MiaMia Posted July 3, 2016 ID:1049170 Share Posted July 3, 2016 Sorry, I believe i may have posted this in the incorrect forum before. Hello everyone,I have tried to follow all of the instructions listed at this post with no luck: http://www.myantispyware.com/2009/06/08 ... to-fix-it/ as well as here: Each time I try to run the program, it won't open, whether in safe mode, a new account, renamed, etc. I see I have scorpion saver on my computer (that won't delete) and the wifi also shuts off after each sleep, so there's some funny stuff going on. Any help would be much appreciated! Also, using the chameleon gets a little further and starts mbam-killer (bringing up around 5 files) but then says it has terminated and is unable to start the scan... Here are the results of the Farbar recovery scan: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-07-2016 Ran by Jon (administrator) on JON-PC (03-07-2016 14:03:47) Running from C:\Users\Jon\Downloads Loaded Profiles: Jon (Available Profiles: Jon) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Avid Technology, Inc.) C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Lenovo) C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe (Avid Technology, Inc.) C:\Windows\System32\M-AudioTaskBarIcon64.exe (Juniper Networks, Inc.) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe () C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\n360.exe (Mozy, Inc.) C:\Program Files\MozyHome\mozystat.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe () C:\Program Files (x86)\Edimax\Edimax Wireless LAN\WPSService20.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\n360.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Lenovo) C:\Users\Jon\AppData\Local\Apps\2.0\7Z8W83LE.KRN\0RCY7DDE.6AE\lsb...tion_2d7b41b05b24775e_0001.0006_6c5982beb50abfca\LSB.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Mozy, Inc.) C:\Program Files\MozyHome\mozybackup.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Mozy, Inc.) C:\Program Files\MozyHome\mozybackup.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\hh.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2538280 2010-12-22] (Synaptics Incorporated) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13353064 2011-11-14] (Realtek Semiconductor) HKLM\...\Run: [OnekeyStudio] => C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [789920 2012-04-22] (Lenovo) HKLM\...\Run: [M-Audio Taskbar Icon] => C:\windows\System32\M-AudioTaskBarIcon64.exe [634888 2009-02-11] (Avid Technology, Inc.) HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2012-04-22] (Lenovo) HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-07-27] (Intel(R) Corporation) HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2012-04-22] (Lenovo(beijing) Limited) HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9769888 2012-04-22] (Lenovo (Beijing) Limited) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [DNS7reminder] => "C:\Program Files (x86)\Nuance\NaturallySpeaking13\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking13\Ereg.ini" HKLM-x32\...\Run: [DigidesignMMERefresh] => C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe [77824 2009-06-18] (Avid Technology, Inc.) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\RunOnce: [C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\xgmeje] => cmd /C rd "C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\xgmeje" /s/q Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1586536999-29697831-1294094069-1000\...\Run: [HP Officejet 6700 (NET)] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2676584 2011-09-09] (Hewlett-Packard Co.) HKU\S-1-5-21-1586536999-29697831-1294094069-1000\...\MountPoints2: {23844499-5145-11e2-9c64-c01885eb94df} - E:\MotoCastSetup.exe -a HKU\S-1-5-21-1586536999-29697831-1294094069-1000\...\MountPoints2: {2384457c-5145-11e2-9c64-c01885eb94df} - E:\MotoCastSetup.exe -a HKU\S-1-5-21-1586536999-29697831-1294094069-1000\...\MountPoints2: {5950878a-a331-11e1-9aa6-c01885eb94df} - E:\setup.exe -a HKU\S-1-5-21-1586536999-29697831-1294094069-1000\...\MountPoints2: {7624bfd4-c44f-11e4-9fd3-c01885eb94df} - E:\VerizonSWUpgradeAssistantLauncher.exe HKU\S-1-5-21-1586536999-29697831-1294094069-1000\...\MountPoints2: {84a463c2-5436-11e5-a259-c01885eb94df} - E:\DT4000_Launcher.exe HKU\S-1-5-21-1586536999-29697831-1294094069-1000\...\MountPoints2: {f9184e96-9b86-11e4-bdab-c01885eb94df} - E:\VerizonSWUpgradeAssistantLauncher.exe HKU\S-1-5-21-1586536999-29697831-1294094069-1000\...\MountPoints2: {ff372f93-b8b7-11e5-8332-c01885eb94df} - E:\VerizonSWUpgradeAssistantLauncher.exe AppInit_DLLs-x32: C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll => C:\Program Files (x86)\Citrix\ICA Client\RSHook.dll [256392 2014-01-08] (Citrix Systems, Inc.) ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\22.7.0.76\buShell.dll [2016-06-09] (Symantec Corporation) ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\22.7.0.76\buShell.dll [2016-06-09] (Symantec Corporation) ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\22.7.0.76\buShell.dll [2016-06-09] (Symantec Corporation) ShellIconOverlayIdentifiers: [ mozysyncNotUploaded] -> {34DF8AC2-A6BB-4855-B45A-CC1B4D9183E3} => C:\Program Files\Mozy Sync\mozysyncshell.dll [2014-10-31] (Mozy, Inc.) ShellIconOverlayIdentifiers: [ mozysyncPendingChanges] -> {6673BC77-4A7B-4299-A130-14312E6B203A} => C:\Program Files\Mozy Sync\mozysyncshell.dll [2014-10-31] (Mozy, Inc.) ShellIconOverlayIdentifiers: [ mozysyncUpToDate] -> {04547006-32F5-4635-844B-B8D7FCE47692} => C:\Program Files\Mozy Sync\mozysyncshell.dll [2014-10-31] (Mozy, Inc.) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-06-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-06-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-06-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-06-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [mozy] -> {b32a6748-f273-4546-b60a-3c5adc239de5} => C:\Program Files\MozyHome\mozyshell.dll [2015-02-02] (Mozy, Inc.) ShellIconOverlayIdentifiers: [mozy2] -> {747E722C-CB46-4a9d-BDFE-192AAD5099B1} => C:\Program Files\MozyHome\mozyshell.dll [2015-02-02] (Mozy, Inc.) ShellIconOverlayIdentifiers: [mozy3] -> {EE6F5A00-7898-40f7-AB77-51FF9D6DEB20} => C:\Program Files\MozyHome\mozyshell.dll [2015-02-02] (Mozy, Inc.) ShellIconOverlayIdentifiers: [VeriFace Enc] -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\windows\system32\IcnOvrly.dll [2012-04-22] () ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MozyHome Status.lnk [2015-09-05] ShortcutTarget: MozyHome Status.lnk -> C:\Program Files\MozyHome\mozystat.exe (Mozy, Inc.) Startup: C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 6700 (Network).lnk [2016-07-03] ShortcutTarget: Monitor Ink Alerts - HP Officejet 6700 (Network).lnk -> C:\Program Files\HP\HP Officejet 6700\Bin\HPStatusBL.dll (Hewlett-Packard Co.) BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Winsock: Catalog9-x64 01 C:\windows\system32\AdpeakProxy64.dll [439296 2013-10-16] (Adpeak, Inc.) Winsock: Catalog9-x64 02 C:\windows\system32\AdpeakProxy64.dll [439296 2013-10-16] (Adpeak, Inc.) Winsock: Catalog9-x64 03 C:\windows\system32\AdpeakProxy64.dll [439296 2013-10-16] (Adpeak, Inc.) Winsock: Catalog9-x64 04 C:\windows\system32\AdpeakProxy64.dll [439296 2013-10-16] (Adpeak, Inc.) Winsock: Catalog9-x64 15 C:\windows\system32\AdpeakProxy64.dll [439296 2013-10-16] (Adpeak, Inc.) Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 Tcpip\..\Interfaces\{749D408D-0402-4F32-B959-7FD450A9C4F7}: [DhcpNameServer] 75.75.75.75 75.75.76.76 Internet Explorer: ================== HKU\S-1-5-21-1586536999-29697831-1294094069-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-1586536999-29697831-1294094069-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1586536999-29697831-1294094069-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1586536999-29697831-1294094069-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKU\S-1-5-21-1586536999-29697831-1294094069-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NSBU&chn=1000&geo=US&ver=22&locale=en_US&gct=kwd&qsrc=2869 BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation) BHO: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\dgnriaie_x64.dll [2014-07-12] (Nuance Communications, Inc.) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-22] (Google Inc.) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation) BHO-x32: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\dgnriaie.dll [2014-07-12] (Nuance Communications, Inc.) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-20] (Oracle Corporation) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-22] (Google Inc.) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-20] (Oracle Corporation) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-22] (Google Inc.) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-22] (Google Inc.) Toolbar: HKU\S-1-5-21-1586536999-29697831-1294094069-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-22] (Google Inc.) Toolbar: HKU\S-1-5-21-1586536999-29697831-1294094069-1000 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation) DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab DPF: HKLM-x32 {CC679CB8-DC4B-458B-B817-D447B3B6AC31} hxxps://vpn3.its.yale.edu/CACHE/stc/1/binaries/vpnweb.cab DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation) Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-01-08] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-01-08] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-01-08] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-01-08] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-01-08] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-01-08] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-01-08] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-01-08] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-01-08] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-01-08] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-01-08] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-01-08] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-01-08] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-01-08] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-01-08] (Citrix Systems, Inc.) Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-01-08] (Citrix Systems, Inc.) FireFox: ======== FF ProfilePath: C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\agp6acug.default-1385335376492 FF DefaultSearchEngine.US: Google FF Homepage: about:home FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll [2012-09-28] () FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: nuance.com/DgnRia2_x86_64 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\npDgnRia2_x64.dll [2014-07-12] (Nuance Communications, Inc.) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll [2012-09-28] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-10-31] () FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2014-01-08] (Citrix Systems, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-20] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-20] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-09] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-04-23] (Adobe Systems Inc.) FF Plugin-x32: nuance.com/DgnRia2 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\npDgnRia2.dll [2014-07-12] (Nuance Communications, Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\Jon\AppData\Roaming\mozilla\plugins\npatgpc.dll [2015-09-05] (Cisco WebEx LLC) FF Plugin ProgramFiles/Appdata: C:\Users\Jon\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2013-07-30] (Google) FF Plugin ProgramFiles/Appdata: C:\Users\Jon\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll [2013-07-30] () FF Plugin ProgramFiles/Appdata: C:\Users\Jon\AppData\Roaming\mozilla\plugins\npo1d.dll [2013-07-30] (Google) FF SearchPlugin: C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\agp6acug.default-1385335376492\searchplugins\safesearch.xml [2015-10-11] FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25] FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFAddon FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFAddon [2016-07-01] FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFAddon Chrome: ======= CHR StartupUrls: Default -> "hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN" CHR Profile: C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Drive) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22] CHR Extension: (Norton Security Toolbar) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2016-06-30] CHR Extension: (Google Docs Offline) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15] CHR Extension: (Norton Identity Safe) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-16] CHR Extension: (Cisco WebEx Extension) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2015-09-05] CHR Extension: (Google Scholar Button) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldipcbpaocekfooobnbcddclnhejkcpn [2015-04-21] CHR Extension: (Skype) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-05-24] CHR Extension: (Chrome Web Store Payments) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03] CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\Exts\Chrome.crx [2016-07-01] CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\Exts\Chrome.crx [2016-07-01] CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [956192 2011-02-15] (Broadcom Corporation.) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation) R2 DigiRefresh; C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe [77824 2009-06-18] (Avid Technology, Inc.) [File not signed] S3 digiSPTIService; C:\Program Files (x86)\Digidesign\Pro Tools\digiSPTIService.exe [159744 2009-06-18] (Avid Technology, Inc.) [File not signed] R2 DragonLoggerService; C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe [137280 2014-07-12] (Nuance Communications, Inc.) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes) R2 mozybackup; C:\Program Files\MozyHome\mozybackup.exe [55040 2015-02-02] (Mozy, Inc.) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-27] () R2 N360; C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\N360.exe [289080 2016-06-17] (Symantec Corporation) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed] R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 WPSService20; C:\Program Files (x86)\Edimax\Edimax Wireless LAN\WPSService20.exe [96768 2013-05-15] () [File not signed] S2 0235271344641637mcinstcleanup; C:\Users\Jon\AppData\Local\Temp\023527~1.EXE -cleanup -nolog [X] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\BASHDefs\20160701.003\BHDrvx64.sys [1832176 2016-05-12] (Symantec Corporation) R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1607000.04C\ccSetx64.sys [174328 2016-06-01] (Symantec Corporation) R1 DNE; C:\Windows\System32\DRIVERS\dnelwf64.sys [131160 2012-04-24] (Citrix Systems, Inc.) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497392 2016-05-04] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156912 2016-05-04] (Symantec Corporation) R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\IPSDefs\20160701.001\IDSvia64.sys [876248 2016-05-25] (Symantec Corporation) R3 jnprna; C:\Windows\System32\DRIVERS\jnprna6.sys [504176 2011-04-19] (Juniper Networks, Inc.) S3 MAUSBFT; C:\Windows\System32\DRIVERS\mausbft.sys [185864 2009-02-11] (Avid Technology, Inc.) S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes) S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation) R1 mozyFilter; C:\Windows\System32\DRIVERS\mozy.sys [69320 2015-02-02] (Mozy, Inc.) R1 NEOFLTR_8011_36363; C:\windows\system32\Drivers\NEOFLTR_8011_36363.SYS [108344 2015-05-24] (Juniper Networks, Inc.) S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited) S3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [1525904 2012-12-26] (Realtek Semiconductor Corporation ) R3 SPUVCbv; C:\Windows\System32\Drivers\usbvideo.sys [185344 2013-07-12] (Microsoft Corporation) R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1607000.04C\SRTSP64.SYS [773360 2016-06-01] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1607000.04C\SRTSPX64.SYS [48888 2016-06-01] (Symantec Corporation) R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1607000.04C\SYMEFASI64.SYS [1627352 2016-06-01] (Symantec Corporation) R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [101112 2016-07-01] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\N360x64\1607000.04C\Ironx64.SYS [291056 2016-06-01] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1607000.04C\SYMNETS.SYS [567536 2016-06-01] (Symantec Corporation) S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-10-10] (Cisco Systems, Inc.) U2 CLKMSVC10_3A60B698; no ImagePath U2 CLKMSVC10_C3B3B687; no ImagePath U2 DriverService; no ImagePath U2 IAStorDataMgrSvc; no ImagePath U2 idealife Update Service; no ImagePath U3 IGRS; no ImagePath U2 IviRegMgr; no ImagePath S3 NAVENG; \??\C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\SDSDefs\20160630.020\ENG64.SYS [X] S3 NAVEX15; \??\C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\SDSDefs\20160630.020\EX64.SYS [X] U2 nvUpdatusService; no ImagePath U2 Oasis2Service; no ImagePath U2 PCCarerServic; no ImagePath U2 ReadyComm.DirectRouter; no ImagePath U2 RichVideo; no ImagePath U2 RtLedService; no ImagePath U2 SoftwareService; no ImagePath U2 Stereo Service; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-07-03 14:03 - 2016-07-03 14:04 - 00033397 _____ C:\Users\Jon\Downloads\FRST.txt 2016-07-03 14:03 - 2016-07-03 14:03 - 02390016 _____ (Farbar) C:\Users\Jon\Downloads\FRST64.exe 2016-07-03 14:03 - 2016-07-03 14:03 - 00000000 ____D C:\FRST 2016-07-03 13:53 - 2016-07-03 13:57 - 00002416 _____ C:\Users\Jon\Desktop\Rkill.txt 2016-07-03 13:52 - 2016-07-03 13:52 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Jon\Downloads\rkill.exe 2016-07-03 13:34 - 2016-07-03 13:34 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2016-07-03 13:34 - 2016-07-03 13:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-07-03 13:34 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys 2016-07-03 13:34 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys 2016-07-03 13:33 - 2016-07-03 13:55 - 00140672 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys 2016-07-03 13:31 - 2016-07-03 13:31 - 06705178 _____ C:\Users\Jon\Downloads\mbam-chameleon-3.1.33.0.zip 2016-07-03 13:14 - 2016-07-03 13:14 - 00000000 ____D C:\Users\MyApp\AppData\Local\CrashDumps 2016-07-03 13:12 - 2016-07-03 13:12 - 00112728 _____ C:\Users\MyApp\AppData\Local\GDIPFONTCACHEV1.DAT 2016-07-03 13:12 - 2016-07-03 13:12 - 00001413 _____ C:\Users\MyApp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2016-07-03 13:12 - 2016-07-03 13:12 - 00000000 ____D C:\Users\MyApp\AppData\Roaming\Intel 2016-07-03 13:12 - 2016-07-03 13:12 - 00000000 ____D C:\Users\MyApp\AppData\Roaming\Adobe 2016-07-03 13:11 - 2016-07-03 13:12 - 00002086 _____ C:\Users\MyApp\Desktop\OneKey Recovery.lnk 2016-07-03 13:11 - 2016-07-03 13:12 - 00001118 _____ C:\Users\MyApp\Desktop\Cyberlink Power2Go.lnk 2016-07-03 13:11 - 2016-07-03 13:12 - 00000000 ____D C:\Users\MyApp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo 2016-07-03 13:11 - 2016-07-03 13:11 - 00000020 ___SH C:\Users\MyApp\ntuser.ini 2016-07-03 13:11 - 2016-07-03 13:11 - 00000000 _SHDL C:\Users\MyApp\My Documents 2016-07-03 13:11 - 2016-07-03 13:11 - 00000000 _SHDL C:\Users\MyApp\Documents\My Videos 2016-07-03 13:11 - 2016-07-03 13:11 - 00000000 _SHDL C:\Users\MyApp\Documents\My Pictures 2016-07-03 13:11 - 2016-07-03 13:11 - 00000000 _SHDL C:\Users\MyApp\Documents\My Music 2016-07-03 13:11 - 2016-07-03 13:11 - 00000000 ____D C:\Users\MyApp\AppData\Local\VirtualStore 2016-07-03 13:11 - 2016-07-03 13:11 - 00000000 ____D C:\Users\MyApp\AppData\Local\Google 2016-07-03 13:11 - 2016-07-03 13:11 - 00000000 ____D C:\Users\MyApp 2016-07-03 13:11 - 2012-07-03 18:10 - 00000000 ____D C:\Users\MyApp\AppData\Roaming\Juniper Networks 2016-07-03 13:11 - 2012-06-03 14:21 - 00000000 ____D C:\Users\MyApp\AppData\Roaming\Macromedia 2016-07-03 13:11 - 2012-05-12 16:52 - 00000000 ____D C:\Users\MyApp\AppData\Local\Microsoft Help 2016-07-03 13:11 - 2011-09-28 23:37 - 00000000 ____D C:\Users\MyApp\AppData\Roaming\Media Center Programs 2016-07-03 13:11 - 2010-12-19 01:31 - 00000189 _____ C:\Users\MyApp\Desktop\Lenovo Telephony Start Now.url 2016-07-03 13:02 - 2016-07-03 13:06 - 00225948 _____ C:\TDSSKiller.3.1.0.9_03.07.2016_13.02.33_log.txt 2016-07-03 12:58 - 2016-07-03 13:26 - 00000000 ____D C:\Program Files (x86)\My App 2016-07-03 12:55 - 2016-07-03 12:55 - 00004472 _____ C:\TDSSKiller.3.1.0.9_03.07.2016_12.55.04_log.txt 2016-07-03 12:53 - 2016-07-03 12:54 - 04633146 _____ C:\Users\Jon\Downloads\tdsskiller.zip 2016-07-03 12:26 - 2016-07-03 12:26 - 00000085 _____ C:\windows\wininit.ini 2016-07-02 18:36 - 2016-07-02 18:36 - 00000000 ____D C:\Users\Jon\AppData\Local\GWX 2016-07-02 18:19 - 2016-07-02 18:30 - 00000000 ___SD C:\windows\system32\GWX 2016-07-02 18:19 - 2016-07-02 18:19 - 00000000 ___SD C:\windows\SysWOW64\GWX 2016-07-02 18:19 - 2016-07-02 18:19 - 00000000 ___SD C:\windows\system32\CompatTel 2016-07-02 18:19 - 2016-07-02 18:19 - 00000000 ____D C:\windows\system32\appraiser 2016-07-02 14:20 - 2015-01-08 19:44 - 00419936 _____ C:\windows\SysWOW64\locale.nls 2016-07-02 14:20 - 2015-01-08 19:43 - 00419936 _____ C:\windows\system32\locale.nls 2016-07-02 14:08 - 2015-07-30 09:13 - 00124624 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll 2016-07-02 14:08 - 2015-07-30 09:13 - 00103120 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2016-07-02 14:06 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\windows\system32\IEUDINIT.EXE 2016-07-02 14:02 - 2016-07-02 14:02 - 24917504 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 19607040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 14404096 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 12829696 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 06026240 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 04305920 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2016-07-02 14:02 - 2016-07-02 14:02 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2016-07-02 14:02 - 2016-07-02 14:02 - 02426880 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 02278912 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2016-07-02 14:02 - 2016-07-02 14:02 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl 2016-07-02 14:02 - 2016-07-02 14:02 - 01950720 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 01309696 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00942592 _____ (Microsoft Corporation) C:\windows\system32\jsIntl.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe 2016-07-02 14:02 - 2016-07-02 14:02 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00720384 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2016-07-02 14:02 - 2016-07-02 14:02 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00645120 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsIntl.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00616104 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dat 2016-07-02 14:02 - 2016-07-02 14:02 - 00616104 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dat 2016-07-02 14:02 - 2016-07-02 14:02 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00503808 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec 2016-07-02 14:02 - 2016-07-02 14:02 - 00389840 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00342728 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec 2016-07-02 14:02 - 2016-07-02 14:02 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\msls31.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\url.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00235008 _____ (Microsoft Corporation) C:\windows\system32\elshyph.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00233472 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00208384 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00194048 _____ (Microsoft Corporation) C:\windows\SysWOW64\elshyph.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00182272 _____ (Microsoft Corporation) C:\windows\SysWOW64\msls31.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00167424 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe 2016-07-02 14:02 - 2016-07-02 14:02 - 00151552 _____ (Microsoft Corporation) C:\windows\SysWOW64\iexpress.exe 2016-07-02 14:02 - 2016-07-02 14:02 - 00147968 _____ (Microsoft Corporation) C:\windows\system32\occache.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2016-07-02 14:02 - 2016-07-02 14:02 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe 2016-07-02 14:02 - 2016-07-02 14:02 - 00139264 _____ (Microsoft Corporation) C:\windows\SysWOW64\wextract.exe 2016-07-02 14:02 - 2016-07-02 14:02 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00131072 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00127488 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00116736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe 2016-07-02 14:02 - 2016-07-02 14:02 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe 2016-07-02 14:02 - 2016-07-02 14:02 - 00111616 _____ (Microsoft Corporation) C:\windows\SysWOW64\IEAdvpack.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00105984 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00101376 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00090112 _____ (Microsoft Corporation) C:\windows\system32\SetIEInstalledDate.exe 2016-07-02 14:02 - 2016-07-02 14:02 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00086016 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe 2016-07-02 14:02 - 2016-07-02 14:02 - 00083456 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\icardie.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx 2016-07-02 14:02 - 2016-07-02 14:02 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00074240 _____ (Microsoft Corporation) C:\windows\SysWOW64\SetIEInstalledDate.exe 2016-07-02 14:02 - 2016-07-02 14:02 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe 2016-07-02 14:02 - 2016-07-02 14:02 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardie.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx 2016-07-02 14:02 - 2016-07-02 14:02 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00056832 _____ (Microsoft Corporation) C:\windows\SysWOW64\pngfilt.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00048640 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmler.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\mshtmler.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00048128 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\imgutil.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00024576 _____ (Microsoft Corporation) C:\windows\SysWOW64\licmgr10.