exe
Failed to access process -> WmiPrvSE.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1314816 2009-04-23] (Analog Devices, Inc.)
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [1753192 2010-08-26] ()
HKLM\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.)
HKLM\...\Run: [Intuit SyncManager] => C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe [2829624 2013-10-10] (Intuit Inc. All rights reserved.)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [351968 2014-09-08] ()
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [595480 2016-03-20] (Oracle Corporation)
HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe [2623456 2016-06-02] (Malwarebytes Corporation)
HKLM\...\RunOnce: [*WerKernelReporting] => C:\Windows\SYSTEM32\WerFault.exe [360448 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-491372964-234954144-3230604657-1003\...\Run: [Intel] => "C:\Temp\start.bat" <===== ATTENTION
HKU\S-1-5-21-491372964-234954144-3230604657-1003\...\MountPoints2: {2544c0ec-6119-11e4-ac33-b8ac6f2a249c} - F:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-491372964-234954144-3230604657-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [413696 2010-11-20] (Microsoft Corporation)
IFEO\sethc.exe: [Debugger] C:\Windows\PreInstall\uddisrw.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2014-08-04]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2014-08-04]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2014-08-04]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files\Intuit\QuickBooks 2014\QBW32.EXE (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Network PC Fax.lnk [2015-05-14]
ShortcutTarget: Samsung Network PC Fax.lnk -> C:\Windows\System32\spool\drivers\w32x86\3\NetFaxTray.exe (Samsung Electronics Co., Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Vista Fax Daemon.lnk [2014-08-07]
ShortcutTarget: Vista Fax Daemon.lnk -> C:\Program Files\Common Files\ImageMAKER\Vstdaemon.exe (ImageMAKER Development Inc.)
Startup: C:\Users\Assistant2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PHONEslips.lnk [2015-07-14]
ShortcutTarget: PHONEslips.lnk -> \\JEP-SERVER\Data\PSLIPS\PSWIN32.EXE (Telexis Software, LLC)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{D040FB1E-17F4-4B45-93D4-1BAFCFB1D776}: [NameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-491372964-234954144-3230604657-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
HKU\S-1-5-21-491372964-234954144-3230604657-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.dell.com
SearchScopes: HKU\S-1-5-21-491372964-234954144-3230604657-1003 -> {649F33D1-A542-418B-95D6-78D1AB7B1B07} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-491372964-234954144-3230604657-1003 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={1D400F9B-F767-4844-8536-5144C0886475}&mid=ff72a6714e9647d29f3b69e529cecd6f-609c553d77daee3e767235c70eba4e6dda32dbaa&lang=en&ds=AVG&coid=avgtbavg&cmpid=0915tb&pr=fr&d=2014-10-20 17:21:56&v=4.1.6.294&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-491372964-234954144-3230604657-1003 -> {C8309296-833A-4A61-86A3-477D0AA49F50} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_77\bin\ssv.dll [2016-03-23] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files\Kaspersky Lab\Kaspersky Total Security 16.0.0\IEExt\ie_plugin.dll [2016-02-29] (AO Kaspersky Lab)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-03-23] (Oracle Corporation)
BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-02-25] (Eyeo GmbH)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files\Kaspersky Lab\Kaspersky Total Security 16.0.0\IEExt\ie_plugin.dll [2016-02-29] (AO Kaspersky Lab)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
Handler: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - C:\Program Files\Intuit\QuickBooks 2014\HelpAsyncPluggableProtocol.dll [2013-10-10] (Intuit, Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-03-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-03-23] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-491372964-234954144-3230604657-1003: @att.com/ATTMeetingsPlugin -> C:\Users\Assistant2\AppData\Roaming\ATTMeetings\bin\npattmsplugin.dll [2015-07-02] (Zoom Video Communications, Inc. AT&T and RingCentral Inc.)
FF HKLM\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Total Security 16.0.0\FFExt\light_plugin_firefox
FF Extension: Kaspersky Protection - C:\Program Files\Kaspersky Lab\Kaspersky Total Security 16.0.0\FFExt\light_plugin_firefox [2016-06-14]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Assistant2\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.866\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Users\Assistant2\AppData\Local\Google\Chrome\User Data\PepperFlash\21.0.0.216\pepflashplayer.dll => No File
CHR Profile: C:\Users\Assistant2\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Assistant2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Google Drive) - C:\Users\Assistant2\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\Assistant2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-28]
CHR Extension: (Google Search) - C:\Users\Assistant2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Kaspersky Protection) - C:\Users\Assistant2\AppData\Local\Google\Chrome\User Data\Default\Extensions\eahebamiopdhefndnmappcihfajigkka [2016-03-01]
CHR Extension: (Google Docs Offline) - C:\Users\Assistant2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Users\Assistant2\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-06-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Assistant2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (Yahoo Partner) - C:\Users\Assistant2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nogdfjjfhknacchjpiccacoimeelkajb [2016-06-21]
CHR Extension: (Gmail) - C:\Users\Assistant2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31]
CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM\...\Chrome\Extension: [nogdfjjfhknacchjpiccacoimeelkajb] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP16.0.0; C:\Program Files\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe [194000 2016-02-29] (Kaspersky Lab ZAO)
R3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2014-08-04] (Macrovision Europe Ltd.) [File not signed]
R2 lmhosts; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 MbaeSvc; C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [742368 2016-06-02] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 NlaSvc; C:\Windows\System32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2013-10-10] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2013-10-10] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2013-10-10] (Intuit Inc.) [File not signed]
R2 Samsung Network Fax Server; C:\Windows\system32\spool\drivers\w32x86\3\NetFaxServer.exe [458944 2014-11-04] (Samsung Electronics Co., Ltd.)
R3 TermService; C:\Program Files\RDP Wrapper\rdpwrap.dll [77312 2016-04-04] (Stas'M Corp.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
R2 WinMediaService; C:\Windows\msapss\bin\msapp.exe [990720 2016-06-25] () [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AX88179; C:\Windows\System32\DRIVERS\ax88179_178a.sys [54784 2013-12-05] (ASIX Electronics Corp.)
S3 AX88772; C:\Windows\System32\DRIVERS\ax88772.sys [69632 2013-12-03] (ASIX Electronics Corp.)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [201912 2015-07-06] (Kaspersky Lab ZAO)
R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [50016 2016-06-02] ()
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [153784 2015-06-22] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [46776 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [58224 2015-06-27] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [66976 2016-02-29] (AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [147328 2016-02-29] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [53168 2016-06-14] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [785328 2016-06-14] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [44120 2016-06-14] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [37048 2015-06-06] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [38072 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [39304 2016-02-29] (AO Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54328 2015-06-11] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [87736 2015-06-16] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [156856 2015-06-23] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24448 2016-03-10] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2016-06-27] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [53120 2016-03-10] (Malwarebytes Corporation)
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2014-05-07] (Samsung Electronics) [File not signed]
S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [20480 2011-03-24] (Microsoft Corporation) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-28 12:38 - 2016-06-28 12:39 - 00020923 _____ C:\Users\Assistant2\Downloads\FRST.txt
2016-06-28 12:38 - 2016-06-28 12:38 - 01740288 _____ (Farbar) C:\Users\Assistant2\Downloads\FRST.exe
2016-06-28 12:38 - 2016-06-28 12:38 - 00000000 ____D C:\FRST
2016-06-28 09:13 - 2016-06-28 09:13 - 00000000 ____D C:\Windows\Minidump
2016-06-28 09:12 - 2016-06-28 09:12 - 387574161 _____ C:\Windows\MEMORY.DMP
2016-06-27 15:22 - 2008-04-07 05:38 - 00045392 ____R (Adobe Systems Inc) C:\Windows\system32\AdobePDF.dll
2016-06-27 15:22 - 2008-04-07 05:38 - 00022872 ____R (Adobe Systems Inc.) C:\Windows\system32\AdobePDFUI.dll
2016-06-27 14:27 - 2016-06-28 10:16 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2016-06-27 14:27 - 2016-06-27 14:27 - 01858888 _____ (Malwarebytes ) C:\Users\Assistant2\Downloads\mbae-setup-1.08.1.2563.exe
2016-06-27 14:27 - 2016-06-27 14:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2016-06-27 14:27 - 2016-06-27 14:27 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Exploit
2016-06-27 13:46 - 2016-06-27 13:46 - 22851472 _____ (Malwarebytes ) C:\Users\Assistant2\Downloads\mbam-setup-2.2.1.1043.exe
2016-06-27 09:30 - 2016-06-27 09:30 - 06069872 _____ (TeamViewer) C:\Users\Assistant2\Downloads\assist.exe
2016-06-26 07:54 - 2016-06-26 16:14 - 00000000 ____D C:\Users\user1
2016-06-25 06:24 - 2016-06-25 06:24 - 00000000 ____D C:\Windows\PreInstall
2016-06-25 06:24 - 2016-06-25 06:24 - 00000000 ____D C:\Windows\bin
2016-06-25 06:22 - 2016-06-25 06:22 - 00000000 ____D C:\Windows\msapss
2016-06-24 14:39 - 2016-06-24 14:39 - 00000000 ____D C:\Users\Assistant2\AppData\Roaming\Mythicsoft
2016-06-24 14:39 - 2016-06-24 14:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileLocator Lite
2016-06-24 14:39 - 2016-06-24 14:39 - 00000000 ____D C:\Program Files\Mythicsoft
2016-06-24 14:38 - 2016-06-24 14:38 - 14325936 _____ (Mythicsoft Ltd) C:\Users\Assistant2\Downloads\FileLocatorLite_828.exe
2016-06-24 14:08 - 2016-06-24 14:08 - 00000000 ____D C:\Users\Assistant2\AppData\Roaming\RUT_settings
2016-06-24 14:07 - 2016-06-24 14:07 - 03720232 _____ (Usoris LLC) C:\Users\Assistant2\Downloads\agent.exe
2016-06-24 13:55 - 2016-06-24 13:55 - 00029380 _____ C:\Users\Assistant2\Downloads\HearingsStatusReport (4).csv
2016-06-24 12:25 - 2016-06-24 12:25 - 00000522 ___SH C:\Users\Public\Documents\desktop.ini.id-9A91A1D6.Vegclass@aol.com.xtbl
2016-06-24 12:25 - 2016-06-24 12:25 - 00000410 ___SH C:\Users\Public\Downloads\desktop.ini.id-9A91A1D6.Vegclass@aol.com.xtbl
2016-06-24 12:25 - 2016-06-24 12:25 - 00000410 ___SH C:\Users\Public\desktop.ini.id-9A91A1D6.Vegclass@aol.com.xtbl
2016-06-22 16:32 - 2016-06-22 16:32 - 00029371 _____ C:\Users\Assistant2\Downloads\HearingsStatusReport (3).csv
2016-06-22 12:00 - 2016-06-22 12:00 - 00044200 _____ C:\Users\Assistant2\Downloads\Objection_to_Video_Hearing_Doc__Dt____Unknown.tif
2016-06-21 05:19 - 2016-06-21 05:25 - 00000000 ___HD C:\Users\GhostUser
2016-06-15 02:38 - 2016-06-06 08:26 - 00037096 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-06-15 02:38 - 2016-06-06 08:23 - 01001472 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-06-15 02:38 - 2016-06-03 06:04 - 01225216 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-06-15 02:38 - 2016-05-27 06:05 - 00466944 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-06-15 02:38 - 2016-05-27 06:05 - 00461824 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-06-15 02:38 - 2016-05-27 06:05 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-06-15 02:38 - 2016-05-27 06:05 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-06-15 02:38 - 2016-05-23 15:54 - 00346312 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-06-15 02:38 - 2016-05-22 06:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-06-15 02:38 - 2016-05-21 09:57 - 20341248 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-06-15 02:38 - 2016-05-20 15:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-06-15 02:38 - 2016-05-20 15:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-06-15 02:38 - 2016-05-20 14:57 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-06-15 02:38 - 2016-05-20 14:57 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-06-15 02:38 - 2016-05-20 14:57 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-06-15 02:38 - 2016-05-20 14:56 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-06-15 02:38 - 2016-05-20 14:55 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-06-15 02:38 - 2016-05-20 14:50 - 02287104 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-06-15 02:38 - 2016-05-20 14:49 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-06-15 02:38 - 2016-05-20 14:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-06-15 02:38 - 2016-05-20 14:45 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-06-15 02:38 - 2016-05-20 14:44 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-06-15 02:38 - 2016-05-20 14:44 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-06-15 02:38 - 2016-05-20 14:44 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-06-15 02:38 - 2016-05-20 14:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-06-15 02:38 - 2016-05-20 14:36 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-06-15 02:38 - 2016-05-20 14:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-06-15 02:38 - 2016-05-20 14:29 - 13815808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-06-15 02:38 - 2016-05-20 14:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-06-15 02:38 - 2016-05-20 14:26 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-06-15 02:38 - 2016-05-20 14:23 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-06-15 02:38 - 2016-05-20 14:23 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-06-15 02:38 - 2016-05-20 14:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-06-15 02:38 - 2016-05-20 14:19 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-06-15 02:38 - 2016-05-20 14:14 - 04610048 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-06-15 02:38 - 2016-05-20 14:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-06-15 02:38 - 2016-05-20 14:09 - 00693248 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-06-15 02:38 - 2016-05-20 14:09 - 00689664 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-06-15 02:38 - 2016-05-20 14:08 - 02055680 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-06-15 02:38 - 2016-05-20 14:07 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-06-15 02:38 - 2016-05-20 13:42 - 02121216 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-06-15 02:38 - 2016-05-20 13:38 - 01310208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-06-15 02:38 - 2016-05-20 13:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-06-15 02:38 - 2016-05-18 09:10 - 00306688 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-06-15 02:38 - 2016-05-13 14:54 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-06-15 02:38 - 2016-05-13 14:49 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-06-15 02:38 - 2016-05-13 14:49 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-06-15 02:38 - 2016-05-13 14:49 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-06-15 02:38 - 2016-05-13 14:27 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-06-15 02:38 - 2016-05-12 08:22 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-06-15 02:38 - 2016-05-12 08:22 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-06-15 02:38 - 2016-05-12 08:18 - 01062400 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-06-15 02:38 - 2016-05-12 08:18 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-06-15 02:38 - 2016-05-12 08:18 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-06-15 02:38 - 2016-05-12 08:18 - 00606720 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-06-15 02:38 - 2016-05-12 08:18 - 00591872 _____ (Microsoft Corporation) C:\Windows\system32\gpprefcl.dll
2016-06-15 02:38 - 2016-05-12 08:18 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-06-15 02:38 - 2016-05-12 08:18 - 00351744 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2016-06-15 02:38 - 2016-05-12 08:18 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2016-06-15 02:38 - 2016-05-12 08:18 - 00260608 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-06-15 02:38 - 2016-05-12 08:18 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-06-15 02:38 - 2016-05-12 08:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-06-15 02:38 - 2016-05-12 08:18 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-06-15 02:38 - 2016-05-12 08:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-06-15 02:38 - 2016-05-12 08:18 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-06-15 02:38 - 2016-05-12 08:18 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-06-15 02:38 - 2016-05-12 08:18 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2016-06-15 02:38 - 2016-05-12 08:18 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll
2016-06-15 02:38 - 2016-05-12 08:18 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-06-15 02:38 - 2016-05-12 08:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-06-15 02:38 - 2016-05-12 08:18 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2016-06-15 02:38 - 2016-05-12 08:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-06-15 02:38 - 2016-05-12 08:18 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-06-15 02:38 - 2016-05-12 08:18 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-06-15 02:38 - 2016-05-12 07:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.dll
2016-06-15 02:38 - 2016-05-12 07:57 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.exe
2016-06-15 02:38 - 2016-05-12 07:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-06-15 02:38 - 2016-05-12 07:54 - 02397696 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-06-15 02:38 - 2016-05-12 07:52 - 00313856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-06-15 02:38 - 2016-05-12 07:52 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-06-15 02:38 - 2016-05-12 07:52 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-06-15 02:38 - 2016-05-12 07:52 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-06-15 02:38 - 2016-05-12 07:52 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-06-15 02:38 - 2016-05-12 07:52 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-06-15 02:38 - 2016-05-12 07:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-06-15 02:38 - 2016-05-12 07:51 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-06-15 02:38 - 2016-05-12 07:51 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-06-15 02:38 - 2016-05-12 06:04 - 00370784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-06-15 02:38 - 2016-05-12 06:04 - 00249352 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-06-15 02:38 - 2016-05-11 08:19 - 00363520 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2016-06-15 02:38 - 2016-05-11 08:19 - 00351744 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-06-15 02:38 - 2016-05-11 08:19 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-06-15 02:38 - 2016-05-11 08:19 - 00206336 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-06-15 02:38 - 2016-05-11 08:01 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2016-06-15 02:38 - 2016-05-11 07:52 - 00188928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2016-06-15 02:38 - 2016-04-14 08:38 - 00105192 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-06-15 02:38 - 2016-04-14 08:33 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-06-15 02:38 - 2016-04-14 08:33 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-06-15 02:38 - 2016-04-14 08:33 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-06-15 02:38 - 2016-04-14 08:33 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-06-15 02:38 - 2016-04-14 08:33 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-06-15 02:38 - 2016-04-14 08:11 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-06-15 02:38 - 2016-04-08 23:54 - 12881408 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-06-15 02:38 - 2016-04-08 23:54 - 01499648 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-06-15 02:38 - 2016-04-08 22:44 - 02973184 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-06-15 02:38 - 2016-03-09 11:40 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2016-06-06 15:17 - 2016-06-06 15:17 - 00029291 _____ C:\Users\Assistant2\Downloads\HearingsStatusReport (2).csv
2016-06-06 13:19 - 2016-06-06 13:19 - 00284110 _____ C:\Users\Assistant2\Downloads\19F___CE_Psychology__Src____STEPHEN_GILL_PH_D__PRESCOTT__Tmt__Dt____Unknown___04_20_2016.tif
2016-06-02 21:09 - 2016-06-02 21:09 - 00029088 _____ C:\Users\Assistant2\Downloads\HearingsStatusReport (1).csv
2016-06-01 20:43 - 2016-06-01 20:43 - 00029390 _____ C:\Users\Assistant2\Downloads\HearingsStatusReport.csv
2016-06-01 16:17 - 2016-06-01 16:17 - 30503216 _____ C:\Users\Assistant2\Downloads\vlc-2.2.3-win32.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-28 12:19 - 2014-08-13 08:07 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-28 11:29 - 2015-05-26 16:29 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-06-28 09:28 - 2009-07-13 21:34 - 00030896 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-28 09:28 - 2009-07-13 21:34 - 00030896 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-28 09:23 - 2014-10-21 08:34 - 00000000 ____D C:\PREVAIL_CLIENT
2016-06-28 09:17 - 2010-11-20 14:01 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-28 09:17 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\inf
2016-06-28 09:16 - 2014-08-13 08:07 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-28 09:13 - 2009-07-13 21:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-28 09:12 - 2014-11-12 15:28 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-06-27 15:22 - 2014-08-04 14:59 - 00002507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat 9 Standard.lnk
2016-06-27 15:22 - 2014-08-04 14:59 - 00002465 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Distiller 9.lnk
2016-06-27 15:22 - 2014-08-04 14:59 - 00002015 _____ C:\Users\Public\Desktop\Adobe Acrobat 9 Standard.lnk
2016-06-27 15:16 - 2014-11-12 15:29 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-06-27 15:15 - 2014-11-12 15:28 - 00001066 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-06-27 15:15 - 2014-11-12 15:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-06-27 10:06 - 2014-08-04 15:01 - 00000000 ____D C:\ProgramData\FLEXnet
2016-06-27 09:47 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\tracing
2016-06-24 18:20 - 2014-12-02 14:43 - 00000000 ____D C:\Users\Assistant2\AppData\LocalLow\Temp
2016-06-24 18:18 - 2016-04-04 13:08 - 00000000 ____D C:\Temp
2016-06-24 16:29 - 2012-03-02 08:27 - 00000000 ____D C:\Windows\Panther
2016-06-24 14:00 - 2014-08-04 11:54 - 00000000 ____D C:\Users\Admin
2016-06-24 13:57 - 2014-07-21 07:04 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-06-24 13:57 - 2014-07-21 06:59 - 00000000 ____D C:\ProgramData\NVIDIA
2016-06-24 13:49 - 2009-07-13 19:37 - 00000000 __RHD C:\Users\Public\Libraries
2016-06-24 12:25 - 2015-07-15 12:30 - 00000000 ____D C:\Users\Public\Documents\scans
2016-06-24 12:25 - 2010-11-20 17:47 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-06-24 12:23 - 2015-06-24 16:42 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-06-24 12:23 - 2014-10-20 17:22 - 00000000 ____D C:\ProgramData\AVG Security Toolbar
2016-06-24 12:23 - 2014-10-20 12:02 - 00000000 ____D C:\ProgramData\MFAData
2016-06-24 12:23 - 2014-08-04 15:39 - 00000000 ____D C:\ProgramData\SQL Anywhere 11
2016-06-24 03:01 - 2014-07-21 07:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-06-19 01:00 - 2015-12-07 12:19 - 00000000 ____D C:\Users\Assistant2\AppData\Local\ElevatedDiagnostics
2016-06-17 14:21 - 2014-08-13 08:07 - 00002147 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-17 14:21 - 2014-08-13 08:07 - 00002135 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-15 03:58 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\rescache
2016-06-15 03:33 - 2009-07-13 21:33 - 00449912 _____ C:\Windows\system32\FNTCACHE.DAT
2016-06-15 03:31 - 2014-12-10 03:23 - 00000000 ____D C:\Windows\system32\appraiser
2016-06-15 03:14 - 2015-06-24 16:43 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-06-15 03:12 - 2014-08-05 09:04 - 00000000 ____D C:\Windows\system32\MRT
2016-06-15 03:01 - 2014-08-05 09:04 - 139785240 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-06-14 03:48 - 2016-02-29 09:27 - 00785328 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2016-06-14 03:48 - 2015-06-11 19:32 - 00044120 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klim6.sys
2016-06-14 03:41 - 2015-07-04 02:18 - 00053168 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys
2016-06-14 03:07 - 2009-07-13 19:04 - 00000478 _____ C:\Windows\win.ini
2016-06-13 19:31 - 2014-08-04 14:41 - 00400040 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2016-04-04 14:31 - 2016-04-04 14:31 - 0000288 _____ () C:\Users\Assistant2\AppData\Roaming\Microsoft\04-04-2016
2016-04-05 09:09 - 2016-04-05 20:34 - 0052368 _____ () C:\Users\Assistant2\AppData\Roaming\Microsoft\04-05-2016
2016-04-06 08:38 - 2016-04-06 17:17 - 0043344 _____ () C:\Users\Assistant2\AppData\Roaming\Microsoft\04-06-2016
2016-04-07 08:46 - 2016-04-07 17:15 - 0064432 _____ () C:\Users\Assistant2\AppData\Roaming\Microsoft\04-07-2016
2016-04-08 08:58 - 2016-04-08 13:10 - 0023456 _____ () C:\Users\Assistant2\AppData\Roaming\Microsoft\04-08-2016
2016-04-10 10:21 - 2016-04-10 11:59 - 0007488 _____ () C:\Users\Assistant2\AppData\Roaming\Microsoft\04-10-2016
2016-04-11 08:26 - 2016-04-11 17:07 - 0039824 _____ () C:\Users\Assistant2\AppData\Roaming\Microsoft\04-11-2016
2016-04-12 08:43 - 2016-04-12 16:22 - 0066256 _____ () C:\Users\Assistant2\AppData\Roaming\Microsoft\04-12-2016
2016-04-13 08:37 - 2016-04-13 16:10 - 0031936 _____ () C:\Users\Assistant2\AppData\Roaming\Microsoft\04-13-2016
2016-04-14 08:38 - 2016-04-14 16:49 - 0072528 _____ () C:\Users\Assistant2\AppData\Roaming\Microsoft\04-14-2016
2016-04-15 08:07 - 2016-04-15 17:04 - 0005232 _____ () C:\Users\Assistant2\AppData\Roaming\Microsoft\04-15-2016
2016-04-18 09:17 - 2016-04-18 20:19 - 0019504 _____ () C:\Users\Assistant2\AppData\Roaming\Microsoft\04-18-2016
2016-04-19 08:05 - 2016-04-19 17:21 - 0026320 _____ () C:\Users\Assistant2\AppData\Roaming\Microsoft\04-19-2016
2016-04-20 08:31 - 2016-04-20 20:41 - 0045232 _____ () C:\Users\Assistant2\AppData\Roaming\Microsoft\04-20-2016
2016-04-21 08:20 - 2016-04-21 17:18 - 0054688 _____ () C:\Users\Assistant2\AppData\Roaming\Microsoft\04-21-2016
2016-04-22 08:20 - 2016-04-22 14:42 - 0041120 _____ () C:\Users\Assistant2\AppData\Roaming\Microsoft\04-22-2016
2016-05-10 08:41 - 2016-05-10 17:01 - 0035328 _____ () C:\Users\Assistant2\AppData\Roaming\Microsoft\05-10-2016
2016-05-11 08:28 - 2016-05-11 14:57 - 0013904 _____ () C:\Users\Assistant2\AppData\Roaming\Microsoft\05-11-2016
2016-05-12 08:27 - 2016-05-12 17:41 - 0057792 _____ () C:\Users\Assistant2\AppData\Roaming\Microsoft\05-12-2016
2016-05-13 07:26 - 2016-05-13 14:39 - 0032960 _____ () C:\Users\Assistant2\AppData\Roaming\Microsoft\05-13-2016
2016-05-16 08:53 - 2016-05-16 15:12 - 0024352 _____ () C:\Users\Assistant2\AppData\Roaming\Microsoft\05-16-2016
2016-05-17 08:49 - 2016-05-17 10:11 - 0001584 _____ () C:\Users\Assistant2\AppData\Roaming\Microsoft\05-17-2016
2016-06-14 08:40 - 2016-06-14 16:40 - 0040448 _____ () C:\Users\Assistant2\AppData\Roaming\Microsoft\06-14-2016
2016-06-15 07:37 - 2016-06-15 09:31 - 0018576 _____ () C:\Users\Assistant2\AppData\Roaming\Microsoft\06-15-2016
2016-06-16 09:01 - 2016-06-16 13:31 - 0014080 _____ () C:\Users\Assistant2\AppData\Roaming\Microsoft\06-16-2016
2016-06-22 13:45 - 2016-06-22 16:41 - 0006432 _____ () C:\Users\Assistant2\AppData\Roaming\Microsoft\06-22-2016
2016-06-23 08:56 - 2016-06-23 16:53 - 0043648 _____ () C:\Users\Assistant2\AppData\Roaming\Microsoft\06-23-2016
2016-06-24 09:08 - 2016-06-24 16:22 - 0037312 _____ () C:\Users\Assistant2\AppData\Roaming\Microsoft\06-24-2016
2014-11-12 15:24 - 2016-04-01 12:40 - 0007600 _____ () C:\Users\Assistant2\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


ATTENTION: ==> Could not access BCD. The user is not administrator

==================== End of FRST.txt ============================

 

 

Link to post
Share on other sites

 

Minion%20Welcome.jpg

My name's Naathim and I'm a GeekU Minion! Now that we are mates and will be working together to clean your machine out of any junkware, feel free to call me Naat :)

Before we start please note the following:

  • Analysis and research take some time, also sometimes real life gets in the way, please be patient.
  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Paste the logs in your posts, attachments make my work harder and more complicated.
  • Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.
  • Note that we may live in totally different time zones, what may cause some delays between answers.
I can't foresee everything, so if anything unexpected happens, please stop and inform me!

There are no silly questions. Never be afraid to ask if in doubt!

Let's start and enjoy the fight! :)

warning.gif Rules and policies

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

 

 

From what I see you were able to generate the logs, but they are not from the administrative account. Do you have the access to the Administrator one? Our tools have to be run from an administrative account.

Link to post
Share on other sites

Naathim, I will get admin logs and post them, but if that's what's needed then the instructions for getting the logs should say so. I don't see anything in the page I was directed to with instructions on getting the logs that says to run as admin. Of course the standard log in is not admin, and I don't run anything as admin unless there's a reason to, so naturally I didn't run these log apps that way. Or if the log apps need to be run as admin, why not create them so they request that permission when they run? I'll have new logs posted here shortly.

Link to post
Share on other sites

Naathim, I will get admin logs and post them, but if that's what's needed then the instructions for getting the logs should say so. I don't see anything in the page I was directed to with instructions on getting the logs that says to run as admin. Of course the standard log in is not admin, and I don't run anything as admin unless there's a reason to, so naturally I didn't run these log apps that way. Or if the log apps need to be run as admin, why not create them so they request that permission when they run? I'll have new logs posted here shortly.

Also note that it got infected when logged on as the normal user. Admin does not have access to that user (if you log on as Admin and click on the other user's folder it says you don't have permission. It would take permission if I let it but I try to keep user permissions separated.) 

Here are the logs run as Admin:
 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-06-2016
Ran by Admin (administrator) on PC-CHRISTINA (30-06-2016 12:13:52)
Running from C:\Users\Admin\Downloads
Loaded Profiles: Admin (Available Profiles: Admin & Assistant2 & User & system32 & GhostUser & user1)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\w32x86\3\NetFaxServer.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Total Security 16.0.0\avpui.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\w32x86\3\NetFaxTray.exe
(ImageMAKER Development Inc.) C:\Program Files\Common Files\ImageMAKER\VSTDAEMON.EXE
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1314816 2009-04-23] (Analog Devices, Inc.)
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [1753192 2010-08-26] ()
HKLM\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.)
HKLM\...\Run: [Intuit SyncManager] => C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe [2829624 2013-10-10] (Intuit Inc. All rights reserved.)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [351968 2014-09-08] ()
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [595480 2016-03-20] (Oracle Corporation)
HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe [2623456 2016-06-02] (Malwarebytes Corporation)
HKU\S-1-5-21-491372964-234954144-3230604657-1002\...\Run: [akvplabe] => C:\Users\Admin\AppData\Roaming\setap21.exe
IFEO\sethc.exe: [Debugger] C:\Windows\PreInstall\uddisrw.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2014-08-04]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2014-08-04]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2014-08-04]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files\Intuit\QuickBooks 2014\QBW32.EXE (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Network PC Fax.lnk [2015-05-14]
ShortcutTarget: Samsung Network PC Fax.lnk -> C:\Windows\System32\spool\drivers\w32x86\3\NetFaxTray.exe (Samsung Electronics Co., Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Vista Fax Daemon.lnk [2014-08-07]
ShortcutTarget: Vista Fax Daemon.lnk -> C:\Program Files\Common Files\ImageMAKER\Vstdaemon.exe (ImageMAKER Development Inc.)
Startup: C:\Users\Assistant2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PHONEslips.lnk [2015-07-14]
ShortcutTarget: PHONEslips.lnk -> \\JEP-SERVER\Data\PSLIPS\PSWIN32.EXE (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{D040FB1E-17F4-4B45-93D4-1BAFCFB1D776}: [NameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-491372964-234954144-3230604657-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE07&ocid=UE07DHP
HKU\S-1-5-21-491372964-234954144-3230604657-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.dell.com
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_77\bin\ssv.dll [2016-03-23] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files\Kaspersky Lab\Kaspersky Total Security 16.0.0\IEExt\ie_plugin.dll [2016-02-29] (AO Kaspersky Lab)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-03-23] (Oracle Corporation)
BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-02-25] (Eyeo GmbH)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files\Kaspersky Lab\Kaspersky Total Security 16.0.0\IEExt\ie_plugin.dll [2016-02-29] (AO Kaspersky Lab)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
Handler: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - C:\Program Files\Intuit\QuickBooks 2014\HelpAsyncPluggableProtocol.dll [2013-10-10] (Intuit, Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-03-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-03-23] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Total Security 16.0.0\FFExt\light_plugin_firefox
FF Extension: Kaspersky Protection - C:\Program Files\Kaspersky Lab\Kaspersky Total Security 16.0.0\FFExt\light_plugin_firefox [2016-06-14]