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe 2016-07-02 14:02 - 2016-07-02 14:02 - 00013312 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe 2016-07-02 14:02 - 2016-07-02 14:02 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe 2016-07-02 14:02 - 2016-07-02 14:02 - 00012800 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe 2016-07-02 14:02 - 2016-07-02 14:02 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll 2016-07-02 12:10 - 2014-06-30 18:24 - 00008856 _____ (Microsoft Corporation) C:\windows\system32\icardres.dll 2016-07-02 12:10 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardres.dll 2016-07-02 12:10 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\windows\SysWOW64\TsWpfWrp.exe 2016-07-02 12:10 - 2014-06-06 02:12 - 00035480 _____ (Microsoft Corporation) C:\windows\system32\TsWpfWrp.exe 2016-07-02 12:10 - 2014-03-09 17:48 - 01389208 _____ (Microsoft Corporation) C:\windows\system32\icardagt.exe 2016-07-02 12:10 - 2014-03-09 17:48 - 00171160 _____ (Microsoft Corporation) C:\windows\system32\infocardapi.dll 2016-07-02 12:10 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardagt.exe 2016-07-02 12:10 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\windows\SysWOW64\infocardapi.dll 2016-07-02 12:05 - 2015-11-19 10:07 - 00994760 _____ (Microsoft Corporation) C:\windows\system32\ucrtbase.dll 2016-07-02 12:05 - 2015-11-19 10:07 - 00063840 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-private-l1-1-0.dll 2016-07-02 12:05 - 2015-11-19 10:07 - 00020832 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-math-l1-1-0.dll 2016-07-02 12:05 - 2015-11-19 10:07 - 00019808 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll 2016-07-02 12:05 - 2015-11-19 10:07 - 00017760 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-string-l1-1-0.dll 2016-07-02 12:05 - 2015-11-19 10:07 - 00017760 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-stdio-l1-1-0.dll 2016-07-02 12:05 - 2015-11-19 10:07 - 00016224 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-runtime-l1-1-0.dll 2016-07-02 12:05 - 2015-11-19 10:07 - 00015712 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-convert-l1-1-0.dll 2016-07-02 12:05 - 2015-11-19 10:07 - 00014176 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-time-l1-1-0.dll 2016-07-02 12:05 - 2015-11-19 10:07 - 00014176 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-2-0.dll 2016-07-02 12:05 - 2015-11-19 10:07 - 00013664 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll 2016-07-02 12:05 - 2015-11-19 10:07 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-process-l1-1-0.dll 2016-07-02 12:05 - 2015-11-19 10:07 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-heap-l1-1-0.dll 2016-07-02 12:05 - 2015-11-19 10:07 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-conio-l1-1-0.dll 2016-07-02 12:05 - 2015-11-19 10:07 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-utility-l1-1-0.dll 2016-07-02 12:05 - 2015-11-19 10:07 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-locale-l1-1-0.dll 2016-07-02 12:05 - 2015-11-19 10:07 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-environment-l1-1-0.dll 2016-07-02 12:05 - 2015-11-19 10:07 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-2-0.dll 2016-07-02 12:05 - 2015-11-19 10:07 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-1.dll 2016-07-02 12:05 - 2015-11-19 10:07 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l2-1-0.dll 2016-07-02 12:05 - 2015-11-19 10:07 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-timezone-l1-1-0.dll 2016-07-02 12:05 - 2015-11-19 10:07 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l2-1-0.dll 2016-07-02 12:05 - 2015-11-19 10:07 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-2-0.dll 2016-07-02 12:05 - 2015-11-19 10:06 - 00922432 _____ (Microsoft Corporation) C:\windows\SysWOW64\ucrtbase.dll 2016-07-02 12:05 - 2015-11-19 10:06 - 00066400 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll 2016-07-02 12:05 - 2015-11-19 10:06 - 00022368 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll 2016-07-02 12:05 - 2015-11-19 10:06 - 00019808 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll 2016-07-02 12:05 - 2015-11-19 10:06 - 00017760 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll 2016-07-02 12:05 - 2015-11-19 10:06 - 00017760 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll 2016-07-02 12:05 - 2015-11-19 10:06 - 00016224 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll 2016-07-02 12:05 - 2015-11-19 10:06 - 00015712 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll 2016-07-02 12:05 - 2015-11-19 10:06 - 00014176 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll 2016-07-02 12:05 - 2015-11-19 10:06 - 00014176 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll 2016-07-02 12:05 - 2015-11-19 10:06 - 00013664 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll 2016-07-02 12:05 - 2015-11-19 10:06 - 00012640 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll 2016-07-02 12:05 - 2015-11-19 10:06 - 00012640 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll 2016-07-02 12:05 - 2015-11-19 10:06 - 00012640 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll 2016-07-02 12:05 - 2015-11-19 10:06 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll 2016-07-02 12:05 - 2015-11-19 10:06 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll 2016-07-02 12:05 - 2015-11-19 10:06 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll 2016-07-02 12:05 - 2015-11-19 10:06 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll 2016-07-02 12:05 - 2015-11-19 10:06 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll 2016-07-02 12:05 - 2015-11-19 10:06 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll 2016-07-02 12:05 - 2015-11-19 10:06 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll 2016-07-02 12:05 - 2015-11-19 10:06 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll 2016-07-02 12:05 - 2015-11-19 10:06 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll 2016-07-02 00:51 - 2015-07-30 14:06 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll 2016-07-02 00:51 - 2015-07-30 13:57 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll 2016-07-02 00:51 - 2015-07-22 20:02 - 01390592 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll 2016-07-02 00:51 - 2015-07-22 20:02 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll 2016-07-02 00:51 - 2015-07-22 13:53 - 00635392 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll 2016-07-02 00:51 - 2015-07-22 12:48 - 00041984 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll 2016-07-02 00:51 - 2015-07-14 23:19 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\basesrv.dll 2016-07-02 00:50 - 2016-05-12 13:20 - 00154856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys 2016-07-02 00:50 - 2016-05-12 13:20 - 00095464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys 2016-07-02 00:50 - 2016-05-12 13:15 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll 2016-07-02 00:50 - 2016-05-12 13:15 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll 2016-07-02 00:50 - 2016-05-12 13:15 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll 2016-07-02 00:50 - 2016-05-12 13:15 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll 2016-07-02 00:50 - 2016-05-12 13:14 - 01464320 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll 2016-07-02 00:50 - 2016-05-12 13:14 - 01212928 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll 2016-07-02 00:50 - 2016-05-12 13:14 - 00730624 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll 2016-07-02 00:50 - 2016-05-12 13:14 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll 2016-07-02 00:50 - 2016-05-12 13:14 - 00463872 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll 2016-07-02 00:50 - 2016-05-12 13:14 - 00344064 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll 2016-07-02 00:50 - 2016-05-12 13:14 - 00316416 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll 2016-07-02 00:50 - 2016-05-12 13:14 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll 2016-07-02 00:50 - 2016-05-12 13:14 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll 2016-07-02 00:50 - 2016-05-12 13:14 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll 2016-07-02 00:50 - 2016-05-12 13:14 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll 2016-07-02 00:50 - 2016-05-12 13:14 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll 2016-07-02 00:50 - 2016-05-12 13:14 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll 2016-07-02 00:50 - 2016-05-12 13:14 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll 2016-07-02 00:50 - 2016-05-12 11:18 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll 2016-07-02 00:50 - 2016-05-12 11:18 - 00666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll 2016-07-02 00:50 - 2016-05-12 11:18 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll 2016-07-02 00:50 - 2016-05-12 11:18 - 00342528 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll 2016-07-02 00:50 - 2016-05-12 11:18 - 00260608 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll 2016-07-02 00:50 - 2016-05-12 11:18 - 00251392 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll 2016-07-02 00:50 - 2016-05-12 11:18 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll 2016-07-02 00:50 - 2016-05-12 11:18 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll 2016-07-02 00:50 - 2016-05-12 11:18 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll 2016-07-02 00:50 - 2016-05-12 11:18 - 00141312 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll 2016-07-02 00:50 - 2016-05-12 11:18 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll 2016-07-02 00:50 - 2016-05-12 11:18 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll 2016-07-02 00:50 - 2016-05-12 11:18 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll 2016-07-02 00:50 - 2016-05-12 11:18 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll 2016-07-02 00:50 - 2016-05-12 11:18 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll 2016-07-02 00:50 - 2016-05-12 11:05 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe 2016-07-02 00:50 - 2016-05-12 10:58 - 00464896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv.sys 2016-07-02 00:50 - 2016-05-12 10:58 - 00405504 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys 2016-07-02 00:50 - 2016-05-12 10:58 - 00291328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys 2016-07-02 00:50 - 2016-05-12 10:58 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys 2016-07-02 00:50 - 2016-05-12 10:58 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys 2016-07-02 00:50 - 2016-05-12 10:58 - 00129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys 2016-07-02 00:50 - 2016-05-12 10:57 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe 2016-07-02 00:50 - 2016-05-12 10:56 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe 2016-07-02 00:50 - 2016-05-12 10:51 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll 2016-07-02 00:50 - 2016-05-12 09:05 - 00459640 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys 2016-07-02 00:50 - 2016-05-12 09:05 - 00297984 _____ (Microsoft Corporation) C:\windows\system32\bcryptprimitives.dll 2016-07-02 00:50 - 2016-05-12 09:04 - 00249352 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcryptprimitives.dll 2016-07-02 00:50 - 2016-03-17 18:56 - 02084864 _____ (Microsoft Corporation) C:\windows\system32\ole32.dll 2016-07-02 00:50 - 2016-03-17 18:28 - 01414144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ole32.dll 2016-07-02 00:50 - 2016-03-16 14:50 - 00156672 _____ (Microsoft Corporation) C:\windows\system32\mtxoci.dll 2016-07-02 00:50 - 2016-03-16 14:28 - 00176128 _____ (Microsoft Corporation) C:\windows\SysWOW64\msorcl32.dll 2016-07-02 00:50 - 2016-03-16 14:28 - 00111616 _____ (Microsoft Corporation) C:\windows\SysWOW64\mtxoci.dll 2016-07-02 00:50 - 2016-03-15 20:16 - 00760320 _____ (Microsoft Corporation) C:\windows\system32\samsrv.dll 2016-07-02 00:50 - 2016-03-15 20:16 - 00106496 _____ (Microsoft Corporation) C:\windows\system32\samlib.dll 2016-07-02 00:50 - 2016-03-15 19:53 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\samlib.dll 2016-07-02 00:50 - 2015-07-10 13:51 - 03722752 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll 2016-07-02 00:50 - 2015-07-10 13:34 - 03221504 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll 2016-07-02 00:49 - 2016-05-18 12:10 - 00312832 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll 2016-07-02 00:49 - 2016-05-18 12:09 - 00405504 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll 2016-07-02 00:49 - 2016-05-13 18:15 - 00382184 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll 2016-07-02 00:49 - 2016-05-13 18:09 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll 2016-07-02 00:49 - 2016-05-13 18:09 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll 2016-07-02 00:49 - 2016-05-13 18:09 - 00041472 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll 2016-07-02 00:49 - 2016-05-13 18:09 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll 2016-07-02 00:49 - 2016-05-13 17:54 - 00308456 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll 2016-07-02 00:49 - 2016-05-13 17:50 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll 2016-07-02 00:49 - 2016-05-13 17:49 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll 2016-07-02 00:49 - 2016-05-13 17:49 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll 2016-07-02 00:49 - 2016-05-13 17:27 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll 2016-07-02 00:49 - 2016-05-12 13:15 - 00105472 _____ (Microsoft Corporation) C:\windows\system32\winipsec.dll 2016-07-02 00:49 - 2016-05-12 13:14 - 00794624 _____ (Microsoft Corporation) C:\windows\system32\gpsvc.dll 2016-07-02 00:49 - 2016-05-12 13:14 - 00502272 _____ (Microsoft Corporation) C:\windows\system32\IPSECSVC.DLL 2016-07-02 00:49 - 2016-05-12 13:14 - 00373760 _____ (Microsoft Corporation) C:\windows\system32\polstore.dll 2016-07-02 00:49 - 2016-05-12 13:14 - 00096256 _____ (Microsoft Corporation) C:\windows\system32\gpapi.dll 2016-07-02 00:49 - 2016-05-12 13:14 - 00075776 _____ (Microsoft Corporation) C:\windows\system32\FwRemoteSvr.dll 2016-07-02 00:49 - 2016-05-12 11:18 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\polstore.dll 2016-07-02 00:49 - 2016-05-12 11:18 - 00079360 _____ (Microsoft Corporation) C:\windows\SysWOW64\gpapi.dll 2016-07-02 00:49 - 2016-05-12 11:18 - 00070144 _____ (Microsoft Corporation) C:\windows\SysWOW64\winipsec.dll 2016-07-02 00:49 - 2016-05-12 11:18 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\FwRemoteSvr.dll 2016-07-02 00:49 - 2016-05-12 11:03 - 03217408 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2016-07-02 00:49 - 2016-05-11 13:02 - 00483840 _____ (Microsoft Corporation) C:\windows\system32\StructuredQuery.dll 2016-07-02 00:49 - 2016-05-11 13:02 - 00444928 _____ (Microsoft Corporation) C:\windows\system32\winhttp.dll 2016-07-02 00:49 - 2016-05-11 13:02 - 00327168 _____ (Microsoft Corporation) C:\windows\system32\mswsock.dll 2016-07-02 00:49 - 2016-05-11 13:02 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\ws2_32.dll 2016-07-02 00:49 - 2016-05-11 11:19 - 00363520 _____ (Microsoft Corporation) C:\windows\SysWOW64\StructuredQuery.dll 2016-07-02 00:49 - 2016-05-11 11:19 - 00351744 _____ (Microsoft Corporation) C:\windows\SysWOW64\winhttp.dll 2016-07-02 00:49 - 2016-05-11 11:19 - 00231424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mswsock.dll 2016-07-02 00:49 - 2016-05-11 11:19 - 00206336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ws2_32.dll 2016-07-02 00:49 - 2016-05-11 11:11 - 00025088 _____ (Microsoft Corporation) C:\windows\system32\netbtugc.exe 2016-07-02 00:49 - 2016-05-11 11:01 - 00026624 _____ (Microsoft Corporation) C:\windows\SysWOW64\netbtugc.exe 2016-07-02 00:49 - 2016-05-11 10:58 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netbt.sys 2016-07-02 00:49 - 2016-04-14 09:49 - 00603648 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10level9.dll 2016-07-02 00:49 - 2016-04-14 09:21 - 00647680 _____ (Microsoft Corporation) C:\windows\system32\d3d10level9.dll 2016-07-02 00:49 - 2016-04-09 03:01 - 00986344 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys 2016-07-02 00:49 - 2016-04-09 03:01 - 00264936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgmms1.sys 2016-07-02 00:49 - 2016-04-09 02:58 - 14186496 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll 2016-07-02 00:49 - 2016-04-09 02:57 - 01867776 _____ (Microsoft Corporation) C:\windows\system32\ExplorerFrame.dll 2016-07-02 00:49 - 2016-04-09 02:57 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\cdd.dll 2016-07-02 00:49 - 2016-04-09 02:54 - 12881408 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll 2016-07-02 00:49 - 2016-04-09 02:54 - 01499648 _____ (Microsoft Corporation) C:\windows\SysWOW64\ExplorerFrame.dll 2016-07-02 00:49 - 2016-04-09 01:53 - 03231232 _____ (Microsoft Corporation) C:\windows\explorer.exe 2016-07-02 00:49 - 2016-04-09 01:44 - 02973184 _____ (Microsoft Corporation) C:\windows\SysWOW64\explorer.exe 2016-07-02 00:49 - 2016-04-09 00:20 - 01230848 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll 2016-07-02 00:49 - 2016-04-08 23:52 - 01424896 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll 2016-07-02 00:49 - 2016-03-09 14:54 - 00275456 _____ (Microsoft Corporation) C:\windows\system32\InkEd.dll 2016-07-02 00:49 - 2016-03-09 14:34 - 00216064 _____ (Microsoft Corporation) C:\windows\SysWOW64\InkEd.dll 2016-07-02 00:49 - 2016-03-06 14:53 - 01885696 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll 2016-07-02 00:49 - 2016-03-06 14:53 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll 2016-07-02 00:49 - 2016-03-06 14:38 - 01240576 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll 2016-07-02 00:49 - 2016-03-06 14:38 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll 2016-07-02 00:49 - 2016-02-03 14:58 - 00862208 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll 2016-07-02 00:49 - 2016-02-03 14:52 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\asycfilt.dll 2016-07-02 00:49 - 2016-02-03 14:49 - 00572416 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll 2016-07-02 00:49 - 2016-02-03 14:43 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\asycfilt.dll 2016-07-02 00:49 - 2016-02-02 14:57 - 00511488 _____ (Microsoft Corporation) C:\windows\system32\rpcss.dll 2016-07-02 00:49 - 2016-01-20 20:51 - 00073664 _____ (Microsoft Corporation) C:\windows\system32\Drivers\disk.sys 2016-07-02 00:49 - 2015-10-13 00:57 - 00950720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys 2016-07-02 00:49 - 2015-07-10 13:51 - 00158720 _____ (Microsoft Corporation) C:\windows\system32\aaclient.dll 2016-07-02 00:49 - 2015-07-10 13:51 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll 2016-07-02 00:49 - 2015-07-10 13:34 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll 2016-07-02 00:49 - 2015-07-10 13:33 - 00131584 _____ (Microsoft Corporation) C:\windows\SysWOW64\aaclient.dll 2016-07-02 00:49 - 2015-01-16 22:48 - 01067520 _____ (Microsoft Corporation) C:\windows\system32\msctf.dll 2016-07-02 00:49 - 2015-01-16 22:30 - 00828928 _____ (Microsoft Corporation) C:\windows\SysWOW64\msctf.dll 2016-07-02 00:44 - 2016-02-12 14:52 - 03169792 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll 2016-07-02 00:44 - 2016-02-12 14:52 - 00192512 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll 2016-07-02 00:44 - 2016-02-12 14:52 - 00098816 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll 2016-07-02 00:44 - 2016-02-12 14:44 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll 2016-07-02 00:44 - 2016-02-12 14:39 - 00174080 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll 2016-07-02 00:44 - 2016-02-12 14:22 - 02610688 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll 2016-07-02 00:44 - 2016-02-12 14:19 - 00709120 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll 2016-07-02 00:44 - 2016-02-12 14:18 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe 2016-07-02 00:44 - 2016-02-12 14:18 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll 2016-07-02 00:44 - 2016-02-12 14:18 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe 2016-07-02 00:44 - 2016-02-12 14:18 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wups.dll 2016-07-02 00:44 - 2016-02-12 14:18 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll 2016-07-02 00:44 - 2016-02-12 14:06 - 00573440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll 2016-07-02 00:44 - 2016-02-12 14:05 - 00093696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll 2016-07-02 00:44 - 2016-02-12 14:05 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe 2016-07-02 00:44 - 2016-02-12 14:05 - 00030208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll 2016-07-02 00:43 - 2016-06-06 12:58 - 00041704 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe 2016-07-02 00:43 - 2016-06-06 12:50 - 01204224 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll 2016-07-02 00:43 - 2016-06-03 09:05 - 01413120 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll 2016-07-02 00:43 - 2016-05-27 09:06 - 00569856 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll 2016-07-02 00:43 - 2016-05-27 09:06 - 00544256 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll 2016-07-02 00:43 - 2016-05-27 09:06 - 00276480 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll 2016-07-02 00:43 - 2016-05-27 09:06 - 00265216 _____ (Microsoft Corporation) C:\windows\system32\centel.dll 2016-07-02 00:43 - 2016-05-22 09:06 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll 2016-07-02 00:43 - 2016-05-12 13:15 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll 2016-07-02 00:43 - 2016-05-12 11:18 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll 2016-07-02 00:43 - 2016-04-14 12:46 - 00114408 _____ (Microsoft Corporation) C:\windows\system32\consent.exe 2016-07-02 00:43 - 2016-04-14 12:42 - 03243520 _____ (Microsoft Corporation) C:\windows\system32\msi.dll 2016-07-02 00:43 - 2016-04-14 12:42 - 01941504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll 2016-07-02 00:43 - 2016-04-14 12:42 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll 2016-07-02 00:43 - 2016-04-14 12:42 - 00070144 _____ (Microsoft Corporation) C:\windows\system32\appinfo.dll 2016-07-02 00:43 - 2016-04-14 12:42 - 00025088 _____ (Microsoft Corporation) C:\windows\system32\msimsg.dll 2016-07-02 00:43 - 2016-04-14 11:33 - 02365440 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll 2016-07-02 00:43 - 2016-04-14 11:33 - 01806848 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll 2016-07-02 00:43 - 2016-04-14 11:33 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll 2016-07-02 00:43 - 2016-04-14 11:33 - 00025088 _____ (Microsoft Corporation) C:\windows\SysWOW64\msimsg.dll 2016-07-02 00:43 - 2016-04-14 11:19 - 00128000 _____ (Microsoft Corporation) C:\windows\system32\msiexec.exe 2016-07-02 00:43 - 2016-04-14 11:11 - 00073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\msiexec.exe 2016-07-02 00:43 - 2016-03-23 18:40 - 01239720 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe 2016-07-02 00:43 - 2016-03-23 18:40 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll 2016-07-02 00:43 - 2016-01-22 02:18 - 00961024 _____ (Microsoft Corporation) C:\windows\system32\CPFilters.dll 2016-07-02 00:43 - 2016-01-22 02:18 - 00723968 _____ (Microsoft Corporation) C:\windows\system32\EncDec.dll 2016-07-02 00:43 - 2016-01-22 02:04 - 00642048 _____ (Microsoft Corporation) C:\windows\SysWOW64\CPFilters.dll 2016-07-02 00:43 - 2016-01-22 02:04 - 00535040 _____ (Microsoft Corporation) C:\windows\SysWOW64\EncDec.dll 2016-07-02 00:43 - 2016-01-07 13:42 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys 2016-07-02 00:43 - 2015-07-09 13:58 - 01632256 _____ (Microsoft Corporation) C:\windows\system32\dwmcore.dll 2016-07-02 00:43 - 2015-07-09 13:58 - 00082944 _____ (Microsoft Corporation) C:\windows\system32\dwmapi.dll 2016-07-02 00:43 - 2015-07-09 13:42 - 01372160 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmcore.dll 2016-07-02 00:43 - 2015-07-09 13:42 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmapi.dll 2016-07-02 00:42 - 2016-04-09 03:02 - 00631176 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi 2016-07-02 00:42 - 2016-04-09 03:01 - 05546216 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe 2016-07-02 00:42 - 2016-04-09 03:01 - 00706280 _____ (Microsoft Corporation) C:\windows\system32\winload.efi 2016-07-02 00:42 - 2016-04-09 02:59 - 03998952 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe 2016-07-02 00:42 - 2016-04-09 02:59 - 03943144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe 2016-07-02 00:42 - 2016-04-09 02:59 - 01732864 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll 2016-07-02 00:42 - 2016-04-09 02:58 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll 2016-07-02 00:42 - 2016-04-09 02:58 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll 2016-07-02 00:42 - 2016-04-09 02:58 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll 2016-07-02 00:42 - 2016-04-09 02:58 - 00215552 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll 2016-07-02 00:42 - 2016-04-09 02:58 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll 2016-07-02 00:42 - 2016-04-09 02:58 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll 2016-07-02 00:42 - 2016-04-09 02:58 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll 2016-07-02 00:42 - 2016-04-09 02:57 - 01314112 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll 2016-07-02 00:42 - 2016-04-09 02:57 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll 2016-07-02 00:42 - 2016-04-09 02:57 - 00880640 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll 2016-07-02 00:42 - 2016-04-09 02:57 - 00419840 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll 2016-07-02 00:42 - 2016-04-09 02:57 - 00059904 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll 2016-07-02 00:42 - 2016-04-09 02:57 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll 2016-07-02 00:42 - 2016-04-09 02:57 - 00034816 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll 2016-07-02 00:42 - 2016-04-09 02:57 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll 2016-07-02 00:42 - 2016-04-09 02:57 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll 2016-07-02 00:42 - 2016-04-09 02:57 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:57 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:57 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:57 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:57 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:57 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:57 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:57 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:54 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll 2016-07-02 00:42 - 2016-04-09 02:54 - 00644096 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll 2016-07-02 00:42 - 2016-04-09 02:54 - 00275456 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll 2016-07-02 00:42 - 2016-04-09 02:54 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll 2016-07-02 00:42 - 2016-04-09 02:54 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll 2016-07-02 00:42 - 2016-04-09 02:54 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll 2016-07-02 00:42 - 2016-04-09 02:54 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:54 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll 2016-07-02 00:42 - 2016-04-09 02:54 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 01:52 - 00148480 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe 2016-07-02 00:42 - 2016-04-09 01:52 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys 2016-07-02 00:42 - 2016-04-09 01:52 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe 2016-07-02 00:42 - 2016-04-09 01:48 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe 2016-07-02 00:42 - 2016-04-09 01:47 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe 2016-07-02 00:42 - 2016-04-09 01:43 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe 2016-07-02 00:42 - 2016-04-09 01:38 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe 2016-07-02 00:42 - 2016-04-09 01:38 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll 2016-07-02 00:42 - 2016-04-09 01:38 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe 2016-07-02 00:42 - 2016-04-09 01:38 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe 2016-07-02 00:42 - 2016-04-09 01:37 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 01:37 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 01:37 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 01:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2016-07-02 00:42 - 2016-04-06 11:27 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\jnwmon.dll 2016-07-02 00:42 - 2016-03-23 18:43 - 00457400 _____ (Microsoft Corporation) C:\windows\system32\ci.dll 2016-07-02 00:42 - 2016-03-23 18:40 - 00634432 _____ (Microsoft Corporation) C:\windows\system32\winload.exe 2016-07-02 00:42 - 2016-03-23 18:40 - 00546656 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe 2016-07-02 00:42 - 2016-03-09 15:00 - 00396800 _____ (Microsoft Corporation) C:\windows\system32\webio.dll 2016-07-02 00:42 - 2016-03-09 14:40 - 00316416 _____ (Microsoft Corporation) C:\windows\SysWOW64\webio.dll 2016-07-02 00:42 - 2016-02-09 05:57 - 14634496 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll 2016-07-02 00:42 - 2016-02-09 05:57 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL 2016-07-02 00:42 - 2016-02-09 05:56 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\msdxm.ocx 2016-07-02 00:42 - 2016-02-09 05:56 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\dxmasf.dll 2016-07-02 00:42 - 2016-02-09 05:55 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\seclogon.dll 2016-07-02 00:42 - 2016-02-09 05:54 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\spwmp.dll 2016-07-02 00:42 - 2016-02-09 05:51 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL 2016-07-02 00:42 - 2016-02-09 05:51 - 11411456 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll 2016-07-02 00:42 - 2016-02-09 05:13 - 00008192 _____ (Microsoft Corporation) C:\windows\SysWOW64\spwmp.dll 2016-07-02 00:42 - 2016-02-09 05:13 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdxm.ocx 2016-07-02 00:42 - 2016-02-09 05:13 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxmasf.dll 2016-07-02 00:42 - 2016-02-05 14:56 - 00020480 _____ (Microsoft Corporation) C:\windows\system32\tbs.dll 2016-07-02 00:42 - 2016-02-05 14:54 - 00109568 _____ (Microsoft Corporation) C:\windows\system32\fveapibase.dll 2016-07-02 00:42 - 2016-02-05 13:33 - 00015360 _____ (Microsoft Corporation) C:\windows\SysWOW64\tbs.dll 2016-07-02 00:42 - 2016-02-04 21:19 - 00381440 _____ (Microsoft Corporation) C:\windows\system32\mfds.dll 2016-07-02 00:42 - 2016-02-04 14:41 - 00296448 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfds.dll 2016-07-02 00:42 - 2015-11-05 15:05 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\wshrm.dll 2016-07-02 00:42 - 2015-11-05 15:02 - 00014848 _____ (Microsoft Corporation) C:\windows\SysWOW64\wshrm.dll 2016-07-02 00:42 - 2015-11-05 05:53 - 00146944 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rmcast.sys 2016-07-02 00:42 - 2015-06-03 16:21 - 00451080 _____ (Microsoft Corporation) C:\windows\system32\fveapi.dll 2016-07-02 00:42 - 2014-11-10 23:08 - 00241152 _____ (Microsoft Corporation) C:\windows\system32\pku2u.dll 2016-07-02 00:42 - 2014-11-10 22:44 - 00186880 _____ (Microsoft Corporation) C:\windows\SysWOW64\pku2u.dll 2016-07-02 00:41 - 2016-02-03 14:07 - 00091648 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBSTOR.SYS 2016-07-02 00:41 - 2016-01-11 15:11 - 01684416 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys 2016-07-02 00:41 - 2014-07-16 22:07 - 01118720 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe 2016-07-02 00:41 - 2014-07-16 22:07 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe 2016-07-02 00:41 - 2014-07-16 22:07 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\winsta.dll 2016-07-02 00:41 - 2014-07-16 22:07 - 00150528 _____ (Microsoft Corporation) C:\windows\system32\rdpcorekmts.dll 2016-07-02 00:41 - 2014-07-16 21:40 - 00157696 _____ (Microsoft Corporation) C:\windows\SysWOW64\winsta.dll 2016-07-02 00:41 - 2014-07-16 21:39 - 01051136 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe 2016-07-02 00:41 - 2014-07-16 21:21 - 00212480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpwd.sys 2016-07-02 00:41 - 2014-07-16 21:21 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys 2016-07-02 00:35 - 2014-08-11 22:02 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\IMJP10K.DLL 2016-07-02 00:35 - 2014-08-11 21:36 - 00701440 _____ (Microsoft Corporation) C:\windows\SysWOW64\IMJP10K.DLL 2016-07-01 19:25 - 2014-10-29 22:03 - 00165888 _____ (Microsoft Corporation) C:\windows\system32\charmap.exe 2016-07-01 19:25 - 2014-10-29 21:45 - 00155136 _____ (Microsoft Corporation) C:\windows\SysWOW64\charmap.exe 2016-07-01 18:04 - 2016-07-03 12:52 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 2016-07-01 18:04 - 2016-07-03 12:26 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2016-07-01 18:04 - 2016-07-01 18:04 - 00000000 ____D C:\windows\System32\Tasks\Safer-Networking 2016-07-01 18:03 - 2016-07-01 18:03 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Jon\Downloads\spybot-2.4.exe 2016-07-01 17:55 - 2016-07-01 17:55 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Jon\Downloads\iExplore.exe 2016-07-01 17:55 - 2016-07-01 17:55 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Jon\Downloads\iExplore (1).exe 2016-07-01 15:29 - 2016-07-01 15:29 - 01108744 _____ C:\Users\Jon\Downloads\IMG_5603.mp4 2016-07-01 14:20 - 2016-07-01 14:20 - 00378281 _____ C:\Users\Jon\Downloads\Offenders with Intellectual and Developmental Disabilities Sentencing Challenges after the Abolition of Execution in the United States.pdf 2016-07-01 14:09 - 2016-07-01 14:09 - 00000000 ____D C:\windows\System32\Tasks\Norton 360 2016-07-01 14:03 - 2016-07-01 14:03 - 00003206 _____ C:\windows\System32\Tasks\Norton WSC Integration 2016-07-01 14:03 - 2016-07-01 14:03 - 00002225 _____ C:\Users\Public\Desktop\Norton 360.lnk 2016-07-01 09:21 - 2016-07-01 09:21 - 00062464 _____ C:\Users\Jon\Downloads\DAILY OPEN ENCOUNTERS_07012016.xls 2016-06-30 14:18 - 2016-06-30 14:18 - 00287025 _____ C:\Users\Jon\Downloads\Ahold_global_CR_policies.pdf 2016-06-30 11:32 - 2016-06-30 11:32 - 00020186 _____ C:\Users\Jon\Downloads\Copy of 1317 Psychiatry 7.2.16.xlsx 2016-06-29 20:02 - 2016-06-29 20:02 - 00025192 _____ C:\Users\Jon\Downloads\Office Assignments 2016-2017 (1).xlsx 2016-06-28 18:15 - 2016-06-28 18:15 - 00084886 _____ C:\Users\Jon\Downloads\1_153319_saved_contract_joy_-_71201[2].pdf 2016-06-28 18:14 - 2016-06-28 18:15 - 00036214 _____ C:\Users\Jon\Downloads\1_153319_joy_michelle[4].pdf 2016-06-28 18:14 - 2016-06-28 18:14 - 00191287 _____ C:\Users\Jon\Downloads\1_153319_joy_michelle_-_fbi.pdf 2016-06-28 18:14 - 2016-06-28 18:14 - 00172614 _____ C:\Users\Jon\Downloads\1_153319_joy_michelle[6].pdf 2016-06-28 13:31 - 2016-06-28 13:31 - 00074772 _____ C:\Users\Jon\Downloads\{17F0B6B3-68E3-4E33-9A02-CC67A8F3E7E6}.pdf 2016-06-27 19:14 - 2016-06-27 19:14 - 00025192 _____ C:\Users\Jon\Downloads\Office Assignments 2016-2017.xlsx 2016-06-24 16:27 - 2016-06-24 16:27 - 00000000 ____D C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2016-06-24 15:31 - 2016-06-24 15:31 - 00604889 _____ C:\Users\Jon\Documents\Scan0013.pdf 2016-06-24 10:48 - 2016-06-24 10:48 - 00203264 _____ C:\Users\Jon\Downloads\Moonlighting Schedule - Aug 16 to Jan 17 draft 06.23.16.xls 2016-06-09 20:39 - 2016-06-09 20:39 - 00269260 _____ C:\Users\Jon\Downloads\OS Assessment Report.pdf 2016-06-09 20:23 - 2016-06-09 20:23 - 00132140 _____ C:\Users\Jon\Downloads\msg0000 (3).WAV 2016-06-08 22:56 - 2016-06-08 22:57 - 00000000 ____D C:\Users\Jon\Desktop\Songs 2016-06-07 18:33 - 2016-06-07 18:33 - 00009799 _____ C:\Users\Jon\Downloads\Copy of Shared Holiday Rotation Schedule.xlsx 2016-06-07 18:31 - 2016-06-07 18:31 - 00012643 _____ C:\Users\Jon\Downloads\Holiday Schedule 2013.xlsx 2016-06-07 17:58 - 2016-06-07 17:58 - 00012407 _____ C:\Users\Jon\Downloads\Contact Information.xlsx 2016-06-07 17:58 - 2016-06-07 17:58 - 00012407 _____ C:\Users\Jon\Downloads\Contact Information (1).xlsx 2016-06-07 17:50 - 2016-06-07 17:50 - 00940238 _____ C:\Users\Jon\Downloads\Danilo Rojas-Velasquez LOR (1).pdf 2016-06-07 17:34 - 2016-06-07 17:34 - 00635943 _____ C:\Users\Jon\Downloads\KarinaMS Transcript (1).pdf 2016-06-07 17:33 - 2016-06-07 17:33 - 01591017 _____ C:\Users\Jon\Downloads\Melina Zuniga MS Transcript.pdf 2016-06-07 17:32 - 2016-06-07 17:32 - 00635943 _____ C:\Users\Jon\Downloads\KarinaMS Transcript.pdf 2016-06-07 17:31 - 2016-06-07 17:31 - 01067594 _____ C:\Users\Jon\Downloads\Fabiola MS Transcript.pdf 2016-06-07 17:31 - 2016-06-07 17:31 - 01067594 _____ C:\Users\Jon\Downloads\Fabiola MS Transcript (1).pdf 2016-06-07 17:26 - 2016-06-07 17:26 - 00016662 _____ C:\Users\Jon\Downloads\UPHS-CHOP Visiting Clerkship.xlsx 2016-06-07 17:25 - 2016-06-07 17:25 - 00493485 _____ C:\Users\Jon\Downloads\Trevor LOR.pdf 2016-06-07 17:22 - 2016-06-07 17:22 - 00202859 _____ C:\Users\Jon\Downloads\CV_Trevor York.pdf 2016-06-07 17:16 - 2016-06-07 17:16 - 00079409 _____ C:\Users\Jon\Downloads\Melina LOR.pdf 2016-06-07 17:10 - 2016-06-07 17:10 - 00143073 _____ C:\Users\Jon\Downloads\CV_KarinaMJ.pdf 2016-06-07 17:05 - 2016-06-07 17:05 - 01480948 _____ C:\Users\Jon\Downloads\Fabiola A. Arbelo-Cruz LoR May 19 2016.pdf 2016-06-07 17:05 - 2016-06-07 17:05 - 00073470 _____ C:\Users\Jon\Downloads\Danilo Rojas-Velasquez_Transcript.pdf 2016-06-07 17:04 - 2016-06-07 17:04 - 00940238 _____ C:\Users\Jon\Downloads\Danilo Rojas-Velasquez LOR.pdf 2016-06-04 11:27 - 2016-06-04 11:27 - 00000277 _____ C:\Users\Jon\Downloads\scholar (87).enw 2016-06-04 11:20 - 2016-06-04 11:20 - 00000228 _____ C:\Users\Jon\Downloads\scholar (86).enw ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-07-03 13:58 - 2013-01-10 23:09 - 00000000 ____D C:\Users\Jon\AppData\Local\CrashDumps 2016-07-03 13:41 - 2009-07-14 00:45 - 00021280 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-07-03 13:41 - 2009-07-14 00:45 - 00021280 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-07-03 13:36 - 2009-07-14 01:13 - 00782510 _____ C:\windows\system32\PerfStringBackup.INI 2016-07-03 13:36 - 2009-07-13 23:20 - 00000000 ____D C:\windows\inf 2016-07-03 13:34 - 2016-01-22 15:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2016-07-03 13:30 - 2012-04-22 15:25 - 00660833 _____ C:\windows\system32\fastboot.set 2016-07-03 13:29 - 2012-04-22 15:33 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-07-03 13:29 - 2009-07-14 01:08 - 00000006 ____H C:\windows\Tasks\SA.DAT 2016-07-03 13:25 - 2015-06-21 18:13 - 00000910 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1586536999-29697831-1294094069-1000UA.job 2016-07-03 13:13 - 2012-04-22 15:33 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-07-03 13:06 - 2016-01-13 21:36 - 01017266 _____ C:\windows\ntbtlog.txt 2016-07-03 10:52 - 2015-02-02 19:24 - 00004426 _____ C:\windows\mozy.blk 2016-07-03 10:52 - 2015-02-02 19:24 - 00001354 _____ C:\windows\mozy.flt 2016-07-03 10:30 - 2009-07-13 23:20 - 00000000 ____D C:\windows\AppCompat 2016-07-03 10:25 - 2015-06-21 18:13 - 00000858 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1586536999-29697831-1294094069-1000Core.job 2016-07-02 22:19 - 2015-12-16 17:50 - 00000000 ____D C:\Users\Jon\AppData\Local\Deployment 2016-07-02 18:33 - 2012-05-10 02:07 - 00001413 _____ C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2016-07-02 18:26 - 2012-05-17 12:59 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2016-07-02 18:26 - 2009-07-14 00:45 - 00406792 _____ C:\windows\system32\FNTCACHE.DAT 2016-07-02 18:25 - 2012-05-17 12:59 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2016-07-02 18:21 - 2009-07-13 23:20 - 00000000 ____D C:\windows\PolicyDefinitions 2016-07-02 18:20 - 2009-07-13 23:20 - 00000000 ____D C:\windows\SysWOW64\Dism 2016-07-02 18:20 - 2009-07-13 23:20 - 00000000 ____D C:\windows\system32\Dism 2016-07-02 18:20 - 2009-07-13 23:20 - 00000000 ____D C:\windows\system32\AdvancedInstallers 2016-07-02 18:18 - 2011-09-28 23:37 - 00000000 ____D C:\Program Files\Windows Journal 2016-07-02 16:06 - 2009-07-13 23:20 - 00000000 ____D C:\windows\rescache 2016-07-02 15:51 - 2015-12-06 19:17 - 00000000 ____D C:\windows\System32\Tasks\Remediation 2016-07-02 13:38 - 2014-01-08 03:06 - 00000000 ____D C:\windows\system32\MRT 2016-07-02 13:27 - 2012-05-15 11:59 - 142482544 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2016-07-02 13:22 - 2014-11-20 20:09 - 00775124 _____ C:\windows\SysWOW64\PerfStringBackup.INI 2016-07-02 13:15 - 2012-05-17 13:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2016-07-02 13:04 - 2009-07-13 22:34 - 00000537 _____ C:\windows\win.ini 2016-07-01 18:07 - 2015-12-06 19:17 - 00000000 ____D C:\Program Files\Common Files\AV 2016-07-01 17:44 - 2012-04-22 15:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo Games 2016-07-01 17:44 - 2012-04-22 15:25 - 00000000 ____D C:\ProgramData\Lenovo Games 2016-07-01 17:44 - 2012-04-22 15:25 - 00000000 ____D C:\Program Files (x86)\Lenovo Games 2016-07-01 17:44 - 2009-07-14 01:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2016-07-01 14:03 - 2015-06-29 15:56 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360 2016-07-01 14:03 - 2015-06-10 23:24 - 00000000 ____D C:\windows\system32\Drivers\N360x64 2016-07-01 08:35 - 2015-06-10 23:27 - 00101112 _____ (Symantec Corporation) C:\windows\system32\Drivers\SYMEVENT64x86.SYS 2016-07-01 08:35 - 2015-06-10 23:27 - 00008270 _____ C:\windows\system32\Drivers\SYMEVENT64x86.CAT 2016-06-28 16:17 - 2013-10-14 09:26 - 01453568 ___SH C:\Users\Jon\Downloads\Thumbs.db 2016-06-24 16:27 - 2012-07-31 19:30 - 00000000 ____D C:\Users\Jon\AppData\Roaming\Dropbox 2016-06-21 14:15 - 2012-11-29 18:38 - 02889216 ___SH C:\Users\Jon\Desktop\Thumbs.db 2016-06-20 22:08 - 2014-12-07 16:57 - 00000000 ____D C:\Users\Jon\Desktop\Music to transfer 2016-06-19 19:15 - 2012-04-22 15:33 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk ==================== Files in the root of some directories ======= 2014-11-20 21:06 - 2014-11-20 21:06 - 0001915 _____ () C:\Users\Jon\AppData\Roaming\SAS7_000.DAT 2012-11-24 12:38 - 2012-11-24 12:38 - 0000057 _____ () C:\ProgramData\Ament.ini 2012-05-09 14:37 - 2012-11-24 12:34 - 0008016 _____ () C:\ProgramData\hpzinstall.log Some files in TEMP: ==================== C:\Users\Jon\AppData\Local\Temp\ImageViewer4.exe C:\Users\Jon\AppData\Local\Temp\ose00000.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\windows\system32\winlogon.exe => File is digitally signed C:\windows\system32\wininit.exe => File is digitally signed C:\windows\SysWOW64\wininit.exe => File is digitally signed C:\windows\explorer.exe => File is digitally signed C:\windows\SysWOW64\explorer.exe => File is digitally signed C:\windows\system32\svchost.exe => File is digitally signed C:\windows\SysWOW64\svchost.exe => File is digitally signed C:\windows\system32\services.exe => File is digitally signed C:\windows\system32\User32.dll => File is digitally signed C:\windows\SysWOW64\User32.dll => File is digitally signed C:\windows\system32\userinit.exe => File is digitally signed C:\windows\SysWOW64\userinit.exe => File is digitally signed C:\windows\system32\rpcss.dll => File is digitally signed C:\windows\system32\dnsapi.dll => File is digitally signed C:\windows\SysWOW64\dnsapi.dll => File is digitally signed C:\windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-06-28 20:21 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-07-2016 Ran by Jon (2016-07-03 14:05:26) Running from C:\Users\Jon\Downloads Windows 7 Home Premium Service Pack 1 (X64) (2012-05-10 06:06:35) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= 7C67FBA2BB3D4386B201 (S-1-5-21-1586536999-29697831-1294094069-1003 - Limited - Enabled) Administrator (S-1-5-21-1586536999-29697831-1294094069-500 - Administrator - Disabled) Guest (S-1-5-21-1586536999-29697831-1294094069-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1586536999-29697831-1294094069-1002 - Limited - Enabled) Jon (S-1-5-21-1586536999-29697831-1294094069-1000 - Administrator - Enabled) => C:\Users\Jon ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Norton 360 Premier (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Norton 360 Premier (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66} FW: Norton 360 Premier (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden Ableton Live 8 (HKLM-x32\...\{3CBF4CD3-9370-44A0-B464-A21E588DD122}) (Version: 8.0.0.0 - Ableton) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.) Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.4.402.278 - Adobe Systems Incorporated) Adobe Reader XI (11.0.16) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.16 - Adobe Systems Incorporated) Apple Application Support (HKLM-x32\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}) (Version: 6.0.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) BrowserSafeguard with RocketTab (HKLM-x32\...\Browsersafeguard) (Version: - Browsersafeguard) <==== ATTENTION calibre (HKLM-x32\...\{D9A85F14-FFA5-40B1-8402-80D510D48D01}) (Version: 1.8.0 - Kovid Goyal) Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.04072 - Cisco Systems, Inc.) Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.04072 - Cisco Systems, Inc.) Hidden Cisco WebEx Meetings (HKU\S-1-5-21-1586536999-29697831-1294094069-1000\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC) Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 13.4.300.10 - Citrix Systems, Inc.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Digidesign Pro Tools M-Powered Essential 8.0.2 (HKLM-x32\...\{FE8CD9C9-7650-4B8D-928A-85D6CAB6CA59}) (Version: 8.0.2 - Digidesign, A Division of Avid Technology, Inc.) DNE Update (HKLM\...\{CE057713-FF03-49E6-A0B5-EF102C80117F}) (Version: 4.9.1.18389 - Deterministic Networks, Inc.) Dragon NaturallySpeaking 13 (HKLM-x32\...\{33EA20FB-5389-4938-BA59-2BCD9BB68F41}) (Version: 13.00.000 - Nuance Communications Inc.) Dropbox (HKU\S-1-5-21-1586536999-29697831-1294094069-1000\...\Dropbox) (Version: 5.4.24 - Dropbox, Inc.) Edimax Wireless LAN (HKLM-x32\...\{B63CCD1C-A133-4DF8-8306-DA0387231152}) (Version: 1.00.0205.2 - Edimax Technology Co.) EndNote X5 (HKLM-x32\...\{86B3F2D6-AC2B-0015-8AE1-F2F77F781B0C}) (Version: 15.0.0.5478 - Thomson Reuters) Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 6.0.2.1 - Lenovo) Energy Management (x32 Version: 6.0.2.1 - Lenovo) Hidden Fast Track (HKLM-x32\...\{3A1D9EDD-1284-4A0F-9B6F-512DCF5ED9D5}) (Version: 5.10.00.5128v4 - M-Audio) FredV2Step3 (HKLM-x32\...\{944B3A84-C728-487E-8306-CD3B52092B34}) (Version: 1.00.0000 - USMLE) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard) HP Officejet 6700 Basic Device Software (HKLM\...\{C0CA6788-386E-4BE1-B214-629E746A5302}) (Version: 25.0.619.0 - Hewlett-Packard Co.) HP Officejet 6700 Help (HKLM-x32\...\{50DA41E2-0701-43E2-A8BB-FAA0CB64B28B}) (Version: 140.0.2.2 - Hewlett Packard) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP) IBM SPSS Statistics 21 (HKLM\...\{1E26B9C2-ED08-4EEA-83C8-A786502B41E5}) (Version: 21.0.0.0 - IBM Corp) Intel PROSet Wireless (x32 Version: - ) Hidden Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2342 - Intel Corporation) Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{25FBDA9A-E868-4B3B-B9FF-D923818511A1}) (Version: 14.2.0000 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation) Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - ) Intel(R) Wireless Display (HKLM-x32\...\{F84906ED-BB54-4889-B131-FED9C9056FC8}) (Version: 2.0.27.0 - Intel Corporation) Interlok driver setup x64 (HKLM\...\{25613C10-27D2-410B-942B-D922D5C3A7BE}) (Version: 5.8.10 - PACE Anti-Piracy) iTunes (HKLM\...\{0E5D76AD-A3FB-48D5-8400-8903B10317D3}) (Version: 11.0.1.12 - Apple Inc.) Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation) JavaFX 2.1.0 (HKLM-x32\...\{1111706F-666A-4037-7777-210328764D10}) (Version: 2.1.0 - Oracle Corporation) join.me (HKU\S-1-5-21-1586536999-29697831-1294094069-1000\...\JoinMe) (Version: 1.5.2.214 - LogMeIn, Inc.) Juniper Citrix Services Client (HKU\S-1-5-21-1586536999-29697831-1294094069-1000\...\Juniper_Citrix_Services) (Version: 8.0.11.36363 - Juniper Networks) Juniper Networks Network Connect 7.1.0 (HKLM-x32\...\Juniper Network Connect 7.1.0) (Version: 7.1.0.20169 - Juniper Networks) Juniper Networks Network Connect 7.4.0 (HKLM-x32\...\Juniper Network Connect 7.4.0) (Version: 7.4.0.30667 - Juniper Networks) Juniper Networks Network Connect 8.0 (HKLM-x32\...\Juniper Network Connect 8.0) (Version: 8.0.11.36363 - Juniper Networks) Juniper Networks Secure Application Manager (HKLM-x32\...\Neoteris_Secure_Application_Manager) (Version: 8.0.11.36363 - Juniper Networks) Juniper Networks Setup Client (HKU\S-1-5-21-1586536999-29697831-1294094069-1000\...\Juniper_Setup_Client) (Version: 8.0.11.56747 - Juniper Networks) Juniper Networks, Inc. Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.) Juniper Networks, Inc. Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - ) Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.8000 - Broadcom Corporation) Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}) (Version: 1.11.0209.1 - Lenovo EasyCamera) Lenovo EE Boot Optimizer (HKLM\...\Lenovo EE Boot Optimizer) (Version: 0.0.1.5 - Lenovo) Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1628 - CyberLink Corp.) Lenovo OneKey Recovery (Version: 7.0.1628 - CyberLink Corp.) Hidden Lenovo Service Bridge (HKU\S-1-5-21-1586536999-29697831-1294094069-1000\...\dda9ca0b023f4c56) (Version: 1.6.3.5 - Lenovo) Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3603 - CyberLink Corp.) Lenovo YouCam (x32 Version: 3.1.3603 - CyberLink Corp.) Hidden Macromedia Dreamweaver 8 (HKLM-x32\...\{0837A661-FEC3-48B3-876C-91E7D32048A9}) (Version: 8.0.0.2734 - Macromedia) Macromedia Extension Manager (HKLM-x32\...\{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}) (Version: 1.7.240 - Macromedia, Inc.) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Mozilla Firefox 40.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla) Mozy Sync (HKLM\...\{95DB05B2-371B-3957-A65A-7CD9433701AD}) (Version: 1.3.1.4068 - Mozy, Inc.) MozyHome (HKLM\...\{81D29D4E-9658-BB63-D879-E6A625C01364}) (Version: 2.28.2.432 - Mozy, Inc.) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MuseScore 1.2 MuseScore score typesetter (HKLM-x32\...\MuseScore) (Version: 1.2.0 - Werner Schweer and Others) Norton 360 Premier (HKLM-x32\...\N360) (Version: 22.7.0.76 - Symantec Corporation) Onekey Theater (HKLM-x32\...\InstallShield_{D4B060B9-AD4A-4152-9D99-28B93C615AFE}) (Version: 2.0.2.7 - Lenovo) Onekey Theater (x32 Version: 2.0.2.7 - Lenovo) Hidden Online Plug-in (x32 Version: 13.4.300.10 - Citrix Systems, Inc.) Hidden ooVoo (HKLM-x32\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 2.2.4.25 - ooVoo LLC.) Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.7303 - CyberLink Corp.) Python 2.7.3 (HKLM-x32\...\{C0C31BCC-56FB-42A7-8766-D29E1BD74C7C}) (Version: 2.7.3150 - Python Software Foundation) qBittorrent 3.1.3 (HKLM-x32\...\qbittorrent) (Version: 3.1.3 - The qBittorrent project) QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.) Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.21.531.2010 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6505 - Realtek Semiconductor Corp.) Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10008 - Realtek Semiconductor Corp.) ResearchSoft Direct Export Helper (HKLM-x32\...\ResearchSoft Direct Export Helper) (Version: - ) ScorpionSaver (HKLM-x32\...\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}) (Version: 1.0.0.0 - Adpeak, Inc.) <==== ATTENTION ScorpionSaver Services (HKLM\...\{6E810AB6-F34E-49A3-A93F-9E503660F718}) (Version: 1.0.0.0 - Adpeak, Inc.) <==== ATTENTION Self-service Plug-in (x32 Version: 3.4.300.43589 - Citrix Systems, Inc.) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation) Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.101 - Skype Technologies S.A.) SRS Control Panel (HKLM\...\{25EE6AF4-8FD6-4E09-AD9B-3ACC0B81D902}) (Version: 1.11.4800 - SRS Labs, Inc.) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.7.0 - Synaptics Incorporated) UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.6 - Lenovo) UserGuide (x32 Version: 1.0.0.6 - Lenovo) Hidden VeriFace (HKLM-x32\...\VeriFace) (Version: 4.0.0.1206 - Lenovo) VSFilter 2.41.322 (0c3a1ea) Nightly (HKLM-x32\...\vsfilter_is1) (Version: 2.41.322 - MPC-HC Team) Windows Driver Package - Lenovo (ACPIVPC) System (12/02/2010 6.1.0.1) (HKLM\...\EA12B1FB53CE4E387C31A85236C41EF559B5E392) (Version: 12/02/2010 6.1.0.1 - Lenovo) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) WinZip 15.