Chrome: 
=======
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Web Store Payments) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-24]
CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM\...\Chrome\Extension: [nogdfjjfhknacchjpiccacoimeelkajb] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP16.0.0; C:\Program Files\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe [194000 2016-02-29] (Kaspersky Lab ZAO)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2014-08-04] (Macrovision Europe Ltd.) [File not signed]
R2 MbaeSvc; C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [742368 2016-06-02] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2013-10-10] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2013-10-10] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2013-10-10] (Intuit Inc.) [File not signed]
R2 Samsung Network Fax Server; C:\Windows\system32\spool\drivers\w32x86\3\NetFaxServer.exe [458944 2014-11-04] (Samsung Electronics Co., Ltd.)
R3 TermService; C:\Program Files\RDP Wrapper\rdpwrap.dll [77312 2016-04-04] (Stas'M Corp.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
S2 WinMediaService; C:\Windows\msapss\bin\msapp.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AX88179; C:\Windows\System32\DRIVERS\ax88179_178a.sys [54784 2013-12-05] (ASIX Electronics Corp.)
S3 AX88772; C:\Windows\System32\DRIVERS\ax88772.sys [69632 2013-12-03] (ASIX Electronics Corp.)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [201912 2015-07-06] (Kaspersky Lab ZAO)
R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [50016 2016-06-02] ()
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [153784 2015-06-22] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [46776 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [58224 2015-06-27] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [66976 2016-02-29] (AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [147328 2016-02-29] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [53168 2016-06-14] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [785328 2016-06-14] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [44120 2016-06-14] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [37048 2015-06-06] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [38072 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [39304 2016-02-29] (AO Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54328 2015-06-11] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [87736 2015-06-16] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [156856 2015-06-23] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24448 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2016-06-30] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [53120 2016-03-10] (Malwarebytes Corporation)
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2014-05-07] (Samsung Electronics) [File not signed]
S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [20480 2011-03-24] (Microsoft Corporation) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-30 12:13 - 2016-06-30 12:14 - 00015770 _____ C:\Users\Admin\Downloads\FRST.txt
2016-06-30 12:13 - 2016-06-30 12:13 - 01740288 _____ (Farbar) C:\Users\Admin\Downloads\FRST.exe
2016-06-29 19:06 - 2016-06-29 19:06 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\72226758.sys
2016-06-29 10:59 - 2016-06-29 10:59 - 00101360 _____ C:\Users\Assistant2\Desktop\W. Rodgers.pdf
2016-06-29 08:32 - 2016-06-29 08:32 - 06069872 _____ (TeamViewer) C:\Users\Assistant2\Downloads\assist (1).exe
2016-06-28 12:39 - 2016-06-28 12:39 - 00025390 _____ C:\Users\Assistant2\Downloads\Addition.txt
2016-06-28 12:38 - 2016-06-30 12:13 - 00000000 ____D C:\FRST
2016-06-28 12:38 - 2016-06-28 12:39 - 00045388 _____ C:\Users\Assistant2\Downloads\FRST.txt
2016-06-28 12:38 - 2016-06-28 12:38 - 01740288 _____ (Farbar) C:\Users\Assistant2\Downloads\FRST.exe
2016-06-28 09:13 - 2016-06-28 09:13 - 00183200 _____ C:\Windows\Minidump\062816-18236-01.dmp
2016-06-28 09:13 - 2016-06-28 09:13 - 00000000 ____D C:\Windows\Minidump
2016-06-28 09:12 - 2016-06-28 09:12 - 387574161 _____ C:\Windows\MEMORY.DMP
2016-06-27 15:22 - 2008-04-07 05:38 - 00045392 ____R (Adobe Systems Inc) C:\Windows\system32\AdobePDF.dll
2016-06-27 15:22 - 2008-04-07 05:38 - 00022872 ____R (Adobe Systems Inc.) C:\Windows\system32\AdobePDFUI.dll
2016-06-27 15:14 - 2016-06-27 15:14 - 22851472 _____ (Malwarebytes ) C:\Users\Admin\Downloads\mbam-setup-2.2.1.1043.exe
2016-06-27 14:27 - 2016-06-29 18:28 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2016-06-27 14:27 - 2016-06-27 14:27 - 01858888 _____ (Malwarebytes ) C:\Users\Assistant2\Downloads\mbae-setup-1.08.1.2563.exe
2016-06-27 14:27 - 2016-06-27 14:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2016-06-27 14:27 - 2016-06-27 14:27 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Exploit
2016-06-27 13:46 - 2016-06-27 13:46 - 22851472 _____ (Malwarebytes ) C:\Users\Assistant2\Downloads\mbam-setup-2.2.1.1043.exe
2016-06-27 09:30 - 2016-06-27 09:30 - 06069872 _____ (TeamViewer) C:\Users\Assistant2\Downloads\assist.exe
2016-06-26 16:14 - 2016-06-26 16:14 - 00000000 ____D C:\Users\user1\AppData\Roaming\Sun
2016-06-26 16:14 - 2016-06-26 16:14 - 00000000 ____D C:\Users\user1\AppData\LocalLow\Sun
2016-06-26 16:14 - 2016-06-26 16:14 - 00000000 ____D C:\Users\user1\.oracle_jre_usage
2016-06-26 08:01 - 2016-06-26 08:02 - 00000000 ____D C:\Users\user1\AppData\Local\WEB2Print
2016-06-26 07:57 - 2016-06-26 07:59 - 00000000 ____D C:\Users\user1\Desktop\NiceHashMiner_v1.6.0.0
2016-06-26 07:56 - 2016-06-26 07:56 - 127786015 _____ C:\Users\user1\Downloads\NiceHashMiner_v1.6.0.0.zip
2016-06-26 07:55 - 2016-06-26 08:04 - 00000000 ____D C:\Users\user1\AppData\Roaming\Samsung
2016-06-26 07:55 - 2016-06-26 07:55 - 00116280 _____ C:\Users\user1\AppData\Local\GDIPFONTCACHEV1.DAT
2016-06-26 07:55 - 2016-06-26 07:55 - 00002319 _____ C:\Users\user1\Desktop\Safe Money.lnk
2016-06-26 07:55 - 2016-06-26 07:55 - 00000000 ____D C:\Users\user1\AppData\Local\Intuit
2016-06-26 07:55 - 2016-06-26 07:55 - 00000000 ____D C:\Users\user1\AppData\Local\Adobe
2016-06-26 07:54 - 2016-06-26 16:14 - 00000000 ____D C:\Users\user1
2016-06-26 07:54 - 2016-06-26 07:55 - 00000000 ____D C:\Users\user1\AppData\Roaming\Adobe
2016-06-26 07:54 - 2016-06-26 07:54 - 00001419 _____ C:\Users\user1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-06-26 07:54 - 2016-06-26 07:54 - 00000020 ___SH C:\Users\user1\ntuser.ini
2016-06-26 07:54 - 2016-06-26 07:54 - 00000000 _SHDL C:\Users\user1\My Documents
2016-06-26 07:54 - 2016-06-26 07:54 - 00000000 _SHDL C:\Users\user1\Documents\My Videos
2016-06-26 07:54 - 2016-06-26 07:54 - 00000000 _SHDL C:\Users\user1\Documents\My Pictures
2016-06-26 07:54 - 2016-06-26 07:54 - 00000000 _SHDL C:\Users\user1\Documents\My Music
2016-06-26 07:54 - 2016-06-26 07:54 - 00000000 ____D C:\Users\user1\AppData\Local\VirtualStore
2016-06-26 07:54 - 2016-06-26 07:54 - 00000000 ____D C:\Users\user1\AppData\Local\Google
2016-06-26 07:54 - 2014-11-11 08:03 - 00000000 ____D C:\Users\user1\AppData\Roaming\TuneUp Software
2016-06-26 07:54 - 2014-08-05 03:04 - 00000000 ____D C:\Users\user1\AppData\Local\Microsoft Help
2016-06-26 07:54 - 2010-11-20 17:47 - 00000000 ____D C:\Users\user1\AppData\Roaming\Media Center Programs
2016-06-25 06:24 - 2016-06-25 06:24 - 00000000 ____D C:\Windows\PreInstall
2016-06-25 06:24 - 2016-06-25 06:24 - 00000000 ____D C:\Windows\bin
2016-06-25 06:22 - 2016-06-25 06:22 - 00000000 ____D C:\Windows\msapss
2016-06-25 06:20 - 2016-06-25 06:20 - 00000000 ____D C:\Users\GhostUser\AppData\Roaming\Mythicsoft
2016-06-24 18:09 - 2016-06-24 18:09 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Mythicsoft
2016-06-24 14:39 - 2016-06-24 14:39 - 00000000 ____D C:\Users\Assistant2\AppData\Roaming\Mythicsoft
2016-06-24 14:39 - 2016-06-24 14:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileLocator Lite
2016-06-24 14:39 - 2016-06-24 14:39 - 00000000 ____D C:\Program Files\Mythicsoft
2016-06-24 14:38 - 2016-06-24 14:38 - 14325936 _____ (Mythicsoft Ltd) C:\Users\Assistant2\Downloads\FileLocatorLite_828.exe
2016-06-24 14:08 - 2016-06-24 14:08 - 00000000 ____D C:\Users\Assistant2\AppData\Roaming\RUT_settings
2016-06-24 14:07 - 2016-06-24 14:07 - 03720232 _____ (Usoris LLC) C:\Users\Assistant2\Downloads\agent.exe
2016-06-24 14:00 - 2016-06-24 14:00 - 00116280 _____ C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2016-06-24 14:00 - 2016-06-24 14:00 - 00000020 ___SH C:\Users\Admin\ntuser.ini
2016-06-24 13:55 - 2016-06-24 13:55 - 00029380 _____ C:\Users\Assistant2\Downloads\HearingsStatusReport (4).csv
2016-06-24 12:25 - 2016-06-24 12:25 - 00085256 _____ C:\Users\Admin\Downloads\250005_1799385313482_2306440_n.jpg.id-9A91A1D6.Vegclass@aol.com.xtbl
2016-06-24 12:25 - 2016-06-24 12:25 - 00062028 _____ C:\Users\Admin\Downloads\10991052_10203943058125890_3581715748894082962_n.jpg.id-9A91A1D6.Vegclass@aol.com.xtbl
2016-06-24 12:25 - 2016-06-24 12:25 - 00026716 _____ C:\Users\Admin\Downloads\13266075_10206786569451896_5424350048535289440_n.jpg.id-9A91A1D6.Vegclass@aol.com.xtbl
2016-06-24 12:25 - 2016-06-24 12:25 - 00024568 _____ C:\Users\Admin\Downloads\13521861_244840055897475_1831112710297003807_n.jpg.id-9A91A1D6.Vegclass@aol.com.xtbl
2016-06-24 12:25 - 2016-06-24 12:25 - 00002560 _____ C:\Users\Admin\Desktop\Safe Money.lnk.id-9A91A1D6.Vegclass@aol.com.xtbl
2016-06-24 12:25 - 2016-06-24 12:25 - 00001678 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk.id-9A91A1D6.Vegclass@aol.com.xtbl
2016-06-24 12:25 - 2016-06-24 12:25 - 00000650 ___SH C:\Users\Admin\Documents\desktop.ini.id-9A91A1D6.Vegclass@aol.com.xtbl
2016-06-24 12:25 - 2016-06-24 12:25 - 00000586 ___SH C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini.id-9A91A1D6.Vegclass@aol.com.xtbl
2016-06-24 12:25 - 2016-06-24 12:25 - 00000522 ___SH C:\Users\Public\Documents\desktop.ini.id-9A91A1D6.Vegclass@aol.com.xtbl
2016-06-24 12:25 - 2016-06-24 12:25 - 00000522 ___SH C:\Users\Admin\Downloads\desktop.ini.id-9A91A1D6.Vegclass@aol.com.xtbl
2016-06-24 12:25 - 2016-06-24 12:25 - 00000522 ___SH C:\Users\Admin\Desktop\desktop.ini.id-9A91A1D6.Vegclass@aol.com.xtbl
2016-06-24 12:25 - 2016-06-24 12:25 - 00000410 ___SH C:\Users\Public\Downloads\desktop.ini.id-9A91A1D6.Vegclass@aol.com.xtbl
2016-06-24 12:25 - 2016-06-24 12:25 - 00000410 ___SH C:\Users\Public\desktop.ini.id-9A91A1D6.Vegclass@aol.com.xtbl
2016-06-24 12:25 - 2016-06-24 12:25 - 00000410 ___SH C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini.id-9A91A1D6.Vegclass@aol.com.xtbl
2016-06-24 12:25 - 2016-06-24 12:25 - 00000264 ___SH C:\Users\Admin\ntuser.ini.id-9A91A1D6.Vegclass@aol.com.xtbl
2016-06-24 12:25 - 2016-06-24 12:25 - 00000114 _____ C:\Users\Admin\Desktop\How to decrypt your files.txt
2016-06-24 12:24 - 2016-06-24 12:24 - 00910108 ____H C:\Users\Admin\AppData\Local\IconCache.db.id-9A91A1D6.Vegclass@aol.com.xtbl
2016-06-24 12:23 - 2016-06-24 12:23 - 00116538 _____ C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT.id-9A91A1D6.Vegclass@aol.com.xtbl
2016-06-22 16:32 - 2016-06-22 16:32 - 00029371 _____ C:\Users\Assistant2\Downloads\HearingsStatusReport (3).csv
2016-06-22 12:00 - 2016-06-22 12:00 - 00044200 _____ C:\Users\Assistant2\Downloads\Objection_to_Video_Hearing_Doc__Dt____Unknown.tif
2016-06-21 08:03 - 2016-06-21 08:03 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Macromedia
2016-06-21 05:25 - 2016-06-21 05:25 - 00000000 ___HD C:\Users\GhostUser\AppData\Roaming\Sun
2016-06-21 05:25 - 2016-06-21 05:25 - 00000000 ___HD C:\Users\GhostUser\AppData\LocalLow\Sun
2016-06-21 05:25 - 2016-06-21 05:25 - 00000000 ___HD C:\Users\GhostUser\.oracle_jre_usage
2016-06-21 05:21 - 2016-06-21 05:21 - 00116280 ____H C:\Users\GhostUser\AppData\Local\GDIPFONTCACHEV1.DAT
2016-06-21 05:20 - 2016-06-25 18:53 - 00000000 ___HD C:\Users\GhostUser\AppData\Local\Google
2016-06-21 05:20 - 2016-06-21 05:31 - 00000000 ___HD C:\Users\GhostUser\AppData\Roaming\Samsung
2016-06-21 05:20 - 2016-06-21 05:21 - 00000000 ___HD C:\Users\GhostUser\AppData\Local\Intuit
2016-06-21 05:20 - 2016-06-21 05:20 - 00002319 ____H C:\Users\GhostUser\Desktop\Safe Money.lnk
2016-06-21 05:20 - 2016-06-21 05:20 - 00001419 ____H C:\Users\GhostUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-06-21 05:20 - 2016-06-21 05:20 - 00000000 ___HD C:\Users\GhostUser\AppData\Roaming\Adobe
2016-06-21 05:20 - 2016-06-21 05:20 - 00000000 ___HD C:\Users\GhostUser\AppData\Local\Adobe
2016-06-21 05:19 - 2016-06-21 05:25 - 00000000 ___HD C:\Users\GhostUser
2016-06-21 05:19 - 2016-06-21 05:19 - 00000020 ___SH C:\Users\GhostUser\ntuser.ini
2016-06-21 05:19 - 2016-06-21 05:19 - 00000000 _SHDL C:\Users\GhostUser\My Documents
2016-06-21 05:19 - 2016-06-21 05:19 - 00000000 _SHDL C:\Users\GhostUser\Documents\My Videos
2016-06-21 05:19 - 2016-06-21 05:19 - 00000000 _SHDL C:\Users\GhostUser\Documents\My Pictures
2016-06-21 05:19 - 2016-06-21 05:19 - 00000000 _SHDL C:\Users\GhostUser\Documents\My Music
2016-06-21 05:19 - 2016-06-21 05:19 - 00000000 ___HD C:\Users\GhostUser\AppData\Local\VirtualStore
2016-06-21 05:19 - 2014-11-11 08:03 - 00000000 ___HD C:\Users\GhostUser\AppData\Roaming\TuneUp Software
2016-06-21 05:19 - 2014-08-05 03:04 - 00000000 ___HD C:\Users\GhostUser\AppData\Local\Microsoft Help
2016-06-21 05:19 - 2010-11-20 17:47 - 00000000 ___HD C:\Users\GhostUser\AppData\Roaming\Media Center Programs
2016-06-15 02:38 - 2016-06-06 08:26 - 00037096 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-06-15 02:38 - 2016-06-06 08:23 - 01001472 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-06-15 02:38 - 2016-06-03 06:04 - 01225216 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-06-15 02:38 - 2016-05-27 06:05 - 00466944 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-06-15 02:38 - 2016-05-27 06:05 - 00461824 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-06-15 02:38 - 2016-05-27 06:05 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-06-15 02:38 - 2016-05-27 06:05 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-06-15 02:38 - 2016-05-23 15:54 - 00346312 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-06-15 02:38 - 2016-05-22 06:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-06-15 02:38 - 2016-05-21 09:57 - 20341248 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-06-15 02:38 - 2016-05-20 15:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-06-15 02:38 - 2016-05-20 15:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-06-15 02:38 - 2016-05-20 14:57 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-06-15 02:38 - 2016-05-20 14:57 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-06-15 02:38 - 2016-05-20 14:57 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-06-15 02:38 - 2016-05-20 14:56 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-06-15 02:38 - 2016-05-20 14:55 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-06-15 02:38 - 2016-05-20 14:50 - 02287104 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-06-15 02:38 - 2016-05-20 14:49 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-06-15 02:38 - 2016-05-20 14:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-06-15 02:38 - 2016-05-20 14:45 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-06-15 02:38 - 2016-05-20 14:44 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-06-15 02:38 - 2016-05-20 14:44 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-06-15 02:38 - 2016-05-20 14:44 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-06-15 02:38 - 2016-05-20 14:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-06-15 02:38 - 2016-05-20 14:36 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-06-15 02:38 - 2016-05-20 14:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-06-15 02:38 - 2016-05-20 14:29 - 13815808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-06-15 02:38 - 2016-05-20 14:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-06-15 02:38 - 2016-05-20 14:26 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-06-15 02:38 - 2016-05-20 14:23 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-06-15 02:38 - 2016-05-20 14:23 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-06-15 02:38 - 2016-05-20 14:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-06-15 02:38 - 2016-05-20 14:19 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-06-15 02:38 - 2016-05-20 14:14 - 04610048 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-06-15 02:38 - 2016-05-20 14:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-06-15 02:38 - 2016-05-20 14:09 - 00693248 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-06-15 02:38 - 2016-05-20 14:09 - 00689664 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-06-15 02:38 - 2016-05-20 14:08 - 02055680 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-06-15 02:38 - 2016-05-20 14:07 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-06-15 02:38 - 2016-05-20 13:42 - 02121216 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-06-15 02:38 - 2016-05-20 13:38 - 01310208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-06-15 02:38 - 2016-05-20 13:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-06-15 02:38 - 2016-05-18 09:10 - 00306688 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-06-15 02:38 - 2016-05-13 14:54 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-06-15 02:38 - 2016-05-13 14:49 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-06-15 02:38 - 2016-05-13 14:49 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-06-15 02:38 - 2016-05-13 14:49 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-06-15 02:38 - 2016-05-13 14:27 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-06-15 02:38 - 2016-05-12 08:22 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-06-15 02:38 - 2016-05-12 08:22 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-06-15 02:38 - 2016-05-12 08:18 - 01062400 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-06-15 02:38 - 2016-05-12 08:18 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-06-15 02:38 - 2016-05-12 08:18 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-06-15 02:38 - 2016-05-12 08:18 - 00606720 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-06-15 02:38 - 2016-05-12 08:18 - 00591872 _____ (Microsoft Corporation) C:\Windows\system32\gpprefcl.dll
2016-06-15 02:38 - 2016-05-12 08:18 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-06-15 02:38 - 2016-05-12 08:18 - 00351744 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2016-06-15 02:38 - 2016-05-12 08:18 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2016-06-15 02:38 - 2016-05-12 08:18 - 00260608 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-06-15 02:38 - 2016-05-12 08:18 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-06-15 02:38 - 2016-05-12 08:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-06-15 02:38 - 2016-05-12 08:18 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-06-15 02:38 - 2016-05-12 08:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-06-15 02:38 - 2016-05-12 08:18 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-06-15 02:38 - 2016-05-12 08:18 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-06-15 02:38 - 2016-05-12 08:18 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2016-06-15 02:38 - 2016-05-12 08:18 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll
2016-06-15 02:38 - 2016-05-12 08:18 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-06-15 02:38 - 2016-05-12 08:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-06-15 02:38 - 2016-05-12 08:18 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2016-06-15 02:38 - 2016-05-12 08:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-06-15 02:38 - 2016-05-12 08:18 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-06-15 02:38 - 2016-05-12 08:18 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-06-15 02:38 - 2016-05-12 07:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.dll
2016-06-15 02:38 - 2016-05-12 07:57 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.exe
2016-06-15 02:38 - 2016-05-12 07:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-06-15 02:38 - 2016-05-12 07:54 - 02397696 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-06-15 02:38 - 2016-05-12 07:52 - 00313856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-06-15 02:38 - 2016-05-12 07:52 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-06-15 02:38 - 2016-05-12 07:52 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-06-15 02:38 - 2016-05-12 07:52 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-06-15 02:38 - 2016-05-12 07:52 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-06-15 02:38 - 2016-05-12 07:52 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-06-15 02:38 - 2016-05-12 07:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-06-15 02:38 - 2016-05-12 07:51 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-06-15 02:38 - 2016-05-12 07:51 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-06-15 02:38 - 2016-05-12 06:04 - 00370784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-06-15 02:38 - 2016-05-12 06:04 - 00249352 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-06-15 02:38 - 2016-05-11 08:19 - 00363520 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2016-06-15 02:38 - 2016-05-11 08:19 - 00351744 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-06-15 02:38 - 2016-05-11 08:19 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-06-15 02:38 - 2016-05-11 08:19 - 00206336 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-06-15 02:38 - 2016-05-11 08:01 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2016-06-15 02:38 - 2016-05-11 07:52 - 00188928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2016-06-15 02:38 - 2016-04-14 08:38 - 00105192 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-06-15 02:38 - 2016-04-14 08:33 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-06-15 02:38 - 2016-04-14 08:33 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-06-15 02:38 - 2016-04-14 08:33 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-06-15 02:38 - 2016-04-14 08:33 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-06-15 02:38 - 2016-04-14 08:33 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-06-15 02:38 - 2016-04-14 08:11 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-06-15 02:38 - 2016-04-08 23:54 - 12881408 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-06-15 02:38 - 2016-04-08 23:54 - 01499648 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-06-15 02:38 - 2016-04-08 22:44 - 02973184 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-06-15 02:38 - 2016-03-09 11:40 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2016-06-06 15:17 - 2016-06-06 15:17 - 00029291 _____ C:\Users\Assistant2\Downloads\HearingsStatusReport (2).csv
2016-06-06 13:19 - 2016-06-06 13:19 - 00284110 _____ C:\Users\Assistant2\Downloads\19F___CE_Psychology__Src____STEPHEN_GILL_PH_D__PRESCOTT__Tmt__Dt____Unknown___04_20_2016.tif
2016-06-02 21:09 - 2016-06-02 21:09 - 00029088 _____ C:\Users\Assistant2\Downloads\HearingsStatusReport (1).csv
2016-06-01 20:43 - 2016-06-01 20:43 - 00029390 _____ C:\Users\Assistant2\Downloads\HearingsStatusReport.csv
2016-06-01 16:17 - 2016-06-01 16:17 - 30503216 _____ C:\Users\Assistant2\Downloads\vlc-2.2.3-win32.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-30 12:09 - 2015-05-26 16:29 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-06-30 12:09 - 2014-11-12 15:29 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-06-30 12:09 - 2014-08-13 08:07 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-30 12:08 - 2014-10-21 08:34 - 00000000 ____D C:\PREVAIL_CLIENT
2016-06-30 11:49 - 2009-07-13 21:34 - 00030896 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-30 11:49 - 2009-07-13 21:34 - 00030896 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-30 11:19 - 2014-08-13 08:07 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-28 09:17 - 2010-11-20 14:01 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-28 09:17 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\inf
2016-06-28 09:13 - 2009-07-13 21:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-28 09:12 - 2014-11-12 15:28 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-06-27 15:25 - 2014-10-30 16:10 - 00000000 ____D C:\Users\Admin\AppData\Local\Adobe
2016-06-27 15:22 - 2014-08-04 14:59 - 00002507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat 9 Standard.lnk
2016-06-27 15:22 - 2014-08-04 14:59 - 00002465 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Distiller 9.lnk
2016-06-27 15:22 - 2014-08-04 14:59 - 00002015 _____ C:\Users\Public\Desktop\Adobe Acrobat 9 Standard.lnk
2016-06-27 15:15 - 2014-11-12 15:28 - 00001066 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-06-27 15:15 - 2014-11-12 15:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-06-27 15:13 - 2016-04-04 12:42 - 00000000 ____D C:\Users\Admin\AppData\Local\GWX
2016-06-27 10:06 - 2014-08-04 15:01 - 00000000 ____D C:\ProgramData\FLEXnet
2016-06-27 09:47 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\tracing
2016-06-24 18:20 - 2014-12-02 14:43 - 00000000 ____D C:\Users\Assistant2\AppData\LocalLow\Temp
2016-06-24 18:18 - 2016-04-04 13:08 - 00000000 ____D C:\Temp
2016-06-24 16:29 - 2012-03-02 08:27 - 00000000 ____D C:\Windows\Panther
2016-06-24 14:00 - 2014-08-04 11:54 - 00000000 ____D C:\Users\Admin
2016-06-24 13:57 - 2014-07-21 07:04 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-06-24 13:57 - 2014-07-21 06:59 - 00000000 ____D C:\ProgramData\NVIDIA
2016-06-24 13:49 - 2009-07-13 19:37 - 00000000 __RHD C:\Users\Public\Libraries
2016-06-24 12:25 - 2015-07-15 12:30 - 00000000 ____D C:\Users\Public\Documents\scans
2016-06-24 12:25 - 2010-11-20 17:47 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-06-24 12:24 - 2016-04-04 13:25 - 00000000 ____D C:\Users\Admin\AppData\Local\minergate-cli
2016-06-24 12:23 - 2015-06-24 16:42 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-06-24 12:23 - 2015-06-02 09:30 - 00000000 ____D C:\Users\Admin\AppData\Local\Avg
2016-06-24 12:23 - 2014-10-20 17:22 - 00000000 ____D C:\ProgramData\AVG Security Toolbar
2016-06-24 12:23 - 2014-10-20 12:02 - 00000000 ____D C:\ProgramData\MFAData
2016-06-24 12:23 - 2014-08-04 15:39 - 00000000 ____D C:\ProgramData\SQL Anywhere 11
2016-06-24 12:23 - 2014-08-04 11:54 - 00000000 ____D C:\Users\Admin\AppData\Local\VirtualStore
2016-06-24 03:01 - 2014-07-21 07:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-06-21 05:17 - 2014-10-30 16:10 - 00000000 ____D C:\Users\Admin\AppData\Local\Google
2016-06-19 01:00 - 2015-12-07 12:19 - 00000000 ____D C:\Users\Assistant2\AppData\Local\ElevatedDiagnostics
2016-06-17 14:21 - 2014-08-13 08:07 - 00002147 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-17 14:21 - 2014-08-13 08:07 - 00002135 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-15 03:58 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\rescache
2016-06-15 03:33 - 2009-07-13 21:33 - 00449912 _____ C:\Windows\system32\FNTCACHE.DAT
2016-06-15 03:31 - 2014-12-10 03:23 - 00000000 ____D C:\Windows\system32\appraiser
2016-06-15 03:14 - 2015-06-24 16:43 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-06-15 03:12 - 2014-08-05 09:04 - 00000000 ____D C:\Windows\system32\MRT
2016-06-15 03:01 - 2014-08-05 09:04 - 139785240 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-06-14 03:48 - 2016-02-29 09:27 - 00785328 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2016-06-14 03:48 - 2015-06-11 19:32 - 00044120 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klim6.sys
2016-06-14 03:41 - 2015-07-04 02:18 - 00053168 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys
2016-06-14 03:07 - 2009-07-13 19:04 - 00000478 _____ C:\Windows\win.ini
2016-06-13 19:31 - 2014-08-04 14:41 - 00400040 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2016-06-24 12:25 - 2016-06-24 12:25 - 0002552 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\04-04-2016.id-9A91A1D6.Vegclass@aol.com.xtbl
2016-06-24 12:25 - 2016-06-24 12:25 - 0000440 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\04-10-2016.id-9A91A1D6.Vegclass@aol.com.xtbl
2016-06-24 12:25 - 2016-06-24 12:25 - 0000440 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\04-16-2016.id-9A91A1D6.Vegclass@aol.com.xtbl
2016-06-24 12:25 - 2016-06-24 12:25 - 0001544 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\04-18-2016.id-9A91A1D6.Vegclass@aol.com.xtbl
2016-06-24 12:25 - 2016-06-24 12:25 - 0000440 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\04-22-2016.id-9A91A1D6.Vegclass@aol.com.xtbl
2016-06-24 12:25 - 2016-06-24 12:25 - 0000488 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\05-06-2016.id-9A91A1D6.Vegclass@aol.com.xtbl
2016-06-24 12:25 - 2016-06-24 12:25 - 0000440 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\05-09-2016.id-9A91A1D6.Vegclass@aol.com.xtbl
2016-06-24 12:25 - 2016-06-24 12:25 - 0000584 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\05-15-2016.id-9A91A1D6.Vegclass@aol.com.xtbl
2016-06-24 12:25 - 2016-06-24 12:25 - 0000504 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\05-17-2016.id-9A91A1D6.Vegclass@aol.com.xtbl
2016-06-24 12:25 - 2016-06-24 12:25 - 0001032 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\05-31-2016.id-9A91A1D6.Vegclass@aol.com.xtbl
2016-06-24 12:25 - 2016-06-24 12:25 - 0000616 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\06-05-2016.id-9A91A1D6.Vegclass@aol.com.xtbl
2016-06-24 12:25 - 2016-06-24 12:25 - 0000440 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\06-15-2016.id-9A91A1D6.Vegclass@aol.com.xtbl
2016-06-24 12:25 - 2016-06-24 12:25 - 0017144 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\06-21-2016.id-9A91A1D6.Vegclass@aol.com.xtbl
2016-06-24 12:25 - 2016-06-24 12:25 - 0001160 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\06-22-2016.id-9A91A1D6.Vegclass@aol.com.xtbl
2016-06-24 12:25 - 2016-06-24 12:25 - 0002232 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\06-23-2016.id-9A91A1D6.Vegclass@aol.com.xtbl
2016-06-24 13:55 - 2016-06-24 14:00 - 0000000 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\06-24-2016
2016-06-24 12:25 - 2016-06-24 12:25 - 0014232 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\06-24-2016.id-9A91A1D6.Vegclass@aol.com.xtbl

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-06-27 00:45

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 29-06-2016
Ran by Admin (2016-06-30 12:14:25)
Running from C:\Users\Admin\Downloads
Microsoft Windows 7 Professional  Service Pack 1 (X86) (2014-08-04 18:54:45)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Admin (S-1-5-21-491372964-234954144-3230604657-1002 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-491372964-234954144-3230604657-500 - Administrator - Disabled)
Assistant2 (S-1-5-21-491372964-234954144-3230604657-1003 - Limited - Enabled) => C:\Users\Assistant2
GhostUser (S-1-5-21-491372964-234954144-3230604657-1006 - Administrator - Enabled) => C:\Users\GhostUser
Guest (S-1-5-21-491372964-234954144-3230604657-501 - Limited - Disabled)
system32 (S-1-5-21-491372964-234954144-3230604657-1005 - Administrator - Enabled) => C:\Users\system32
User (S-1-5-21-491372964-234954144-3230604657-1004 - Administrator - Enabled) => C:\Users\User
user1 (S-1-5-21-491372964-234954144-3230604657-1007 - Administrator - Enabled) => C:\Users\user1

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Total Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AS: Kaspersky Total Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Total Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adblock Plus for IE (32-bit) (HKLM\...\{A243D0E2-D027-4340-AA12-6B13B2A96AC0}) (Version: 1.4 - Eyeo GmbH)
Adobe Acrobat  9 Standard (HKLM\...\{AC76BA86-1033-0000-BA7E-000000000004}{AC76BA86-1033-0000-BA7E-000000000004}) (Version: 9.0.0 - Adobe Systems)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Common Desktop Agent (Version: 1.62.0 - OEM) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
EPSON WorkForce 545 Series Printer Uninstall (HKLM\...\EPSON WorkForce 545 Series) (Version:  - SEIKO EPSON Corporation)
Fax Upload (HKLM\...\Fax Upload) (Version:  - )
FileLocator Lite (HKLM\...\{16B89C6C-17B6-47ED-9E56-4557B339C580}) (Version: 7.0.828.1 - Mythicsoft Ltd)
Google Chrome (HKLM\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.30.3 - Google Inc.) Hidden
Java 8 Update 77 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Total Security (HKLM\...\InstallWIX_{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}) (Version: 16.0.0.614 - Kaspersky Lab)
Kaspersky Total Security (Version: 16.0.0.614 - Kaspersky Lab) Hidden
Malwarebytes Anti-Exploit version 1.8.1.2563 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.2563 - Malwarebytes)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Standard 2013 (HKLM\...\Office15.STANDARD) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5981 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA nView Desktop Manager (HKLM\...\NVIDIA nView Desktop Manager) (Version: 6.14.10.13065 - NVIDIA Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
QuickBooks (Version: 24.0.4003.2403 - Intuit Inc.) Hidden
QuickBooks Pro 2014 (HKLM\...\{4A21D17E-2FE8-42CD-88B7-ACF8E8860834}) (Version: 24.0.4003.2403 - Intuit Inc.)
Samsung Easy Document Creator (HKLM\...\Samsung Easy Document Creator) (Version: 1.06.46 (10/30/2014) - Samsung Electronics Co., Ltd.)
Samsung Easy Printer Manager (HKLM\...\Samsung Easy Printer Manager) (Version: 1.05.81.00(5/25/2015) - Samsung Electronics Co., Ltd.)
Samsung M288x Series (HKLM\...\Samsung M288x Series) (Version: 1.14 (7/16/2015) - Samsung Electronics Co., Ltd.)
Samsung Network PC Fax (HKLM\...\Samsung Network PC Fax) (Version: 1.11.14 (11/4/2014) - Samsung Electronics Co., Ltd.)
Samsung Printer Diagnostics (HKLM\...\Samsung Printer Diagnostics) (Version: 1.0.1.6.02 - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Samsung Scan Process Machine (Version: 1.03.05.18 - Samsung Electronics Co., Ltd.) Hidden
SNS Upload for Easy Document Creator (HKLM\...\{B6B5F07C-88D5-49D3-A1A7-A6D4BC37DCCC}) (Version: 1.0.0 - Samsung Electronics Co.,Ltd)
View User's Guide (HKLM\...\View User Guide) (Version: 3.60.45.0 - )
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Yahoo Search Set (HKLM\...\Yahoo! SearchSet) (Version:  - Yahoo Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{1B3210AF-E236-46D4-83EF-6421F2FF543C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx => No File
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{1E78DD72-771E-42BF-8B4B-363CEB18E07B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx => No File
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{22664BE2-0806-4BA4-8643-DE40C9149176}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{2A9EBDB5-0600-4E8C-B910-4001BEB2DD8C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{349D777D-F7A2-4AAE-967F-A54F05A7FF3B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBFinder.dll => No File
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{38F58721-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\COMObjectFactory.dll => No File
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{38F58742-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{38F58743-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{38F58744-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{3CDEA288-D759-4C3B-B07F-7AFBCC842D98}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{4A56F19E-9F50-4F43-93C8-050E44AA83A9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{4E5E74B5-8EB5-4859-A335-837EED412620}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{5249684A-D7A2-4DBE-94F4-B90923A7BC64}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{5428A9ED-6CD8-11D6-9C8A-0001023DCAA2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{5B7331FA-8910-4748-A8A4-60B445041F28}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{5ED8AC89-B2DE-476D-8EEA-E170B2FCB058}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{70478C56-E77F-4134-B3E3-3B18EE036D71}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll => No File
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{7694F1CD-A55B-4B7C-8820-A90892EB4E9E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{8572570D-12D9-4F2C-8BB8-EB8848178B94}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2014\QBW32.EXE (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{8FEDE364-AB37-4551-80C9-6D468E222AB2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{A58C4EAB-2DB8-445E-9CAE-2AE197A5C708}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{B10BFAC3-EFF1-40D9-ADA0-BEBE037C24CA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{BCD594EA-15C3-4FD8-B92B-114BB9694537}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBCtrIPMDS2.dll => No File
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{CE18240D-F3F8-43AE-9EA0-A0DC85A95375}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll => No File
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{D9B9C060-0954-11D3-9E07-00104BD2BE34}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSource.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{D9BC6F81-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{D9BC6F84-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{D9BC6F87-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{D9BC6FA1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{D9BC6FA6-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{D9BC6FB2-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\StorageClasses.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{D9BC6FC1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{DA654E0C-E75D-4507-8AC2-71698C5B5C93}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2014\QBW32.EXE (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{E6E4DF8B-17CE-43ED-B2C7-2CE10457552D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{E7D2D0F6-B754-438D-B5C9-BF848D311A0F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll => No File
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{EAEF733D-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{F2C593CC-74B2-4F71-8556-DD4D426D0409}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2014\QBW32.EXE (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {31721CD7-A98B-4ACF-BC31-634BDE42D995} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {4DDF8DC1-6EE4-4263-96F6-6D0485A7373B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {4E025D0F-4D90-41D0-A720-7C308D8D67B5} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {72FAA2D1-648F-4190-989A-B556979A87FE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {A0BADACD-3EAC-452B-90AE-A76A4E0FA158} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-05-14 13:11 - 2015-06-26 08:21 - 00018432 _____ () C:\Windows\System32\ssa7mlm.dll
2015-07-08 23:18 - 2015-07-08 23:18 - 00794920 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Total Security 16.0.0\kpcengine.2.3.dll
2015-05-14 13:03 - 2013-02-22 13:30 - 00307200 _____ () C:\Windows\system32\SaMinDrv.dll
2015-06-25 00:45 - 2015-06-25 00:45 - 00094208 ____N () C:\Windows\system32\ssdevm.dll
2015-09-15 14:58 - 2015-09-15 14:58 - 08901184 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-09-08 13:30 - 2014-09-08 13:30 - 00351968 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
2014-09-08 13:32 - 2014-09-08 13:32 - 00050688 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:04 - 2009-06-10 14:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-491372964-234954144-3230604657-1002\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: CDAServer => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{0878F646-9ADD-4307-9C02-308FB5B036FA}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{F2A46496-33D1-4906-8804-0FE0C770680D}] => (Allow) LPort=2869
FirewallRules: [{FF3AA63C-06E8-4D14-A344-6446AF16D0D7}] => (Allow) LPort=1900
FirewallRules: [{56812BDE-50F1-4DF7-85C5-E8B999964D69}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{30E5470D-A414-4F80-877B-4680A71E5265}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{149A5C47-0D79-40B0-B5DF-74CC629C405B}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{1F87D08A-EF6B-422E-87AE-4992C9B58B56}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{1C19A6E2-4D32-4806-9731-48A3C3031811}] => (Allow) C:\Windows\twain_32\Samsung\SLM288x\ScanCDLM\ScanCDLM.exe
FirewallRules: [{E552974E-6EEC-4DF9-BC7D-4340FDAD074A}] => (Allow) C:\Windows\twain_32\Samsung\SLM288x\ScanCDLM\ScanCDLM.exe
FirewallRules: [TCP Query User{DBBE19B2-5BC8-41D3-A91B-4C3921A51038}C:\program files\common files\common desktop agent\cdasrv.exe] => (Allow) C:\program files\common files\common desktop agent\cdasrv.exe
FirewallRules: [UDP Query User{F51E5224-A6F4-4E3B-8C1B-7D4667151111}C:\program files\common files\common desktop agent\cdasrv.exe] => (Allow) C:\program files\common files\common desktop agent\cdasrv.exe
FirewallRules: [{F8C0240D-15AC-4F26-AC52-1AF5730399A9}] => (Allow) C:\Program Files\Samsung\Easy Document Creator\EDC.exe
FirewallRules: [{D4A09F55-62B5-4154-8292-DC6DD1AEFE8E}] => (Allow) C:\Program Files\Samsung\Easy Document Creator\EDC.exe
FirewallRules: [{475BAAF6-0CCB-456D-A607-590BBDDDEAA8}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{1D093E84-DECF-4E4C-A6C2-40D6298E141A}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{74E6A098-B3FE-4D7E-8CF7-D80A512B0537}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{BBB77926-0FFD-46AE-8FC2-89BE458D2767}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\uninstall.exe
FirewallRules: [{2D738D47-B916-4A69-B7EB-583121140968}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{2EE30B18-B135-4901-BB02-42D2FD184057}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\CDAS2PC\ScanProcess.exe
FirewallRules: [{D754E037-5F71-4260-ADB5-7186CEB5F4AD}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\CDAS2PC\Scan2PCNotify.exe
FirewallRules: [TCP Query User{AE704F67-032D-4497-9CF7-6A8B7E547EAE}C:\program files\common files\common desktop agent\cdasrv.exe] => (Block) C:\program files\common files\common desktop agent\cdasrv.exe
FirewallRules: [UDP Query User{A91052F3-1507-4B2C-9FA5-ADF528958AE0}C:\program files\common files\common desktop agent\cdasrv.exe] => (Block) C:\program files\common files\common desktop agent\cdasrv.exe
FirewallRules: [{9CE8B091-A0C4-4C82-9ECA-55B4AE1EE5E6}] => (Allow) LPort=3389
FirewallRules: [{B8772483-6577-4788-8216-A94BA070AA63}] => (Allow) LPort=3395
FirewallRules: [{CA51C6BB-E6BA-4838-B083-50E7AE31628A}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/30/2016 12:09:42 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/30/2016 12:09:42 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/29/2016 07:30:58 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/29/2016 07:30:58 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/29/2016 07:13:49 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/29/2016 07:13:49 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/29/2016 07:11:49 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/29/2016 07:11:49 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/29/2016 07:07:14 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/29/2016 07:07:14 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (06/29/2016 07:10:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The WinMedia Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/29/2016 06:46:54 PM) (Source: TermDD) (EventID: 56) (User: )
Description: The Terminal Server security layer detected an error in the protocol stream and has disconnected the client.
Client IP: 95.220.137.166.

Error: (06/29/2016 06:46:54 PM) (Source: TermDD) (EventID: 50) (User: )
Description: The RDP protocol component X.224 detected an error in the protocol stream and has disconnected the client.

Error: (06/29/2016 01:03:00 PM) (Source: TermDD) (EventID: 56) (User: )
Description: The Terminal Server security layer detected an error in the protocol stream and has disconnected the client.
Client IP: 95.211.168.97.

Error: (06/29/2016 01:03:00 PM) (Source: TermDD) (EventID: 56) (User: )
Description: The Terminal Server security layer detected an error in the protocol stream and has disconnected the client.
Client IP: 95.211.168.97.

Error: (06/29/2016 11:49:47 AM) (Source: TermDD) (EventID: 56) (User: )
Description: The Terminal Server security layer detected an error in the protocol stream and has disconnected the client.
Client IP: 95.220.137.166.

Error: (06/29/2016 11:49:47 AM) (Source: TermDD) (EventID: 50) (User: )
Description: The RDP protocol component X.224 detected an error in the protocol stream and has disconnected the client.

Error: (06/28/2016 07:27:01 PM) (Source: TermDD) (EventID: 56) (User: )
Description: The Terminal Server security layer detected an error in the protocol stream and has disconnected the client.
Client IP: 160.3.165.158.

Error: (06/28/2016 09:13:06 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000007f (0x00000008, 0x8df39750, 0x00000000, 0x00000000)C:\Windows\MEMORY.DMP062816-18236-01

Error: (06/28/2016 09:13:00 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:11:33 AM on ‎6/‎28/‎2016 was unexpected.


CodeIntegrity:
===================================
  Date: 2016-06-30 12:09:14.702
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sirenacm.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-30 12:09:14.639
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-29 19:11:39.014
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sirenacm.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-29 19:11:38.936
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-29 19:05:20.702
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sirenacm.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-29 19:05:20.656
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-29 18:43:35.229
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sirenacm.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-29 18:43:35.179
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-29 18:28:15.931
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sirenacm.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-29 18:28:15.868
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Processor: Intel(R) Xeon(R) CPU E5620 @ 2.40GHz
Percentage of memory in use: 49%
Total physical RAM: 3005.59 MB
Available physical RAM: 1509.6 MB
Total Virtual: 9003.91 MB
Available Virtual: 7003.19 MB

==================== Drives ================================

Drive c: (OSDisk) (Fixed) (Total:219.15 GB) (Free:163.12 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Recovery) (Fixed) (Total:13.68 GB) (Free:13.31 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.8 GB) (Disk ID: BC9D6F56)
Partition 1: (Active) - (Size=219.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=13.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Link to post
Share on other sites

  • 2 weeks later...

Hi Njem,

Please accept my sincere apologies, I have not received an e-mail with your reply.

Is System Restore disabled on a purpose on this machine?

Also, while I understand and appreciate thet you are using a user account on a daily basis, bar in mind that the tools we use and fixes we do all have to be done from the administrative account.

 

FRST.gif Fix with Farbar Recovery Scan Tool


 

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

 

Press the WindowsKey.png + R on your keyboard at the same time. Type Notepad and click OK.

  • Copy the entire content of the codebox below and paste into the Notepad document:
    start
    CreateRestorePoint:
    CloseProcesses:
    HKLM\...\Run: [] => [X]
    HKU\S-1-5-21-491372964-234954144-3230604657-1002\...\Run: [akvplabe] => C:\Users\Admin\AppData\Roaming\setap21.exe
    IFEO\sethc.exe: [Debugger] C:\Windows\PreInstall\uddisrw.exe
    C:\Users\Admin\AppData\Roaming\setap21.exe
    EmptyTemp:
    end
  • Click File, Save As and type fixlist.txt as the File Name.

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    > XP users click run after receipt of Windows Security Warning - Open File.
    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please include it in your reply.

 

 

FRST.gif Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    > XP users click run after receipt of Windows Security Warning - Open File.
    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • Make sure that the Addition option is checked, then press Scan button and wait.
  • The tool will produce two logfiles on your desktop named FRST.txt and Addition.txt.

Please include their content in your next reply.

Link to post
Share on other sites

I don't know why recovery is off. Might have been turned off by a previous tech.

Fix result of Farbar Recovery Scan Tool (x86) Version: 10-07-2016 01
Ran by Admin (2016-07-12 11:18:25) Run:3
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin (Available Profiles: Admin & Assistant2 & User & system32 & GhostUser & user1)
Boot Mode: Normal

==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-491372964-234954144-3230604657-1002\...\Run: [akvplabe] => C:\Users\Admin\AppData\Roaming\setap21.exe
IFEO\sethc.exe: [Debugger] C:\Windows\PreInstall\uddisrw.exe
C:\Users\Admin\AppData\Roaming\setap21.exe
EmptyTemp:
end
*****************

Error: (0) Failed to create a restore point.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value not found.
HKU\S-1-5-21-491372964-234954144-3230604657-1002\Software\Microsoft\Windows\CurrentVersion\Run\\akvplabe => value not found.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\sethc.exe => key not found. 
"C:\Users\Admin\AppData\Roaming\setap21.exe" => not found.

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 8391936 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => -1904 B
Edge => 0 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
LocalService => 0 B
NetworkService => 0 B
Admin => 79328 B
Assistant2 => 0 B
User => 0 B
system32 => 0 B
GhostUser => 0 B
user1 => 0 B

RecycleBin => 0 B
EmptyTemp: => 8.1 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 11:18:29 ====

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-07-2016 01
Ran by Admin (administrator) on PC-CHRISTINA (12-07-2016 11:20:04)
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin (Available Profiles: Admin & Assistant2 & User & system32 & GhostUser & user1)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\w32x86\3\NetFaxServer.exe
() C:\Windows\msapss\bin\msapp.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Total Security 16.0.0\avpui.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\spool\drivers\w32x86\3\NetFaxTray.exe
(ImageMAKER Development Inc.) C:\Program Files\Common Files\ImageMAKER\VSTDAEMON.EXE


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1314816 2009-04-23] (Analog Devices, Inc.)
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [1753192 2010-08-26] ()
HKLM\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.)
HKLM\...\Run: [Intuit SyncManager] => C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe [2829624 2013-10-10] (Intuit Inc. All rights reserved.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [595480 2016-03-20] (Oracle Corporation)
HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe [2623456 2016-06-02] (Malwarebytes Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2014-08-04]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2014-08-04]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2014-08-04]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files\Intuit\QuickBooks 2014\QBW32.EXE (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Network PC Fax.lnk [2015-05-14]
ShortcutTarget: Samsung Network PC Fax.lnk -> C:\Windows\System32\spool\drivers\w32x86\3\NetFaxTray.exe (Samsung Electronics Co., Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Vista Fax Daemon.lnk [2014-08-07]
ShortcutTarget: Vista Fax Daemon.lnk -> C:\Program Files\Common Files\ImageMAKER\Vstdaemon.exe (ImageMAKER Development Inc.)
Startup: C:\Users\Assistant2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PHONEslips.lnk [2015-07-14]
ShortcutTarget: PHONEslips.lnk -> \\JEP-SERVER\Data\PSLIPS\PSWIN32.EXE (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{D040FB1E-17F4-4B45-93D4-1BAFCFB1D776}: [NameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-491372964-234954144-3230604657-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE07&ocid=UE07DHP
HKU\S-1-5-21-491372964-234954144-3230604657-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.dell.com
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_77\bin\ssv.dll [2016-03-23] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files\Kaspersky Lab\Kaspersky Total Security 16.0.0\IEExt\ie_plugin.dll [2016-02-29] (AO Kaspersky Lab)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-05-17] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-03-23] (Oracle Corporation)
BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-02-25] (Eyeo GmbH)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files\Kaspersky Lab\Kaspersky Total Security 16.0.0\IEExt\ie_plugin.dll [2016-02-29] (AO Kaspersky Lab)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
Handler: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - C:\Program Files\Intuit\QuickBooks 2014\HelpAsyncPluggableProtocol.dll [2013-10-10] (Intuit, Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-03-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-03-23] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Total Security 16.0.0\FFExt\light_plugin_firefox
FF Extension: Kaspersky Protection - C:\Program Files\Kaspersky Lab\Kaspersky Total Security 16.0.0\FFExt\light_plugin_firefox [2016-06-14]