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BE}) (Version: 15.0.9302 - WinZip Computing, S.L. ) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1586536999-29697831-1294094069-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Jon\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1586536999-29697831-1294094069-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1586536999-29697831-1294094069-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1586536999-29697831-1294094069-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1586536999-29697831-1294094069-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1586536999-29697831-1294094069-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1586536999-29697831-1294094069-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1586536999-29697831-1294094069-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1586536999-29697831-1294094069-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1586536999-29697831-1294094069-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1586536999-29697831-1294094069-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {2575B262-CDD6-408B-8818-03BEC587BF3A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated) Task: {284E170B-6D84-4C8A-8D6D-297E182D7B7C} - System32\Tasks\{D322CD7E-30F7-4941-878E-D6FD9DDBA1A4} => pcalua.exe -a "C:\Users\Jon\Downloads\OnCallSetup (1).exe" -d C:\Users\Jon\Downloads Task: {2FF177AD-CA7C-4023-BB46-ECE607AA0521} - System32\Tasks\{51C73349-27F8-4227-BEBD-3BC5DE78951C} => pcalua.exe -a "C:\Users\Jon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PDK2THC2\cisco_vpnclient_5_0_05_0290.EXE" -d C:\Users\Jon\Desktop Task: {36D38556-D7BB-4954-84C4-9727E4529F8B} - System32\Tasks\{62B7A7AE-922B-4C00-94F9-0E45F712B6F1} => pcalua.exe -a C:\Users\Jon\Desktop\Temporary\Fast_Track_USB_Installer_5_10_0_5128v4.exe -d C:\Users\Jon\Desktop\Temporary Task: {44630D2F-7294-48C0-9741-B019496EED26} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\SymErr.exe [2016-05-23] (Symantec Corporation) Task: {4593C08A-23F0-4927-86E4-28778A30C5A6} - System32\Tasks\{57387CBE-B59C-4E69-8F54-76AA0EFF5327} => pcalua.exe -a C:\Users\Jon\Downloads\cisco_vpnclient_5_0_05_0290.EXE -d C:\Users\Jon\Downloads Task: {53569D9D-6845-49BE-AD02-562E3E061007} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {591C5A4D-9FA5-4AEA-96DD-71F0B5D1D875} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton 360 Premier\Upgrade.exe [2016-06-16] (Symantec Corporation) Task: {593935E7-161C-40C7-93DA-9C30F84BA059} - System32\Tasks\{E48B69F2-6054-418F-AD31-71DE0646258A} => pcalua.exe -a C:\Users\Jon\Downloads\OnCallSetup.exe -d C:\Users\Jon\Downloads Task: {616C28F9-D72F-4C32-9C98-4998855F0555} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\WSCStub.exe [2016-06-16] (Symantec Corporation) Task: {921F78B4-1A3A-4E64-81DD-1FF621C9E63A} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2010-12-04] (CyberLink) Task: {A27CDB4C-508D-4DD0-AB4D-4522819DE608} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1586536999-29697831-1294094069-1000UA => C:\Users\Jon\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-21] (Dropbox, Inc.) Task: {BCA70F6B-C46A-4E8D-A1F7-D7665FE66C22} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-1586536999-29697831-1294094069-1000 => Rundll32.exe dfshim.dll,ShOpenVerbShortcut C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Lenovo Service Bridge.appref-ms Task: {CC755630-1DC5-4AB7-8093-51ED6DDE5CB8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {E06D044C-700B-4791-9D44-8C46D5BAC51D} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\SymErr.exe [2016-05-23] (Symantec Corporation) Task: {EA4726D8-D68A-46DD-AB3B-16FF13EE6388} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1586536999-29697831-1294094069-1000Core => C:\Users\Jon\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-21] (Dropbox, Inc.) Task: {F25F2940-D2F9-4DB8-B114-CCF01B6EF3DD} - System32\Tasks\{1C56FE80-E45E-4B6E-980D-211BF1E372D9} => pcalua.exe -a C:\Users\Jon\Downloads\PennMedicinePulseVPN.exe -d C:\Users\Jon\Desktop (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1586536999-29697831-1294094069-1000Core.job => C:\Users\Jon\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1586536999-29697831-1294094069-1000UA.job => C:\Users\Jon\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2010-11-11 06:42 - 2010-11-11 06:42 - 00202144 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect64.dll 2010-11-11 06:44 - 2010-11-11 06:44 - 00156576 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll64.dll 2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2012-04-22 15:23 - 2012-04-22 15:23 - 01502720 _____ () C:\windows\system32\IcnOvrly.dll 2011-07-27 16:07 - 2011-07-27 16:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll 2011-04-13 23:01 - 2011-03-25 05:28 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2011-07-27 16:07 - 2011-07-27 16:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll 2012-04-22 15:26 - 2012-04-22 15:26 - 00100256 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe 2008-12-19 23:20 - 2012-04-22 15:37 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll 2008-12-19 23:20 - 2012-04-22 15:37 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll 2016-02-16 18:59 - 2013-05-15 16:27 - 00096768 _____ () C:\Program Files (x86)\Edimax\Edimax Wireless LAN\WPSService20.exe 2013-10-10 17:48 - 2013-10-10 17:48 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll 2012-11-28 15:13 - 2012-11-28 15:13 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2012-11-28 15:13 - 2012-11-28 15:13 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2010-11-11 06:38 - 2010-11-11 06:38 - 00161696 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll 2010-11-11 06:39 - 2010-11-11 06:39 - 00133024 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll 2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2016-06-19 19:14 - 2016-06-15 05:15 - 01745560 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libglesv2.dll 2016-06-19 19:14 - 2016-06-15 05:15 - 00091288 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\Microsoft:cf3BFqf7g79MM0lm [2160] AlternateDataStreams: C:\ProgramData\Microsoft:pRmheSYvlSZTM8n8KWzK3 [2254] AlternateDataStreams: C:\ProgramData\Temp:0FF263E8 [340] AlternateDataStreams: C:\Users\Jon\Cookies:40osDOhNlUBO1BIN4tcy8tTzU [2302] AlternateDataStreams: C:\Users\Jon\Cookies:GN8u9snwcrfF1cl3jOBAye5m [2220] AlternateDataStreams: C:\Users\Jon\Local Settings:rBAZmbgEgqJC57PlLcFsoyh0jMi [2126] AlternateDataStreams: C:\Users\Jon\AppData\Local:rBAZmbgEgqJC57PlLcFsoyh0jMi [2126] AlternateDataStreams: C:\Users\Jon\AppData\Local\Application Data:rBAZmbgEgqJC57PlLcFsoyh0jMi [2126] AlternateDataStreams: C:\Users\Jon\AppData\Local\Temp:BgyUZUvWqBsQYi8ZFG1NQO4c [2404] AlternateDataStreams: C:\Users\Jon\AppData\Local\Temp:jxKhEOyuVIyYBU6j9Aj1CgwjB [2612] AlternateDataStreams: C:\Users\Jon\AppData\Local\Temp:riMUZ4E5GfQ3IDmxt78SpEtr [1992] AlternateDataStreams: C:\Users\Jon\AppData\Local\Temp:rwR3WbyrUCHGCFMKUE21XV7wX [2572] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-1586536999-29697831-1294094069-1000\...\bioservers.org -> hxxp://www.bioservers.org IE trusted site: HKU\S-1-5-21-1586536999-29697831-1294094069-1000\...\jhsph.edu -> hxxps://statepiaps.jhsph.edu ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2016-06-24 18:32 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1586536999-29697831-1294094069-1000\Control Panel\Desktop\\Wallpaper -> DNS Servers: 75.75.75.75 - 75.75.76.76 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\windows\pss\Bluetooth.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^Jon^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized MSCONFIG\startupreg: CitrixReceiver => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk" MSCONFIG\startupreg: ConnectionCenter => "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup MSCONFIG\startupreg: Dropbox Update => "C:\Users\Jon\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c MSCONFIG\startupreg: ISUSPM => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler MSCONFIG\startupreg: MobileAppSync => "C:\Program Files (x86)\Mobile App Sync\D2MClient.exe" MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" MSCONFIG\startupreg: VeriFaceManager => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{811FCE89-06AE-4DA4-877A-D9F081D097DA}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel Wireless Display\WiDiApp.exe FirewallRules: [{2A3C4040-11CC-467E-A020-B5B23936F6DF}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe FirewallRules: [{E859223C-1344-4355-86D3-987FC655AE13}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe FirewallRules: [{E8A8C664-E90F-4553-A0AD-01BB26953E10}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{6A649EB1-F752-41B0-8774-C6DBF5A6CD66}] => (Allow) LPort=2869 FirewallRules: [{F5E8D0D0-85FE-4BC8-905F-084A805B449C}] => (Allow) LPort=1900 FirewallRules: [{B0673C85-F1B7-4796-BC46-372D7EBB0335}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{81547268-9349-4D4E-A48F-542F67D39C10}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe FirewallRules: [{FE2BCAD1-664B-4A4B-ACE5-DA4E597784C3}] => (Allow) C:\Users\Jon\AppData\Local\Temp\HP\OJ4500vG510n-z_Full_13_en\setup\hpznui40.exe FirewallRules: [{7A779B23-1852-412E-A371-E676D95DB2E4}] => (Allow) C:\Users\Jon\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{192076A5-133E-4C74-ABC4-876C39B2F383}] => (Allow) C:\Users\Jon\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{0A09C46A-6544-468B-9184-83D902A894D1}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\DeviceSetup.exe FirewallRules: [{AC9EC7A7-AA9B-433C-999B-0D003F1C79C2}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe FirewallRules: [{70EDCC67-C829-4778-9EF7-29CD6CEB83F4}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe FirewallRules: [{D8752022-3822-4BA4-9F23-CAC23DA75FC0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{43DC8ADF-D93C-4923-B7B8-80F2B29F2C85}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{053E5FA6-5A4E-4D93-98A4-8FAF74C0A8E5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{7DC797CC-7AF8-47B3-81F2-DC4D1FC604C3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{EE5E6E66-72E3-4BA7-99DF-C46027980D35}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe FirewallRules: [{5C21CF8B-8CB1-4DA1-95AE-246FB0D387AB}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\21\stats.exe FirewallRules: [{815A0412-0DA4-4B03-8482-C9DDFF45A407}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\21\WinWrapIDE.exe FirewallRules: [{CA7119D9-CCC8-42B8-AA68-0FD246784251}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\21\stats.com FirewallRules: [{147DBABE-6032-4589-B56F-222231007AF0}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\21\stats.exe FirewallRules: [{2174246E-8173-4D2E-A740-2F7716CA2A52}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\21\WinWrapIDE.exe FirewallRules: [{D88213B5-C12D-408D-90FB-D21AA8657D87}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\21\stats.com FirewallRules: [TCP Query User{6B5AA8A2-A3C6-40DD-B9B4-762AB1F0C4E7}C:\users\jon\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\jon\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [UDP Query User{846A9F02-A3E7-41EE-9658-FAF11710AC06}C:\users\jon\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\jon\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [{C282E245-A5A2-4E29-9459-8FD6226A5A62}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{0EB2388F-E9FE-4DBB-8B5F-D8C8943AF16A}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe FirewallRules: [{18DBA301-07E7-401B-AA78-47696DDB8A2E}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe FirewallRules: [{759BCA42-86EA-439C-B06E-E54D5A385E66}] => (Allow) LPort=51001 FirewallRules: [{21684B86-125D-4503-9978-B744243EBFF2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{0A893491-5987-4EE1-8D35-20B821CC0574}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{1D8C60C7-4C9A-45E4-8862-C302AF907C61}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe FirewallRules: [{0EDA51EF-C4BC-4FB9-A05B-A2ECB85D6AD2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 29-06-2016 00:00:00 Scheduled Checkpoint 01-07-2016 19:25:57 Windows Update 02-07-2016 12:07:54 Windows Update ==================== Faulty Device Manager Devices ============= Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: vpnva Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Broadcom Bluetooth 2.1 USB Description: Broadcom Bluetooth 2.1 USB Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974} Manufacturer: Broadcom Service: BTHUSB Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (07/03/2016 01:58:58 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbam.exe, version: 2.3.173.0, time stamp: 0x56e065b4 Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e Exception code: 0x40000015 Fault offset: 0x0008d6fd Faulting process id: 0x2264 Faulting application start time: 0xmbam.exe0 Faulting application path: mbam.exe1 Faulting module path: mbam.exe2 Report Id: mbam.exe3 Error: (07/03/2016 01:58:33 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbam.exe, version: 2.3.173.0, time stamp: 0x56e065b4 Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e Exception code: 0x40000015 Fault offset: 0x0008d6fd Faulting process id: 0x206c Faulting application start time: 0xmbam.exe0 Faulting application path: mbam.exe1 Faulting module path: mbam.exe2 Report Id: mbam.exe3 Error: (07/03/2016 01:55:16 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbam.com, version: 2.3.173.0, time stamp: 0x56e065b4 Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e Exception code: 0x40000015 Fault offset: 0x0008d6fd Faulting process id: 0x2050 Faulting application start time: 0xmbam.com0 Faulting application path: mbam.com1 Faulting module path: mbam.com2 Report Id: mbam.com3 Error: (07/03/2016 01:55:06 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbam.exe, version: 2.3.173.0, time stamp: 0x56e065b4 Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e Exception code: 0x40000015 Fault offset: 0x0008d6fd Faulting process id: 0x1c20 Faulting application start time: 0xmbam.exe0 Faulting application path: mbam.exe1 Faulting module path: mbam.exe2 Report Id: mbam.exe3 Error: (07/03/2016 01:54:43 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbam.exe, version: 2.3.173.0, time stamp: 0x56e065b4 Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e Exception code: 0x40000015 Fault offset: 0x0008d6fd Faulting process id: 0x1fd4 Faulting application start time: 0xmbam.exe0 Faulting application path: mbam.exe1 Faulting module path: mbam.exe2 Report Id: mbam.exe3 Error: (07/03/2016 01:47:17 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbam.exe, version: 2.3.173.0, time stamp: 0x56e065b4 Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e Exception code: 0x40000015 Fault offset: 0x0008d6fd Faulting process id: 0x128c Faulting application start time: 0xmbam.exe0 Faulting application path: mbam.exe1 Faulting module path: mbam.exe2 Report Id: mbam.exe3 Error: (07/03/2016 01:45:15 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbam.exe, version: 2.3.173.0, time stamp: 0x56e065b4 Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e Exception code: 0x40000015 Fault offset: 0x0008d6fd Faulting process id: 0x478 Faulting application start time: 0xmbam.exe0 Faulting application path: mbam.exe1 Faulting module path: mbam.exe2 Report Id: mbam.exe3 Error: (07/03/2016 01:40:43 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbam.exe, version: 2.3.173.0, time stamp: 0x56e065b4 Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e Exception code: 0x40000015 Fault offset: 0x0008d6fd Faulting process id: 0x708 Faulting application start time: 0xmbam.exe0 Faulting application path: mbam.exe1 Faulting module path: mbam.exe2 Report Id: mbam.exe3 Error: (07/03/2016 01:38:13 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbam.exe, version: 2.3.173.0, time stamp: 0x56e065b4 Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e Exception code: 0x40000015 Fault offset: 0x0008d6fd Faulting process id: 0x1384 Faulting application start time: 0xmbam.exe0 Faulting application path: mbam.exe1 Faulting module path: mbam.exe2 Report Id: mbam.exe3 Error: (07/03/2016 01:34:40 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbam.exe, version: 0.0.0.0, time stamp: 0x56e065b4 Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e Exception code: 0x40000015 Fault offset: 0x0008d6fd Faulting process id: 0x1450 Faulting application start time: 0xmbam.exe0 Faulting application path: mbam.exe1 Faulting module path: mbam.exe2 Report Id: mbam.exe3 System errors: ============= Error: (07/03/2016 01:35:04 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Windows Update service hung on starting. Error: (07/03/2016 01:34:03 PM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: The ScRegSetValueExW call failed for DeleteFlag with the following error: %%5 = Access is denied. Error: (07/03/2016 01:34:03 PM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: The ScRegSetValueExW call failed for DeleteFlag with the following error: %%5 = Access is denied. Error: (07/03/2016 01:31:24 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (07/03/2016 01:31:04 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC) Error: (07/03/2016 01:30:01 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: %%2 = The system cannot find the file specified. Error: (07/03/2016 01:29:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The MBAMProtector service failed to start due to the following error: %%2 = The system cannot find the file specified. Error: (07/03/2016 01:24:34 PM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: The ScRegSetValueExW call failed for DeleteFlag with the following error: %%5 = Access is denied. Error: (07/03/2016 01:24:34 PM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: The ScRegSetValueExW call failed for DeleteFlag with the following error: %%5 = Access is denied. Error: (07/03/2016 01:12:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz Percentage of memory in use: 36% Total physical RAM: 8106.14 MB Available physical RAM: 5146.81 MB Total Virtual: 16210.46 MB Available Virtual: 13068.63 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:421.81 GB) (Free:251.79 GB) NTFS Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:26.26 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 93296C60) Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=421.8 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended) Partition 4: (Not Active) - (Size=14.8 GB) - (Type=12) ==================== End of Addition.txt ============================ Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted July 3, 2016 ID:1049195 Share Posted July 3, 2016 Hello and Scan with Farbar Recovery Scan Tool Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system. Right-click on icon and select Run as Administrator to start the tool. (XP users click run after receipt of Windows Security Warning - Open File). Make sure that Addition option is checked. Press Scan button and wait. The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt. Please upload them into your next reply. Link to post Share on other sites More sharing options...
MiaMia Posted July 3, 2016 Author ID:1049198 Share Posted July 3, 2016 Thanks so much! Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-07-2016 Ran by Jon (administrator) on JON-PC (03-07-2016 17:49:19) Running from C:\Users\Jon\Downloads Loaded Profiles: Jon (Available Profiles: Jon) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Avid Technology, Inc.) C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe (Juniper Networks, Inc.) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\n360.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe () C:\Program Files (x86)\Edimax\Edimax Wireless LAN\WPSService20.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Lenovo) C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe (Avid Technology, Inc.) C:\Windows\System32\M-AudioTaskBarIcon64.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe (Mozy, Inc.) C:\Program Files\MozyHome\mozystat.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe () C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\n360.exe (CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Lenovo) C:\Users\Jon\AppData\Local\Apps\2.0\7Z8W83LE.KRN\0RCY7DDE.6AE\lsb...tion_2d7b41b05b24775e_0001.0006_6c5982beb50abfca\LSB.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Mozy, Inc.) C:\Program Files\MozyHome\mozybackup.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Mozy, Inc.) C:\Program Files\MozyHome\mozybackup.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2538280 2010-12-22] (Synaptics Incorporated) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13353064 2011-11-14] (Realtek Semiconductor) HKLM\...\Run: [OnekeyStudio] => C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [789920 2012-04-22] (Lenovo) HKLM\...\Run: [M-Audio Taskbar Icon] => C:\windows\System32\M-AudioTaskBarIcon64.exe [634888 2009-02-11] (Avid Technology, Inc.) HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2012-04-22] (Lenovo) HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-07-27] (Intel(R) Corporation) HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2012-04-22] (Lenovo(beijing) Limited) HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9769888 2012-04-22] (Lenovo (Beijing) Limited) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [DNS7reminder] => "C:\Program Files (x86)\Nuance\NaturallySpeaking13\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking13\Ereg.ini" HKLM-x32\...\Run: [DigidesignMMERefresh] => C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe [77824 2009-06-18] (Avid Technology, Inc.) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1586536999-29697831-1294094069-1000\...\Run: [HP Officejet 6700 (NET)] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2676584 2011-09-09] (Hewlett-Packard Co.) HKU\S-1-5-21-1586536999-29697831-1294094069-1000\...\MountPoints2: {23844499-5145-11e2-9c64-c01885eb94df} - E:\MotoCastSetup.exe -a HKU\S-1-5-21-1586536999-29697831-1294094069-1000\...\MountPoints2: {2384457c-5145-11e2-9c64-c01885eb94df} - E:\MotoCastSetup.exe -a HKU\S-1-5-21-1586536999-29697831-1294094069-1000\...\MountPoints2: {5950878a-a331-11e1-9aa6-c01885eb94df} - E:\setup.exe -a HKU\S-1-5-21-1586536999-29697831-1294094069-1000\...\MountPoints2: {7624bfd4-c44f-11e4-9fd3-c01885eb94df} - E:\VerizonSWUpgradeAssistantLauncher.exe HKU\S-1-5-21-1586536999-29697831-1294094069-1000\...\MountPoints2: {84a463c2-5436-11e5-a259-c01885eb94df} - E:\DT4000_Launcher.exe HKU\S-1-5-21-1586536999-29697831-1294094069-1000\...\MountPoints2: {f9184e96-9b86-11e4-bdab-c01885eb94df} - E:\VerizonSWUpgradeAssistantLauncher.exe HKU\S-1-5-21-1586536999-29697831-1294094069-1000\...\MountPoints2: {ff372f93-b8b7-11e5-8332-c01885eb94df} - E:\VerizonSWUpgradeAssistantLauncher.exe AppInit_DLLs-x32: C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll => C:\Program Files (x86)\Citrix\ICA Client\RSHook.dll [256392 2014-01-08] (Citrix Systems, Inc.) ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\22.7.0.76\buShell.dll [2016-06-09] (Symantec Corporation) ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\22.7.0.76\buShell.dll [2016-06-09] (Symantec Corporation) ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\22.7.0.76\buShell.dll [2016-06-09] (Symantec Corporation) ShellIconOverlayIdentifiers: [ mozysyncNotUploaded] -> {34DF8AC2-A6BB-4855-B45A-CC1B4D9183E3} => C:\Program Files\Mozy Sync\mozysyncshell.dll [2014-10-31] (Mozy, Inc.) ShellIconOverlayIdentifiers: [ mozysyncPendingChanges] -> {6673BC77-4A7B-4299-A130-14312E6B203A} => C:\Program Files\Mozy Sync\mozysyncshell.dll [2014-10-31] (Mozy, Inc.) ShellIconOverlayIdentifiers: [ mozysyncUpToDate] -> {04547006-32F5-4635-844B-B8D7FCE47692} => C:\Program Files\Mozy Sync\mozysyncshell.dll [2014-10-31] (Mozy, Inc.) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-06-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-06-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-06-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-06-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [mozy] -> {b32a6748-f273-4546-b60a-3c5adc239de5} => C:\Program Files\MozyHome\mozyshell.dll [2015-02-02] (Mozy, Inc.) ShellIconOverlayIdentifiers: [mozy2] -> {747E722C-CB46-4a9d-BDFE-192AAD5099B1} => C:\Program Files\MozyHome\mozyshell.dll [2015-02-02] (Mozy, Inc.) ShellIconOverlayIdentifiers: [mozy3] -> {EE6F5A00-7898-40f7-AB77-51FF9D6DEB20} => C:\Program Files\MozyHome\mozyshell.dll [2015-02-02] (Mozy, Inc.) ShellIconOverlayIdentifiers: [VeriFace Enc] -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\windows\system32\IcnOvrly.dll [2012-04-22] () ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MozyHome Status.lnk [2015-09-05] ShortcutTarget: MozyHome Status.lnk -> C:\Program Files\MozyHome\mozystat.exe (Mozy, Inc.) Startup: C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 6700 (Network).lnk [2016-07-03] ShortcutTarget: Monitor Ink Alerts - HP Officejet 6700 (Network).lnk -> C:\Program Files\HP\HP Officejet 6700\Bin\HPStatusBL.dll (Hewlett-Packard Co.) BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Winsock: Catalog9-x64 01 C:\windows\system32\AdpeakProxy64.dll [439296 2013-10-16] (Adpeak, Inc.) Winsock: Catalog9-x64 02 C:\windows\system32\AdpeakProxy64.dll [439296 2013-10-16] (Adpeak, Inc.) Winsock: Catalog9-x64 03 C:\windows\system32\AdpeakProxy64.dll [439296 2013-10-16] (Adpeak, Inc.) Winsock: Catalog9-x64 04 C:\windows\system32\AdpeakProxy64.dll [439296 2013-10-16] (Adpeak, Inc.) Winsock: Catalog9-x64 15 C:\windows\system32\AdpeakProxy64.dll [439296 2013-10-16] (Adpeak, Inc.) Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 Tcpip\..\Interfaces\{749D408D-0402-4F32-B959-7FD450A9C4F7}: [DhcpNameServer] 75.75.75.75 75.75.76.76 Internet Explorer: ================== HKU\S-1-5-21-1586536999-29697831-1294094069-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-1586536999-29697831-1294094069-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1586536999-29697831-1294094069-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1586536999-29697831-1294094069-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKU\S-1-5-21-1586536999-29697831-1294094069-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NSBU&chn=1000&geo=US&ver=22&locale=en_US&gct=kwd&qsrc=2869 BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation) BHO: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\dgnriaie_x64.dll [2014-07-12] (Nuance Communications, Inc.) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-22] (Google Inc.) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation) BHO-x32: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\dgnriaie.dll [2014-07-12] (Nuance Communications, Inc.) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-20] (Oracle Corporation) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-22] (Google Inc.) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-20] (Oracle Corporation) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-22] (Google Inc.) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-22] (Google Inc.) Toolbar: HKU\S-1-5-21-1586536999-29697831-1294094069-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-22] (Google Inc.) Toolbar: HKU\S-1-5-21-1586536999-29697831-1294094069-1000 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation) DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab DPF: HKLM-x32 {CC679CB8-DC4B-458B-B817-D447B3B6AC31} hxxps://vpn3.its.yale.edu/CACHE/stc/1/binaries/vpnweb.cab DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation) Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-01-08] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-01-08] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-01-08] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-01-08] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-01-08] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-01-08] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-01-08] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-01-08] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-01-08] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-01-08] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-01-08] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-01-08] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-01-08] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-01-08] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-01-08] (Citrix Systems, Inc.) Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-01-08] (Citrix Systems, Inc.) FireFox: ======== FF ProfilePath: C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\agp6acug.default-1385335376492 FF DefaultSearchEngine.US: Google FF Homepage: about:home FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll [2012-09-28] () FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: nuance.com/DgnRia2_x86_64 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\npDgnRia2_x64.dll [2014-07-12] (Nuance Communications, Inc.) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll [2012-09-28] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-10-31] () FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2014-01-08] (Citrix Systems, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-20] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-20] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-09] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-04-23] (Adobe Systems Inc.) FF Plugin-x32: nuance.com/DgnRia2 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\npDgnRia2.dll [2014-07-12] (Nuance Communications, Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\Jon\AppData\Roaming\mozilla\plugins\npatgpc.dll [2015-09-05] (Cisco WebEx LLC) FF Plugin ProgramFiles/Appdata: C:\Users\Jon\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2013-07-30] (Google) FF Plugin ProgramFiles/Appdata: C:\Users\Jon\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll [2013-07-30] () FF Plugin ProgramFiles/Appdata: C:\Users\Jon\AppData\Roaming\mozilla\plugins\npo1d.dll [2013-07-30] (Google) FF SearchPlugin: C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\agp6acug.default-1385335376492\searchplugins\safesearch.xml [2015-10-11] FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25] FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFAddon FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFAddon [2016-07-01] FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFAddon Chrome: ======= CHR StartupUrls: Default -> "hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN" CHR Profile: C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Drive) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22] CHR Extension: (Norton Security Toolbar) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2016-06-30] CHR Extension: (Google Docs Offline) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15] CHR Extension: (Norton Identity Safe) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-16] CHR Extension: (Cisco WebEx Extension) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2015-09-05] CHR Extension: (Google Scholar Button) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldipcbpaocekfooobnbcddclnhejkcpn [2015-04-21] CHR Extension: (Skype) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-05-24] CHR Extension: (Chrome Web Store Payments) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03] CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\Exts\Chrome.crx [2016-07-01] CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\Exts\Chrome.crx [2016-07-01] CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [956192 2011-02-15] (Broadcom Corporation.) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation) R2 DigiRefresh; C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe [77824 2009-06-18] (Avid Technology, Inc.) [File not signed] S3 digiSPTIService; C:\Program Files (x86)\Digidesign\Pro Tools\digiSPTIService.exe [159744 2009-06-18] (Avid Technology, Inc.) [File not signed] R2 DragonLoggerService; C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe [137280 2014-07-12] (Nuance Communications, Inc.) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes) R2 mozybackup; C:\Program Files\MozyHome\mozybackup.exe [55040 2015-02-02] (Mozy, Inc.) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-27] () R2 N360; C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\N360.exe [289080 2016-06-17] (Symantec Corporation) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed] R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 WPSService20; C:\Program Files (x86)\Edimax\Edimax Wireless LAN\WPSService20.exe [96768 2013-05-15] () [File not signed] S2 0235271344641637mcinstcleanup; C:\Users\Jon\AppData\Local\Temp\023527~1.EXE -cleanup -nolog [X] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\BASHDefs\20160701.003\BHDrvx64.sys [1832176 2016-05-12] (Symantec Corporation) R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1607000.04C\ccSetx64.sys [174328 2016-06-01] (Symantec Corporation) R1 DNE; C:\Windows\System32\DRIVERS\dnelwf64.sys [131160 2012-04-24] (Citrix Systems, Inc.) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497392 2016-05-04] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156912 2016-05-04] (Symantec Corporation) R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\IPSDefs\20160701.001\IDSvia64.sys [876248 2016-05-25] (Symantec Corporation) R3 jnprna; C:\Windows\System32\DRIVERS\jnprna6.sys [504176 2011-04-19] (Juniper Networks, Inc.) S3 MAUSBFT; C:\Windows\System32\DRIVERS\mausbft.sys [185864 2009-02-11] (Avid Technology, Inc.) R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes) S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation) R1 mozyFilter; C:\Windows\System32\DRIVERS\mozy.sys [69320 2015-02-02] (Mozy, Inc.) R1 NEOFLTR_8011_36363; C:\windows\system32\Drivers\NEOFLTR_8011_36363.SYS [108344 2015-05-24] (Juniper Networks, Inc.) S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited) S3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [1525904 2012-12-26] (Realtek Semiconductor Corporation ) R3 SPUVCbv; C:\Windows\System32\Drivers\usbvideo.sys [185344 2013-07-12] (Microsoft Corporation) R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1607000.04C\SRTSP64.SYS [773360 2016-06-01] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1607000.04C\SRTSPX64.SYS [48888 2016-06-01] (Symantec Corporation) R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1607000.04C\SYMEFASI64.SYS [1627352 2016-06-01] (Symantec Corporation) R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [101112 2016-07-01] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\N360x64\1607000.04C\Ironx64.SYS [291056 2016-06-01] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1607000.04C\SYMNETS.SYS [567536 2016-06-01] (Symantec Corporation) S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-10-10] (Cisco Systems, Inc.) U2 CLKMSVC10_3A60B698; no ImagePath U2 CLKMSVC10_C3B3B687; no ImagePath U2 DriverService; no ImagePath U2 IAStorDataMgrSvc; no ImagePath U2 idealife Update Service; no ImagePath U3 IGRS; no ImagePath U2 IviRegMgr; no ImagePath S3 NAVENG; \??\C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\SDSDefs\20160630.020\ENG64.SYS [X] S3 NAVEX15; \??\C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\SDSDefs\20160630.020\EX64.SYS [X] U2 nvUpdatusService; no ImagePath U2 Oasis2Service; no ImagePath U2 PCCarerServic; no ImagePath U2 ReadyComm.DirectRouter; no ImagePath U2 RichVideo; no ImagePath U2 RtLedService; no ImagePath U2 SoftwareService; no ImagePath U2 Stereo Service; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-07-03 14:05 - 2016-07-03 14:06 - 00044016 _____ C:\Users\Jon\Downloads\Addition.txt 2016-07-03 14:03 - 2016-07-03 17:49 - 00033161 _____ C:\Users\Jon\Downloads\FRST.txt 2016-07-03 14:03 - 2016-07-03 17:49 - 00000000 ____D C:\FRST 2016-07-03 14:03 - 2016-07-03 14:03 - 02390016 _____ (Farbar) C:\Users\Jon\Downloads\FRST64.exe 2016-07-03 13:53 - 2016-07-03 13:57 - 00002416 _____ C:\Users\Jon\Desktop\Rkill.txt 2016-07-03 13:52 - 2016-07-03 13:52 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Jon\Downloads\rkill.exe 2016-07-03 13:34 - 2016-07-03 13:34 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2016-07-03 13:34 - 2016-07-03 13:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-07-03 13:34 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys 2016-07-03 13:34 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys 2016-07-03 13:33 - 2016-07-03 13:55 - 00140672 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys 2016-07-03 13:31 - 2016-07-03 13:31 - 06705178 _____ C:\Users\Jon\Downloads\mbam-chameleon-3.1.33.0.zip 2016-07-03 13:14 - 2016-07-03 13:14 - 00000000 ____D C:\Users\MyApp\AppData\Local\CrashDumps 2016-07-03 13:12 - 2016-07-03 13:12 - 00112728 _____ C:\Users\MyApp\AppData\Local\GDIPFONTCACHEV1.DAT 2016-07-03 13:12 - 2016-07-03 13:12 - 00001413 _____ C:\Users\MyApp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2016-07-03 13:12 - 2016-07-03 13:12 - 00000000 ____D C:\Users\MyApp\AppData\Roaming\Intel 2016-07-03 13:12 - 2016-07-03 13:12 - 00000000 ____D C:\Users\MyApp\AppData\Roaming\Adobe 2016-07-03 13:11 - 2016-07-03 13:12 - 00002086 _____ C:\Users\MyApp\Desktop\OneKey Recovery.lnk 2016-07-03 13:11 - 2016-07-03 13:12 - 00001118 _____ C:\Users\MyApp\Desktop\Cyberlink Power2Go.lnk 2016-07-03 13:11 - 2016-07-03 13:12 - 00000000 ____D C:\Users\MyApp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo 2016-07-03 13:11 - 2016-07-03 13:11 - 00000020 ___SH C:\Users\MyApp\ntuser.ini 2016-07-03 13:11 - 2016-07-03 13:11 - 00000000 _SHDL C:\Users\MyApp\My Documents 2016-07-03 13:11 - 2016-07-03 13:11 - 00000000 _SHDL C:\Users\MyApp\Documents\My Videos 2016-07-03 13:11 - 2016-07-03 13:11 - 00000000 _SHDL C:\Users\MyApp\Documents\My Pictures 2016-07-03 13:11 - 2016-07-03 13:11 - 00000000 _SHDL C:\Users\MyApp\Documents\My Music 2016-07-03 13:11 - 2016-07-03 13:11 - 00000000 ____D C:\Users\MyApp\AppData\Local\VirtualStore 2016-07-03 13:11 - 2016-07-03 13:11 - 00000000 ____D C:\Users\MyApp\AppData\Local\Google 2016-07-03 13:11 - 2016-07-03 13:11 - 00000000 ____D C:\Users\MyApp 2016-07-03 13:11 - 2012-07-03 18:10 - 00000000 ____D C:\Users\MyApp\AppData\Roaming\Juniper Networks 2016-07-03 13:11 - 2012-06-03 14:21 - 00000000 ____D C:\Users\MyApp\AppData\Roaming\Macromedia 2016-07-03 13:11 - 2012-05-12 16:52 - 00000000 ____D C:\Users\MyApp\AppData\Local\Microsoft Help 2016-07-03 13:11 - 2011-09-28 23:37 - 00000000 ____D C:\Users\MyApp\AppData\Roaming\Media Center Programs 2016-07-03 13:11 - 2010-12-19 01:31 - 00000189 _____ C:\Users\MyApp\Desktop\Lenovo Telephony Start Now.url 2016-07-03 13:02 - 2016-07-03 13:06 - 00225948 _____ C:\TDSSKiller.3.1.0.9_03.07.2016_13.02.33_log.txt 2016-07-03 12:58 - 2016-07-03 13:26 - 00000000 ____D C:\Program Files (x86)\My App 2016-07-03 12:55 - 2016-07-03 12:55 - 00004472 _____ C:\TDSSKiller.3.1.0.9_03.07.2016_12.55.04_log.txt 2016-07-03 12:53 - 2016-07-03 12:54 - 04633146 _____ C:\Users\Jon\Downloads\tdsskiller.zip 2016-07-03 12:26 - 2016-07-03 12:26 - 00000085 _____ C:\windows\wininit.ini 2016-07-02 18:36 - 2016-07-02 18:36 - 00000000 ____D C:\Users\Jon\AppData\Local\GWX 2016-07-02 18:19 - 2016-07-02 18:30 - 00000000 ___SD C:\windows\system32\GWX 2016-07-02 18:19 - 2016-07-02 18:19 - 00000000 ___SD C:\windows\SysWOW64\GWX 2016-07-02 18:19 - 2016-07-02 18:19 - 00000000 ___SD C:\windows\system32\CompatTel 2016-07-02 18:19 - 2016-07-02 18:19 - 00000000 ____D C:\windows\system32\appraiser 2016-07-02 14:20 - 2015-01-08 19:44 - 00419936 _____ C:\windows\SysWOW64\locale.nls 2016-07-02 14:20 - 2015-01-08 19:43 - 00419936 _____ C:\windows\system32\locale.nls 2016-07-02 14:08 - 2015-07-30 09:13 - 00124624 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll 2016-07-02 14:08 - 2015-07-30 09:13 - 00103120 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2016-07-02 14:06 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\windows\system32\IEUDINIT.EXE 2016-07-02 14:02 - 2016-07-02 14:02 - 24917504 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 19607040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 14404096 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 12829696 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 06026240 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 04305920 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2016-07-02 14:02 - 2016-07-02 14:02 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2016-07-02 14:02 - 2016-07-02 14:02 - 02426880 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 02278912 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2016-07-02 14:02 - 2016-07-02 14:02 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl 2016-07-02 14:02 - 2016-07-02 14:02 - 01950720 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 01309696 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00942592 _____ (Microsoft Corporation) C:\windows\system32\jsIntl.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe 2016-07-02 14:02 - 2016-07-02 14:02 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00720384 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2016-07-02 14:02 - 2016-07-02 14:02 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00645120 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsIntl.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00616104 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dat 2016-07-02 14:02 - 2016-07-02 14:02 - 00616104 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dat 2016-07-02 14:02 - 2016-07-02 14:02 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00503808 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec 2016-07-02 14:02 - 2016-07-02 14:02 - 00389840 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00342728 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec 2016-07-02 14:02 - 2016-07-02 14:02 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\msls31.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\url.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00235008 _____ (Microsoft Corporation) C:\windows\system32\elshyph.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00233472 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00208384 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00194048 _____ (Microsoft Corporation) C:\windows\SysWOW64\elshyph.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00182272 _____ (Microsoft Corporation) C:\windows\SysWOW64\msls31.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00167424 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe 2016-07-02 14:02 - 2016-07-02 14:02 - 00151552 _____ (Microsoft Corporation) C:\windows\SysWOW64\iexpress.exe 2016-07-02 14:02 - 2016-07-02 14:02 - 00147968 _____ (Microsoft Corporation) C:\windows\system32\occache.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2016-07-02 14:02 - 2016-07-02 14:02 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe 2016-07-02 14:02 - 2016-07-02 14:02 - 00139264 _____ (Microsoft Corporation) C:\windows\SysWOW64\wextract.exe 2016-07-02 14:02 - 2016-07-02 14:02 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00131072 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00127488 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00116736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe 2016-07-02 14:02 - 2016-07-02 14:02 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe 2016-07-02 14:02 - 2016-07-02 14:02 - 00111616 _____ (Microsoft Corporation) C:\windows\SysWOW64\IEAdvpack.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00105984 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00101376 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00090112 _____ (Microsoft Corporation) C:\windows\system32\SetIEInstalledDate.exe 2016-07-02 14:02 - 2016-07-02 14:02 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00086016 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe 2016-07-02 14:02 - 2016-07-02 14:02 - 00083456 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\icardie.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx 2016-07-02 14:02 - 2016-07-02 14:02 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00074240 _____ (Microsoft Corporation) C:\windows\SysWOW64\SetIEInstalledDate.exe 2016-07-02 14:02 - 2016-07-02 14:02 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe 2016-07-02 14:02 - 2016-07-02 14:02 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardie.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx 2016-07-02 14:02 - 2016-07-02 14:02 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00056832 _____ (Microsoft Corporation) C:\windows\SysWOW64\pngfilt.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00048640 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmler.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\mshtmler.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00048128 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\imgutil.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00024576 _____ (Microsoft Corporation) C:\windows\SysWOW64\licmgr10.dll 2016-07-02 14:02 - 2016-07-02 14:02 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe 2016-07-02 14:02 - 2016-07-02 14:02 - 00013312 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe 2016-07-02 14:02 - 2016-07-02 14:02 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe 2016-07-02 14:02 - 2016-07-02 14:02 - 00012800 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe 2016-07-02 14:02 - 2016-07-02 14:02 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll 2016-07-02 12:10 - 2014-06-30 18:24 - 00008856 _____ (Microsoft Corporation) C:\windows\system32\icardres.dll 2016-07-02 12:10 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardres.dll 2016-07-02 12:10 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\windows\SysWOW64\TsWpfWrp.exe 2016-07-02 12:10 - 2014-06-06 02:12 - 00035480 _____ (Microsoft Corporation) C:\windows\system32\TsWpfWrp.exe 2016-07-02 12:10 - 2014-03-09 17:48 - 01389208 _____ (Microsoft Corporation) C:\windows\system32\icardagt.exe 2016-07-02 12:10 - 2014-03-09 17:48 - 00171160 _____ (Microsoft Corporation) C:\windows\system32\infocardapi.dll 2016-07-02 12:10 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardagt.exe 2016-07-02 12:10 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\windows\SysWOW64\infocardapi.dll 2016-07-02 12:05 - 2015-11-19 10:07 - 00994760 _____ (Microsoft Corporation) C:\windows\system32\ucrtbase.dll 2016-07-02 12:05 - 2015-11-19 10:07 - 00063840 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-private-l1-1-0.dll 2016-07-02 12:05 - 2015-11-19 10:07 - 00020832 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-math-l1-1-0.dll 2016-07-02 12:05 - 2015-11-19 10:07 - 00019808 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll 2016-07-02 12:05 - 2015-11-19 10:07 - 00017760 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-string-l1-1-0.dll 2016-07-02 12:05 - 2015-11-19 10:07 - 00017760 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-stdio-l1-1-0.dll 2016-07-02 12:05 - 2015-11-19 10:07 - 00016224 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-runtime-l1-1-0.dll 2016-07-02 12:05 - 2015-11-19 10:07 - 00015712 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-convert-l1-1-0.dll 2016-07-02 12:05 - 2015-11-19 10:07 - 00014176 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-time-l1-1-0.dll 2016-07-02 12:05 - 2015-11-19 10:07 - 00014176 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-2-0.dll 2016-07-02 12:05 - 2015-11-19 10:07 - 00013664 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll 2016-07-02 12:05 - 2015-11-19 10:07 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-process-l1-1-0.dll 2016-07-02 12:05 - 2015-11-19 10:07 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-heap-l1-1-0.dll 2016-07-02 12:05 - 2015-11-19 10:07 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-conio-l1-1-0.dll 2016-07-02 12:05 - 2015-11-19 10:07 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-utility-l1-1-0.dll 2016-07-02 12:05 - 2015-11-19 10:07 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-locale-l1-1-0.dll 2016-07-02 12:05 - 2015-11-19 10:07 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-environment-l1-1-0.dll 2016-07-02 12:05 - 2015-11-19 10:07 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-2-0.dll 2016-07-02 12:05 - 2015-11-19 10:07 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-1.dll 2016-07-02 12:05 - 2015-11-19 10:07 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l2-1-0.dll 2016-07-02 12:05 - 2015-11-19 10:07 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-timezone-l1-1-0.dll 2016-07-02 12:05 - 2015-11-19 10:07 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l2-1-0.dll 2016-07-02 12:05 - 2015-11-19 10:07 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-2-0.dll 2016-07-02 12:05 - 2015-11-19 10:06 - 00922432 _____ (Microsoft Corporation) C:\windows\SysWOW64\ucrtbase.dll 2016-07-02 12:05 - 2015-11-19 10:06 - 00066400 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll 2016-07-02 12:05 - 2015-11-19 10:06 - 00022368 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll 2016-07-02 12:05 - 2015-11-19 10:06 - 00019808 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll 2016-07-02 12:05 - 2015-11-19 10:06 - 00017760 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll 2016-07-02 12:05 - 2015-11-19 10:06 - 00017760 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll 2016-07-02 12:05 - 2015-11-19 10:06 - 00016224 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll 2016-07-02 12:05 - 2015-11-19 10:06 - 00015712 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll 2016-07-02 12:05 - 2015-11-19 10:06 - 00014176 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll 2016-07-02 12:05 - 2015-11-19 10:06 - 00014176 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll 2016-07-02 12:05 - 2015-11-19 10:06 - 00013664 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll 2016-07-02 12:05 - 2015-11-19 10:06 - 00012640 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll 2016-07-02 12:05 - 2015-11-19 10:06 - 00012640 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll 2016-07-02 12:05 - 2015-11-19 10:06 - 00012640 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll 2016-07-02 12:05 - 2015-11-19 10:06 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll 2016-07-02 12:05 - 2015-11-19 10:06 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll 2016-07-02 12:05 - 2015-11-19 10:06 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll 2016-07-02 12:05 - 2015-11-19 10:06 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll 2016-07-02 12:05 - 2015-11-19 10:06 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll 2016-07-02 12:05 - 2015-11-19 10:06 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll 2016-07-02 12:05 - 2015-11-19 10:06 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll 2016-07-02 12:05 - 2015-11-19 10:06 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll 2016-07-02 12:05 - 2015-11-19 10:06 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll 2016-07-02 00:51 - 2015-07-30 14:06 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll 2016-07-02 00:51 - 2015-07-30 13:57 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll 2016-07-02 00:51 - 2015-07-22 20:02 - 01390592 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll 2016-07-02 00:51 - 2015-07-22 20:02 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll 2016-07-02 00:51 - 2015-07-22 13:53 - 00635392 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll 2016-07-02 00:51 - 2015-07-22 12:48 - 00041984 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll 2016-07-02 00:51 - 2015-07-14 23:19 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\basesrv.dll 2016-07-02 00:50 - 2016-05-12 13:20 - 00154856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys 2016-07-02 00:50 - 2016-05-12 13:20 - 00095464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys 2016-07-02 00:50 - 2016-05-12 13:15 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll 2016-07-02 00:50 - 2016-05-12 13:15 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll 2016-07-02 00:50 - 2016-05-12 13:15 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll 2016-07-02 00:50 - 2016-05-12 13:15 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll 2016-07-02 00:50 - 2016-05-12 13:14 - 01464320 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll 2016-07-02 00:50 - 2016-05-12 13:14 - 01212928 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll 2016-07-02 00:50 - 2016-05-12 13:14 - 00730624 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll 2016-07-02 00:50 - 2016-05-12 13:14 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll 2016-07-02 00:50 - 2016-05-12 13:14 - 00463872 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll 2016-07-02 00:50 - 2016-05-12 13:14 - 00344064 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll 2016-07-02 00:50 - 2016-05-12 13:14 - 00316416 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll 2016-07-02 00:50 - 2016-05-12 13:14 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll 2016-07-02 00:50 - 2016-05-12 13:14 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll 2016-07-02 00:50 - 2016-05-12 13:14 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll 2016-07-02 00:50 - 2016-05-12 13:14 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll 2016-07-02 00:50 - 2016-05-12 13:14 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll 2016-07-02 00:50 - 2016-05-12 13:14 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll 2016-07-02 00:50 - 2016-05-12 13:14 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll 2016-07-02 00:50 - 2016-05-12 11:18 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll 2016-07-02 00:50 - 2016-05-12 11:18 - 00666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll 2016-07-02 00:50 - 2016-05-12 11:18 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll 2016-07-02 00:50 - 2016-05-12 11:18 - 00342528 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll 2016-07-02 00:50 - 2016-05-12 11:18 - 00260608 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll 2016-07-02 00:50 - 2016-05-12 11:18 - 00251392 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll 2016-07-02 00:50 - 2016-05-12 11:18 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll 2016-07-02 00:50 - 2016-05-12 11:18 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll 2016-07-02 00:50 - 2016-05-12 11:18 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll 2016-07-02 00:50 - 2016-05-12 11:18 - 00141312 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll 2016-07-02 00:50 - 2016-05-12 11:18 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll 2016-07-02 00:50 - 2016-05-12 11:18 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll 2016-07-02 00:50 - 2016-05-12 11:18 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll 2016-07-02 00:50 - 2016-05-12 11:18 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll 2016-07-02 00:50 - 2016-05-12 11:18 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll 2016-07-02 00:50 - 2016-05-12 11:05 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe 2016-07-02 00:50 - 2016-05-12 10:58 - 00464896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv.sys 2016-07-02 00:50 - 2016-05-12 10:58 - 00405504 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys 2016-07-02 00:50 - 2016-05-12 10:58 - 00291328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys 2016-07-02 00:50 - 2016-05-12 10:58 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys 2016-07-02 00:50 - 2016-05-12 10:58 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys 2016-07-02 00:50 - 2016-05-12 10:58 - 00129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys 2016-07-02 00:50 - 2016-05-12 10:57 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe 2016-07-02 00:50 - 2016-05-12 10:56 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe 2016-07-02 00:50 - 2016-05-12 10:51 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll 2016-07-02 00:50 - 2016-05-12 09:05 - 00459640 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys 2016-07-02 00:50 - 2016-05-12 09:05 - 00297984 _____ (Microsoft Corporation) C:\windows\system32\bcryptprimitives.dll 2016-07-02 00:50 - 2016-05-12 09:04 - 00249352 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcryptprimitives.dll 2016-07-02 00:50 - 2016-03-17 18:56 - 02084864 _____ (Microsoft Corporation) C:\windows\system32\ole32.dll 2016-07-02 00:50 - 2016-03-17 18:28 - 01414144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ole32.dll 2016-07-02 00:50 - 2016-03-16 14:50 - 00156672 _____ (Microsoft Corporation) C:\windows\system32\mtxoci.dll 2016-07-02 00:50 - 2016-03-16 14:28 - 00176128 _____ (Microsoft Corporation) C:\windows\SysWOW64\msorcl32.dll 2016-07-02 00:50 - 2016-03-16 14:28 - 00111616 _____ (Microsoft Corporation) C:\windows\SysWOW64\mtxoci.dll 2016-07-02 00:50 - 2016-03-15 20:16 - 00760320 _____ (Microsoft Corporation) C:\windows\system32\samsrv.dll 2016-07-02 00:50 - 2016-03-15 20:16 - 00106496 _____ (Microsoft Corporation) C:\windows\system32\samlib.dll 2016-07-02 00:50 - 2016-03-15 19:53 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\samlib.dll 2016-07-02 00:50 - 2015-07-10 13:51 - 03722752 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll 2016-07-02 00:50 - 2015-07-10 13:34 - 03221504 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll 2016-07-02 00:49 - 2016-05-18 12:10 - 00312832 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll 2016-07-02 00:49 - 2016-05-18 12:09 - 00405504 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll 2016-07-02 00:49 - 2016-05-13 18:15 - 00382184 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll 2016-07-02 00:49 - 2016-05-13 18:09 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll 2016-07-02 00:49 - 2016-05-13 18:09 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll 2016-07-02 00:49 - 2016-05-13 18:09 - 00041472 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll 2016-07-02 00:49 - 2016-05-13 18:09 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll 2016-07-02 00:49 - 2016-05-13 17:54 - 00308456 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll 2016-07-02 00:49 - 2016-05-13 17:50 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll 2016-07-02 00:49 - 2016-05-13 17:49 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll 2016-07-02 00:49 - 2016-05-13 17:49 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll 2016-07-02 00:49 - 2016-05-13 17:27 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll 2016-07-02 00:49 - 2016-05-12 13:15 - 00105472 _____ (Microsoft Corporation) C:\windows\system32\winipsec.dll 2016-07-02 00:49 - 2016-05-12 13:14 - 00794624 _____ (Microsoft Corporation) C:\windows\system32\gpsvc.dll 2016-07-02 00:49 - 2016-05-12 13:14 - 00502272 _____ (Microsoft Corporation) C:\windows\system32\IPSECSVC.DLL 2016-07-02 00:49 - 2016-05-12 13:14 - 00373760 _____ (Microsoft Corporation) C:\windows\system32\polstore.dll 2016-07-02 00:49 - 2016-05-12 13:14 - 00096256 _____ (Microsoft Corporation) C:\windows\system32\gpapi.dll 2016-07-02 00:49 - 2016-05-12 13:14 - 00075776 _____ (Microsoft Corporation) C:\windows\system32\FwRemoteSvr.dll 2016-07-02 00:49 - 2016-05-12 11:18 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\polstore.dll 2016-07-02 00:49 - 2016-05-12 11:18 - 00079360 _____ (Microsoft Corporation) C:\windows\SysWOW64\gpapi.dll 2016-07-02 00:49 - 2016-05-12 11:18 - 00070144 _____ (Microsoft Corporation) C:\windows\SysWOW64\winipsec.dll 2016-07-02 00:49 - 2016-05-12 11:18 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\FwRemoteSvr.dll 2016-07-02 00:49 - 2016-05-12 11:03 - 03217408 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2016-07-02 00:49 - 2016-05-11 13:02 - 00483840 _____ (Microsoft Corporation) C:\windows\system32\StructuredQuery.dll 2016-07-02 00:49 - 2016-05-11 13:02 - 00444928 _____ (Microsoft Corporation) C:\windows\system32\winhttp.dll 2016-07-02 00:49 - 2016-05-11 13:02 - 00327168 _____ (Microsoft Corporation) C:\windows\system32\mswsock.dll 2016-07-02 00:49 - 2016-05-11 13:02 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\ws2_32.dll 2016-07-02 00:49 - 2016-05-11 11:19 - 00363520 _____ (Microsoft Corporation) C:\windows\SysWOW64\StructuredQuery.dll 2016-07-02 00:49 - 2016-05-11 11:19 - 00351744 _____ (Microsoft Corporation) C:\windows\SysWOW64\winhttp.dll 2016-07-02 00:49 - 2016-05-11 11:19 - 00231424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mswsock.dll 2016-07-02 00:49 - 2016-05-11 11:19 - 00206336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ws2_32.dll 2016-07-02 00:49 - 2016-05-11 11:11 - 00025088 _____ (Microsoft Corporation) C:\windows\system32\netbtugc.exe 2016-07-02 00:49 - 2016-05-11 11:01 - 00026624 _____ (Microsoft Corporation) C:\windows\SysWOW64\netbtugc.exe 2016-07-02 00:49 - 2016-05-11 10:58 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netbt.sys 2016-07-02 00:49 - 2016-04-14 09:49 - 00603648 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10level9.dll 2016-07-02 00:49 - 2016-04-14 09:21 - 00647680 _____ (Microsoft Corporation) C:\windows\system32\d3d10level9.dll 2016-07-02 00:49 - 2016-04-09 03:01 - 00986344 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys 2016-07-02 00:49 - 2016-04-09 03:01 - 00264936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgmms1.sys 2016-07-02 00:49 - 2016-04-09 02:58 - 14186496 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll 2016-07-02 00:49 - 2016-04-09 02:57 - 01867776 _____ (Microsoft Corporation) C:\windows\system32\ExplorerFrame.dll 2016-07-02 00:49 - 2016-04-09 02:57 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\cdd.dll 2016-07-02 00:49 - 2016-04-09 02:54 - 12881408 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll 2016-07-02 00:49 - 2016-04-09 02:54 - 01499648 _____ (Microsoft Corporation) C:\windows\SysWOW64\ExplorerFrame.dll 2016-07-02 00:49 - 2016-04-09 01:53 - 03231232 _____ (Microsoft Corporation) C:\windows\explorer.exe 2016-07-02 00:49 - 2016-04-09 01:44 - 02973184 _____ (Microsoft Corporation) C:\windows\SysWOW64\explorer.exe 2016-07-02 00:49 - 2016-04-09 00:20 - 01230848 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll 2016-07-02 00:49 - 2016-04-08 23:52 - 01424896 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll 2016-07-02 00:49 - 2016-03-09 14:54 - 00275456 _____ (Microsoft Corporation) C:\windows\system32\InkEd.dll 2016-07-02 00:49 - 2016-03-09 14:34 - 00216064 _____ (Microsoft Corporation) C:\windows\SysWOW64\InkEd.dll 2016-07-02 00:49 - 2016-03-06 14:53 - 01885696 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll 2016-07-02 00:49 - 2016-03-06 14:53 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll 2016-07-02 00:49 - 2016-03-06 14:38 - 01240576 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll 2016-07-02 00:49 - 2016-03-06 14:38 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll 2016-07-02 00:49 - 2016-02-03 14:58 - 00862208 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll 2016-07-02 00:49 - 2016-02-03 14:52 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\asycfilt.dll 2016-07-02 00:49 - 2016-02-03 14:49 - 00572416 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll 2016-07-02 00:49 - 2016-02-03 14:43 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\asycfilt.dll 2016-07-02 00:49 - 2016-02-02 14:57 - 00511488 _____ (Microsoft Corporation) C:\windows\system32\rpcss.dll 2016-07-02 00:49 - 2016-01-20 20:51 - 00073664 _____ (Microsoft Corporation) C:\windows\system32\Drivers\disk.sys 2016-07-02 00:49 - 2015-10-13 00:57 - 00950720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys 2016-07-02 00:49 - 2015-07-10 13:51 - 00158720 _____ (Microsoft Corporation) C:\windows\system32\aaclient.dll 2016-07-02 00:49 - 2015-07-10 13:51 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll 2016-07-02 00:49 - 2015-07-10 13:34 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll 2016-07-02 00:49 - 2015-07-10 13:33 - 00131584 _____ (Microsoft Corporation) C:\windows\SysWOW64\aaclient.dll 2016-07-02 00:49 - 2015-01-16 22:48 - 01067520 _____ (Microsoft Corporation) C:\windows\system32\msctf.dll 2016-07-02 00:49 - 2015-01-16 22:30 - 00828928 _____ (Microsoft Corporation) C:\windows\SysWOW64\msctf.dll 2016-07-02 00:44 - 2016-02-12 14:52 - 03169792 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll 2016-07-02 00:44 - 2016-02-12 14:52 - 00192512 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll 2016-07-02 00:44 - 2016-02-12 14:52 - 00098816 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll 2016-07-02 00:44 - 2016-02-12 14:44 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll 2016-07-02 00:44 - 2016-02-12 14:39 - 00174080 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll 2016-07-02 00:44 - 2016-02-12 14:22 - 02610688 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll 2016-07-02 00:44 - 2016-02-12 14:19 - 00709120 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll 2016-07-02 00:44 - 2016-02-12 14:18 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe 2016-07-02 00:44 - 2016-02-12 14:18 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll 2016-07-02 00:44 - 2016-02-12 14:18 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe 2016-07-02 00:44 - 2016-02-12 14:18 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wups.dll 2016-07-02 00:44 - 2016-02-12 14:18 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll 2016-07-02 00:44 - 2016-02-12 14:06 - 00573440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll 2016-07-02 00:44 - 2016-02-12 14:05 - 00093696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll 2016-07-02 00:44 - 2016-02-12 14:05 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe 2016-07-02 00:44 - 2016-02-12 14:05 - 00030208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll 2016-07-02 00:43 - 2016-06-06 12:58 - 00041704 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe 2016-07-02 00:43 - 2016-06-06 12:50 - 01204224 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll 2016-07-02 00:43 - 2016-06-03 09:05 - 01413120 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll 2016-07-02 00:43 - 2016-05-27 09:06 - 00569856 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll 2016-07-02 00:43 - 2016-05-27 09:06 - 00544256 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll 2016-07-02 00:43 - 2016-05-27 09:06 - 00276480 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll 2016-07-02 00:43 - 2016-05-27 09:06 - 00265216 _____ (Microsoft Corporation) C:\windows\system32\centel.dll 2016-07-02 00:43 - 2016-05-22 09:06 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll 2016-07-02 00:43 - 2016-05-12 13:15 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll 2016-07-02 00:43 - 2016-05-12 11:18 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll 2016-07-02 00:43 - 2016-04-14 12:46 - 00114408 _____ (Microsoft Corporation) C:\windows\system32\consent.exe 2016-07-02 00:43 - 2016-04-14 12:42 - 03243520 _____ (Microsoft Corporation) C:\windows\system32\msi.dll 2016-07-02 00:43 - 2016-04-14 12:42 - 01941504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll 2016-07-02 00:43 - 2016-04-14 12:42 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll 2016-07-02 00:43 - 2016-04-14 12:42 - 00070144 _____ (Microsoft Corporation) C:\windows\system32\appinfo.dll 2016-07-02 00:43 - 2016-04-14 12:42 - 00025088 _____ (Microsoft Corporation) C:\windows\system32\msimsg.dll 2016-07-02 00:43 - 2016-04-14 11:33 - 02365440 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll 2016-07-02 00:43 - 2016-04-14 11:33 - 01806848 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll 2016-07-02 00:43 - 2016-04-14 11:33 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll 2016-07-02 00:43 - 2016-04-14 11:33 - 00025088 _____ (Microsoft Corporation) C:\windows\SysWOW64\msimsg.dll 2016-07-02 00:43 - 2016-04-14 11:19 - 00128000 _____ (Microsoft Corporation) C:\windows\system32\msiexec.exe 2016-07-02 00:43 - 2016-04-14 11:11 - 00073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\msiexec.exe 2016-07-02 00:43 - 2016-03-23 18:40 - 01239720 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe 2016-07-02 00:43 - 2016-03-23 18:40 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll 2016-07-02 00:43 - 2016-01-22 02:18 - 00961024 _____ (Microsoft Corporation) C:\windows\system32\CPFilters.dll 2016-07-02 00:43 - 2016-01-22 02:18 - 00723968 _____ (Microsoft Corporation) C:\windows\system32\EncDec.dll 2016-07-02 00:43 - 2016-01-22 02:04 - 00642048 _____ (Microsoft Corporation) C:\windows\SysWOW64\CPFilters.dll 2016-07-02 00:43 - 2016-01-22 02:04 - 00535040 _____ (Microsoft Corporation) C:\windows\SysWOW64\EncDec.dll 2016-07-02 00:43 - 2016-01-07 13:42 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys 2016-07-02 00:43 - 2015-07-09 13:58 - 01632256 _____ (Microsoft Corporation) C:\windows\system32\dwmcore.dll 2016-07-02 00:43 - 2015-07-09 13:58 - 00082944 _____ (Microsoft Corporation) C:\windows\system32\dwmapi.dll 2016-07-02 00:43 - 2015-07-09 13:42 - 01372160 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmcore.dll 2016-07-02 00:43 - 2015-07-09 13:42 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmapi.dll 2016-07-02 00:42 - 2016-04-09 03:02 - 00631176 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi 2016-07-02 00:42 - 2016-04-09 03:01 - 05546216 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe 2016-07-02 00:42 - 2016-04-09 03:01 - 00706280 _____ (Microsoft Corporation) C:\windows\system32\winload.efi 2016-07-02 00:42 - 2016-04-09 02:59 - 03998952 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe 2016-07-02 00:42 - 2016-04-09 02:59 - 03943144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe 2016-07-02 00:42 - 2016-04-09 02:59 - 01732864 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll 2016-07-02 00:42 - 2016-04-09 02:58 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll 2016-07-02 00:42 - 2016-04-09 02:58 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll 2016-07-02 00:42 - 2016-04-09 02:58 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll 2016-07-02 00:42 - 2016-04-09 02:58 - 00215552 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll 2016-07-02 00:42 - 2016-04-09 02:58 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll 2016-07-02 00:42 - 2016-04-09 02:58 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll 2016-07-02 00:42 - 2016-04-09 02:58 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll 2016-07-02 00:42 - 2016-04-09 02:57 - 01314112 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll 2016-07-02 00:42 - 2016-04-09 02:57 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll 2016-07-02 00:42 - 2016-04-09 02:57 - 00880640 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll 2016-07-02 00:42 - 2016-04-09 02:57 - 00419840 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll 2016-07-02 00:42 - 2016-04-09 02:57 - 00059904 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll 2016-07-02 00:42 - 2016-04-09 02:57 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll 2016-07-02 00:42 - 2016-04-09 02:57 - 00034816 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll 2016-07-02 00:42 - 2016-04-09 02:57 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll 2016-07-02 00:42 - 2016-04-09 02:57 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll 2016-07-02 00:42 - 2016-04-09 02:57 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:57 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:57 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:57 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:57 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:57 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:57 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:57 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:54 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll 2016-07-02 00:42 - 2016-04-09 02:54 - 00644096 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll 2016-07-02 00:42 - 2016-04-09 02:54 - 00275456 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll 2016-07-02 00:42 - 2016-04-09 02:54 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll 2016-07-02 00:42 - 2016-04-09 02:54 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll 2016-07-02 00:42 - 2016-04-09 02:54 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll 2016-07-02 00:42 - 2016-04-09 02:54 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:54 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll 2016-07-02 00:42 - 2016-04-09 02:54 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 01:52 - 00148480 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe 2016-07-02 00:42 - 2016-04-09 01:52 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys 2016-07-02 00:42 - 2016-04-09 01:52 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe 2016-07-02 00:42 - 2016-04-09 01:48 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe 2016-07-02 00:42 - 2016-04-09 01:47 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe 2016-07-02 00:42 - 2016-04-09 01:43 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe 2016-07-02 00:42 - 2016-04-09 01:38 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe 2016-07-02 00:42 - 2016-04-09 01:38 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll 2016-07-02 00:42 - 2016-04-09 01:38 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe 2016-07-02 00:42 - 2016-04-09 01:38 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe 2016-07-02 00:42 - 2016-04-09 01:37 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 01:37 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 01:37 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2016-07-02 00:42 - 2016-04-09 01:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2016-07-02 00:42 - 2016-04-06 11:27 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\jnwmon.dll 2016-07-02 00:42 - 2016-03-23 18:43 - 00457400 _____ (Microsoft Corporation) C:\windows\system32\ci.dll 2016-07-02 00:42 - 2016-03-23 18:40 - 00634432 _____ (Microsoft Corporation) C:\windows\system32\winload.exe 2016-07-02 00:42 - 2016-03-23 18:40 - 00546656 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe 2016-07-02 00:42 - 2016-03-09 15:00 - 00396800 _____ (Microsoft Corporation) C:\windows\system32\webio.dll 2016-07-02 00:42 - 2016-03-09 14:40 - 00316416 _____ (Microsoft Corporation) C:\windows\SysWOW64\webio.dll 2016-07-02 00:42 - 2016-02-09 05:57 - 14634496 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll 2016-07-02 00:42 - 2016-02-09 05:57 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL 2016-07-02 00:42 - 2016-02-09 05:56 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\msdxm.ocx 2016-07-02 00:42 - 2016-02-09 05:56 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\dxmasf.dll 2016-07-02 00:42 - 2016-02-09 05:55 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\seclogon.dll 2016-07-02 00:42 - 2016-02-09 05:54 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\spwmp.dll 2016-07-02 00:42 - 2016-02-09 05:51 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL 2016-07-02 00:42 - 2016-02-09 05:51 - 11411456 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll 2016-07-02 00:42 - 2016-02-09 05:13 - 00008192 _____ (Microsoft Corporation) C:\windows\SysWOW64\spwmp.dll 2016-07-02 00:42 - 2016-02-09 05:13 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdxm.ocx 2016-07-02 00:42 - 2016-02-09 05:13 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxmasf.dll 2016-07-02 00:42 - 2016-02-05 14:56 - 00020480 _____ (Microsoft Corporation) C:\windows\system32\tbs.dll 2016-07-02 00:42 - 2016-02-05 14:54 - 00109568 _____ (Microsoft Corporation) C:\windows\system32\fveapibase.dll 2016-07-02 00:42 - 2016-02-05 13:33 - 00015360 _____ (Microsoft Corporation) C:\windows\SysWOW64\tbs.dll 2016-07-02 00:42 - 2016-02-04 21:19 - 00381440 _____ (Microsoft Corporation) C:\windows\system32\mfds.dll 2016-07-02 00:42 - 2016-02-04 14:41 - 00296448 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfds.dll 2016-07-02 00:42 - 2015-11-05 15:05 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\wshrm.dll 2016-07-02 00:42 - 2015-11-05 15:02 - 00014848 _____ (Microsoft Corporation) C:\windows\SysWOW64\wshrm.dll 2016-07-02 00:42 - 2015-11-05 05:53 - 00146944 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rmcast.sys 2016-07-02 00:42 - 2015-06-03 16:21 - 00451080 _____ (Microsoft Corporation) C:\windows\system32\fveapi.dll 2016-07-02 00:42 - 2014-11-10 23:08 - 00241152 _____ (Microsoft Corporation) C:\windows\system32\pku2u.dll 2016-07-02 00:42 - 2014-11-10 22:44 - 00186880 _____ (Microsoft Corporation) C:\windows\SysWOW64\pku2u.dll 2016-07-02 00:41 - 2016-02-03 14:07 - 00091648 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBSTOR.SYS 2016-07-02 00:41 - 2016-01-11 15:11 - 01684416 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys 2016-07-02 00:41 - 2014-07-16 22:07 - 01118720 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe 2016-07-02 00:41 - 2014-07-16 22:07 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe 2016-07-02 00:41 - 2014-07-16 22:07 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\winsta.dll 2016-07-02 00:41 - 2014-07-16 22:07 - 00150528 _____ (Microsoft Corporation) C:\windows\system32\rdpcorekmts.dll 2016-07-02 00:41 - 2014-07-16 21:40 - 00157696 _____ (Microsoft Corporation) C:\windows\SysWOW64\winsta.dll 2016-07-02 00:41 - 2014-07-16 21:39 - 01051136 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe 2016-07-02 00:41 - 2014-07-16 21:21 - 00212480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpwd.sys 2016-07-02 00:41 - 2014-07-16 21:21 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys 2016-07-02 00:35 - 2014-08-11 22:02 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\IMJP10K.DLL 2016-07-02 00:35 - 2014-08-11 21:36 - 00701440 _____ (Microsoft Corporation) C:\windows\SysWOW64\IMJP10K.DLL 2016-07-01 19:25 - 2014-10-29 22:03 - 00165888 _____ (Microsoft Corporation) C:\windows\system32\charmap.exe 2016-07-01 19:25 - 2014-10-29 21:45 - 00155136 _____ (Microsoft Corporation) C:\windows\SysWOW64\charmap.exe 2016-07-01 18:04 - 2016-07-03 12:52 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 2016-07-01 18:04 - 2016-07-03 12:26 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2016-07-01 18:04 - 2016-07-01 18:04 - 00000000 ____D C:\windows\System32\Tasks\Safer-Networking 2016-07-01 18:03 - 2016-07-01 18:03 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Jon\Downloads\spybot-2.4.exe 2016-07-01 17:55 - 2016-07-01 17:55 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Jon\Downloads\iExplore.exe 2016-07-01 17:55 - 2016-07-01 17:55 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Jon\Downloads\iExplore (1).exe 2016-07-01 15:29 - 2016-07-01 15:29 - 01108744 _____ C:\Users\Jon\Downloads\IMG_5603.mp4 2016-07-01 14:20 - 2016-07-01 14:20 - 00378281 _____ C:\Users\Jon\Downloads\Offenders with Intellectual and Developmental Disabilities Sentencing Challenges after the Abolition of Execution in the United States.pdf 2016-07-01 14:09 - 2016-07-01 14:09 - 00000000 ____D C:\windows\System32\Tasks\Norton 360 2016-07-01 14:03 - 2016-07-01 14:03 - 00003206 _____ C:\windows\System32\Tasks\Norton WSC Integration 2016-07-01 14:03 - 2016-07-01 14:03 - 00002225 _____ C:\Users\Public\Desktop\Norton 360.lnk 2016-07-01 09:21 - 2016-07-01 09:21 - 00062464 _____ C:\Users\Jon\Downloads\DAILY OPEN ENCOUNTERS_07012016.xls 2016-06-30 14:18 - 2016-06-30 14:18 - 00287025 _____ C:\Users\Jon\Downloads\Ahold_global_CR_policies.pdf 2016-06-30 11:32 - 2016-06-30 11:32 - 00020186 _____ C:\Users\Jon\Downloads\Copy of 1317 Psychiatry 7.2.16.xlsx 2016-06-29 20:02 - 2016-06-29 20:02 - 00025192 _____ C:\Users\Jon\Downloads\Office Assignments 2016-2017 (1).xlsx 2016-06-28 18:15 - 2016-06-28 18:15 - 00084886 _____ C:\Users\Jon\Downloads\1_153319_saved_contract_joy_-_71201[2].pdf 2016-06-28 18:14 - 2016-06-28 18:15 - 00036214 _____ C:\Users\Jon\Downloads\1_153319_joy_michelle[4].pdf 2016-06-28 18:14 - 2016-06-28 18:14 - 00191287 _____ C:\Users\Jon\Downloads\1_153319_joy_michelle_-_fbi.pdf 2016-06-28 18:14 - 2016-06-28 18:14 - 00172614 _____ C:\Users\Jon\Downloads\1_153319_joy_michelle[6].pdf 2016-06-28 13:31 - 2016-06-28 13:31 - 00074772 _____ C:\Users\Jon\Downloads\{17F0B6B3-68E3-4E33-9A02-CC67A8F3E7E6}.pdf 2016-06-27 19:14 - 2016-06-27 19:14 - 00025192 _____ C:\Users\Jon\Downloads\Office Assignments 2016-2017.xlsx 2016-06-24 16:27 - 2016-06-24 16:27 - 00000000 ____D C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2016-06-24 15:31 - 2016-06-24 15:31 - 00604889 _____ C:\Users\Jon\Documents\Scan0013.pdf 2016-06-24 10:48 - 2016-06-24 10:48 - 00203264 _____ C:\Users\Jon\Downloads\Moonlighting Schedule - Aug 16 to Jan 17 draft 06.23.16.xls 2016-06-09 20:39 - 2016-06-09 20:39 - 00269260 _____ C:\Users\Jon\Downloads\OS Assessment Report.pdf 2016-06-09 20:23 - 2016-06-09 20:23 - 00132140 _____ C:\Users\Jon\Downloads\msg0000 (3).WAV 2016-06-08 22:56 - 2016-06-08 22:57 - 00000000 ____D C:\Users\Jon\Desktop\Songs 2016-06-07 18:33 - 2016-06-07 18:33 - 00009799 _____ C:\Users\Jon\Downloads\Copy of Shared Holiday Rotation Schedule.xlsx 2016-06-07 18:31 - 2016-06-07 18:31 - 00012643 _____ C:\Users\Jon\Downloads\Holiday Schedule 2013.xlsx 2016-06-07 17:58 - 2016-06-07 17:58 - 00012407 _____ C:\Users\Jon\Downloads\Contact Information.xlsx 2016-06-07 17:58 - 2016-06-07 17:58 - 00012407 _____ C:\Users\Jon\Downloads\Contact Information (1).xlsx 2016-06-07 17:50 - 2016-06-07 17:50 - 00940238 _____ C:\Users\Jon\Downloads\Danilo Rojas-Velasquez LOR (1).pdf 2016-06-07 17:34 - 2016-06-07 17:34 - 00635943 _____ C:\Users\Jon\Downloads\KarinaMS Transcript (1).pdf 2016-06-07 17:33 - 2016-06-07 17:33 - 01591017 _____ C:\Users\Jon\Downloads\Melina Zuniga MS Transcript.pdf 2016-06-07 17:32 - 2016-06-07 17:32 - 00635943 _____ C:\Users\Jon\Downloads\KarinaMS Transcript.pdf 2016-06-07 17:31 - 2016-06-07 17:31 - 01067594 _____ C:\Users\Jon\Downloads\Fabiola MS Transcript.pdf 2016-06-07 17:31 - 2016-06-07 17:31 - 01067594 _____ C:\Users\Jon\Downloads\Fabiola MS Transcript (1).pdf 2016-06-07 17:26 - 2016-06-07 17:26 - 00016662 _____ C:\Users\Jon\Downloads\UPHS-CHOP Visiting Clerkship.xlsx 2016-06-07 17:25 - 2016-06-07 17:25 - 00493485 _____ C:\Users\Jon\Downloads\Trevor LOR.pdf 2016-06-07 17:22 - 2016-06-07 17:22 - 00202859 _____ C:\Users\Jon\Downloads\CV_Trevor York.pdf 2016-06-07 17:16 - 2016-06-07 17:16 - 00079409 _____ C:\Users\Jon\Downloads\Melina LOR.pdf 2016-06-07 17:10 - 2016-06-07 17:10 - 00143073 _____ C:\Users\Jon\Downloads\CV_KarinaMJ.pdf 2016-06-07 17:05 - 2016-06-07 17:05 - 01480948 _____ C:\Users\Jon\Downloads\Fabiola A. Arbelo-Cruz LoR May 19 2016.pdf 2016-06-07 17:05 - 2016-06-07 17:05 - 00073470 _____ C:\Users\Jon\Downloads\Danilo Rojas-Velasquez_Transcript.pdf 2016-06-07 17:04 - 2016-06-07 17:04 - 00940238 _____ C:\Users\Jon\Downloads\Danilo Rojas-Velasquez LOR.pdf 2016-06-04 11:27 - 2016-06-04 11:27 - 00000277 _____ C:\Users\Jon\Downloads\scholar (87).enw 2016-06-04 11:20 - 2016-06-04 11:20 - 00000228 _____ C:\Users\Jon\Downloads\scholar (86).enw ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-07-03 17:25 - 2015-06-21 18:13 - 00000910 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1586536999-29697831-1294094069-1000UA.job 2016-07-03 17:17 - 2009-07-14 00:45 - 00021280 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-07-03 17:17 - 2009-07-14 00:45 - 00021280 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-07-03 17:14 - 2009-07-14 01:13 - 00782510 _____ C:\windows\system32\PerfStringBackup.INI 2016-07-03 17:14 - 2009-07-13 23:20 - 00000000 ____D C:\windows\inf 2016-07-03 17:13 - 2012-04-22 15:33 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-07-03 17:08 - 2012-04-22 15:33 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-07-03 17:08 - 2012-04-22 15:25 - 00652973 _____ C:\windows\system32\fastboot.set 2016-07-03 17:08 - 2009-07-14 01:08 - 00000006 ____H C:\windows\Tasks\SA.DAT 2016-07-03 15:54 - 2015-12-06 19:17 - 00000000 ____D C:\windows\System32\Tasks\Remediation 2016-07-03 14:15 - 2013-10-14 09:26 - 01466368 ___SH C:\Users\Jon\Downloads\Thumbs.db 2016-07-03 13:58 - 2013-01-10 23:09 - 00000000 ____D C:\Users\Jon\AppData\Local\CrashDumps 2016-07-03 13:34 - 2016-01-22 15:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2016-07-03 13:06 - 2016-01-13 21:36 - 01017266 _____ C:\windows\ntbtlog.txt 2016-07-03 10:52 - 2015-02-02 19:24 - 00004426 _____ C:\windows\mozy.blk 2016-07-03 10:52 - 2015-02-02 19:24 - 00001354 _____ C:\windows\mozy.flt 2016-07-03 10:30 - 2009-07-13 23:20 - 00000000 ____D C:\windows\AppCompat 2016-07-03 10:25 - 2015-06-21 18:13 - 00000858 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1586536999-29697831-1294094069-1000Core.job 2016-07-02 22:19 - 2015-12-16 17:50 - 00000000 ____D C:\Users\Jon\AppData\Local\Deployment 2016-07-02 18:33 - 2012-05-10 02:07 - 00001413 _____ C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2016-07-02 18:26 - 2012-05-17 12:59 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2016-07-02 18:26 - 2009-07-14 00:45 - 00406792 _____ C:\windows\system32\FNTCACHE.DAT 2016-07-02 18:25 - 2012-05-17 12:59 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2016-07-02 18:21 - 2009-07-13 23:20 - 00000000 ____D C:\windows\PolicyDefinitions 2016-07-02 18:20 - 2009-07-13 23:20 - 00000000 ____D C:\windows\SysWOW64\Dism 2016-07-02 18:20 - 2009-07-13 23:20 - 00000000 ____D C:\windows\system32\Dism 2016-07-02 18:20 - 2009-07-13 23:20 - 00000000 ____D C:\windows\system32\AdvancedInstallers 2016-07-02 18:18 - 2011-09-28 23:37 - 00000000 ____D C:\Program Files\Windows Journal 2016-07-02 16:06 - 2009-07-13 23:20 - 00000000 ____D C:\windows\rescache 2016-07-02 13:38 - 2014-01-08 03:06 - 00000000 ____D C:\windows\system32\MRT 2016-07-02 13:27 - 2012-05-15 11:59 - 142482544 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2016-07-02 13:22 - 2014-11-20 20:09 - 00775124 _____ C:\windows\SysWOW64\PerfStringBackup.INI 2016-07-02 13:15 - 2012-05-17 13:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2016-07-02 13:04 - 2009-07-13 22:34 - 00000537 _____ C:\windows\win.ini 2016-07-01 18:07 - 2015-12-06 19:17 - 00000000 ____D C:\Program Files\Common Files\AV 2016-07-01 17:44 - 2012-04-22 15:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo Games 2016-07-01 17:44 - 2012-04-22 15:25 - 00000000 ____D C:\ProgramData\Lenovo Games 2016-07-01 17:44 - 2012-04-22 15:25 - 00000000 ____D C:\Program Files (x86)\Lenovo Games 2016-07-01 17:44 - 2009-07-14 01:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2016-07-01 14:03 - 2015-06-29 15:56 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360 2016-07-01 14:03 - 2015-06-10 23:24 - 00000000 ____D C:\windows\system32\Drivers\N360x64 2016-07-01 08:35 - 2015-06-10 23:27 - 00101112 _____ (Symantec Corporation) C:\windows\system32\Drivers\SYMEVENT64x86.SYS 2016-07-01 08:35 - 2015-06-10 23:27 - 00008270 _____ C:\windows\system32\Drivers\SYMEVENT64x86.CAT 2016-06-24 16:27 - 2012-07-31 19:30 - 00000000 ____D C:\Users\Jon\AppData\Roaming\Dropbox 2016-06-21 14:15 - 2012-11-29 18:38 - 02889216 ___SH C:\Users\Jon\Desktop\Thumbs.db 2016-06-20 22:08 - 2014-12-07 16:57 - 00000000 ____D C:\Users\Jon\Desktop\Music to transfer 2016-06-19 19:15 - 2012-04-22 15:33 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk ==================== Files in the root of some directories ======= 2014-11-20 21:06 - 2014-11-20 21:06 - 0001915 _____ () C:\Users\Jon\AppData\Roaming\SAS7_000.DAT 2012-11-24 12:38 - 2012-11-24 12:38 - 0000057 _____ () C:\ProgramData\Ament.ini 2012-05-09 14:37 - 2012-11-24 12:34 - 0008016 _____ () C:\ProgramData\hpzinstall.log Some files in TEMP: ==================== C:\Users\Jon\AppData\Local\Temp\ImageViewer4.exe C:\Users\Jon\AppData\Local\Temp\ose00000.