Chrome: 
=======
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Web Store Payments) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-24]
CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM\...\Chrome\Extension: [nogdfjjfhknacchjpiccacoimeelkajb] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP16.0.0; C:\Program Files\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe [194000 2016-02-29] (Kaspersky Lab ZAO)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2014-08-04] (Macrovision Europe Ltd.) [File not signed]
R2 MbaeSvc; C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [742368 2016-06-02] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2013-10-10] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2013-10-10] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2013-10-10] (Intuit Inc.) [File not signed]
R2 Samsung Network Fax Server; C:\Windows\system32\spool\drivers\w32x86\3\NetFaxServer.exe [458944 2014-11-04] (Samsung Electronics Co., Ltd.)
R3 TermService; C:\Program Files\RDP Wrapper\rdpwrap.dll [77312 2016-04-04] (Stas'M Corp.) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
R2 WinMediaService; C:\Windows\msapss\bin\msapp.exe [990720 2016-07-07] () [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AX88179; C:\Windows\System32\DRIVERS\ax88179_178a.sys [54784 2013-12-05] (ASIX Electronics Corp.)
S3 AX88772; C:\Windows\System32\DRIVERS\ax88772.sys [69632 2013-12-03] (ASIX Electronics Corp.)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [201912 2015-07-06] (Kaspersky Lab ZAO)
R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [50016 2016-06-02] ()
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [153784 2015-06-22] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [46776 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [58224 2015-06-27] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [66976 2016-02-29] (AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [147328 2016-02-29] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [53168 2016-06-14] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [785328 2016-06-14] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [44120 2016-06-14] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [37048 2015-06-06] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [38072 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [39304 2016-02-29] (AO Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54328 2015-06-11] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [87736 2015-06-16] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [156856 2015-06-23] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24448 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2016-07-12] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [53120 2016-03-10] (Malwarebytes Corporation)
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2015-12-08] (Samsung Electronics) [File not signed]
S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [20480 2011-03-24] (Microsoft Corporation) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-12 11:20 - 2016-07-12 11:20 - 00015222 _____ C:\Users\Admin\Desktop\FRST.txt
2016-07-12 11:10 - 2016-07-12 11:18 - 00001853 _____ C:\Users\Admin\Desktop\Fixlog.txt
2016-07-12 11:10 - 2016-07-12 11:05 - 01741312 _____ (Farbar) C:\Users\Admin\Desktop\FRST.exe
2016-07-12 11:09 - 2016-07-12 11:05 - 01741312 _____ (Farbar) C:\Users\Public\Documents\FRST.exe
2016-07-12 11:09 - 2016-07-12 11:03 - 00000307 _____ C:\Users\Public\Documents\fixlist.txt
2016-07-12 11:05 - 2016-07-12 11:05 - 00000000 ____D C:\Users\Assistant2\Downloads\FRST-OlderVersion
2016-07-12 11:05 - 2016-07-12 11:03 - 00000307 _____ C:\Users\Assistant2\Downloads\fixlist.txt
2016-07-11 06:39 - 2016-07-11 06:39 - 00183520 _____ C:\Windows\Minidump\071116-15771-01.dmp
2016-07-07 16:07 - 2016-07-07 16:07 - 106837452 _____ C:\Users\GhostUser\Downloads\Chrome.zip
2016-07-07 15:29 - 2016-07-07 15:29 - 00000000 ____D C:\Users\GhostUser\Desktop\Chrome
2016-07-07 12:58 - 2016-07-07 12:58 - 00335848 _____ C:\Users\Assistant2\Downloads\Copy_of_Evidence_Request__Src____ROBERTSON__PAUL_TODD_Tmt__Dt____Unknown___Unknown.tif
2016-07-07 12:58 - 2016-07-07 12:58 - 00029318 _____ C:\Users\Assistant2\Downloads\HearingsStatusReport (7).csv
2016-07-07 12:55 - 2016-07-07 12:55 - 01343532 _____ C:\Users\Assistant2\Downloads\Medical_Evidence_of_Record__Src____FLAGSTAFF_MEDICAL_CENTER_Tmt__Dt____Unknown___Unknown.tif
2016-07-07 12:54 - 2016-07-07 12:54 - 00055551 _____ C:\Users\Assistant2\Downloads\3D___Certified_Earnings_Records_Doc__Dt____12_03_2015.tif
2016-07-07 12:53 - 2016-07-07 12:53 - 00030970 _____ C:\Users\Assistant2\Downloads\1E___Disability_Report___Field_Office__Src____FO_Tmt__Dt____Unknown___08_29_2013.tif
2016-07-07 12:51 - 2016-07-07 12:51 - 00208752 _____ C:\Users\Assistant2\Downloads\2E___Disability_Report___Adult__Src____Claimant_Tmt__Dt____Unknown___09_04_2013.tif
2016-07-07 12:48 - 2016-07-07 12:48 - 00270228 _____ C:\Users\Assistant2\Downloads\3E___Work_Activity_Report_EE__Src____Unknown_Tmt__Dt____Unknown___08_01_2014.tif
2016-07-07 12:47 - 2016-07-07 12:47 - 00280420 _____ C:\Users\Assistant2\Downloads\5E___Disability_Report___Adult__Src____Unknown_Tmt__Dt____Unknown___08_01_2014 (1).tif
2016-07-07 12:47 - 2016-07-07 12:47 - 00032726 _____ C:\Users\Assistant2\Downloads\4E___Disability_Report___Field_Office__Src____Unknown_Tmt__Dt____Unknown___08_01_2014.tif
2016-07-07 12:46 - 2016-07-07 12:46 - 00280420 _____ C:\Users\Assistant2\Downloads\5E___Disability_Report___Adult__Src____Unknown_Tmt__Dt____Unknown___08_01_2014.tif
2016-07-07 12:41 - 2016-07-07 12:41 - 00062844 _____ C:\Users\Assistant2\Downloads\Medical_Evidence_of_Record__Src____Ellen_Lorenz_Tmt__Dt____Unknown___02_10_2015.tif
2016-07-07 12:34 - 2016-07-07 12:34 - 00194236 _____ C:\Users\Assistant2\Downloads\Office_Treatment_Records__Src____Prescott_Urology_Tmt__Dt____Unknown___Unknown.tif
2016-07-07 12:33 - 2016-07-07 12:33 - 00162178 _____ C:\Users\Assistant2\Downloads\Medical_Evidence_of_Record__Src____NORTHERN_ARIZONA_TUMOR_INSTITUTE_Tmt__Dt____Unknown___Unknown.tif
2016-07-07 12:32 - 2016-07-07 12:32 - 00203983 _____ C:\Users\Assistant2\Downloads\16F___Office_Treatment_Records__Src____Prescott_Urology_Tmt__Dt____Unknown___03_18_2016.tif
2016-07-07 12:30 - 2016-07-07 12:30 - 00364646 _____ C:\Users\Assistant2\Downloads\18F___Progress_Notes__Src____Tucille__Wendy__MD___Red_Rock_Pediatrics_Tmt__Dt____01_05_2016___02_05_2016.tif
2016-07-07 12:30 - 2016-07-07 12:30 - 00337380 _____ C:\Users\Assistant2\Downloads\16F___Emergency_Department_Records__Src____Verde_Valley_Medical_Center_Tmt__Dt____Unknown___01_27_2016.tif
2016-07-07 12:30 - 2016-07-07 12:30 - 00146908 _____ C:\Users\Assistant2\Downloads\17F___Inpatient_Hospital_Records__Src____Phoenix_Children_s_Hospital_Tmt__Dt____01_27_2016___02_01_2016.tif
2016-07-07 12:14 - 2016-07-07 12:14 - 00057974 _____ C:\Users\Assistant2\Downloads\3D___Certified_Earnings_Records_Doc__Dt____12_30_2015.tif
2016-07-06 15:12 - 2016-07-06 15:13 - 00029316 _____ C:\Users\Assistant2\Downloads\HearingsStatusReport (6).csv
2016-07-06 13:25 - 2016-07-06 13:24 - 41864528 _____ (Samsung Electronics Co., Ltd.) C:\Users\Public\Documents\M288x_Series_WIN_EPM_V1.06.00.04_CDV1.17.exe
2016-07-06 13:24 - 2016-07-06 13:24 - 41864528 _____ (Samsung Electronics Co., Ltd.) C:\Users\Assistant2\Downloads\M288x_Series_WIN_EPM_V1.06.00.04_CDV1.17.exe
2016-07-06 13:08 - 2016-07-06 13:08 - 45169264 _____ (Samsung Electronics Co., Ltd.) C:\Users\Assistant2\Downloads\EPM_V1.05.45.00.exe
2016-07-02 09:22 - 2016-07-02 09:22 - 00001063 _____ C:\Users\Assistant2\Desktop\7-5-16 scan.txt
2016-07-02 09:06 - 2016-07-02 09:06 - 00029399 _____ C:\Users\Assistant2\Downloads\HearingsStatusReport (5).csv
2016-06-30 20:38 - 2016-06-30 20:38 - 00001072 _____ C:\Users\Assistant2\Desktop\2malwarebytes6-30-16.txt
2016-06-30 12:14 - 2016-06-30 12:15 - 00040985 _____ C:\Users\Admin\Downloads\Addition.txt
2016-06-30 12:13 - 2016-06-30 12:15 - 00047445 _____ C:\Users\Admin\Downloads\FRST.txt
2016-06-30 12:13 - 2016-06-30 12:13 - 01740288 _____ (Farbar) C:\Users\Admin\Downloads\FRST.exe
2016-06-29 19:06 - 2016-06-29 19:06 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\72226758.sys
2016-06-29 08:32 - 2016-06-29 08:32 - 06069872 _____ (TeamViewer) C:\Users\Assistant2\Downloads\assist (1).exe
2016-06-28 12:39 - 2016-06-28 12:39 - 00025390 _____ C:\Users\Assistant2\Downloads\Addition.txt
2016-06-28 12:38 - 2016-07-12 11:20 - 00000000 ____D C:\FRST
2016-06-28 12:38 - 2016-07-12 11:05 - 01741312 _____ (Farbar) C:\Users\Assistant2\Downloads\FRST.exe
2016-06-28 12:38 - 2016-06-28 12:39 - 00045388 _____ C:\Users\Assistant2\Downloads\FRST.txt
2016-06-28 09:13 - 2016-07-11 06:39 - 00000000 ____D C:\Windows\Minidump
2016-06-28 09:13 - 2016-06-28 09:13 - 00183200 _____ C:\Windows\Minidump\062816-18236-01.dmp
2016-06-28 09:12 - 2016-07-11 06:39 - 307157393 _____ C:\Windows\MEMORY.DMP
2016-06-27 15:22 - 2008-04-07 05:38 - 00045392 ____R (Adobe Systems Inc) C:\Windows\system32\AdobePDF.dll
2016-06-27 15:22 - 2008-04-07 05:38 - 00022872 ____R (Adobe Systems Inc.) C:\Windows\system32\AdobePDFUI.dll
2016-06-27 15:14 - 2016-06-27 15:14 - 22851472 _____ (Malwarebytes ) C:\Users\Admin\Downloads\mbam-setup-2.2.1.1043.exe
2016-06-27 14:27 - 2016-07-12 09:27 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2016-06-27 14:27 - 2016-06-27 14:27 - 01858888 _____ (Malwarebytes ) C:\Users\Assistant2\Downloads\mbae-setup-1.08.1.2563.exe
2016-06-27 14:27 - 2016-06-27 14:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2016-06-27 14:27 - 2016-06-27 14:27 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Exploit
2016-06-27 13:46 - 2016-06-27 13:46 - 22851472 _____ (Malwarebytes ) C:\Users\Assistant2\Downloads\mbam-setup-2.2.1.1043.exe
2016-06-27 09:30 - 2016-06-27 09:30 - 06069872 _____ (TeamViewer) C:\Users\Assistant2\Downloads\assist.exe
2016-06-26 16:14 - 2016-06-26 16:14 - 00000000 ____D C:\Users\user1\AppData\Roaming\Sun
2016-06-26 16:14 - 2016-06-26 16:14 - 00000000 ____D C:\Users\user1\AppData\LocalLow\Sun
2016-06-26 16:14 - 2016-06-26 16:14 - 00000000 ____D C:\Users\user1\.oracle_jre_usage
2016-06-26 08:01 - 2016-06-26 08:02 - 00000000 ____D C:\Users\user1\AppData\Local\WEB2Print
2016-06-26 07:57 - 2016-06-26 07:59 - 00000000 ____D C:\Users\user1\Desktop\NiceHashMiner_v1.6.0.0
2016-06-26 07:56 - 2016-06-26 07:56 - 127786015 _____ C:\Users\user1\Downloads\NiceHashMiner_v1.6.0.0.zip
2016-06-26 07:55 - 2016-06-26 08:04 - 00000000 ____D C:\Users\user1\AppData\Roaming\Samsung
2016-06-26 07:55 - 2016-06-26 07:55 - 00116280 _____ C:\Users\user1\AppData\Local\GDIPFONTCACHEV1.DAT
2016-06-26 07:55 - 2016-06-26 07:55 - 00002319 _____ C:\Users\user1\Desktop\Safe Money.lnk
2016-06-26 07:55 - 2016-06-26 07:55 - 00000000 ____D C:\Users\user1\AppData\Local\Intuit
2016-06-26 07:55 - 2016-06-26 07:55 - 00000000 ____D C:\Users\user1\AppData\Local\Adobe
2016-06-26 07:54 - 2016-06-26 16:14 - 00000000 ____D C:\Users\user1
2016-06-26 07:54 - 2016-06-26 07:55 - 00000000 ____D C:\Users\user1\AppData\Roaming\Adobe
2016-06-26 07:54 - 2016-06-26 07:54 - 00001419 _____ C:\Users\user1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-06-26 07:54 - 2016-06-26 07:54 - 00000020 ___SH C:\Users\user1\ntuser.ini
2016-06-26 07:54 - 2016-06-26 07:54 - 00000000 _SHDL C:\Users\user1\My Documents
2016-06-26 07:54 - 2016-06-26 07:54 - 00000000 _SHDL C:\Users\user1\Documents\My Videos
2016-06-26 07:54 - 2016-06-26 07:54 - 00000000 _SHDL C:\Users\user1\Documents\My Pictures
2016-06-26 07:54 - 2016-06-26 07:54 - 00000000 _SHDL C:\Users\user1\Documents\My Music
2016-06-26 07:54 - 2016-06-26 07:54 - 00000000 ____D C:\Users\user1\AppData\Local\VirtualStore
2016-06-26 07:54 - 2016-06-26 07:54 - 00000000 ____D C:\Users\user1\AppData\Local\Google
2016-06-26 07:54 - 2014-11-11 08:03 - 00000000 ____D C:\Users\user1\AppData\Roaming\TuneUp Software
2016-06-26 07:54 - 2014-08-05 03:04 - 00000000 ____D C:\Users\user1\AppData\Local\Microsoft Help
2016-06-26 07:54 - 2010-11-20 17:47 - 00000000 ____D C:\Users\user1\AppData\Roaming\Media Center Programs
2016-06-25 06:24 - 2016-07-07 16:01 - 00000000 ____D C:\Windows\PreInstall
2016-06-25 06:24 - 2016-06-25 06:24 - 00000000 ____D C:\Windows\bin
2016-06-25 06:22 - 2016-06-25 06:22 - 00000000 ____D C:\Windows\msapss
2016-06-25 06:20 - 2016-06-25 06:20 - 00000000 ____D C:\Users\GhostUser\AppData\Roaming\Mythicsoft
2016-06-24 18:09 - 2016-06-24 18:09 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Mythicsoft
2016-06-24 14:39 - 2016-06-24 14:39 - 00000000 ____D C:\Users\Assistant2\AppData\Roaming\Mythicsoft
2016-06-24 14:39 - 2016-06-24 14:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileLocator Lite
2016-06-24 14:39 - 2016-06-24 14:39 - 00000000 ____D C:\Program Files\Mythicsoft
2016-06-24 14:38 - 2016-06-24 14:38 - 14325936 _____ (Mythicsoft Ltd) C:\Users\Assistant2\Downloads\FileLocatorLite_828.exe
2016-06-24 14:08 - 2016-06-24 14:08 - 00000000 ____D C:\Users\Assistant2\AppData\Roaming\RUT_settings
2016-06-24 14:07 - 2016-06-24 14:07 - 03720232 _____ (Usoris LLC) C:\Users\Assistant2\Downloads\agent.exe
2016-06-24 14:00 - 2016-06-24 14:00 - 00116280 _____ C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2016-06-24 14:00 - 2016-06-24 14:00 - 00000020 ___SH C:\Users\Admin\ntuser.ini
2016-06-24 13:55 - 2016-06-24 13:55 - 00029380 _____ C:\Users\Assistant2\Downloads\HearingsStatusReport (4).csv
2016-06-24 12:25 - 2016-06-24 12:25 - 00085256 _____ C:\Users\Admin\Downloads\250005_1799385313482_2306440_n.jpg.id-9A91A1D6.Vegclass@aol.com.xtbl
2016-06-24 12:25 - 2016-06-24 12:25 - 00062028 _____ C:\Users\Admin\Downloads\10991052_10203943058125890_3581715748894082962_n.jpg.id-9A91A1D6.Vegclass@aol.com.xtbl
2016-06-24 12:25 - 2016-06-24 12:25 - 00026716 _____ C:\Users\Admin\Downloads\13266075_10206786569451896_5424350048535289440_n.jpg.id-9A91A1D6.Vegclass@aol.com.xtbl
2016-06-24 12:25 - 2016-06-24 12:25 - 00024568 _____ C:\Users\Admin\Downloads\13521861_244840055897475_1831112710297003807_n.jpg.id-9A91A1D6.Vegclass@aol.com.xtbl
2016-06-24 12:25 - 2016-06-24 12:25 - 00002560 _____ C:\Users\Admin\Desktop\Safe Money.lnk.id-9A91A1D6.Vegclass@aol.com.xtbl
2016-06-24 12:25 - 2016-06-24 12:25 - 00001678 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk.id-9A91A1D6.Vegclass@aol.com.xtbl
2016-06-24 12:25 - 2016-06-24 12:25 - 00000650 ___SH C:\Users\Admin\Documents\desktop.ini.id-9A91A1D6.Vegclass@aol.com.xtbl
2016-06-24 12:25 - 2016-06-24 12:25 - 00000586 ___SH C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini.id-9A91A1D6.Vegclass@aol.com.xtbl
2016-06-24 12:25 - 2016-06-24 12:25 - 00000522 ___SH C:\Users\Public\Documents\desktop.ini.id-9A91A1D6.Vegclass@aol.com.xtbl
2016-06-24 12:25 - 2016-06-24 12:25 - 00000522 ___SH C:\Users\Admin\Downloads\desktop.ini.id-9A91A1D6.Vegclass@aol.com.xtbl
2016-06-24 12:25 - 2016-06-24 12:25 - 00000522 ___SH C:\Users\Admin\Desktop\desktop.ini.id-9A91A1D6.Vegclass@aol.com.xtbl
2016-06-24 12:25 - 2016-06-24 12:25 - 00000410 ___SH C:\Users\Public\Downloads\desktop.ini.id-9A91A1D6.Vegclass@aol.com.xtbl
2016-06-24 12:25 - 2016-06-24 12:25 - 00000410 ___SH C:\Users\Public\desktop.ini.id-9A91A1D6.Vegclass@aol.com.xtbl
2016-06-24 12:25 - 2016-06-24 12:25 - 00000410 ___SH C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini.id-9A91A1D6.Vegclass@aol.com.xtbl
2016-06-24 12:25 - 2016-06-24 12:25 - 00000264 ___SH C:\Users\Admin\ntuser.ini.id-9A91A1D6.Vegclass@aol.com.xtbl
2016-06-24 12:25 - 2016-06-24 12:25 - 00000114 _____ C:\Users\Admin\Desktop\How to decrypt your files.txt
2016-06-24 12:24 - 2016-06-24 12:24 - 00910108 ____H C:\Users\Admin\AppData\Local\IconCache.db.id-9A91A1D6.Vegclass@aol.com.xtbl
2016-06-24 12:23 - 2016-06-24 12:23 - 00116538 _____ C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT.id-9A91A1D6.Vegclass@aol.com.xtbl
2016-06-22 16:32 - 2016-06-22 16:32 - 00029371 _____ C:\Users\Assistant2\Downloads\HearingsStatusReport (3).csv
2016-06-22 12:00 - 2016-06-22 12:00 - 00044200 _____ C:\Users\Assistant2\Downloads\Objection_to_Video_Hearing_Doc__Dt____Unknown.tif
2016-06-21 08:03 - 2016-06-21 08:03 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Macromedia
2016-06-21 05:25 - 2016-06-21 05:25 - 00000000 ___HD C:\Users\GhostUser\AppData\Roaming\Sun
2016-06-21 05:25 - 2016-06-21 05:25 - 00000000 ___HD C:\Users\GhostUser\AppData\LocalLow\Sun
2016-06-21 05:25 - 2016-06-21 05:25 - 00000000 ___HD C:\Users\GhostUser\.oracle_jre_usage
2016-06-21 05:21 - 2016-06-21 05:21 - 00116280 ____H C:\Users\GhostUser\AppData\Local\GDIPFONTCACHEV1.DAT
2016-06-21 05:20 - 2016-06-25 18:53 - 00000000 ___HD C:\Users\GhostUser\AppData\Local\Google
2016-06-21 05:20 - 2016-06-21 05:31 - 00000000 ___HD C:\Users\GhostUser\AppData\Roaming\Samsung
2016-06-21 05:20 - 2016-06-21 05:21 - 00000000 ___HD C:\Users\GhostUser\AppData\Local\Intuit
2016-06-21 05:20 - 2016-06-21 05:20 - 00002319 ____H C:\Users\GhostUser\Desktop\Safe Money.lnk
2016-06-21 05:20 - 2016-06-21 05:20 - 00001419 ____H C:\Users\GhostUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-06-21 05:20 - 2016-06-21 05:20 - 00000000 ___HD C:\Users\GhostUser\AppData\Roaming\Adobe
2016-06-21 05:20 - 2016-06-21 05:20 - 00000000 ___HD C:\Users\GhostUser\AppData\Local\Adobe
2016-06-21 05:19 - 2016-06-21 05:25 - 00000000 ___HD C:\Users\GhostUser
2016-06-21 05:19 - 2016-06-21 05:19 - 00000020 ___SH C:\Users\GhostUser\ntuser.ini
2016-06-21 05:19 - 2016-06-21 05:19 - 00000000 _SHDL C:\Users\GhostUser\My Documents
2016-06-21 05:19 - 2016-06-21 05:19 - 00000000 _SHDL C:\Users\GhostUser\Documents\My Videos
2016-06-21 05:19 - 2016-06-21 05:19 - 00000000 _SHDL C:\Users\GhostUser\Documents\My Pictures
2016-06-21 05:19 - 2016-06-21 05:19 - 00000000 _SHDL C:\Users\GhostUser\Documents\My Music
2016-06-21 05:19 - 2016-06-21 05:19 - 00000000 ___HD C:\Users\GhostUser\AppData\Local\VirtualStore
2016-06-21 05:19 - 2014-11-11 08:03 - 00000000 ___HD C:\Users\GhostUser\AppData\Roaming\TuneUp Software
2016-06-21 05:19 - 2014-08-05 03:04 - 00000000 ___HD C:\Users\GhostUser\AppData\Local\Microsoft Help
2016-06-21 05:19 - 2010-11-20 17:47 - 00000000 ___HD C:\Users\GhostUser\AppData\Roaming\Media Center Programs
2016-06-15 02:38 - 2016-06-06 08:26 - 00037096 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-06-15 02:38 - 2016-06-06 08:23 - 01001472 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-06-15 02:38 - 2016-06-03 06:04 - 01225216 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-06-15 02:38 - 2016-05-27 06:05 - 00466944 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-06-15 02:38 - 2016-05-27 06:05 - 00461824 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-06-15 02:38 - 2016-05-27 06:05 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-06-15 02:38 - 2016-05-27 06:05 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-06-15 02:38 - 2016-05-23 15:54 - 00346312 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-06-15 02:38 - 2016-05-22 06:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-06-15 02:38 - 2016-05-21 09:57 - 20341248 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-06-15 02:38 - 2016-05-20 15:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-06-15 02:38 - 2016-05-20 15:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-06-15 02:38 - 2016-05-20 14:57 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-06-15 02:38 - 2016-05-20 14:57 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-06-15 02:38 - 2016-05-20 14:57 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-06-15 02:38 - 2016-05-20 14:56 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-06-15 02:38 - 2016-05-20 14:55 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-06-15 02:38 - 2016-05-20 14:50 - 02287104 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-06-15 02:38 - 2016-05-20 14:49 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-06-15 02:38 - 2016-05-20 14:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-06-15 02:38 - 2016-05-20 14:45 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-06-15 02:38 - 2016-05-20 14:44 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-06-15 02:38 - 2016-05-20 14:44 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-06-15 02:38 - 2016-05-20 14:44 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-06-15 02:38 - 2016-05-20 14:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-06-15 02:38 - 2016-05-20 14:36 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-06-15 02:38 - 2016-05-20 14:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-06-15 02:38 - 2016-05-20 14:29 - 13815808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-06-15 02:38 - 2016-05-20 14:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-06-15 02:38 - 2016-05-20 14:26 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-06-15 02:38 - 2016-05-20 14:23 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-06-15 02:38 - 2016-05-20 14:23 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-06-15 02:38 - 2016-05-20 14:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-06-15 02:38 - 2016-05-20 14:19 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-06-15 02:38 - 2016-05-20 14:14 - 04610048 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-06-15 02:38 - 2016-05-20 14:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-06-15 02:38 - 2016-05-20 14:09 - 00693248 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-06-15 02:38 - 2016-05-20 14:09 - 00689664 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-06-15 02:38 - 2016-05-20 14:08 - 02055680 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-06-15 02:38 - 2016-05-20 14:07 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-06-15 02:38 - 2016-05-20 13:42 - 02121216 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-06-15 02:38 - 2016-05-20 13:38 - 01310208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-06-15 02:38 - 2016-05-20 13:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-06-15 02:38 - 2016-05-18 09:10 - 00306688 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-06-15 02:38 - 2016-05-13 14:54 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-06-15 02:38 - 2016-05-13 14:49 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-06-15 02:38 - 2016-05-13 14:49 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-06-15 02:38 - 2016-05-13 14:49 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-06-15 02:38 - 2016-05-13 14:27 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-06-15 02:38 - 2016-05-12 08:22 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-06-15 02:38 - 2016-05-12 08:22 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-06-15 02:38 - 2016-05-12 08:18 - 01062400 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-06-15 02:38 - 2016-05-12 08:18 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-06-15 02:38 - 2016-05-12 08:18 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-06-15 02:38 - 2016-05-12 08:18 - 00606720 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-06-15 02:38 - 2016-05-12 08:18 - 00591872 _____ (Microsoft Corporation) C:\Windows\system32\gpprefcl.dll
2016-06-15 02:38 - 2016-05-12 08:18 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-06-15 02:38 - 2016-05-12 08:18 - 00351744 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2016-06-15 02:38 - 2016-05-12 08:18 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2016-06-15 02:38 - 2016-05-12 08:18 - 00260608 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-06-15 02:38 - 2016-05-12 08:18 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-06-15 02:38 - 2016-05-12 08:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-06-15 02:38 - 2016-05-12 08:18 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-06-15 02:38 - 2016-05-12 08:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-06-15 02:38 - 2016-05-12 08:18 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-06-15 02:38 - 2016-05-12 08:18 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-06-15 02:38 - 2016-05-12 08:18 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2016-06-15 02:38 - 2016-05-12 08:18 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll
2016-06-15 02:38 - 2016-05-12 08:18 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-06-15 02:38 - 2016-05-12 08:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-06-15 02:38 - 2016-05-12 08:18 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2016-06-15 02:38 - 2016-05-12 08:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-06-15 02:38 - 2016-05-12 08:18 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-06-15 02:38 - 2016-05-12 08:18 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-06-15 02:38 - 2016-05-12 07:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.dll
2016-06-15 02:38 - 2016-05-12 07:57 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.exe
2016-06-15 02:38 - 2016-05-12 07:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-06-15 02:38 - 2016-05-12 07:54 - 02397696 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-06-15 02:38 - 2016-05-12 07:52 - 00313856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-06-15 02:38 - 2016-05-12 07:52 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-06-15 02:38 - 2016-05-12 07:52 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-06-15 02:38 - 2016-05-12 07:52 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-06-15 02:38 - 2016-05-12 07:52 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-06-15 02:38 - 2016-05-12 07:52 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-06-15 02:38 - 2016-05-12 07:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-06-15 02:38 - 2016-05-12 07:51 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-06-15 02:38 - 2016-05-12 07:51 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-06-15 02:38 - 2016-05-12 06:04 - 00370784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-06-15 02:38 - 2016-05-12 06:04 - 00249352 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-06-15 02:38 - 2016-05-11 08:19 - 00363520 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2016-06-15 02:38 - 2016-05-11 08:19 - 00351744 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-06-15 02:38 - 2016-05-11 08:19 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-06-15 02:38 - 2016-05-11 08:19 - 00206336 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-06-15 02:38 - 2016-05-11 08:01 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2016-06-15 02:38 - 2016-05-11 07:52 - 00188928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2016-06-15 02:38 - 2016-04-14 08:38 - 00105192 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-06-15 02:38 - 2016-04-14 08:33 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-06-15 02:38 - 2016-04-14 08:33 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-06-15 02:38 - 2016-04-14 08:33 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-06-15 02:38 - 2016-04-14 08:33 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-06-15 02:38 - 2016-04-14 08:33 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-06-15 02:38 - 2016-04-14 08:11 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-06-15 02:38 - 2016-04-08 23:54 - 12881408 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-06-15 02:38 - 2016-04-08 23:54 - 01499648 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-06-15 02:38 - 2016-04-08 22:44 - 02973184 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-06-15 02:38 - 2016-03-09 11:40 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-12 11:19 - 2015-05-26 16:29 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-07-12 11:19 - 2014-11-12 15:29 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-07-12 11:19 - 2014-08-13 08:07 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-12 11:19 - 2009-07-13 21:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-12 11:18 - 2009-07-13 21:34 - 00030896 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-12 11:18 - 2009-07-13 21:34 - 00030896 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-12 11:05 - 2010-11-20 14:01 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-12 11:05 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\inf
2016-07-12 10:19 - 2014-08-13 08:07 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-11 09:03 - 2014-10-21 08:34 - 00000000 ____D C:\PREVAIL_CLIENT
2016-07-06 13:50 - 2015-05-14 13:11 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers
2016-07-06 13:50 - 2015-05-14 13:10 - 00000000 ____D C:\Program Files\Samsung
2016-07-06 13:50 - 2015-05-14 13:04 - 00000000 ____D C:\ProgramData\Samsung
2016-07-02 09:10 - 2014-08-04 15:39 - 00000091 _____ C:\Windows\QBChanUtil_Trigger.ini
2016-06-28 09:12 - 2014-11-12 15:28 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-06-27 15:25 - 2014-10-30 16:10 - 00000000 ____D C:\Users\Admin\AppData\Local\Adobe
2016-06-27 15:22 - 2014-08-04 14:59 - 00002507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat 9 Standard.lnk
2016-06-27 15:22 - 2014-08-04 14:59 - 00002465 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Distiller 9.lnk
2016-06-27 15:22 - 2014-08-04 14:59 - 00002015 _____ C:\Users\Public\Desktop\Adobe Acrobat 9 Standard.lnk
2016-06-27 15:15 - 2014-11-12 15:28 - 00001066 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-06-27 15:15 - 2014-11-12 15:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-06-27 15:13 - 2016-04-04 12:42 - 00000000 ____D C:\Users\Admin\AppData\Local\GWX
2016-06-27 10:06 - 2014-08-04 15:01 - 00000000 ____D C:\ProgramData\FLEXnet
2016-06-27 09:47 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\tracing
2016-06-24 18:20 - 2014-12-02 14:43 - 00000000 ____D C:\Users\Assistant2\AppData\LocalLow\Temp
2016-06-24 18:18 - 2016-04-04 13:08 - 00000000 ____D C:\Temp
2016-06-24 16:29 - 2012-03-02 08:27 - 00000000 ____D C:\Windows\Panther
2016-06-24 14:00 - 2014-08-04 11:54 - 00000000 ____D C:\Users\Admin
2016-06-24 13:57 - 2014-07-21 07:04 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-06-24 13:57 - 2014-07-21 06:59 - 00000000 ____D C:\ProgramData\NVIDIA
2016-06-24 13:49 - 2009-07-13 19:37 - 00000000 __RHD C:\Users\Public\Libraries
2016-06-24 12:25 - 2015-07-15 12:30 - 00000000 ____D C:\Users\Public\Documents\scans
2016-06-24 12:25 - 2010-11-20 17:47 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-06-24 12:24 - 2016-04-04 13:25 - 00000000 ____D C:\Users\Admin\AppData\Local\minergate-cli
2016-06-24 12:23 - 2015-06-24 16:42 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-06-24 12:23 - 2015-06-02 09:30 - 00000000 ____D C:\Users\Admin\AppData\Local\Avg
2016-06-24 12:23 - 2014-10-20 17:22 - 00000000 ____D C:\ProgramData\AVG Security Toolbar
2016-06-24 12:23 - 2014-10-20 12:02 - 00000000 ____D C:\ProgramData\MFAData
2016-06-24 12:23 - 2014-08-04 15:39 - 00000000 ____D C:\ProgramData\SQL Anywhere 11
2016-06-24 12:23 - 2014-08-04 11:54 - 00000000 ____D C:\Users\Admin\AppData\Local\VirtualStore
2016-06-24 03:01 - 2014-07-21 07:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-06-21 12:13 - 2014-08-04 14:41 - 00400552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-06-21 05:17 - 2014-10-30 16:10 - 00000000 ____D C:\Users\Admin\AppData\Local\Google
2016-06-19 01:00 - 2015-12-07 12:19 - 00000000 ____D C:\Users\Assistant2\AppData\Local\ElevatedDiagnostics
2016-06-17 14:21 - 2014-08-13 08:07 - 00002147 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-17 14:21 - 2014-08-13 08:07 - 00002135 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-15 03:58 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\rescache
2016-06-15 03:33 - 2009-07-13 21:33 - 00449912 _____ C:\Windows\system32\FNTCACHE.DAT
2016-06-15 03:31 - 2014-12-10 03:23 - 00000000 ____D C:\Windows\system32\appraiser
2016-06-15 03:14 - 2015-06-24 16:43 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-06-15 03:12 - 2014-08-05 09:04 - 00000000 ____D C:\Windows\system32\MRT
2016-06-15 03:01 - 2014-08-05 09:04 - 139785240 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-06-14 03:48 - 2016-02-29 09:27 - 00785328 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2016-06-14 03:48 - 2015-06-11 19:32 - 00044120 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klim6.sys
2016-06-14 03:41 - 2015-07-04 02:18 - 00053168 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys
2016-06-14 03:07 - 2009-07-13 19:04 - 00000478 _____ C:\Windows\win.ini

==================== Files in the root of some directories =======

2016-06-24 12:25 - 2016-06-24 12:25 - 0002552 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\04-04-2016.id-9A91A1D6.Vegclass@aol.com.xtbl
2016-06-24 12:25 - 2016-06-24 12:25 - 0000440 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\04-10-2016.id-9A91A1D6.Vegclass@aol.com.xtbl
2016-06-24 12:25 - 2016-06-24 12:25 - 0000440 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\04-16-2016.id-9A91A1D6.Vegclass@aol.com.xtbl
2016-06-24 12:25 - 2016-06-24 12:25 - 0001544 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\04-18-2016.id-9A91A1D6.Vegclass@aol.com.xtbl
2016-06-24 12:25 - 2016-06-24 12:25 - 0000440 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\04-22-2016.id-9A91A1D6.Vegclass@aol.com.xtbl
2016-06-24 12:25 - 2016-06-24 12:25 - 0000488 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\05-06-2016.id-9A91A1D6.Vegclass@aol.com.xtbl
2016-06-24 12:25 - 2016-06-24 12:25 - 0000440 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\05-09-2016.id-9A91A1D6.Vegclass@aol.com.xtbl
2016-06-24 12:25 - 2016-06-24 12:25 - 0000584 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\05-15-2016.id-9A91A1D6.Vegclass@aol.com.xtbl
2016-06-24 12:25 - 2016-06-24 12:25 - 0000504 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\05-17-2016.id-9A91A1D6.Vegclass@aol.com.xtbl
2016-06-24 12:25 - 2016-06-24 12:25 - 0001032 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\05-31-2016.id-9A91A1D6.Vegclass@aol.com.xtbl
2016-06-24 12:25 - 2016-06-24 12:25 - 0000616 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\06-05-2016.id-9A91A1D6.Vegclass@aol.com.xtbl
2016-06-24 12:25 - 2016-06-24 12:25 - 0000440 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\06-15-2016.id-9A91A1D6.Vegclass@aol.com.xtbl
2016-06-24 12:25 - 2016-06-24 12:25 - 0017144 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\06-21-2016.id-9A91A1D6.Vegclass@aol.com.xtbl
2016-06-24 12:25 - 2016-06-24 12:25 - 0001160 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\06-22-2016.id-9A91A1D6.Vegclass@aol.com.xtbl
2016-06-24 12:25 - 2016-06-24 12:25 - 0002232 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\06-23-2016.id-9A91A1D6.Vegclass@aol.com.xtbl
2016-06-24 13:55 - 2016-06-24 14:00 - 0000000 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\06-24-2016
2016-06-24 12:25 - 2016-06-24 12:25 - 0014232 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\06-24-2016.id-9A91A1D6.Vegclass@aol.com.xtbl

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-07-11 06:56

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10-07-2016 01
Ran by Admin (2016-07-12 11:20:54)
Running from C:\Users\Admin\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X86) (2014-08-04 18:54:45)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Admin (S-1-5-21-491372964-234954144-3230604657-1002 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-491372964-234954144-3230604657-500 - Administrator - Disabled)
Assistant2 (S-1-5-21-491372964-234954144-3230604657-1003 - Limited - Enabled) => C:\Users\Assistant2
GhostUser (S-1-5-21-491372964-234954144-3230604657-1006 - Administrator - Enabled) => C:\Users\GhostUser
Guest (S-1-5-21-491372964-234954144-3230604657-501 - Limited - Disabled)
system32 (S-1-5-21-491372964-234954144-3230604657-1005 - Administrator - Enabled) => C:\Users\system32
User (S-1-5-21-491372964-234954144-3230604657-1004 - Administrator - Enabled) => C:\Users\User
user1 (S-1-5-21-491372964-234954144-3230604657-1007 - Administrator - Enabled) => C:\Users\user1

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Total Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AS: Kaspersky Total Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Total Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adblock Plus for IE (32-bit) (HKLM\...\{A243D0E2-D027-4340-AA12-6B13B2A96AC0}) (Version: 1.4 - Eyeo GmbH)
Adobe Acrobat  9 Standard (HKLM\...\{AC76BA86-1033-0000-BA7E-000000000004}{AC76BA86-1033-0000-BA7E-000000000004}) (Version: 9.0.0 - Adobe Systems)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Common Desktop Agent (Version: 1.62.0 - OEM) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
EPSON WorkForce 545 Series Printer Uninstall (HKLM\...\EPSON WorkForce 545 Series) (Version:  - SEIKO EPSON Corporation)
Fax Upload (HKLM\...\Fax Upload) (Version:  - )
FileLocator Lite (HKLM\...\{16B89C6C-17B6-47ED-9E56-4557B339C580}) (Version: 7.0.828.1 - Mythicsoft Ltd)
Google Chrome (HKLM\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.30.3 - Google Inc.) Hidden
Java 8 Update 77 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Total Security (HKLM\...\InstallWIX_{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}) (Version: 16.0.0.614 - Kaspersky Lab)
Kaspersky Total Security (Version: 16.0.0.614 - Kaspersky Lab) Hidden
Malwarebytes Anti-Exploit version 1.8.1.2563 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.2563 - Malwarebytes)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Standard 2013 (HKLM\...\Office15.STANDARD) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5981 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA nView Desktop Manager (HKLM\...\NVIDIA nView Desktop Manager) (Version: 6.14.10.13065 - NVIDIA Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
QuickBooks (Version: 24.0.4003.2403 - Intuit Inc.) Hidden
QuickBooks Pro 2014 (HKLM\...\{4A21D17E-2FE8-42CD-88B7-ACF8E8860834}) (Version: 24.0.4003.2403 - Intuit Inc.)
Samsung Easy Document Creator (HKLM\...\Samsung Easy Document Creator) (Version: 1.06.46 (10/30/2014) - Samsung Electronics Co., Ltd.)
Samsung Easy Printer Manager (HKLM\...\Samsung Easy Printer Manager) (Version: 1.06.00.04(1/29/2016) - Samsung Electronics Co., Ltd.)
Samsung M288x Series (HKLM\...\Samsung M288x Series) (Version: 1.14 (7/16/2015) - Samsung Electronics Co., Ltd.)
Samsung Network PC Fax (HKLM\...\Samsung Network PC Fax) (Version: 1.11.14 (11/4/2014) - Samsung Electronics Co., Ltd.)
Samsung Printer Diagnostics (HKLM\...\Samsung Printer Diagnostics) (Version: 1.0.1.6.02 - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Samsung Scan Process Machine (Version: 1.03.05.18 - Samsung Electronics Co., Ltd.) Hidden
SNS Upload for Easy Document Creator (HKLM\...\{B6B5F07C-88D5-49D3-A1A7-A6D4BC37DCCC}) (Version: 1.0.0 - Samsung Electronics Co.,Ltd)
View User's Guide (HKLM\...\View User Guide) (Version: 3.60.45.0 - )
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Yahoo Search Set (HKLM\...\Yahoo! SearchSet) (Version:  - Yahoo Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{1B3210AF-E236-46D4-83EF-6421F2FF543C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx => No File
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{1E78DD72-771E-42BF-8B4B-363CEB18E07B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx => No File
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{22664BE2-0806-4BA4-8643-DE40C9149176}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{2A9EBDB5-0600-4E8C-B910-4001BEB2DD8C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{349D777D-F7A2-4AAE-967F-A54F05A7FF3B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBFinder.dll => No File
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{38F58721-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\COMObjectFactory.dll => No File
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{38F58742-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{38F58743-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{38F58744-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{3CDEA288-D759-4C3B-B07F-7AFBCC842D98}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{4A56F19E-9F50-4F43-93C8-050E44AA83A9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{4E5E74B5-8EB5-4859-A335-837EED412620}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{5249684A-D7A2-4DBE-94F4-B90923A7BC64}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{5428A9ED-6CD8-11D6-9C8A-0001023DCAA2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{5B7331FA-8910-4748-A8A4-60B445041F28}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{5ED8AC89-B2DE-476D-8EEA-E170B2FCB058}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{70478C56-E77F-4134-B3E3-3B18EE036D71}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll => No File
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{7694F1CD-A55B-4B7C-8820-A90892EB4E9E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{8572570D-12D9-4F2C-8BB8-EB8848178B94}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2014\QBW32.EXE (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{8FEDE364-AB37-4551-80C9-6D468E222AB2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{A58C4EAB-2DB8-445E-9CAE-2AE197A5C708}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{B10BFAC3-EFF1-40D9-ADA0-BEBE037C24CA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{BCD594EA-15C3-4FD8-B92B-114BB9694537}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBCtrIPMDS2.dll => No File
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{CE18240D-F3F8-43AE-9EA0-A0DC85A95375}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll => No File
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{D9B9C060-0954-11D3-9E07-00104BD2BE34}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSource.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{D9BC6F81-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{D9BC6F84-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{D9BC6F87-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{D9BC6FA1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{D9BC6FA6-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{D9BC6FB2-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\StorageClasses.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{D9BC6FC1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{DA654E0C-E75D-4507-8AC2-71698C5B5C93}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2014\QBW32.EXE (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{E6E4DF8B-17CE-43ED-B2C7-2CE10457552D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{E7D2D0F6-B754-438D-B5C9-BF848D311A0F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll => No File
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{EAEF733D-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{F2C593CC-74B2-4F71-8556-DD4D426D0409}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2014\QBW32.EXE (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-491372964-234954144-3230604657-1002_Classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {31721CD7-A98B-4ACF-BC31-634BDE42D995} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {4DDF8DC1-6EE4-4263-96F6-6D0485A7373B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {4E025D0F-4D90-41D0-A720-7C308D8D67B5} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {72FAA2D1-648F-4190-989A-B556979A87FE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {A0BADACD-3EAC-452B-90AE-A76A4E0FA158} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-05-14 13:11 - 2015-06-26 08:21 - 00018432 _____ () C:\Windows\System32\ssa7mlm.dll
2015-07-08 23:18 - 2015-07-08 23:18 - 00794920 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Total Security 16.0.0\kpcengine.2.3.dll
2015-05-14 13:03 - 2013-02-22 13:30 - 00307200 _____ () C:\Windows\system32\SaMinDrv.dll
2015-06-25 00:45 - 2015-06-25 00:45 - 00094208 ____N () C:\Windows\system32\ssdevm.dll
2016-07-07 16:04 - 2016-07-07 16:03 - 00990720 _____ () C:\Windows\msapss\bin\msapp.exe
2015-09-15 14:58 - 2015-09-15 14:58 - 08901184 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:04 - 2009-06-10 14:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-491372964-234954144-3230604657-1002\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: CDAServer => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{0878F646-9ADD-4307-9C02-308FB5B036FA}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{F2A46496-33D1-4906-8804-0FE0C770680D}] => (Allow) LPort=2869
FirewallRules: [{FF3AA63C-06E8-4D14-A344-6446AF16D0D7}] => (Allow) LPort=1900
FirewallRules: [{56812BDE-50F1-4DF7-85C5-E8B999964D69}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{30E5470D-A414-4F80-877B-4680A71E5265}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{149A5C47-0D79-40B0-B5DF-74CC629C405B}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{1F87D08A-EF6B-422E-87AE-4992C9B58B56}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{1C19A6E2-4D32-4806-9731-48A3C3031811}] => (Allow) C:\Windows\twain_32\Samsung\SLM288x\ScanCDLM\ScanCDLM.exe
FirewallRules: [{E552974E-6EEC-4DF9-BC7D-4340FDAD074A}] => (Allow) C:\Windows\twain_32\Samsung\SLM288x\ScanCDLM\ScanCDLM.exe
FirewallRules: [TCP Query User{DBBE19B2-5BC8-41D3-A91B-4C3921A51038}C:\program files\common files\common desktop agent\cdasrv.exe] => (Allow) C:\program files\common files\common desktop agent\cdasrv.exe
FirewallRules: [UDP Query User{F51E5224-A6F4-4E3B-8C1B-7D4667151111}C:\program files\common files\common desktop agent\cdasrv.exe] => (Allow) C:\program files\common files\common desktop agent\cdasrv.exe
FirewallRules: [{F8C0240D-15AC-4F26-AC52-1AF5730399A9}] => (Allow) C:\Program Files\Samsung\Easy Document Creator\EDC.exe
FirewallRules: [{D4A09F55-62B5-4154-8292-DC6DD1AEFE8E}] => (Allow) C:\Program Files\Samsung\Easy Document Creator\EDC.exe
FirewallRules: [TCP Query User{AE704F67-032D-4497-9CF7-6A8B7E547EAE}C:\program files\common files\common desktop agent\cdasrv.exe] => (Block) C:\program files\common files\common desktop agent\cdasrv.exe
FirewallRules: [UDP Query User{A91052F3-1507-4B2C-9FA5-ADF528958AE0}C:\program files\common files\common desktop agent\cdasrv.exe] => (Block) C:\program files\common files\common desktop agent\cdasrv.exe
FirewallRules: [{9CE8B091-A0C4-4C82-9ECA-55B4AE1EE5E6}] => (Allow) LPort=3389
FirewallRules: [{B8772483-6577-4788-8216-A94BA070AA63}] => (Allow) LPort=3395
FirewallRules: [{CA51C6BB-E6BA-4838-B083-50E7AE31628A}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{0E529920-1CB7-446F-B97E-1F861238D39D}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{15C65C6C-B7B9-444E-A1FC-0C5275BE3649}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{E5244CF3-0F1F-42EB-9B14-55BE2C77FEBB}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{2D4C3AF7-5685-4EF2-9A87-E9374938F7BA}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\uninstall.exe
FirewallRules: [{EEF18449-820D-4BFB-A8F0-9951B34F5ACF}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{3542A30C-65F6-4890-B64C-A5C38895C6F5}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\CDAS2PC\ScanProcess.exe
FirewallRules: [{273D3A12-9AD1-4BA1-8176-B2C156F1E61B}] => (Allow) C:\Program Files\Samsung\Easy Printer Manager\CDAS2PC\Scan2PCNotify.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/12/2016 11:21:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/12/2016 11:19:52 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/12/2016 11:19:52 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/12/2016 11:17:33 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/12/2016 11:17:33 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/12/2016 11:15:13 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST.exe version 10.7.2016.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 24e0

Start Time: 01d1dc68ba4dae1a

Termination Time: 229

Application Path: C:\Users\Admin\Desktop\FRST.exe

Report Id:

Error: (07/12/2016 11:07:04 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/12/2016 11:07:04 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/11/2016 11:18:48 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/11/2016 11:18:48 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (07/12/2016 11:18:25 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (07/12/2016 11:18:25 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (07/12/2016 11:18:25 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Software Protection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (07/12/2016 11:18:25 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (07/12/2016 11:18:25 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The WinMedia Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/12/2016 11:18:25 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Samsung Network Fax Server service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (07/12/2016 11:18:25 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The QBIDPService service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/12/2016 11:18:25 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The QBCFMonitorService service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/12/2016 11:18:25 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/12/2016 11:18:25 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Malwarebytes Anti-Exploit Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.


CodeIntegrity:
===================================
  Date: 2016-07-11 21:49:55.108
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sirenacm.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-07-11 21:49:55.057
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2016-07-11 21:23:25.163
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sirenacm.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-07-11 21:23:25.114
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2016-07-11 21:18:11.751
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sirenacm.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-07-11 21:18:11.697
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2016-07-11 21:09:15.840
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sirenacm.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-07-11 21:09:15.796
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2016-07-07 16:13:18.968
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sirenacm.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-07-07 16:13:18.899
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Processor: Intel(R) Xeon(R) CPU E5620 @ 2.40GHz
Percentage of memory in use: 40%
Total physical RAM: 3005.59 MB
Available physical RAM: 1802.98 MB
Total Virtual: 9003.91 MB
Available Virtual: 7702.1 MB

==================== Drives ================================

Drive c: (OSDisk) (Fixed) (Total:219.15 GB) (Free:165.01 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Recovery) (Fixed) (Total:13.68 GB) (Free:13.31 GB) NTFS
Drive f: (Transcend) (Removable) (Total:58.9 GB) (Free:41.48 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.8 GB) (Disk ID: BC9D6F56)
Partition 1: (Active) - (Size=219.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=13.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 58.9 GB) (Disk ID: 6E697373)
No partition Table on disk 1.

==================== End of Addition.txt ============================

 

 

Link to post
Share on other sites

Hi Njem,

Please accept my sincere apologies - we have just discovered that the forum software is playing bad with my notifications and I was not informed that you replied. All e-mail were being pushed into my junk folder.

We do not differ between paid and free support. If you want, we can continue this case in our helpdesk or here. Let me know which way suits you better.

 

Edited by Naathim
Link to post
Share on other sites

This is all frustrating, irritating, and confusing. It's taken forever to get this far. Nothing has been offered but collecting lots of logs. Now apparently it's kind of working but I have no idea why.

I ran the scan as requested. This time, for some reason, when it found some items it also had the link there to see what they were. And when it was done it allowed me to remove them. You might remember, way back when, that was the original problem. It wasn't running right and would find stuff but not provide the link to see what they are, and not provide an option to remove them at the end.

This time it found stuff and went through the removal option and, I hope, got rid of them. Nothing has changed except that in the meantime I put a license key into the program.

It didn't quite work right because it didn't make a log. You'll see below the protection log which notes there was a scan and 5 things found, but looking through the whole list of logs, the last scan log was on 7/2.

 

Malwarebytes Anti-Malware
www.malwarebytes.org


Update, 7/20/2016 9:56 PM, SYSTEM, PC-CHRISTINA, Scheduler, IP Database, 2016.7.19.1, 2016.7.20.2, 
Update, 7/20/2016 9:56 PM, SYSTEM, PC-CHRISTINA, Scheduler, Domain Database, 2016.7.19.7, 2016.7.21.1, 
Update, 7/20/2016 9:56 PM, SYSTEM, PC-CHRISTINA, Scheduler, Malware Database, 2016.7.19.11, 2016.7.20.11, 
Protection, 7/20/2016 9:56 PM, SYSTEM, PC-CHRISTINA, Protection, Refresh, Starting, 
Protection, 7/20/2016 9:56 PM, SYSTEM, PC-CHRISTINA, Protection, Malicious Website Protection, Stopping, 
Protection, 7/20/2016 9:57 PM, SYSTEM, PC-CHRISTINA, Protection, Malicious Website Protection, Stopped, 
Scan, 7/20/2016 9:57 PM, SYSTEM, PC-CHRISTINA, Context, Start:7/20/2016 9:56 PM, Duration:0 min 48 sec, Threat Scan, Cancelled, 0 Malware Detections, 0 Non-Malware Detections, 
Protection, 7/20/2016 9:58 PM, SYSTEM, PC-CHRISTINA, Protection, Refresh, Success, 
Protection, 7/20/2016 9:58 PM, SYSTEM, PC-CHRISTINA, Protection, Malicious Website Protection, Starting, 
Protection, 7/20/2016 9:58 PM, SYSTEM, PC-CHRISTINA, Protection, Malicious Website Protection, Started, 
Scan, 7/20/2016 10:51 PM, SYSTEM, PC-CHRISTINA, Manual, Start:7/20/2016 9:58 PM, Duration:51 min 59 sec, Custom Scan, Completed, 0 Malware Detections, 5 Non-Malware Detections, 
Update, 7/20/2016 10:59 PM, SYSTEM, PC-CHRISTINA, Scheduler, Domain Database, 2016.7.21.1, 2016.7.21.2, 
Protection, 7/20/2016 10:59 PM, SYSTEM, PC-CHRISTINA, Protection, Refresh, Starting, 
Protection, 7/20/2016 10:59 PM, SYSTEM, PC-CHRISTINA, Protection, Refresh, Success, 

(end)

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.