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\windows\system32\winlogon.exe => File is digitally signed C:\windows\system32\wininit.exe => File is digitally signed C:\windows\SysWOW64\wininit.exe => File is digitally signed C:\windows\explorer.exe => File is digitally signed C:\windows\SysWOW64\explorer.exe => File is digitally signed C:\windows\system32\svchost.exe => File is digitally signed C:\windows\SysWOW64\svchost.exe => File is digitally signed C:\windows\system32\services.exe => File is digitally signed C:\windows\system32\User32.dll => File is digitally signed C:\windows\SysWOW64\User32.dll => File is digitally signed C:\windows\system32\userinit.exe => File is digitally signed C:\windows\SysWOW64\userinit.exe => File is digitally signed C:\windows\system32\rpcss.dll => File is digitally signed C:\windows\system32\dnsapi.dll => File is digitally signed C:\windows\SysWOW64\dnsapi.dll => File is digitally signed C:\windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-06-28 20:21 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-07-2016 Ran by Jon (2016-07-03 17:50:52) Running from C:\Users\Jon\Downloads Windows 7 Home Premium Service Pack 1 (X64) (2012-05-10 06:06:35) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= 7C67FBA2BB3D4386B201 (S-1-5-21-1586536999-29697831-1294094069-1003 - Limited - Enabled) Administrator (S-1-5-21-1586536999-29697831-1294094069-500 - Administrator - Disabled) Guest (S-1-5-21-1586536999-29697831-1294094069-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1586536999-29697831-1294094069-1002 - Limited - Enabled) Jon (S-1-5-21-1586536999-29697831-1294094069-1000 - Administrator - Enabled) => C:\Users\Jon ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Norton 360 Premier (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Norton 360 Premier (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66} FW: Norton 360 Premier (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden Ableton Live 8 (HKLM-x32\...\{3CBF4CD3-9370-44A0-B464-A21E588DD122}) (Version: 8.0.0.0 - Ableton) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.) Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.4.402.278 - Adobe Systems Incorporated) Adobe Reader XI (11.0.16) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.16 - Adobe Systems Incorporated) Apple Application Support (HKLM-x32\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}) (Version: 6.0.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) BrowserSafeguard with RocketTab (HKLM-x32\...\Browsersafeguard) (Version: - Browsersafeguard) <==== ATTENTION calibre (HKLM-x32\...\{D9A85F14-FFA5-40B1-8402-80D510D48D01}) (Version: 1.8.0 - Kovid Goyal) Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.04072 - Cisco Systems, Inc.) Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.04072 - Cisco Systems, Inc.) Hidden Cisco WebEx Meetings (HKU\S-1-5-21-1586536999-29697831-1294094069-1000\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC) Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 13.4.300.10 - Citrix Systems, Inc.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Digidesign Pro Tools M-Powered Essential 8.0.2 (HKLM-x32\...\{FE8CD9C9-7650-4B8D-928A-85D6CAB6CA59}) (Version: 8.0.2 - Digidesign, A Division of Avid Technology, Inc.) DNE Update (HKLM\...\{CE057713-FF03-49E6-A0B5-EF102C80117F}) (Version: 4.9.1.18389 - Deterministic Networks, Inc.) Dragon NaturallySpeaking 13 (HKLM-x32\...\{33EA20FB-5389-4938-BA59-2BCD9BB68F41}) (Version: 13.00.000 - Nuance Communications Inc.) Dropbox (HKU\S-1-5-21-1586536999-29697831-1294094069-1000\...\Dropbox) (Version: 5.4.24 - Dropbox, Inc.) Edimax Wireless LAN (HKLM-x32\...\{B63CCD1C-A133-4DF8-8306-DA0387231152}) (Version: 1.00.0205.2 - Edimax Technology Co.) EndNote X5 (HKLM-x32\...\{86B3F2D6-AC2B-0015-8AE1-F2F77F781B0C}) (Version: 15.0.0.5478 - Thomson Reuters) Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 6.0.2.1 - Lenovo) Energy Management (x32 Version: 6.0.2.1 - Lenovo) Hidden Fast Track (HKLM-x32\...\{3A1D9EDD-1284-4A0F-9B6F-512DCF5ED9D5}) (Version: 5.10.00.5128v4 - M-Audio) FredV2Step3 (HKLM-x32\...\{944B3A84-C728-487E-8306-CD3B52092B34}) (Version: 1.00.0000 - USMLE) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard) HP Officejet 6700 Basic Device Software (HKLM\...\{C0CA6788-386E-4BE1-B214-629E746A5302}) (Version: 25.0.619.0 - Hewlett-Packard Co.) HP Officejet 6700 Help (HKLM-x32\...\{50DA41E2-0701-43E2-A8BB-FAA0CB64B28B}) (Version: 140.0.2.2 - Hewlett Packard) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP) IBM SPSS Statistics 21 (HKLM\...\{1E26B9C2-ED08-4EEA-83C8-A786502B41E5}) (Version: 21.0.0.0 - IBM Corp) Intel PROSet Wireless (x32 Version: - ) Hidden Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2342 - Intel Corporation) Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{25FBDA9A-E868-4B3B-B9FF-D923818511A1}) (Version: 14.2.0000 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation) Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - ) Intel(R) Wireless Display (HKLM-x32\...\{F84906ED-BB54-4889-B131-FED9C9056FC8}) (Version: 2.0.27.0 - Intel Corporation) Interlok driver setup x64 (HKLM\...\{25613C10-27D2-410B-942B-D922D5C3A7BE}) (Version: 5.8.10 - PACE Anti-Piracy) iTunes (HKLM\...\{0E5D76AD-A3FB-48D5-8400-8903B10317D3}) (Version: 11.0.1.12 - Apple Inc.) Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation) JavaFX 2.1.0 (HKLM-x32\...\{1111706F-666A-4037-7777-210328764D10}) (Version: 2.1.0 - Oracle Corporation) join.me (HKU\S-1-5-21-1586536999-29697831-1294094069-1000\...\JoinMe) (Version: 1.5.2.214 - LogMeIn, Inc.) Juniper Citrix Services Client (HKU\S-1-5-21-1586536999-29697831-1294094069-1000\...\Juniper_Citrix_Services) (Version: 8.0.11.36363 - Juniper Networks) Juniper Networks Network Connect 7.1.0 (HKLM-x32\...\Juniper Network Connect 7.1.0) (Version: 7.1.0.20169 - Juniper Networks) Juniper Networks Network Connect 7.4.0 (HKLM-x32\...\Juniper Network Connect 7.4.0) (Version: 7.4.0.30667 - Juniper Networks) Juniper Networks Network Connect 8.0 (HKLM-x32\...\Juniper Network Connect 8.0) (Version: 8.0.11.36363 - Juniper Networks) Juniper Networks Secure Application Manager (HKLM-x32\...\Neoteris_Secure_Application_Manager) (Version: 8.0.11.36363 - Juniper Networks) Juniper Networks Setup Client (HKU\S-1-5-21-1586536999-29697831-1294094069-1000\...\Juniper_Setup_Client) (Version: 8.0.11.56747 - Juniper Networks) Juniper Networks, Inc. Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.) Juniper Networks, Inc. Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - ) Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.8000 - Broadcom Corporation) Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}) (Version: 1.11.0209.1 - Lenovo EasyCamera) Lenovo EE Boot Optimizer (HKLM\...\Lenovo EE Boot Optimizer) (Version: 0.0.1.5 - Lenovo) Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1628 - CyberLink Corp.) Lenovo OneKey Recovery (Version: 7.0.1628 - CyberLink Corp.) Hidden Lenovo Service Bridge (HKU\S-1-5-21-1586536999-29697831-1294094069-1000\...\dda9ca0b023f4c56) (Version: 1.6.3.5 - Lenovo) Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3603 - CyberLink Corp.) Lenovo YouCam (x32 Version: 3.1.3603 - CyberLink Corp.) Hidden Macromedia Dreamweaver 8 (HKLM-x32\...\{0837A661-FEC3-48B3-876C-91E7D32048A9}) (Version: 8.0.0.2734 - Macromedia) Macromedia Extension Manager (HKLM-x32\...\{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}) (Version: 1.7.240 - Macromedia, Inc.) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Mozilla Firefox 40.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla) Mozy Sync (HKLM\...\{95DB05B2-371B-3957-A65A-7CD9433701AD}) (Version: 1.3.1.4068 - Mozy, Inc.) MozyHome (HKLM\...\{81D29D4E-9658-BB63-D879-E6A625C01364}) (Version: 2.28.2.432 - Mozy, Inc.) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MuseScore 1.2 MuseScore score typesetter (HKLM-x32\...\MuseScore) (Version: 1.2.0 - Werner Schweer and Others) Norton 360 Premier (HKLM-x32\...\N360) (Version: 22.7.0.76 - Symantec Corporation) Onekey Theater (HKLM-x32\...\InstallShield_{D4B060B9-AD4A-4152-9D99-28B93C615AFE}) (Version: 2.0.2.7 - Lenovo) Onekey Theater (x32 Version: 2.0.2.7 - Lenovo) Hidden Online Plug-in (x32 Version: 13.4.300.10 - Citrix Systems, Inc.) Hidden ooVoo (HKLM-x32\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 2.2.4.25 - ooVoo LLC.) Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.7303 - CyberLink Corp.) Python 2.7.3 (HKLM-x32\...\{C0C31BCC-56FB-42A7-8766-D29E1BD74C7C}) (Version: 2.7.3150 - Python Software Foundation) qBittorrent 3.1.3 (HKLM-x32\...\qbittorrent) (Version: 3.1.3 - The qBittorrent project) QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.) Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.21.531.2010 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6505 - Realtek Semiconductor Corp.) Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10008 - Realtek Semiconductor Corp.) ResearchSoft Direct Export Helper (HKLM-x32\...\ResearchSoft Direct Export Helper) (Version: - ) ScorpionSaver (HKLM-x32\...\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}) (Version: 1.0.0.0 - Adpeak, Inc.) <==== ATTENTION ScorpionSaver Services (HKLM\...\{6E810AB6-F34E-49A3-A93F-9E503660F718}) (Version: 1.0.0.0 - Adpeak, Inc.) <==== ATTENTION Self-service Plug-in (x32 Version: 3.4.300.43589 - Citrix Systems, Inc.) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation) Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.101 - Skype Technologies S.A.) SRS Control Panel (HKLM\...\{25EE6AF4-8FD6-4E09-AD9B-3ACC0B81D902}) (Version: 1.11.4800 - SRS Labs, Inc.) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.7.0 - Synaptics Incorporated) UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.6 - Lenovo) UserGuide (x32 Version: 1.0.0.6 - Lenovo) Hidden VeriFace (HKLM-x32\...\VeriFace) (Version: 4.0.0.1206 - Lenovo) VSFilter 2.41.322 (0c3a1ea) Nightly (HKLM-x32\...\vsfilter_is1) (Version: 2.41.322 - MPC-HC Team) Windows Driver Package - Lenovo (ACPIVPC) System (12/02/2010 6.1.0.1) (HKLM\...\EA12B1FB53CE4E387C31A85236C41EF559B5E392) (Version: 12/02/2010 6.1.0.1 - Lenovo) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) WinZip 15.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BE}) (Version: 15.0.9302 - WinZip Computing, S.L. ) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1586536999-29697831-1294094069-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Jon\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1586536999-29697831-1294094069-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1586536999-29697831-1294094069-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1586536999-29697831-1294094069-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1586536999-29697831-1294094069-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1586536999-29697831-1294094069-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1586536999-29697831-1294094069-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1586536999-29697831-1294094069-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1586536999-29697831-1294094069-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1586536999-29697831-1294094069-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1586536999-29697831-1294094069-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {2575B262-CDD6-408B-8818-03BEC587BF3A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated) Task: {284E170B-6D84-4C8A-8D6D-297E182D7B7C} - System32\Tasks\{D322CD7E-30F7-4941-878E-D6FD9DDBA1A4} => pcalua.exe -a "C:\Users\Jon\Downloads\OnCallSetup (1).exe" -d C:\Users\Jon\Downloads Task: {2FF177AD-CA7C-4023-BB46-ECE607AA0521} - System32\Tasks\{51C73349-27F8-4227-BEBD-3BC5DE78951C} => pcalua.exe -a "C:\Users\Jon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PDK2THC2\cisco_vpnclient_5_0_05_0290.EXE" -d C:\Users\Jon\Desktop Task: {36D38556-D7BB-4954-84C4-9727E4529F8B} - System32\Tasks\{62B7A7AE-922B-4C00-94F9-0E45F712B6F1} => pcalua.exe -a C:\Users\Jon\Desktop\Temporary\Fast_Track_USB_Installer_5_10_0_5128v4.exe -d C:\Users\Jon\Desktop\Temporary Task: {44630D2F-7294-48C0-9741-B019496EED26} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\SymErr.exe [2016-05-23] (Symantec Corporation) Task: {4593C08A-23F0-4927-86E4-28778A30C5A6} - System32\Tasks\{57387CBE-B59C-4E69-8F54-76AA0EFF5327} => pcalua.exe -a C:\Users\Jon\Downloads\cisco_vpnclient_5_0_05_0290.EXE -d C:\Users\Jon\Downloads Task: {53569D9D-6845-49BE-AD02-562E3E061007} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {593935E7-161C-40C7-93DA-9C30F84BA059} - System32\Tasks\{E48B69F2-6054-418F-AD31-71DE0646258A} => pcalua.exe -a C:\Users\Jon\Downloads\OnCallSetup.exe -d C:\Users\Jon\Downloads Task: {616C28F9-D72F-4C32-9C98-4998855F0555} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\WSCStub.exe [2016-06-16] (Symantec Corporation) Task: {82276F44-6B0A-4897-A3C4-36BD402DDD25} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton 360 Premier\Upgrade.exe [2016-06-16] (Symantec Corporation) Task: {921F78B4-1A3A-4E64-81DD-1FF621C9E63A} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2010-12-04] (CyberLink) Task: {A27CDB4C-508D-4DD0-AB4D-4522819DE608} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1586536999-29697831-1294094069-1000UA => C:\Users\Jon\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-21] (Dropbox, Inc.) Task: {BCA70F6B-C46A-4E8D-A1F7-D7665FE66C22} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-1586536999-29697831-1294094069-1000 => Rundll32.exe dfshim.dll,ShOpenVerbShortcut C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Lenovo Service Bridge.appref-ms Task: {CC755630-1DC5-4AB7-8093-51ED6DDE5CB8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {E06D044C-700B-4791-9D44-8C46D5BAC51D} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\SymErr.exe [2016-05-23] (Symantec Corporation) Task: {EA4726D8-D68A-46DD-AB3B-16FF13EE6388} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1586536999-29697831-1294094069-1000Core => C:\Users\Jon\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-21] (Dropbox, Inc.) Task: {F25F2940-D2F9-4DB8-B114-CCF01B6EF3DD} - System32\Tasks\{1C56FE80-E45E-4B6E-980D-211BF1E372D9} => pcalua.exe -a C:\Users\Jon\Downloads\PennMedicinePulseVPN.exe -d C:\Users\Jon\Desktop (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1586536999-29697831-1294094069-1000Core.job => C:\Users\Jon\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1586536999-29697831-1294094069-1000UA.job => C:\Users\Jon\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2010-11-11 06:42 - 2010-11-11 06:42 - 00202144 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect64.dll 2010-11-11 06:44 - 2010-11-11 06:44 - 00156576 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll64.dll 2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2012-04-22 15:23 - 2012-04-22 15:23 - 01502720 _____ () C:\windows\system32\IcnOvrly.dll 2012-04-22 15:23 - 2012-04-22 15:23 - 00622592 _____ () C:\windows\system32\SimpleExt.dll 2011-07-27 16:07 - 2011-07-27 16:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll 2016-02-16 18:59 - 2013-05-15 16:27 - 00096768 _____ () C:\Program Files (x86)\Edimax\Edimax Wireless LAN\WPSService20.exe 2011-04-13 23:01 - 2011-03-25 05:28 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2011-07-27 16:07 - 2011-07-27 16:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll 2008-12-19 23:20 - 2012-04-22 15:37 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll 2008-12-19 23:20 - 2012-04-22 15:37 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll 2012-04-22 15:26 - 2012-04-22 15:26 - 00100256 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe 2013-10-10 17:48 - 2013-10-10 17:48 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll 2012-11-28 15:13 - 2012-11-28 15:13 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2012-11-28 15:13 - 2012-11-28 15:13 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2010-11-11 06:38 - 2010-11-11 06:38 - 00161696 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll 2010-11-11 06:39 - 2010-11-11 06:39 - 00133024 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll 2016-06-19 19:14 - 2016-06-15 05:15 - 01745560 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libglesv2.dll 2016-06-19 19:14 - 2016-06-15 05:15 - 00091288 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libegl.dll 2016-06-19 19:14 - 2016-06-15 05:15 - 17599640 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\Microsoft:cf3BFqf7g79MM0lm [2160] AlternateDataStreams: C:\ProgramData\Microsoft:pRmheSYvlSZTM8n8KWzK3 [2254] AlternateDataStreams: C:\ProgramData\Temp:0FF263E8 [340] AlternateDataStreams: C:\Users\Jon\Cookies:40osDOhNlUBO1BIN4tcy8tTzU [2302] AlternateDataStreams: C:\Users\Jon\Cookies:GN8u9snwcrfF1cl3jOBAye5m [2220] AlternateDataStreams: C:\Users\Jon\Local Settings:rBAZmbgEgqJC57PlLcFsoyh0jMi [2126] AlternateDataStreams: C:\Users\Jon\AppData\Local:rBAZmbgEgqJC57PlLcFsoyh0jMi [2126] AlternateDataStreams: C:\Users\Jon\AppData\Local\Application Data:rBAZmbgEgqJC57PlLcFsoyh0jMi [2126] AlternateDataStreams: C:\Users\Jon\AppData\Local\Temp:BgyUZUvWqBsQYi8ZFG1NQO4c [2404] AlternateDataStreams: C:\Users\Jon\AppData\Local\Temp:jxKhEOyuVIyYBU6j9Aj1CgwjB [2612] AlternateDataStreams: C:\Users\Jon\AppData\Local\Temp:riMUZ4E5GfQ3IDmxt78SpEtr [1992] AlternateDataStreams: C:\Users\Jon\AppData\Local\Temp:rwR3WbyrUCHGCFMKUE21XV7wX [2572] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-1586536999-29697831-1294094069-1000\...\bioservers.org -> hxxp://www.bioservers.org IE trusted site: HKU\S-1-5-21-1586536999-29697831-1294094069-1000\...\jhsph.edu -> hxxps://statepiaps.jhsph.edu ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2016-06-24 18:32 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1586536999-29697831-1294094069-1000\Control Panel\Desktop\\Wallpaper -> DNS Servers: 75.75.75.75 - 75.75.76.76 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\windows\pss\Bluetooth.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^Jon^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized MSCONFIG\startupreg: CitrixReceiver => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk" MSCONFIG\startupreg: ConnectionCenter => "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup MSCONFIG\startupreg: Dropbox Update => "C:\Users\Jon\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c MSCONFIG\startupreg: ISUSPM => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler MSCONFIG\startupreg: MobileAppSync => "C:\Program Files (x86)\Mobile App Sync\D2MClient.exe" MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" MSCONFIG\startupreg: VeriFaceManager => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{811FCE89-06AE-4DA4-877A-D9F081D097DA}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel Wireless Display\WiDiApp.exe FirewallRules: [{2A3C4040-11CC-467E-A020-B5B23936F6DF}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe FirewallRules: [{E859223C-1344-4355-86D3-987FC655AE13}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe FirewallRules: [{E8A8C664-E90F-4553-A0AD-01BB26953E10}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{6A649EB1-F752-41B0-8774-C6DBF5A6CD66}] => (Allow) LPort=2869 FirewallRules: [{F5E8D0D0-85FE-4BC8-905F-084A805B449C}] => (Allow) LPort=1900 FirewallRules: [{B0673C85-F1B7-4796-BC46-372D7EBB0335}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{81547268-9349-4D4E-A48F-542F67D39C10}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe FirewallRules: [{FE2BCAD1-664B-4A4B-ACE5-DA4E597784C3}] => (Allow) C:\Users\Jon\AppData\Local\Temp\HP\OJ4500vG510n-z_Full_13_en\setup\hpznui40.exe FirewallRules: [{7A779B23-1852-412E-A371-E676D95DB2E4}] => (Allow) C:\Users\Jon\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{192076A5-133E-4C74-ABC4-876C39B2F383}] => (Allow) C:\Users\Jon\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{0A09C46A-6544-468B-9184-83D902A894D1}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\DeviceSetup.exe FirewallRules: [{AC9EC7A7-AA9B-433C-999B-0D003F1C79C2}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe FirewallRules: [{70EDCC67-C829-4778-9EF7-29CD6CEB83F4}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe FirewallRules: [{D8752022-3822-4BA4-9F23-CAC23DA75FC0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{43DC8ADF-D93C-4923-B7B8-80F2B29F2C85}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{053E5FA6-5A4E-4D93-98A4-8FAF74C0A8E5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{7DC797CC-7AF8-47B3-81F2-DC4D1FC604C3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{EE5E6E66-72E3-4BA7-99DF-C46027980D35}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe FirewallRules: [{5C21CF8B-8CB1-4DA1-95AE-246FB0D387AB}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\21\stats.exe FirewallRules: [{815A0412-0DA4-4B03-8482-C9DDFF45A407}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\21\WinWrapIDE.exe FirewallRules: [{CA7119D9-CCC8-42B8-AA68-0FD246784251}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\21\stats.com FirewallRules: [{147DBABE-6032-4589-B56F-222231007AF0}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\21\stats.exe FirewallRules: [{2174246E-8173-4D2E-A740-2F7716CA2A52}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\21\WinWrapIDE.exe FirewallRules: [{D88213B5-C12D-408D-90FB-D21AA8657D87}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\21\stats.com FirewallRules: [TCP Query User{6B5AA8A2-A3C6-40DD-B9B4-762AB1F0C4E7}C:\users\jon\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\jon\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [UDP Query User{846A9F02-A3E7-41EE-9658-FAF11710AC06}C:\users\jon\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\jon\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [{C282E245-A5A2-4E29-9459-8FD6226A5A62}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{0EB2388F-E9FE-4DBB-8B5F-D8C8943AF16A}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe FirewallRules: [{18DBA301-07E7-401B-AA78-47696DDB8A2E}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe FirewallRules: [{759BCA42-86EA-439C-B06E-E54D5A385E66}] => (Allow) LPort=51001 FirewallRules: [{21684B86-125D-4503-9978-B744243EBFF2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{0A893491-5987-4EE1-8D35-20B821CC0574}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{1D8C60C7-4C9A-45E4-8862-C302AF907C61}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe FirewallRules: [{0EDA51EF-C4BC-4FB9-A05B-A2ECB85D6AD2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 29-06-2016 00:00:00 Scheduled Checkpoint 01-07-2016 19:25:57 Windows Update 02-07-2016 12:07:54 Windows Update ==================== Faulty Device Manager Devices ============= Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: vpnva Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Broadcom Bluetooth 2.1 USB Description: Broadcom Bluetooth 2.1 USB Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974} Manufacturer: Broadcom Service: BTHUSB Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (07/03/2016 05:08:46 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/03/2016 05:07:18 PM) (Source: DNS logging) (EventID: 0) (User: ) Description: Logger: Socket error: 10054 Error: (07/03/2016 05:03:29 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 5024 Error: (07/03/2016 05:03:29 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 5024 Error: (07/03/2016 05:03:29 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (07/03/2016 05:03:28 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 4025 Error: (07/03/2016 05:03:28 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 4025 Error: (07/03/2016 05:03:28 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (07/03/2016 05:03:27 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 3011 Error: (07/03/2016 05:03:27 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 3011 System errors: ============= Error: (07/03/2016 05:09:54 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (07/03/2016 05:09:42 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC) Error: (07/03/2016 04:17:24 PM) (Source: DCOM) (EventID: 10016) (User: Jon-PC) Description: machine-defaultLocalActivation{000C101C-0000-0000-C000-000000000046}{000C101C-0000-0000-C000-000000000046}Jon-PCJonS-1-5-21-1586536999-29697831-1294094069-1000LocalHost (Using LRPC) Error: (07/03/2016 03:52:26 PM) (Source: DCOM) (EventID: 10016) (User: Jon-PC) Description: machine-defaultLocalActivation{000C101C-0000-0000-C000-000000000046}{000C101C-0000-0000-C000-000000000046}Jon-PCJonS-1-5-21-1586536999-29697831-1294094069-1000LocalHost (Using LRPC) Error: (07/03/2016 01:35:04 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Windows Update service hung on starting. Error: (07/03/2016 01:34:03 PM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: The ScRegSetValueExW call failed for DeleteFlag with the following error: %%5 = Access is denied. Error: (07/03/2016 01:34:03 PM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: The ScRegSetValueExW call failed for DeleteFlag with the following error: %%5 = Access is denied. Error: (07/03/2016 01:31:24 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (07/03/2016 01:31:04 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC) Error: (07/03/2016 01:30:01 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: %%2 = The system cannot find the file specified. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz Percentage of memory in use: 35% Total physical RAM: 8106.14 MB Available physical RAM: 5221.07 MB Total Virtual: 16210.46 MB Available Virtual: 13282.85 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:421.81 GB) (Free:251.85 GB) NTFS Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:26.26 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 93296C60) Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=421.8 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended) Partition 4: (Not Active) - (Size=14.8 GB) - (Type=12) ==================== End of Addition.txt ============================ Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted July 4, 2016 ID:1049252 Share Posted July 4, 2016 Do not paste reports, attach them as file. Link to post Share on other sites More sharing options...
MiaMia Posted July 4, 2016 Author ID:1049311 Share Posted July 4, 2016 See attached. FRST.txt Addition.txt Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted July 4, 2016 ID:1049360 Share Posted July 4, 2016 Fix with AdwCleaner Please download AdwCleaner by Xplode and save the file to your Desktop. Right-click on icon and select Run as Administrator to start the tool. Accept the Terms of use. Wait until the database is updated. Click Scan. When finished, please click Cleaning. Your PC should reboot now. After reboot, logfile will be opened. Copy its content into your next reply. Note: Reports will be saved in your system partition, usually at C:\Adwcleaner Scan with ZOEK Please download ZOEK by Smeenk and save it to your desktop. Temporary disable your AntiVirus and AntiSpyware protection - instructions here. Right-click on icon and select Run as Administrator to start the tool. Wait patiently until the main console will appear, it may take a minute or two. In the main box please paste in the following script:createsrpoint; autoclean; emptyclsid; emptyalltemp; ipconfig /flushdns >>"%temp%\log.txt";b Make sure that Scan All Users option is checked. Push Run Script and wait patiently. The scan may take a couple of minutes. When the scan completes, a zoek-results logfile should open in notepad. If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive) Upload it in your next reply. Link to post Share on other sites More sharing options...
MiaMia Posted July 4, 2016 Author ID:1049362 Share Posted July 4, 2016 Part 1: Adwcleaner (copied and attached) - # AdwCleaner v5.201 - Logfile created 04/07/2016 at 13:57:20 # Updated 30/06/2016 by ToolsLib # Database : 2016-07-04.1 [Server] # Operating system : Windows 7 Home Premium Service Pack 1 (X64) # Username : Jon - JON-PC # Running from : C:\Users\Jon\Desktop\AdwCleaner.exe # Option : Clean # Support : https://toolslib.net/forum ***** [ Services ] ***** ***** [ Folders ] ***** [-] Folder Deleted : C:\ProgramData\Partner [#] Folder Deleted : C:\ProgramData\Application Data\Partner [-] Folder Deleted : C:\Users\Jon\AppData\Local\Browsersafeguard [-] Folder Deleted : C:\Program Files\Level Quality Watcher ***** [ Files ] ***** [-] File Deleted : C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\agp6acug.default-1385335376492\searchplugins\safesearch.xml [-] File Deleted : C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_trytoseeitmyway.com_0.localstorage [-] File Deleted : C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_trytoseeitmyway.com_0.localstorage-journal [-] File Deleted : C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage [-] File Deleted : C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal [-] File Deleted : C:\windows\SysNative\AdpeakProxy.ini [-] File Deleted : C:\windows\SysNative\AdpeakProxy64.dll [-] File Deleted : C:\windows\SysNative\AdpeakProxyOff.ini ***** [ DLLs ] ***** ***** [ WMI ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled tasks ] ***** ***** [ Registry ] ***** [-] Key Deleted : HKLM\SOFTWARE\Classes\PCProxy.DataContainer [-] Key Deleted : HKLM\SOFTWARE\Classes\PCProxy.DataContainer.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\PCProxy.DataController [-] Key Deleted : HKLM\SOFTWARE\Classes\PCProxy.DataController.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\PCProxy.DataStatistics [-] Key Deleted : HKLM\SOFTWARE\Classes\PCProxy.DataStatistics.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\PCProxy.DataTable [-] Key Deleted : HKLM\SOFTWARE\Classes\PCProxy.DataTable.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\PCProxy.DataTableFields [-] Key Deleted : HKLM\SOFTWARE\Classes\PCProxy.DataTableFields.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\PCProxy.DataTableHolder [-] Key Deleted : HKLM\SOFTWARE\Classes\PCProxy.DataTableHolder.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\PCProxy.LSPLogic [-] Key Deleted : HKLM\SOFTWARE\Classes\PCProxy.LSPLogic.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\PCProxy.ProxyChecks [-] Key Deleted : HKLM\SOFTWARE\Classes\PCProxy.ProxyChecks.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\PCProxy.ReadOnlyManager [-] Key Deleted : HKLM\SOFTWARE\Classes\PCProxy.ReadOnlyManager.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\PCProxy.WatchDog [-] Key Deleted : HKLM\SOFTWARE\Classes\PCProxy.WatchDog.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\PCProxy.WFPController [-] Key Deleted : HKLM\SOFTWARE\Classes\PCProxy.WFPController.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.Protector [-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.Protector.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho [-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib [-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9DC8FA51-B596-4F77-802C-5B295919C205} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3E28F712-0D6C-4EE3-AC8C-8F060F5D7C33} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EEBC7FF-67DA-4B90-9251-C2C5696E4B48} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{74137531-80F7-406F-9543-7D11385FA8C8} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{832599B2-55BF-4437-8F3E-030CF5AEB262} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9B7B034B-944A-4261-B487-862F642F7615} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE91F9CE-0900-4E2A-B673-F3F6E4FC54D9} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD67706E-819E-4EBD-BF8D-6D6147CC7A49} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22511E2E-7970-414E-BC7C-28D16C4AF54D} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C5311E-016D-4999-BCB1-499898429D6C} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2C4B6DB8-6413-403B-A038-16A352CFE8B9} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{46803190-228D-470E-90FE-F5E0CEA9C4F2} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5180FE16-2E09-497B-9C8B-5A6F029ECECB} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A4F6E1B3-469E-46EF-A936-FBA9D5EFD2B9} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C97AF157-6A27-4F57-9D47-E2D3E4761B77} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED0D2C81-7DB5-4599-B7C0-1033418B5672} [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowserSafeGuard [-] Key Deleted : [x64] HKLM\SOFTWARE\LevelQualityWatcher [-] Key Deleted : [x64] HKLM\SOFTWARE\Scorpion Saver [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6E810AB6-F34E-49A3-A93F-9E503660F718} [-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\Scorpion Saver [-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\6BA018E6E43F3A949AF3E90563067F81 [-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\6BA018E6E43F3A949AF3E90563067F81 [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\070C83CAC0BBFE455B6212FB4397793C [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1C19AC53289098045B06B0DD1D37CBAB [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23D9E9D21B4E77E41B9F50DD22F24E20 [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23EEA1F105A7F45449974D9B95E7AC89 [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26982796A8AFD1246B95E00265A95BF9 [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2A498D792D0AD2F4DADF03B3C066122B [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\32DA746012E6D4F488AAD113D6FA4A44 [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\382E585E62B6F595CB727CEBAB9E48A0 [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3B786268CB4A7F156A3BDF6701444F22 [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3FB1AAC4382437047A03618BF727B859 [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42D92D0D75AFEF74297E03876C8D9D33 [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4D2EB987C8C8A46578D4943D5A9A1467 [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50FFE845C555A6E4BADB7CB7A145BFEB [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6FB4398202577895B83B74B08F79C3A2 [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\715A3348920B6534690067594BB69F60 [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7617C782A0FD4D15288CD4E4ECF84C67 [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7AB2AE85638F6255CA2F35481D3A8828 [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B7B13B037A7C2A42AC3E3EAF14D7107 [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D05B2942E9CC80499F397F6114DFB35 [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8591B8948E1C4A04F90505B3CDEE8555 [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D841C5FEC311624CB88D49DB3884FA7 [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9BBBCEE5468FF9C569B1F7A24F6ED3D8 [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A1A8F5D2D938A495DBE3BC97E2BC5FA3 [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD746BF3B3B3FD8409B86604BA85982A [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C697F962E048A434B8AE269E702964C8 [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D2E5AC6B3591558529A290643010F81B [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5E8CD27C9B1C435AAB81D8619DCEFE3 [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F355F0DB7A2E3A14B8E7A568FBA25937 [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6BA018E6E43F3A949AF3E90563067F81 [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} ***** [ Web browsers ] ***** ************************* :: "Tracing" keys deleted :: Winsock settings cleared ************************* C:\AdwCleaner\AdwCleaner[C1].txt - [10112 bytes] - [04/07/2016 13:57:20] C:\AdwCleaner\AdwCleaner[S1].txt - [10035 bytes] - [04/07/2016 13:55:25] ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [10260 bytes] ########## AdwCleaner[C1].txt Link to post Share on other sites More sharing options...
MiaMia Posted July 4, 2016 Author ID:1049367 Share Posted July 4, 2016 Part 2: Zoek (copied and attached) - Zoek.exe v5.0.0.1 Updated 31-December-2015 Tool run by Jon on Mon 07/04/2016 at 14:02:25.03. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Jon\Desktop\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 7/4/2016 2:07:14 PM Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\PROGRA~2\InterLok deleted successfully C:\PROGRA~2\Lenovo Games deleted successfully C:\PROGRA~2\Malwarebytes' Anti-Malware deleted successfully C:\PROGRA~2\MSXML 4.0 deleted successfully C:\PROGRA~3\Lenovo Games deleted successfully C:\PROGRA~3\PCSettings deleted successfully C:\Users\Jon\AppData\Roaming\Malwarebytes deleted successfully C:\Users\Jon\AppData\Roaming\TeamViewer deleted successfully C:\Users\Jon\AppData\Local\calibre-cache deleted successfully C:\Users\Jon\AppData\Local\LenovoServiceBridge deleted successfully C:\Users\MyApp\AppData\Local\VirtualStore deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1586536999-29697831-1294094069-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6D53EC84-6AAE-4787-AEEE-F4628F01010C} deleted successfully HKEY_USERS\S-1-5-21-1586536999-29697831-1294094069-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6D53EC84-6AAE-4787-AEEE-F4628F01010C} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{6D53EC84-6AAE-4787-AEEE-F4628F01010C} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Batch Command(s) Run By Tool====================== Windows IP Configuration Successfully flushed the DNS Resolver Cache. ==== Deleting Files \ Folders ====================== C:\PROGRA~2\InterLok not found C:\PROGRA~2\Lenovo Games not found "c:\windows\Installer\a6dc23.msi" not found C:\Users\Jon\AppData\Roaming\calibre deleted C:\PROGRA~3\OneKey Recovery deleted C:\Users\Jon\F3C1DE9E5E164BA9B8547B53A45E3579.TMP deleted C:\windows\Installer\{6E810AB6-F34E-49A3-A93F-9E503660F718} deleted C:\Users\Jon\Downloads\Addendum INITIAL APP Bundle (1).pdf deleted C:\Users\Jon\Downloads\Addendum INITIAL APP Bundle.pdf deleted C:\windows\wininit.ini deleted C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\agp6acug.default-1385335376492\jetpack deleted "C:\windows\Installer\708847.msi" deleted ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\agp6acug.default-1385335376492 user_pref("browser.startup.homepage", "about:home"); user_pref("browser.search.defaultenginename.US", "Google"); ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "{C1A2A613-35F1-4FCF-B27F-2840527B6556}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFAddon" [07/01/2016 02:03 PM] [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "{C1A2A613-35F1-4FCF-B27F-2840527B6556}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFAddon" [07/01/2016 02:03 PM] ==== Firefox Extensions ====================== AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} - Skype - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi ==== Firefox Plugins ====================== Profilepath: C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\agp6acug.default-1385335376492 4DEEF5125602885EE00243EC3D18E68D - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll - Shockwave Flash 01815AF8A63F6DD5FF0AA94AA6E5FD23 - C:\Users\Jon\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll - Google Talk Plugin 5C075DC43D9BF0230DFB049C1ADC75F4 - C:\Users\Jon\AppData\Roaming\Mozilla\plugins\npo1d.dll - Google Talk Plugin Video Renderer 595AC36B25E33791A54E4A72F2AEAB10 - C:\Users\Jon\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll - Google Talk Plugin Video Accelerator EA0BE0B714604B706E37ED8EBAE0D89C - C:\Users\Jon\AppData\Roaming\Mozilla\plugins\npatgpc.dll - ActiveTouch General Plugin Container ==== Chromium Look ====================== Google Chrome Version: 46.0.2490.86 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions cjabmdjcfcfdmffimndhafhblfmpjdpe - C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\Exts\Chrome.crx[05/31/2016 04:19 AM] iikflkcanblccfahdhdonehdalibjnif - No path found[] lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[05/25/2016 10:31 AM] Norton Security Toolbar - Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe Norton Identity Safe - Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif Skype - Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl Norton Identity Safe - MyApp\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif Skype - MyApp\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl ==== Chromium Fix ====================== C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_toolbar.yahoo.com_0.localstorage deleted successfully C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_toolbar.yahoo.com_0.localstorage-journal deleted successfully C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.saveur.com_0.localstorage deleted successfully C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.saveur.com_0.localstorage-journal deleted successfully C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ad-s2.media6degrees.com_0.localstorage deleted successfully C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ad-s2.media6degrees.com_0.localstorage-journal deleted successfully C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ad.doubleclick.net_0.localstorage deleted successfully C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ad.doubleclick.net_0.localstorage-journal deleted successfully C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ads.spotible.com_0.localstorage deleted successfully C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ads.spotible.com_0.localstorage-journal deleted successfully C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_adserver.adtechus.com_0.localstorage deleted successfully C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_adserver.adtechus.com_0.localstorage-journal deleted successfully C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_adservices.picadmedia.com_0.localstorage deleted successfully C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_adservices.picadmedia.com_0.localstorage-journal deleted successfully C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.bringhub.com_0.localstorage deleted successfully C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.bringhub.com_0.localstorage-journal deleted successfully C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.cmptch.com_0.localstorage deleted successfully C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.cmptch.com_0.localstorage-journal deleted successfully C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.foodity.com_0.localstorage deleted successfully C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.foodity.com_0.localstorage-journal deleted successfully C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfully C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d10lpsik1i8c69.cloudfront.net_0.localstorage deleted successfully C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d10lpsik1i8c69.cloudfront.net_0.localstorage-journal deleted successfully C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d22j4fzzszoii2.cloudfront.net_0.localstorage deleted successfully C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d22j4fzzszoii2.cloudfront.net_0.localstorage-journal deleted successfully C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_dsms0mj1bbhn4.cloudfront.net_0.localstorage deleted successfully C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_dsms0mj1bbhn4.cloudfront.net_0.localstorage-journal deleted successfully C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_services1.capitalone.com_0.localstorage deleted successfully C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_services1.capitalone.com_0.localstorage-journal deleted successfully C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_services2.capitalone.com_0.localstorage deleted successfully C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_services2.capitalone.com_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.com/?gws_rd=ssl" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.com/?gws_rd=ssl" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox HKLM\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 HKLM\Wow6432Node\SearchScopes "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox HKLM\Wow6432Node\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 HKCU\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms} HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\201498728B43EBC44B401A237E795E05 deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3A9F56B942D9A2546BFE41756DE52495 deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{27894102-34B8-4CBE-B404-A132E797E550} deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9B65F9A3-9D24-452A-B6EF-1457D65E4259} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\201498728B43EBC44B401A237E795E05 deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\3A9F56B942D9A2546BFE41756DE52495 deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileAppSync deleted successfully ==== Empty IE Cache ====================== C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Jon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Jon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Jon\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Jon\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\MyApp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Jon\AppData\Local\Mozilla\Firefox\Profiles\agp6acug.default-1385335376492\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\MyApp\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=88 folders=11 18134171 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Jon\AppData\Local\Temp will be emptied at reboot C:\Users\MyApp\AppData\Local\Temp emptied successfully C:\windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\windows\Temp successfully emptied C:\Users\Jon\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted ==== EOF on Mon 07/04/2016 at 14:30:46.55 ====================== zoek-results.txt Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted July 4, 2016 ID:1049382 Share Posted July 4, 2016 Very good. How is the situation now? Link to post Share on other sites More sharing options...
MiaMia Posted July 5, 2016 Author ID:1049536 Share Posted July 5, 2016 Still can't run MBAM and the computer still turns off wifi after going into sleep mode... Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted July 5, 2016 ID:1049542 Share Posted July 5, 2016 Scan with Farbar Recovery Scan Tool Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system. Right-click on icon and select Run as Administrator to start the tool. (XP users click run after receipt of Windows Security Warning - Open File). Make sure that Addition option is checked. Press Scan button and wait. The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt. Please upload them into your next reply. Link to post Share on other sites More sharing options...
MiaMia Posted July 5, 2016 Author ID:1049554 Share Posted July 5, 2016 See attached. Thank you! Addition.txt FRST.txt Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted July 6, 2016 ID:1049614 Share Posted July 6, 2016 Fix with Farbar Recovery Scan Tool This fix was created for this user for use on that particular machine. Running it on another one may cause damage and render the system unstable. Download attached fixlist.txt file and save it to the Desktop: Both files, FRST and fixlist.txt have to be in the same location or the fix will not work! Right-click on icon and select Run as Administrator to start the tool. (XP users click run after receipt of Windows Security Warning - Open File). Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finishes FRST will generate a log on the Desktop, called Fixlog.txt. Please attach it to your reply. Uninstall outdated Malwarebytes' Anti-Malware Please download MBAM-clean and save it to your desktop. Right-click on mbam-clean.exe icon and select Run as Administrator to start the tool. It will ask you to reboot the machine - please do so. After that follow my next instructions to download & install the newset MBAM version. Scan with Malwarebytes' Anti-Malware Please download Malwarebytes Anti-Malware and save it to your desktop. Install the progam and select update. Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits. In the same tab, under PUP and PUM detections make sure it is set to Treat detections as malware. Click the Scan tab, choose Threat Scan is checked and click Start Scan. If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes. Upon completion of the scan (or after the reboot), click the History tab. Click Application Logs and double-click the Scan Log. At the bottom click Export and choose Text file. Save the file to your desktop and include its content in your next reply. fixlist.txt Link to post Share on other sites More sharing options...
MiaMia Posted July 7, 2016 Author ID:1049722 Share Posted July 7, 2016 Here are the requested logs! Thank you so much. Will see how my computer works now that I finished that. Fixlog.txt MBAMlog.txt Link to post Share on other sites More sharing options...
MiaMia Posted July 7, 2016 Author ID:1049789 Share Posted July 7, 2016 Well, i left my computer on and plugged in overnight and when I woke it, the internet still worked so everything looks solved as of now! I will definitely donate for all your help. Thank you! Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted July 7, 2016 ID:1049806 Share Posted July 7, 2016 Since there are no more problems, we can declare this PC clean Now, we can proceed with post-cleanup procedures. Let's remove my tools and create a new, non infected restore point concurrently deleting old ones. Step 1. - Creation of system restore point and tools removal. Download DelFix by Xplode and save it to your desktop. Run the tool by right click on the icon and Run as administrator option. Make sure that these ones are checked:Remove disinfection tools Purge system restore Reset system settings Push Run and wait until the tool completes his work. All tools we used should be gone. Tool will create an report for you (C:\DelFix.txt). I don't need it for review. Tool deletes old system restore points and creates a fresh system restore point after cleaning. Step 2. - Tips and tricks to keep your computer clean, safe and in a good shape. Security tips - highly recommended reading: Simple and easy ways to keep your computer safe and secure on the InternetMaintenance tips: Optimize Windows for better performanceAdditional software that I personally use and install on all my clients devices: Malwarebytes' Anti-Malware(paid version highly recommended) - to scan your system from time to time in search for malware. Malwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities. McShield - to prevent infections spread by removable media. Unchecky - to prevent from installing additional foistware, implemented in legitimate installations. CryptoPrevent - tool for protection against Cryptolocker and similar ransomware infections. Adblock - to surf the web without annoying ads! Qualys BrowserCheck - cloud service that scans your browsers and plugins to see if they’re all up-to-date. My help is free for everybody. If you're happy with the help provided and/or wish to show your appreciaton, please consider a donation: Thank you! Stay safe, TwinHeadedEagle Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 5, 2016 Root Admin ID:1054777 Share Posted August 5, 2016 Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts