Jump to content
Due to inclement weather in Southwest Florida, our Clearwater support team is offline. Our other offices are available to assist you, however their responses may be delayed. We appreciate your patience and understanding during this time. ×

MBAM won't open - tried many remedies2


Recommended Posts

Sorry, I  believe i may have posted this in the incorrect forum before.

Hello everyone,
I have tried to follow all of the instructions listed at this post with no luck: http://www.myantispyware.com/2009/06/08 ... to-fix-it/ as well as here: 

Each time I try to run the program, it won't open, whether in safe mode, a new account, renamed, etc. I see I have scorpion saver on my computer (that won't delete) and the wifi also shuts off after each sleep, so there's some funny stuff going on. Any help would be much appreciated!

Also, using the chameleon gets a little further and starts mbam-killer (bringing up around 5 files) but then says it has terminated and is unable to start the scan...

Here are the results of the Farbar recovery scan:

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-07-2016
Ran by Jon (administrator) on JON-PC (03-07-2016 14:03:47)
Running from C:\Users\Jon\Downloads
Loaded Profiles: Jon (Available Profiles: Jon)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Avid Technology, Inc.) C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
(Avid Technology, Inc.) C:\Windows\System32\M-AudioTaskBarIcon64.exe
(Juniper Networks, Inc.) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
() C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\n360.exe
(Mozy, Inc.) C:\Program Files\MozyHome\mozystat.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\Edimax\Edimax Wireless LAN\WPSService20.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\n360.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Lenovo) C:\Users\Jon\AppData\Local\Apps\2.0\7Z8W83LE.KRN\0RCY7DDE.6AE\lsb...tion_2d7b41b05b24775e_0001.0006_6c5982beb50abfca\LSB.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Mozy, Inc.) C:\Program Files\MozyHome\mozybackup.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Mozy, Inc.) C:\Program Files\MozyHome\mozybackup.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\hh.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2538280 2010-12-22] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13353064 2011-11-14] (Realtek Semiconductor)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [789920 2012-04-22] (Lenovo)
HKLM\...\Run: [M-Audio Taskbar Icon] => C:\windows\System32\M-AudioTaskBarIcon64.exe [634888 2009-02-11] (Avid Technology, Inc.)
HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2012-04-22] (Lenovo)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-07-27] (Intel(R) Corporation)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2012-04-22] (Lenovo(beijing) Limited)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9769888 2012-04-22] (Lenovo (Beijing) Limited)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [DNS7reminder] => "C:\Program Files (x86)\Nuance\NaturallySpeaking13\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking13\Ereg.ini"
HKLM-x32\...\Run: [DigidesignMMERefresh] => C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe [77824 2009-06-18] (Avid Technology, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\RunOnce: [C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\xgmeje] => cmd /C rd "C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\xgmeje" /s/q
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1586536999-29697831-1294094069-1000\...\Run: [HP Officejet 6700 (NET)] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2676584 2011-09-09] (Hewlett-Packard Co.)
HKU\S-1-5-21-1586536999-29697831-1294094069-1000\...\MountPoints2: {23844499-5145-11e2-9c64-c01885eb94df} - E:\MotoCastSetup.exe -a
HKU\S-1-5-21-1586536999-29697831-1294094069-1000\...\MountPoints2: {2384457c-5145-11e2-9c64-c01885eb94df} - E:\MotoCastSetup.exe -a
HKU\S-1-5-21-1586536999-29697831-1294094069-1000\...\MountPoints2: {5950878a-a331-11e1-9aa6-c01885eb94df} - E:\setup.exe -a
HKU\S-1-5-21-1586536999-29697831-1294094069-1000\...\MountPoints2: {7624bfd4-c44f-11e4-9fd3-c01885eb94df} - E:\VerizonSWUpgradeAssistantLauncher.exe
HKU\S-1-5-21-1586536999-29697831-1294094069-1000\...\MountPoints2: {84a463c2-5436-11e5-a259-c01885eb94df} - E:\DT4000_Launcher.exe
HKU\S-1-5-21-1586536999-29697831-1294094069-1000\...\MountPoints2: {f9184e96-9b86-11e4-bdab-c01885eb94df} - E:\VerizonSWUpgradeAssistantLauncher.exe
HKU\S-1-5-21-1586536999-29697831-1294094069-1000\...\MountPoints2: {ff372f93-b8b7-11e5-8332-c01885eb94df} - E:\VerizonSWUpgradeAssistantLauncher.exe
AppInit_DLLs-x32: C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll => C:\Program Files (x86)\Citrix\ICA Client\RSHook.dll [256392 2014-01-08] (Citrix Systems, Inc.)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\22.7.0.76\buShell.dll [2016-06-09] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\22.7.0.76\buShell.dll [2016-06-09] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\22.7.0.76\buShell.dll [2016-06-09] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ mozysyncNotUploaded] -> {34DF8AC2-A6BB-4855-B45A-CC1B4D9183E3} => C:\Program Files\Mozy Sync\mozysyncshell.dll [2014-10-31] (Mozy, Inc.)
ShellIconOverlayIdentifiers: [ mozysyncPendingChanges] -> {6673BC77-4A7B-4299-A130-14312E6B203A} => C:\Program Files\Mozy Sync\mozysyncshell.dll [2014-10-31] (Mozy, Inc.)
ShellIconOverlayIdentifiers: [ mozysyncUpToDate] -> {04547006-32F5-4635-844B-B8D7FCE47692} => C:\Program Files\Mozy Sync\mozysyncshell.dll [2014-10-31] (Mozy, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [mozy] -> {b32a6748-f273-4546-b60a-3c5adc239de5} => C:\Program Files\MozyHome\mozyshell.dll [2015-02-02] (Mozy, Inc.)
ShellIconOverlayIdentifiers: [mozy2] -> {747E722C-CB46-4a9d-BDFE-192AAD5099B1} => C:\Program Files\MozyHome\mozyshell.dll [2015-02-02] (Mozy, Inc.)
ShellIconOverlayIdentifiers: [mozy3] -> {EE6F5A00-7898-40f7-AB77-51FF9D6DEB20} => C:\Program Files\MozyHome\mozyshell.dll [2015-02-02] (Mozy, Inc.)
ShellIconOverlayIdentifiers: [VeriFace Enc] -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\windows\system32\IcnOvrly.dll [2012-04-22] ()
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MozyHome Status.lnk [2015-09-05]
ShortcutTarget: MozyHome Status.lnk -> C:\Program Files\MozyHome\mozystat.exe (Mozy, Inc.)
Startup: C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 6700 (Network).lnk [2016-07-03]
ShortcutTarget: Monitor Ink Alerts - HP Officejet 6700 (Network).lnk -> C:\Program Files\HP\HP Officejet 6700\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog9-x64 01 C:\windows\system32\AdpeakProxy64.dll [439296 2013-10-16] (Adpeak, Inc.)
Winsock: Catalog9-x64 02 C:\windows\system32\AdpeakProxy64.dll [439296 2013-10-16] (Adpeak, Inc.)
Winsock: Catalog9-x64 03 C:\windows\system32\AdpeakProxy64.dll [439296 2013-10-16] (Adpeak, Inc.)
Winsock: Catalog9-x64 04 C:\windows\system32\AdpeakProxy64.dll [439296 2013-10-16] (Adpeak, Inc.)
Winsock: Catalog9-x64 15 C:\windows\system32\AdpeakProxy64.dll [439296 2013-10-16] (Adpeak, Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{749D408D-0402-4F32-B959-7FD450A9C4F7}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKU\S-1-5-21-1586536999-29697831-1294094069-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1586536999-29697831-1294094069-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1586536999-29697831-1294094069-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1586536999-29697831-1294094069-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-1586536999-29697831-1294094069-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NSBU&chn=1000&geo=US&ver=22&locale=en_US&gct=kwd&qsrc=2869
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation)
BHO: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\dgnriaie_x64.dll [2014-07-12] (Nuance Communications, Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-22] (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation)
BHO-x32: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\dgnriaie.dll [2014-07-12] (Nuance Communications, Inc.)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-20] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-22] (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-20] (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-22] (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-22] (Google Inc.)
Toolbar: HKU\S-1-5-21-1586536999-29697831-1294094069-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-22] (Google Inc.)
Toolbar: HKU\S-1-5-21-1586536999-29697831-1294094069-1000 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {CC679CB8-DC4B-458B-B817-D447B3B6AC31} hxxps://vpn3.its.yale.edu/CACHE/stc/1/binaries/vpnweb.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-01-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-01-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-01-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-01-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-01-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-01-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-01-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-01-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-01-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-01-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-01-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-01-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-01-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-01-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-01-08] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-01-08] (Citrix Systems, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\agp6acug.default-1385335376492
FF DefaultSearchEngine.US: Google
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll [2012-09-28] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: nuance.com/DgnRia2_x86_64 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\npDgnRia2_x64.dll [2014-07-12] (Nuance Communications, Inc.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll [2012-09-28] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-10-31] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2014-01-08] (Citrix Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-20] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-09] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-04-23] (Adobe Systems Inc.)
FF Plugin-x32: nuance.com/DgnRia2 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\npDgnRia2.dll [2014-07-12] (Nuance Communications, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Jon\AppData\Roaming\mozilla\plugins\npatgpc.dll [2015-09-05] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Jon\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2013-07-30] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Jon\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll [2013-07-30] ()
FF Plugin ProgramFiles/Appdata: C:\Users\Jon\AppData\Roaming\mozilla\plugins\npo1d.dll [2013-07-30] (Google)
FF SearchPlugin: C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\agp6acug.default-1385335376492\searchplugins\safesearch.xml [2015-10-11]
FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFAddon [2016-07-01]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFAddon

Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN"
CHR Profile: C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (Norton Security Toolbar) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2016-06-30]
CHR Extension: (Google Docs Offline) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Norton Identity Safe) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-16]
CHR Extension: (Cisco WebEx Extension) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2015-09-05]
CHR Extension: (Google Scholar Button) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldipcbpaocekfooobnbcddclnhejkcpn [2015-04-21]
CHR Extension: (Skype) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-05-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\Exts\Chrome.crx [2016-07-01]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\Exts\Chrome.crx [2016-07-01]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [956192 2011-02-15] (Broadcom Corporation.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
R2 DigiRefresh; C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe [77824 2009-06-18] (Avid Technology, Inc.) [File not signed]
S3 digiSPTIService; C:\Program Files (x86)\Digidesign\Pro Tools\digiSPTIService.exe [159744 2009-06-18] (Avid Technology, Inc.) [File not signed]
R2 DragonLoggerService; C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe [137280 2014-07-12] (Nuance Communications, Inc.)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 mozybackup; C:\Program Files\MozyHome\mozybackup.exe [55040 2015-02-02] (Mozy, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-27] ()
R2 N360; C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\N360.exe [289080 2016-06-17] (Symantec Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WPSService20; C:\Program Files (x86)\Edimax\Edimax Wireless LAN\WPSService20.exe [96768 2013-05-15] () [File not signed]
S2 0235271344641637mcinstcleanup; C:\Users\Jon\AppData\Local\Temp\023527~1.EXE -cleanup -nolog [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\BASHDefs\20160701.003\BHDrvx64.sys [1832176 2016-05-12] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1607000.04C\ccSetx64.sys [174328 2016-06-01] (Symantec Corporation)
R1 DNE; C:\Windows\System32\DRIVERS\dnelwf64.sys [131160 2012-04-24] (Citrix Systems, Inc.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497392 2016-05-04] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156912 2016-05-04] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\IPSDefs\20160701.001\IDSvia64.sys [876248 2016-05-25] (Symantec Corporation)
R3 jnprna; C:\Windows\System32\DRIVERS\jnprna6.sys [504176 2011-04-19] (Juniper Networks, Inc.)
S3 MAUSBFT; C:\Windows\System32\DRIVERS\mausbft.sys [185864 2009-02-11] (Avid Technology, Inc.)
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R1 mozyFilter; C:\Windows\System32\DRIVERS\mozy.sys [69320 2015-02-02] (Mozy, Inc.)
R1 NEOFLTR_8011_36363; C:\windows\system32\Drivers\NEOFLTR_8011_36363.SYS [108344 2015-05-24] (Juniper Networks, Inc.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [1525904 2012-12-26] (Realtek Semiconductor Corporation                           )
R3 SPUVCbv; C:\Windows\System32\Drivers\usbvideo.sys [185344 2013-07-12] (Microsoft Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1607000.04C\SRTSP64.SYS [773360 2016-06-01] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1607000.04C\SRTSPX64.SYS [48888 2016-06-01] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1607000.04C\SYMEFASI64.SYS [1627352 2016-06-01] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [101112 2016-07-01] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1607000.04C\Ironx64.SYS [291056 2016-06-01] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1607000.04C\SYMNETS.SYS [567536 2016-06-01] (Symantec Corporation)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-10-10] (Cisco Systems, Inc.)
U2 CLKMSVC10_3A60B698; no ImagePath
U2 CLKMSVC10_C3B3B687; no ImagePath
U2 DriverService; no ImagePath
U2 IAStorDataMgrSvc; no ImagePath
U2 idealife Update Service; no ImagePath
U3 IGRS; no ImagePath
U2 IviRegMgr; no ImagePath
S3 NAVENG; \??\C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\SDSDefs\20160630.020\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\SDSDefs\20160630.020\EX64.SYS [X]
U2 nvUpdatusService; no ImagePath
U2 Oasis2Service; no ImagePath
U2 PCCarerServic; no ImagePath
U2 ReadyComm.DirectRouter; no ImagePath
U2 RichVideo; no ImagePath
U2 RtLedService; no ImagePath
U2 SoftwareService; no ImagePath
U2 Stereo Service; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-03 14:03 - 2016-07-03 14:04 - 00033397 _____ C:\Users\Jon\Downloads\FRST.txt
2016-07-03 14:03 - 2016-07-03 14:03 - 02390016 _____ (Farbar) C:\Users\Jon\Downloads\FRST64.exe
2016-07-03 14:03 - 2016-07-03 14:03 - 00000000 ____D C:\FRST
2016-07-03 13:53 - 2016-07-03 13:57 - 00002416 _____ C:\Users\Jon\Desktop\Rkill.txt
2016-07-03 13:52 - 2016-07-03 13:52 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Jon\Downloads\rkill.exe
2016-07-03 13:34 - 2016-07-03 13:34 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-07-03 13:34 - 2016-07-03 13:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-07-03 13:34 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2016-07-03 13:34 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2016-07-03 13:33 - 2016-07-03 13:55 - 00140672 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2016-07-03 13:31 - 2016-07-03 13:31 - 06705178 _____ C:\Users\Jon\Downloads\mbam-chameleon-3.1.33.0.zip
2016-07-03 13:14 - 2016-07-03 13:14 - 00000000 ____D C:\Users\MyApp\AppData\Local\CrashDumps
2016-07-03 13:12 - 2016-07-03 13:12 - 00112728 _____ C:\Users\MyApp\AppData\Local\GDIPFONTCACHEV1.DAT
2016-07-03 13:12 - 2016-07-03 13:12 - 00001413 _____ C:\Users\MyApp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-07-03 13:12 - 2016-07-03 13:12 - 00000000 ____D C:\Users\MyApp\AppData\Roaming\Intel
2016-07-03 13:12 - 2016-07-03 13:12 - 00000000 ____D C:\Users\MyApp\AppData\Roaming\Adobe
2016-07-03 13:11 - 2016-07-03 13:12 - 00002086 _____ C:\Users\MyApp\Desktop\OneKey Recovery.lnk
2016-07-03 13:11 - 2016-07-03 13:12 - 00001118 _____ C:\Users\MyApp\Desktop\Cyberlink Power2Go.lnk
2016-07-03 13:11 - 2016-07-03 13:12 - 00000000 ____D C:\Users\MyApp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2016-07-03 13:11 - 2016-07-03 13:11 - 00000020 ___SH C:\Users\MyApp\ntuser.ini
2016-07-03 13:11 - 2016-07-03 13:11 - 00000000 _SHDL C:\Users\MyApp\My Documents
2016-07-03 13:11 - 2016-07-03 13:11 - 00000000 _SHDL C:\Users\MyApp\Documents\My Videos
2016-07-03 13:11 - 2016-07-03 13:11 - 00000000 _SHDL C:\Users\MyApp\Documents\My Pictures
2016-07-03 13:11 - 2016-07-03 13:11 - 00000000 _SHDL C:\Users\MyApp\Documents\My Music
2016-07-03 13:11 - 2016-07-03 13:11 - 00000000 ____D C:\Users\MyApp\AppData\Local\VirtualStore
2016-07-03 13:11 - 2016-07-03 13:11 - 00000000 ____D C:\Users\MyApp\AppData\Local\Google
2016-07-03 13:11 - 2016-07-03 13:11 - 00000000 ____D C:\Users\MyApp
2016-07-03 13:11 - 2012-07-03 18:10 - 00000000 ____D C:\Users\MyApp\AppData\Roaming\Juniper Networks
2016-07-03 13:11 - 2012-06-03 14:21 - 00000000 ____D C:\Users\MyApp\AppData\Roaming\Macromedia
2016-07-03 13:11 - 2012-05-12 16:52 - 00000000 ____D C:\Users\MyApp\AppData\Local\Microsoft Help
2016-07-03 13:11 - 2011-09-28 23:37 - 00000000 ____D C:\Users\MyApp\AppData\Roaming\Media Center Programs
2016-07-03 13:11 - 2010-12-19 01:31 - 00000189 _____ C:\Users\MyApp\Desktop\Lenovo Telephony Start Now.url
2016-07-03 13:02 - 2016-07-03 13:06 - 00225948 _____ C:\TDSSKiller.3.1.0.9_03.07.2016_13.02.33_log.txt
2016-07-03 12:58 - 2016-07-03 13:26 - 00000000 ____D C:\Program Files (x86)\My App
2016-07-03 12:55 - 2016-07-03 12:55 - 00004472 _____ C:\TDSSKiller.3.1.0.9_03.07.2016_12.55.04_log.txt
2016-07-03 12:53 - 2016-07-03 12:54 - 04633146 _____ C:\Users\Jon\Downloads\tdsskiller.zip
2016-07-03 12:26 - 2016-07-03 12:26 - 00000085 _____ C:\windows\wininit.ini
2016-07-02 18:36 - 2016-07-02 18:36 - 00000000 ____D C:\Users\Jon\AppData\Local\GWX
2016-07-02 18:19 - 2016-07-02 18:30 - 00000000 ___SD C:\windows\system32\GWX
2016-07-02 18:19 - 2016-07-02 18:19 - 00000000 ___SD C:\windows\SysWOW64\GWX
2016-07-02 18:19 - 2016-07-02 18:19 - 00000000 ___SD C:\windows\system32\CompatTel
2016-07-02 18:19 - 2016-07-02 18:19 - 00000000 ____D C:\windows\system32\appraiser
2016-07-02 14:20 - 2015-01-08 19:44 - 00419936 _____ C:\windows\SysWOW64\locale.nls
2016-07-02 14:20 - 2015-01-08 19:43 - 00419936 _____ C:\windows\system32\locale.nls
2016-07-02 14:08 - 2015-07-30 09:13 - 00124624 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2016-07-02 14:08 - 2015-07-30 09:13 - 00103120 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-07-02 14:06 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\windows\system32\IEUDINIT.EXE
2016-07-02 14:02 - 2016-07-02 14:02 - 24917504 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 19607040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 14404096 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 12829696 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 06026240 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 04305920 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2016-07-02 14:02 - 2016-07-02 14:02 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2016-07-02 14:02 - 2016-07-02 14:02 - 02426880 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 02278912 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2016-07-02 14:02 - 2016-07-02 14:02 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2016-07-02 14:02 - 2016-07-02 14:02 - 01950720 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 01309696 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00942592 _____ (Microsoft Corporation) C:\windows\system32\jsIntl.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2016-07-02 14:02 - 2016-07-02 14:02 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00720384 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2016-07-02 14:02 - 2016-07-02 14:02 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00645120 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsIntl.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00616104 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dat
2016-07-02 14:02 - 2016-07-02 14:02 - 00616104 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dat
2016-07-02 14:02 - 2016-07-02 14:02 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00503808 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2016-07-02 14:02 - 2016-07-02 14:02 - 00389840 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00342728 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2016-07-02 14:02 - 2016-07-02 14:02 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\msls31.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00235008 _____ (Microsoft Corporation) C:\windows\system32\elshyph.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00233472 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00208384 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00194048 _____ (Microsoft Corporation) C:\windows\SysWOW64\elshyph.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00182272 _____ (Microsoft Corporation) C:\windows\SysWOW64\msls31.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00167424 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe
2016-07-02 14:02 - 2016-07-02 14:02 - 00151552 _____ (Microsoft Corporation) C:\windows\SysWOW64\iexpress.exe
2016-07-02 14:02 - 2016-07-02 14:02 - 00147968 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2016-07-02 14:02 - 2016-07-02 14:02 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe
2016-07-02 14:02 - 2016-07-02 14:02 - 00139264 _____ (Microsoft Corporation) C:\windows\SysWOW64\wextract.exe
2016-07-02 14:02 - 2016-07-02 14:02 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00131072 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00127488 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00116736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2016-07-02 14:02 - 2016-07-02 14:02 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2016-07-02 14:02 - 2016-07-02 14:02 - 00111616 _____ (Microsoft Corporation) C:\windows\SysWOW64\IEAdvpack.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00105984 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00101376 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00090112 _____ (Microsoft Corporation) C:\windows\system32\SetIEInstalledDate.exe
2016-07-02 14:02 - 2016-07-02 14:02 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00086016 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2016-07-02 14:02 - 2016-07-02 14:02 - 00083456 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\icardie.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2016-07-02 14:02 - 2016-07-02 14:02 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00074240 _____ (Microsoft Corporation) C:\windows\SysWOW64\SetIEInstalledDate.exe
2016-07-02 14:02 - 2016-07-02 14:02 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2016-07-02 14:02 - 2016-07-02 14:02 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardie.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2016-07-02 14:02 - 2016-07-02 14:02 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00056832 _____ (Microsoft Corporation) C:\windows\SysWOW64\pngfilt.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00048640 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmler.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\mshtmler.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00048128 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\imgutil.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00024576 _____ (Microsoft Corporation) C:\windows\SysWOW64\licmgr10.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2016-07-02 14:02 - 2016-07-02 14:02 - 00013312 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe
2016-07-02 14:02 - 2016-07-02 14:02 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2016-07-02 14:02 - 2016-07-02 14:02 - 00012800 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe
2016-07-02 14:02 - 2016-07-02 14:02 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2016-07-02 12:10 - 2014-06-30 18:24 - 00008856 _____ (Microsoft Corporation) C:\windows\system32\icardres.dll
2016-07-02 12:10 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardres.dll
2016-07-02 12:10 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\windows\SysWOW64\TsWpfWrp.exe
2016-07-02 12:10 - 2014-06-06 02:12 - 00035480 _____ (Microsoft Corporation) C:\windows\system32\TsWpfWrp.exe
2016-07-02 12:10 - 2014-03-09 17:48 - 01389208 _____ (Microsoft Corporation) C:\windows\system32\icardagt.exe
2016-07-02 12:10 - 2014-03-09 17:48 - 00171160 _____ (Microsoft Corporation) C:\windows\system32\infocardapi.dll
2016-07-02 12:10 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardagt.exe
2016-07-02 12:10 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\windows\SysWOW64\infocardapi.dll
2016-07-02 12:05 - 2015-11-19 10:07 - 00994760 _____ (Microsoft Corporation) C:\windows\system32\ucrtbase.dll
2016-07-02 12:05 - 2015-11-19 10:07 - 00063840 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-07-02 12:05 - 2015-11-19 10:07 - 00020832 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-07-02 12:05 - 2015-11-19 10:07 - 00019808 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-07-02 12:05 - 2015-11-19 10:07 - 00017760 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-07-02 12:05 - 2015-11-19 10:07 - 00017760 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-07-02 12:05 - 2015-11-19 10:07 - 00016224 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-07-02 12:05 - 2015-11-19 10:07 - 00015712 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-07-02 12:05 - 2015-11-19 10:07 - 00014176 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-07-02 12:05 - 2015-11-19 10:07 - 00014176 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-07-02 12:05 - 2015-11-19 10:07 - 00013664 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-07-02 12:05 - 2015-11-19 10:07 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-07-02 12:05 - 2015-11-19 10:07 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-07-02 12:05 - 2015-11-19 10:07 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-07-02 12:05 - 2015-11-19 10:07 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-07-02 12:05 - 2015-11-19 10:07 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-07-02 12:05 - 2015-11-19 10:07 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-07-02 12:05 - 2015-11-19 10:07 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-07-02 12:05 - 2015-11-19 10:07 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-07-02 12:05 - 2015-11-19 10:07 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-07-02 12:05 - 2015-11-19 10:07 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-07-02 12:05 - 2015-11-19 10:07 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-07-02 12:05 - 2015-11-19 10:07 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-2-0.dll
2016-07-02 12:05 - 2015-11-19 10:06 - 00922432 _____ (Microsoft Corporation) C:\windows\SysWOW64\ucrtbase.dll
2016-07-02 12:05 - 2015-11-19 10:06 - 00066400 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-07-02 12:05 - 2015-11-19 10:06 - 00022368 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-07-02 12:05 - 2015-11-19 10:06 - 00019808 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-07-02 12:05 - 2015-11-19 10:06 - 00017760 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-07-02 12:05 - 2015-11-19 10:06 - 00017760 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-07-02 12:05 - 2015-11-19 10:06 - 00016224 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-07-02 12:05 - 2015-11-19 10:06 - 00015712 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-07-02 12:05 - 2015-11-19 10:06 - 00014176 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-07-02 12:05 - 2015-11-19 10:06 - 00014176 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2016-07-02 12:05 - 2015-11-19 10:06 - 00013664 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-07-02 12:05 - 2015-11-19 10:06 - 00012640 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-07-02 12:05 - 2015-11-19 10:06 - 00012640 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-07-02 12:05 - 2015-11-19 10:06 - 00012640 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-07-02 12:05 - 2015-11-19 10:06 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-07-02 12:05 - 2015-11-19 10:06 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-07-02 12:05 - 2015-11-19 10:06 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-07-02 12:05 - 2015-11-19 10:06 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2016-07-02 12:05 - 2015-11-19 10:06 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2016-07-02 12:05 - 2015-11-19 10:06 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2016-07-02 12:05 - 2015-11-19 10:06 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2016-07-02 12:05 - 2015-11-19 10:06 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2016-07-02 12:05 - 2015-11-19 10:06 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2016-07-02 00:51 - 2015-07-30 14:06 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2016-07-02 00:51 - 2015-07-30 13:57 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2016-07-02 00:51 - 2015-07-22 20:02 - 01390592 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll
2016-07-02 00:51 - 2015-07-22 20:02 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
2016-07-02 00:51 - 2015-07-22 13:53 - 00635392 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll
2016-07-02 00:51 - 2015-07-22 12:48 - 00041984 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll
2016-07-02 00:51 - 2015-07-14 23:19 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\basesrv.dll
2016-07-02 00:50 - 2016-05-12 13:20 - 00154856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2016-07-02 00:50 - 2016-05-12 13:20 - 00095464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2016-07-02 00:50 - 2016-05-12 13:15 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2016-07-02 00:50 - 2016-05-12 13:15 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2016-07-02 00:50 - 2016-05-12 13:15 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2016-07-02 00:50 - 2016-05-12 13:15 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2016-07-02 00:50 - 2016-05-12 13:14 - 01464320 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2016-07-02 00:50 - 2016-05-12 13:14 - 01212928 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2016-07-02 00:50 - 2016-05-12 13:14 - 00730624 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2016-07-02 00:50 - 2016-05-12 13:14 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2016-07-02 00:50 - 2016-05-12 13:14 - 00463872 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2016-07-02 00:50 - 2016-05-12 13:14 - 00344064 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2016-07-02 00:50 - 2016-05-12 13:14 - 00316416 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2016-07-02 00:50 - 2016-05-12 13:14 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2016-07-02 00:50 - 2016-05-12 13:14 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
2016-07-02 00:50 - 2016-05-12 13:14 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2016-07-02 00:50 - 2016-05-12 13:14 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2016-07-02 00:50 - 2016-05-12 13:14 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2016-07-02 00:50 - 2016-05-12 13:14 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2016-07-02 00:50 - 2016-05-12 13:14 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2016-07-02 00:50 - 2016-05-12 11:18 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2016-07-02 00:50 - 2016-05-12 11:18 - 00666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2016-07-02 00:50 - 2016-05-12 11:18 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2016-07-02 00:50 - 2016-05-12 11:18 - 00342528 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2016-07-02 00:50 - 2016-05-12 11:18 - 00260608 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2016-07-02 00:50 - 2016-05-12 11:18 - 00251392 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2016-07-02 00:50 - 2016-05-12 11:18 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2016-07-02 00:50 - 2016-05-12 11:18 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2016-07-02 00:50 - 2016-05-12 11:18 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2016-07-02 00:50 - 2016-05-12 11:18 - 00141312 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll
2016-07-02 00:50 - 2016-05-12 11:18 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2016-07-02 00:50 - 2016-05-12 11:18 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2016-07-02 00:50 - 2016-05-12 11:18 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2016-07-02 00:50 - 2016-05-12 11:18 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2016-07-02 00:50 - 2016-05-12 11:18 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2016-07-02 00:50 - 2016-05-12 11:05 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2016-07-02 00:50 - 2016-05-12 10:58 - 00464896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv.sys
2016-07-02 00:50 - 2016-05-12 10:58 - 00405504 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys
2016-07-02 00:50 - 2016-05-12 10:58 - 00291328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2016-07-02 00:50 - 2016-05-12 10:58 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys
2016-07-02 00:50 - 2016-05-12 10:58 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2016-07-02 00:50 - 2016-05-12 10:58 - 00129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2016-07-02 00:50 - 2016-05-12 10:57 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2016-07-02 00:50 - 2016-05-12 10:56 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2016-07-02 00:50 - 2016-05-12 10:51 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2016-07-02 00:50 - 2016-05-12 09:05 - 00459640 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2016-07-02 00:50 - 2016-05-12 09:05 - 00297984 _____ (Microsoft Corporation) C:\windows\system32\bcryptprimitives.dll
2016-07-02 00:50 - 2016-05-12 09:04 - 00249352 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcryptprimitives.dll
2016-07-02 00:50 - 2016-03-17 18:56 - 02084864 _____ (Microsoft Corporation) C:\windows\system32\ole32.dll
2016-07-02 00:50 - 2016-03-17 18:28 - 01414144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ole32.dll
2016-07-02 00:50 - 2016-03-16 14:50 - 00156672 _____ (Microsoft Corporation) C:\windows\system32\mtxoci.dll
2016-07-02 00:50 - 2016-03-16 14:28 - 00176128 _____ (Microsoft Corporation) C:\windows\SysWOW64\msorcl32.dll
2016-07-02 00:50 - 2016-03-16 14:28 - 00111616 _____ (Microsoft Corporation) C:\windows\SysWOW64\mtxoci.dll
2016-07-02 00:50 - 2016-03-15 20:16 - 00760320 _____ (Microsoft Corporation) C:\windows\system32\samsrv.dll
2016-07-02 00:50 - 2016-03-15 20:16 - 00106496 _____ (Microsoft Corporation) C:\windows\system32\samlib.dll
2016-07-02 00:50 - 2016-03-15 19:53 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\samlib.dll
2016-07-02 00:50 - 2015-07-10 13:51 - 03722752 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2016-07-02 00:50 - 2015-07-10 13:34 - 03221504 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2016-07-02 00:49 - 2016-05-18 12:10 - 00312832 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2016-07-02 00:49 - 2016-05-18 12:09 - 00405504 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2016-07-02 00:49 - 2016-05-13 18:15 - 00382184 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2016-07-02 00:49 - 2016-05-13 18:09 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2016-07-02 00:49 - 2016-05-13 18:09 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2016-07-02 00:49 - 2016-05-13 18:09 - 00041472 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2016-07-02 00:49 - 2016-05-13 18:09 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2016-07-02 00:49 - 2016-05-13 17:54 - 00308456 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2016-07-02 00:49 - 2016-05-13 17:50 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2016-07-02 00:49 - 2016-05-13 17:49 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2016-07-02 00:49 - 2016-05-13 17:49 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2016-07-02 00:49 - 2016-05-13 17:27 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2016-07-02 00:49 - 2016-05-12 13:15 - 00105472 _____ (Microsoft Corporation) C:\windows\system32\winipsec.dll
2016-07-02 00:49 - 2016-05-12 13:14 - 00794624 _____ (Microsoft Corporation) C:\windows\system32\gpsvc.dll
2016-07-02 00:49 - 2016-05-12 13:14 - 00502272 _____ (Microsoft Corporation) C:\windows\system32\IPSECSVC.DLL
2016-07-02 00:49 - 2016-05-12 13:14 - 00373760 _____ (Microsoft Corporation) C:\windows\system32\polstore.dll
2016-07-02 00:49 - 2016-05-12 13:14 - 00096256 _____ (Microsoft Corporation) C:\windows\system32\gpapi.dll
2016-07-02 00:49 - 2016-05-12 13:14 - 00075776 _____ (Microsoft Corporation) C:\windows\system32\FwRemoteSvr.dll
2016-07-02 00:49 - 2016-05-12 11:18 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\polstore.dll
2016-07-02 00:49 - 2016-05-12 11:18 - 00079360 _____ (Microsoft Corporation) C:\windows\SysWOW64\gpapi.dll
2016-07-02 00:49 - 2016-05-12 11:18 - 00070144 _____ (Microsoft Corporation) C:\windows\SysWOW64\winipsec.dll
2016-07-02 00:49 - 2016-05-12 11:18 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\FwRemoteSvr.dll
2016-07-02 00:49 - 2016-05-12 11:03 - 03217408 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2016-07-02 00:49 - 2016-05-11 13:02 - 00483840 _____ (Microsoft Corporation) C:\windows\system32\StructuredQuery.dll
2016-07-02 00:49 - 2016-05-11 13:02 - 00444928 _____ (Microsoft Corporation) C:\windows\system32\winhttp.dll
2016-07-02 00:49 - 2016-05-11 13:02 - 00327168 _____ (Microsoft Corporation) C:\windows\system32\mswsock.dll
2016-07-02 00:49 - 2016-05-11 13:02 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\ws2_32.dll
2016-07-02 00:49 - 2016-05-11 11:19 - 00363520 _____ (Microsoft Corporation) C:\windows\SysWOW64\StructuredQuery.dll
2016-07-02 00:49 - 2016-05-11 11:19 - 00351744 _____ (Microsoft Corporation) C:\windows\SysWOW64\winhttp.dll
2016-07-02 00:49 - 2016-05-11 11:19 - 00231424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mswsock.dll
2016-07-02 00:49 - 2016-05-11 11:19 - 00206336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ws2_32.dll
2016-07-02 00:49 - 2016-05-11 11:11 - 00025088 _____ (Microsoft Corporation) C:\windows\system32\netbtugc.exe
2016-07-02 00:49 - 2016-05-11 11:01 - 00026624 _____ (Microsoft Corporation) C:\windows\SysWOW64\netbtugc.exe
2016-07-02 00:49 - 2016-05-11 10:58 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netbt.sys
2016-07-02 00:49 - 2016-04-14 09:49 - 00603648 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10level9.dll
2016-07-02 00:49 - 2016-04-14 09:21 - 00647680 _____ (Microsoft Corporation) C:\windows\system32\d3d10level9.dll
2016-07-02 00:49 - 2016-04-09 03:01 - 00986344 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2016-07-02 00:49 - 2016-04-09 03:01 - 00264936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgmms1.sys
2016-07-02 00:49 - 2016-04-09 02:58 - 14186496 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2016-07-02 00:49 - 2016-04-09 02:57 - 01867776 _____ (Microsoft Corporation) C:\windows\system32\ExplorerFrame.dll
2016-07-02 00:49 - 2016-04-09 02:57 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\cdd.dll
2016-07-02 00:49 - 2016-04-09 02:54 - 12881408 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2016-07-02 00:49 - 2016-04-09 02:54 - 01499648 _____ (Microsoft Corporation) C:\windows\SysWOW64\ExplorerFrame.dll
2016-07-02 00:49 - 2016-04-09 01:53 - 03231232 _____ (Microsoft Corporation) C:\windows\explorer.exe
2016-07-02 00:49 - 2016-04-09 01:44 - 02973184 _____ (Microsoft Corporation) C:\windows\SysWOW64\explorer.exe
2016-07-02 00:49 - 2016-04-09 00:20 - 01230848 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2016-07-02 00:49 - 2016-04-08 23:52 - 01424896 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2016-07-02 00:49 - 2016-03-09 14:54 - 00275456 _____ (Microsoft Corporation) C:\windows\system32\InkEd.dll
2016-07-02 00:49 - 2016-03-09 14:34 - 00216064 _____ (Microsoft Corporation) C:\windows\SysWOW64\InkEd.dll
2016-07-02 00:49 - 2016-03-06 14:53 - 01885696 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2016-07-02 00:49 - 2016-03-06 14:53 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2016-07-02 00:49 - 2016-03-06 14:38 - 01240576 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2016-07-02 00:49 - 2016-03-06 14:38 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2016-07-02 00:49 - 2016-02-03 14:58 - 00862208 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2016-07-02 00:49 - 2016-02-03 14:52 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\asycfilt.dll
2016-07-02 00:49 - 2016-02-03 14:49 - 00572416 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2016-07-02 00:49 - 2016-02-03 14:43 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\asycfilt.dll
2016-07-02 00:49 - 2016-02-02 14:57 - 00511488 _____ (Microsoft Corporation) C:\windows\system32\rpcss.dll
2016-07-02 00:49 - 2016-01-20 20:51 - 00073664 _____ (Microsoft Corporation) C:\windows\system32\Drivers\disk.sys
2016-07-02 00:49 - 2015-10-13 00:57 - 00950720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys
2016-07-02 00:49 - 2015-07-10 13:51 - 00158720 _____ (Microsoft Corporation) C:\windows\system32\aaclient.dll
2016-07-02 00:49 - 2015-07-10 13:51 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2016-07-02 00:49 - 2015-07-10 13:34 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2016-07-02 00:49 - 2015-07-10 13:33 - 00131584 _____ (Microsoft Corporation) C:\windows\SysWOW64\aaclient.dll
2016-07-02 00:49 - 2015-01-16 22:48 - 01067520 _____ (Microsoft Corporation) C:\windows\system32\msctf.dll
2016-07-02 00:49 - 2015-01-16 22:30 - 00828928 _____ (Microsoft Corporation) C:\windows\SysWOW64\msctf.dll
2016-07-02 00:44 - 2016-02-12 14:52 - 03169792 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2016-07-02 00:44 - 2016-02-12 14:52 - 00192512 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2016-07-02 00:44 - 2016-02-12 14:52 - 00098816 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2016-07-02 00:44 - 2016-02-12 14:44 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2016-07-02 00:44 - 2016-02-12 14:39 - 00174080 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2016-07-02 00:44 - 2016-02-12 14:22 - 02610688 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2016-07-02 00:44 - 2016-02-12 14:19 - 00709120 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2016-07-02 00:44 - 2016-02-12 14:18 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2016-07-02 00:44 - 2016-02-12 14:18 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2016-07-02 00:44 - 2016-02-12 14:18 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2016-07-02 00:44 - 2016-02-12 14:18 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2016-07-02 00:44 - 2016-02-12 14:18 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2016-07-02 00:44 - 2016-02-12 14:06 - 00573440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2016-07-02 00:44 - 2016-02-12 14:05 - 00093696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2016-07-02 00:44 - 2016-02-12 14:05 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2016-07-02 00:44 - 2016-02-12 14:05 - 00030208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2016-07-02 00:43 - 2016-06-06 12:58 - 00041704 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2016-07-02 00:43 - 2016-06-06 12:50 - 01204224 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2016-07-02 00:43 - 2016-06-03 09:05 - 01413120 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2016-07-02 00:43 - 2016-05-27 09:06 - 00569856 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2016-07-02 00:43 - 2016-05-27 09:06 - 00544256 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2016-07-02 00:43 - 2016-05-27 09:06 - 00276480 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2016-07-02 00:43 - 2016-05-27 09:06 - 00265216 _____ (Microsoft Corporation) C:\windows\system32\centel.dll
2016-07-02 00:43 - 2016-05-22 09:06 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2016-07-02 00:43 - 2016-05-12 13:15 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2016-07-02 00:43 - 2016-05-12 11:18 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2016-07-02 00:43 - 2016-04-14 12:46 - 00114408 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2016-07-02 00:43 - 2016-04-14 12:42 - 03243520 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2016-07-02 00:43 - 2016-04-14 12:42 - 01941504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2016-07-02 00:43 - 2016-04-14 12:42 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2016-07-02 00:43 - 2016-04-14 12:42 - 00070144 _____ (Microsoft Corporation) C:\windows\system32\appinfo.dll
2016-07-02 00:43 - 2016-04-14 12:42 - 00025088 _____ (Microsoft Corporation) C:\windows\system32\msimsg.dll
2016-07-02 00:43 - 2016-04-14 11:33 - 02365440 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2016-07-02 00:43 - 2016-04-14 11:33 - 01806848 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2016-07-02 00:43 - 2016-04-14 11:33 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
2016-07-02 00:43 - 2016-04-14 11:33 - 00025088 _____ (Microsoft Corporation) C:\windows\SysWOW64\msimsg.dll
2016-07-02 00:43 - 2016-04-14 11:19 - 00128000 _____ (Microsoft Corporation) C:\windows\system32\msiexec.exe
2016-07-02 00:43 - 2016-04-14 11:11 - 00073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\msiexec.exe
2016-07-02 00:43 - 2016-03-23 18:40 - 01239720 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2016-07-02 00:43 - 2016-03-23 18:40 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2016-07-02 00:43 - 2016-01-22 02:18 - 00961024 _____ (Microsoft Corporation) C:\windows\system32\CPFilters.dll
2016-07-02 00:43 - 2016-01-22 02:18 - 00723968 _____ (Microsoft Corporation) C:\windows\system32\EncDec.dll
2016-07-02 00:43 - 2016-01-22 02:04 - 00642048 _____ (Microsoft Corporation) C:\windows\SysWOW64\CPFilters.dll
2016-07-02 00:43 - 2016-01-22 02:04 - 00535040 _____ (Microsoft Corporation) C:\windows\SysWOW64\EncDec.dll
2016-07-02 00:43 - 2016-01-07 13:42 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2016-07-02 00:43 - 2015-07-09 13:58 - 01632256 _____ (Microsoft Corporation) C:\windows\system32\dwmcore.dll
2016-07-02 00:43 - 2015-07-09 13:58 - 00082944 _____ (Microsoft Corporation) C:\windows\system32\dwmapi.dll
2016-07-02 00:43 - 2015-07-09 13:42 - 01372160 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmcore.dll
2016-07-02 00:43 - 2015-07-09 13:42 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmapi.dll
2016-07-02 00:42 - 2016-04-09 03:02 - 00631176 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2016-07-02 00:42 - 2016-04-09 03:01 - 05546216 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2016-07-02 00:42 - 2016-04-09 03:01 - 00706280 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2016-07-02 00:42 - 2016-04-09 02:59 - 03998952 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2016-07-02 00:42 - 2016-04-09 02:59 - 03943144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2016-07-02 00:42 - 2016-04-09 02:59 - 01732864 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2016-07-02 00:42 - 2016-04-09 02:58 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2016-07-02 00:42 - 2016-04-09 02:58 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2016-07-02 00:42 - 2016-04-09 02:58 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2016-07-02 00:42 - 2016-04-09 02:58 - 00215552 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2016-07-02 00:42 - 2016-04-09 02:58 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2016-07-02 00:42 - 2016-04-09 02:58 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2016-07-02 00:42 - 2016-04-09 02:58 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2016-07-02 00:42 - 2016-04-09 02:57 - 01314112 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2016-07-02 00:42 - 2016-04-09 02:57 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2016-07-02 00:42 - 2016-04-09 02:57 - 00880640 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2016-07-02 00:42 - 2016-04-09 02:57 - 00419840 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2016-07-02 00:42 - 2016-04-09 02:57 - 00059904 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2016-07-02 00:42 - 2016-04-09 02:57 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2016-07-02 00:42 - 2016-04-09 02:57 - 00034816 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2016-07-02 00:42 - 2016-04-09 02:57 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2016-07-02 00:42 - 2016-04-09 02:57 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2016-07-02 00:42 - 2016-04-09 02:57 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:57 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:57 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:57 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:57 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:57 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:57 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:57 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:54 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2016-07-02 00:42 - 2016-04-09 02:54 - 00644096 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2016-07-02 00:42 - 2016-04-09 02:54 - 00275456 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2016-07-02 00:42 - 2016-04-09 02:54 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2016-07-02 00:42 - 2016-04-09 02:54 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2016-07-02 00:42 - 2016-04-09 02:54 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2016-07-02 00:42 - 2016-04-09 02:54 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:54 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2016-07-02 00:42 - 2016-04-09 02:54 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 01:52 - 00148480 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2016-07-02 00:42 - 2016-04-09 01:52 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2016-07-02 00:42 - 2016-04-09 01:52 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2016-07-02 00:42 - 2016-04-09 01:48 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2016-07-02 00:42 - 2016-04-09 01:47 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2016-07-02 00:42 - 2016-04-09 01:43 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2016-07-02 00:42 - 2016-04-09 01:38 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2016-07-02 00:42 - 2016-04-09 01:38 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2016-07-02 00:42 - 2016-04-09 01:38 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2016-07-02 00:42 - 2016-04-09 01:38 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2016-07-02 00:42 - 2016-04-09 01:37 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 01:37 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 01:37 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 01:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-07-02 00:42 - 2016-04-06 11:27 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\jnwmon.dll
2016-07-02 00:42 - 2016-03-23 18:43 - 00457400 _____ (Microsoft Corporation) C:\windows\system32\ci.dll
2016-07-02 00:42 - 2016-03-23 18:40 - 00634432 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2016-07-02 00:42 - 2016-03-23 18:40 - 00546656 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2016-07-02 00:42 - 2016-03-09 15:00 - 00396800 _____ (Microsoft Corporation) C:\windows\system32\webio.dll
2016-07-02 00:42 - 2016-03-09 14:40 - 00316416 _____ (Microsoft Corporation) C:\windows\SysWOW64\webio.dll
2016-07-02 00:42 - 2016-02-09 05:57 - 14634496 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2016-07-02 00:42 - 2016-02-09 05:57 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2016-07-02 00:42 - 2016-02-09 05:56 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\msdxm.ocx
2016-07-02 00:42 - 2016-02-09 05:56 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\dxmasf.dll
2016-07-02 00:42 - 2016-02-09 05:55 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\seclogon.dll
2016-07-02 00:42 - 2016-02-09 05:54 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\spwmp.dll
2016-07-02 00:42 - 2016-02-09 05:51 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2016-07-02 00:42 - 2016-02-09 05:51 - 11411456 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2016-07-02 00:42 - 2016-02-09 05:13 - 00008192 _____ (Microsoft Corporation) C:\windows\SysWOW64\spwmp.dll
2016-07-02 00:42 - 2016-02-09 05:13 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdxm.ocx
2016-07-02 00:42 - 2016-02-09 05:13 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxmasf.dll
2016-07-02 00:42 - 2016-02-05 14:56 - 00020480 _____ (Microsoft Corporation) C:\windows\system32\tbs.dll
2016-07-02 00:42 - 2016-02-05 14:54 - 00109568 _____ (Microsoft Corporation) C:\windows\system32\fveapibase.dll
2016-07-02 00:42 - 2016-02-05 13:33 - 00015360 _____ (Microsoft Corporation) C:\windows\SysWOW64\tbs.dll
2016-07-02 00:42 - 2016-02-04 21:19 - 00381440 _____ (Microsoft Corporation) C:\windows\system32\mfds.dll
2016-07-02 00:42 - 2016-02-04 14:41 - 00296448 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfds.dll
2016-07-02 00:42 - 2015-11-05 15:05 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\wshrm.dll
2016-07-02 00:42 - 2015-11-05 15:02 - 00014848 _____ (Microsoft Corporation) C:\windows\SysWOW64\wshrm.dll
2016-07-02 00:42 - 2015-11-05 05:53 - 00146944 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rmcast.sys
2016-07-02 00:42 - 2015-06-03 16:21 - 00451080 _____ (Microsoft Corporation) C:\windows\system32\fveapi.dll
2016-07-02 00:42 - 2014-11-10 23:08 - 00241152 _____ (Microsoft Corporation) C:\windows\system32\pku2u.dll
2016-07-02 00:42 - 2014-11-10 22:44 - 00186880 _____ (Microsoft Corporation) C:\windows\SysWOW64\pku2u.dll
2016-07-02 00:41 - 2016-02-03 14:07 - 00091648 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBSTOR.SYS
2016-07-02 00:41 - 2016-01-11 15:11 - 01684416 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2016-07-02 00:41 - 2014-07-16 22:07 - 01118720 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2016-07-02 00:41 - 2014-07-16 22:07 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
2016-07-02 00:41 - 2014-07-16 22:07 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\winsta.dll
2016-07-02 00:41 - 2014-07-16 22:07 - 00150528 _____ (Microsoft Corporation) C:\windows\system32\rdpcorekmts.dll
2016-07-02 00:41 - 2014-07-16 21:40 - 00157696 _____ (Microsoft Corporation) C:\windows\SysWOW64\winsta.dll
2016-07-02 00:41 - 2014-07-16 21:39 - 01051136 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe
2016-07-02 00:41 - 2014-07-16 21:21 - 00212480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpwd.sys
2016-07-02 00:41 - 2014-07-16 21:21 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys
2016-07-02 00:35 - 2014-08-11 22:02 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\IMJP10K.DLL
2016-07-02 00:35 - 2014-08-11 21:36 - 00701440 _____ (Microsoft Corporation) C:\windows\SysWOW64\IMJP10K.DLL
2016-07-01 19:25 - 2014-10-29 22:03 - 00165888 _____ (Microsoft Corporation) C:\windows\system32\charmap.exe
2016-07-01 19:25 - 2014-10-29 21:45 - 00155136 _____ (Microsoft Corporation) C:\windows\SysWOW64\charmap.exe
2016-07-01 18:04 - 2016-07-03 12:52 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-07-01 18:04 - 2016-07-03 12:26 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-07-01 18:04 - 2016-07-01 18:04 - 00000000 ____D C:\windows\System32\Tasks\Safer-Networking
2016-07-01 18:03 - 2016-07-01 18:03 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Jon\Downloads\spybot-2.4.exe
2016-07-01 17:55 - 2016-07-01 17:55 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Jon\Downloads\iExplore.exe
2016-07-01 17:55 - 2016-07-01 17:55 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Jon\Downloads\iExplore (1).exe
2016-07-01 15:29 - 2016-07-01 15:29 - 01108744 _____ C:\Users\Jon\Downloads\IMG_5603.mp4
2016-07-01 14:20 - 2016-07-01 14:20 - 00378281 _____ C:\Users\Jon\Downloads\Offenders with Intellectual and Developmental Disabilities Sentencing Challenges after the Abolition of Execution in the United States.pdf
2016-07-01 14:09 - 2016-07-01 14:09 - 00000000 ____D C:\windows\System32\Tasks\Norton 360
2016-07-01 14:03 - 2016-07-01 14:03 - 00003206 _____ C:\windows\System32\Tasks\Norton WSC Integration
2016-07-01 14:03 - 2016-07-01 14:03 - 00002225 _____ C:\Users\Public\Desktop\Norton 360.lnk
2016-07-01 09:21 - 2016-07-01 09:21 - 00062464 _____ C:\Users\Jon\Downloads\DAILY OPEN ENCOUNTERS_07012016.xls
2016-06-30 14:18 - 2016-06-30 14:18 - 00287025 _____ C:\Users\Jon\Downloads\Ahold_global_CR_policies.pdf
2016-06-30 11:32 - 2016-06-30 11:32 - 00020186 _____ C:\Users\Jon\Downloads\Copy of 1317 Psychiatry 7.2.16.xlsx
2016-06-29 20:02 - 2016-06-29 20:02 - 00025192 _____ C:\Users\Jon\Downloads\Office Assignments 2016-2017 (1).xlsx
2016-06-28 18:15 - 2016-06-28 18:15 - 00084886 _____ C:\Users\Jon\Downloads\1_153319_saved_contract_joy_-_71201[2].pdf
2016-06-28 18:14 - 2016-06-28 18:15 - 00036214 _____ C:\Users\Jon\Downloads\1_153319_joy_michelle[4].pdf
2016-06-28 18:14 - 2016-06-28 18:14 - 00191287 _____ C:\Users\Jon\Downloads\1_153319_joy_michelle_-_fbi.pdf
2016-06-28 18:14 - 2016-06-28 18:14 - 00172614 _____ C:\Users\Jon\Downloads\1_153319_joy_michelle[6].pdf
2016-06-28 13:31 - 2016-06-28 13:31 - 00074772 _____ C:\Users\Jon\Downloads\{17F0B6B3-68E3-4E33-9A02-CC67A8F3E7E6}.pdf
2016-06-27 19:14 - 2016-06-27 19:14 - 00025192 _____ C:\Users\Jon\Downloads\Office Assignments 2016-2017.xlsx
2016-06-24 16:27 - 2016-06-24 16:27 - 00000000 ____D C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-06-24 15:31 - 2016-06-24 15:31 - 00604889 _____ C:\Users\Jon\Documents\Scan0013.pdf
2016-06-24 10:48 - 2016-06-24 10:48 - 00203264 _____ C:\Users\Jon\Downloads\Moonlighting Schedule - Aug 16 to Jan 17 draft 06.23.16.xls
2016-06-09 20:39 - 2016-06-09 20:39 - 00269260 _____ C:\Users\Jon\Downloads\OS Assessment Report.pdf
2016-06-09 20:23 - 2016-06-09 20:23 - 00132140 _____ C:\Users\Jon\Downloads\msg0000 (3).WAV
2016-06-08 22:56 - 2016-06-08 22:57 - 00000000 ____D C:\Users\Jon\Desktop\Songs
2016-06-07 18:33 - 2016-06-07 18:33 - 00009799 _____ C:\Users\Jon\Downloads\Copy of Shared Holiday Rotation Schedule.xlsx
2016-06-07 18:31 - 2016-06-07 18:31 - 00012643 _____ C:\Users\Jon\Downloads\Holiday Schedule 2013.xlsx
2016-06-07 17:58 - 2016-06-07 17:58 - 00012407 _____ C:\Users\Jon\Downloads\Contact Information.xlsx
2016-06-07 17:58 - 2016-06-07 17:58 - 00012407 _____ C:\Users\Jon\Downloads\Contact Information (1).xlsx
2016-06-07 17:50 - 2016-06-07 17:50 - 00940238 _____ C:\Users\Jon\Downloads\Danilo Rojas-Velasquez LOR (1).pdf
2016-06-07 17:34 - 2016-06-07 17:34 - 00635943 _____ C:\Users\Jon\Downloads\KarinaMS Transcript (1).pdf
2016-06-07 17:33 - 2016-06-07 17:33 - 01591017 _____ C:\Users\Jon\Downloads\Melina Zuniga MS Transcript.pdf
2016-06-07 17:32 - 2016-06-07 17:32 - 00635943 _____ C:\Users\Jon\Downloads\KarinaMS Transcript.pdf
2016-06-07 17:31 - 2016-06-07 17:31 - 01067594 _____ C:\Users\Jon\Downloads\Fabiola MS Transcript.pdf
2016-06-07 17:31 - 2016-06-07 17:31 - 01067594 _____ C:\Users\Jon\Downloads\Fabiola MS Transcript (1).pdf
2016-06-07 17:26 - 2016-06-07 17:26 - 00016662 _____ C:\Users\Jon\Downloads\UPHS-CHOP Visiting Clerkship.xlsx
2016-06-07 17:25 - 2016-06-07 17:25 - 00493485 _____ C:\Users\Jon\Downloads\Trevor LOR.pdf
2016-06-07 17:22 - 2016-06-07 17:22 - 00202859 _____ C:\Users\Jon\Downloads\CV_Trevor York.pdf
2016-06-07 17:16 - 2016-06-07 17:16 - 00079409 _____ C:\Users\Jon\Downloads\Melina LOR.pdf
2016-06-07 17:10 - 2016-06-07 17:10 - 00143073 _____ C:\Users\Jon\Downloads\CV_KarinaMJ.pdf
2016-06-07 17:05 - 2016-06-07 17:05 - 01480948 _____ C:\Users\Jon\Downloads\Fabiola A. Arbelo-Cruz LoR May 19 2016.pdf
2016-06-07 17:05 - 2016-06-07 17:05 - 00073470 _____ C:\Users\Jon\Downloads\Danilo Rojas-Velasquez_Transcript.pdf
2016-06-07 17:04 - 2016-06-07 17:04 - 00940238 _____ C:\Users\Jon\Downloads\Danilo Rojas-Velasquez LOR.pdf
2016-06-04 11:27 - 2016-06-04 11:27 - 00000277 _____ C:\Users\Jon\Downloads\scholar (87).enw
2016-06-04 11:20 - 2016-06-04 11:20 - 00000228 _____ C:\Users\Jon\Downloads\scholar (86).enw

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-03 13:58 - 2013-01-10 23:09 - 00000000 ____D C:\Users\Jon\AppData\Local\CrashDumps
2016-07-03 13:41 - 2009-07-14 00:45 - 00021280 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-03 13:41 - 2009-07-14 00:45 - 00021280 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-03 13:36 - 2009-07-14 01:13 - 00782510 _____ C:\windows\system32\PerfStringBackup.INI
2016-07-03 13:36 - 2009-07-13 23:20 - 00000000 ____D C:\windows\inf
2016-07-03 13:34 - 2016-01-22 15:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-07-03 13:30 - 2012-04-22 15:25 - 00660833 _____ C:\windows\system32\fastboot.set
2016-07-03 13:29 - 2012-04-22 15:33 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-03 13:29 - 2009-07-14 01:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-07-03 13:25 - 2015-06-21 18:13 - 00000910 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1586536999-29697831-1294094069-1000UA.job
2016-07-03 13:13 - 2012-04-22 15:33 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-03 13:06 - 2016-01-13 21:36 - 01017266 _____ C:\windows\ntbtlog.txt
2016-07-03 10:52 - 2015-02-02 19:24 - 00004426 _____ C:\windows\mozy.blk
2016-07-03 10:52 - 2015-02-02 19:24 - 00001354 _____ C:\windows\mozy.flt
2016-07-03 10:30 - 2009-07-13 23:20 - 00000000 ____D C:\windows\AppCompat
2016-07-03 10:25 - 2015-06-21 18:13 - 00000858 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1586536999-29697831-1294094069-1000Core.job
2016-07-02 22:19 - 2015-12-16 17:50 - 00000000 ____D C:\Users\Jon\AppData\Local\Deployment
2016-07-02 18:33 - 2012-05-10 02:07 - 00001413 _____ C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-07-02 18:26 - 2012-05-17 12:59 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-07-02 18:26 - 2009-07-14 00:45 - 00406792 _____ C:\windows\system32\FNTCACHE.DAT
2016-07-02 18:25 - 2012-05-17 12:59 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-07-02 18:21 - 2009-07-13 23:20 - 00000000 ____D C:\windows\PolicyDefinitions
2016-07-02 18:20 - 2009-07-13 23:20 - 00000000 ____D C:\windows\SysWOW64\Dism
2016-07-02 18:20 - 2009-07-13 23:20 - 00000000 ____D C:\windows\system32\Dism
2016-07-02 18:20 - 2009-07-13 23:20 - 00000000 ____D C:\windows\system32\AdvancedInstallers
2016-07-02 18:18 - 2011-09-28 23:37 - 00000000 ____D C:\Program Files\Windows Journal
2016-07-02 16:06 - 2009-07-13 23:20 - 00000000 ____D C:\windows\rescache
2016-07-02 15:51 - 2015-12-06 19:17 - 00000000 ____D C:\windows\System32\Tasks\Remediation
2016-07-02 13:38 - 2014-01-08 03:06 - 00000000 ____D C:\windows\system32\MRT
2016-07-02 13:27 - 2012-05-15 11:59 - 142482544 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-07-02 13:22 - 2014-11-20 20:09 - 00775124 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2016-07-02 13:15 - 2012-05-17 13:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-07-02 13:04 - 2009-07-13 22:34 - 00000537 _____ C:\windows\win.ini
2016-07-01 18:07 - 2015-12-06 19:17 - 00000000 ____D C:\Program Files\Common Files\AV
2016-07-01 17:44 - 2012-04-22 15:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo Games
2016-07-01 17:44 - 2012-04-22 15:25 - 00000000 ____D C:\ProgramData\Lenovo Games
2016-07-01 17:44 - 2012-04-22 15:25 - 00000000 ____D C:\Program Files (x86)\Lenovo Games
2016-07-01 17:44 - 2009-07-14 01:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-07-01 14:03 - 2015-06-29 15:56 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2016-07-01 14:03 - 2015-06-10 23:24 - 00000000 ____D C:\windows\system32\Drivers\N360x64
2016-07-01 08:35 - 2015-06-10 23:27 - 00101112 _____ (Symantec Corporation) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
2016-07-01 08:35 - 2015-06-10 23:27 - 00008270 _____ C:\windows\system32\Drivers\SYMEVENT64x86.CAT
2016-06-28 16:17 - 2013-10-14 09:26 - 01453568 ___SH C:\Users\Jon\Downloads\Thumbs.db
2016-06-24 16:27 - 2012-07-31 19:30 - 00000000 ____D C:\Users\Jon\AppData\Roaming\Dropbox
2016-06-21 14:15 - 2012-11-29 18:38 - 02889216 ___SH C:\Users\Jon\Desktop\Thumbs.db
2016-06-20 22:08 - 2014-12-07 16:57 - 00000000 ____D C:\Users\Jon\Desktop\Music to transfer
2016-06-19 19:15 - 2012-04-22 15:33 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

==================== Files in the root of some directories =======

2014-11-20 21:06 - 2014-11-20 21:06 - 0001915 _____ () C:\Users\Jon\AppData\Roaming\SAS7_000.DAT
2012-11-24 12:38 - 2012-11-24 12:38 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-05-09 14:37 - 2012-11-24 12:34 - 0008016 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\Jon\AppData\Local\Temp\ImageViewer4.exe
C:\Users\Jon\AppData\Local\Temp\ose00000.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-06-28 20:21

==================== End of FRST.txt ============================

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-07-2016
Ran by Jon (2016-07-03 14:05:26)
Running from C:\Users\Jon\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2012-05-10 06:06:35)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

7C67FBA2BB3D4386B201 (S-1-5-21-1586536999-29697831-1294094069-1003 - Limited - Enabled)
Administrator (S-1-5-21-1586536999-29697831-1294094069-500 - Administrator - Disabled)
Guest (S-1-5-21-1586536999-29697831-1294094069-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1586536999-29697831-1294094069-1002 - Limited - Enabled)
Jon (S-1-5-21-1586536999-29697831-1294094069-1000 - Administrator - Enabled) => C:\Users\Jon

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton 360 Premier (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 Premier (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton 360 Premier (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Ableton Live 8 (HKLM-x32\...\{3CBF4CD3-9370-44A0-B464-A21E588DD122}) (Version: 8.0.0.0 - Ableton)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.4.402.278 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.16) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.16 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}) (Version: 6.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BrowserSafeguard with RocketTab (HKLM-x32\...\Browsersafeguard) (Version:  - Browsersafeguard) <==== ATTENTION
calibre (HKLM-x32\...\{D9A85F14-FFA5-40B1-8402-80D510D48D01}) (Version: 1.8.0 - Kovid Goyal)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.04072 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.04072 - Cisco Systems, Inc.) Hidden
Cisco WebEx Meetings (HKU\S-1-5-21-1586536999-29697831-1294094069-1000\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 13.4.300.10 - Citrix Systems, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Digidesign Pro Tools M-Powered Essential 8.0.2 (HKLM-x32\...\{FE8CD9C9-7650-4B8D-928A-85D6CAB6CA59}) (Version: 8.0.2 - Digidesign, A Division of Avid Technology, Inc.)
DNE Update (HKLM\...\{CE057713-FF03-49E6-A0B5-EF102C80117F}) (Version: 4.9.1.18389 - Deterministic Networks, Inc.)
Dragon NaturallySpeaking 13 (HKLM-x32\...\{33EA20FB-5389-4938-BA59-2BCD9BB68F41}) (Version: 13.00.000 - Nuance Communications Inc.)
Dropbox (HKU\S-1-5-21-1586536999-29697831-1294094069-1000\...\Dropbox) (Version: 5.4.24 - Dropbox, Inc.)
Edimax Wireless LAN (HKLM-x32\...\{B63CCD1C-A133-4DF8-8306-DA0387231152}) (Version: 1.00.0205.2 - Edimax Technology Co.)
EndNote X5 (HKLM-x32\...\{86B3F2D6-AC2B-0015-8AE1-F2F77F781B0C}) (Version: 15.0.0.5478 - Thomson Reuters)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 6.0.2.1 - Lenovo)
Energy Management (x32 Version: 6.0.2.1 - Lenovo) Hidden
Fast Track (HKLM-x32\...\{3A1D9EDD-1284-4A0F-9B6F-512DCF5ED9D5}) (Version: 5.10.00.5128v4 - M-Audio)
FredV2Step3 (HKLM-x32\...\{944B3A84-C728-487E-8306-CD3B52092B34}) (Version: 1.00.0000 - USMLE)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet 6700 Basic Device Software (HKLM\...\{C0CA6788-386E-4BE1-B214-629E746A5302}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
HP Officejet 6700 Help (HKLM-x32\...\{50DA41E2-0701-43E2-A8BB-FAA0CB64B28B}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IBM SPSS Statistics 21 (HKLM\...\{1E26B9C2-ED08-4EEA-83C8-A786502B41E5}) (Version: 21.0.0.0 - IBM Corp)
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2342 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{25FBDA9A-E868-4B3B-B9FF-D923818511A1}) (Version: 14.2.0000 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel(R) Wireless Display (HKLM-x32\...\{F84906ED-BB54-4889-B131-FED9C9056FC8}) (Version: 2.0.27.0 - Intel Corporation)
Interlok driver setup x64 (HKLM\...\{25613C10-27D2-410B-942B-D922D5C3A7BE}) (Version: 5.8.10 - PACE Anti-Piracy)
iTunes (HKLM\...\{0E5D76AD-A3FB-48D5-8400-8903B10317D3}) (Version: 11.0.1.12 - Apple Inc.)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
JavaFX 2.1.0 (HKLM-x32\...\{1111706F-666A-4037-7777-210328764D10}) (Version: 2.1.0 - Oracle Corporation)
join.me (HKU\S-1-5-21-1586536999-29697831-1294094069-1000\...\JoinMe) (Version: 1.5.2.214 - LogMeIn, Inc.)
Juniper Citrix Services Client (HKU\S-1-5-21-1586536999-29697831-1294094069-1000\...\Juniper_Citrix_Services) (Version: 8.0.11.36363 - Juniper Networks)
Juniper Networks Network Connect 7.1.0 (HKLM-x32\...\Juniper Network Connect 7.1.0) (Version: 7.1.0.20169 - Juniper Networks)
Juniper Networks Network Connect 7.4.0 (HKLM-x32\...\Juniper Network Connect 7.4.0) (Version: 7.4.0.30667 - Juniper Networks)
Juniper Networks Network Connect 8.0 (HKLM-x32\...\Juniper Network Connect 8.0) (Version: 8.0.11.36363 - Juniper Networks)
Juniper Networks Secure Application Manager (HKLM-x32\...\Neoteris_Secure_Application_Manager) (Version: 8.0.11.36363 - Juniper Networks)
Juniper Networks Setup Client (HKU\S-1-5-21-1586536999-29697831-1294094069-1000\...\Juniper_Setup_Client) (Version: 8.0.11.56747 - Juniper Networks)
Juniper Networks, Inc. Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.8000 - Broadcom Corporation)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}) (Version: 1.11.0209.1 - Lenovo EasyCamera)
Lenovo EE Boot Optimizer (HKLM\...\Lenovo EE Boot Optimizer) (Version: 0.0.1.5 - Lenovo)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1628 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.1628 - CyberLink Corp.) Hidden
Lenovo Service Bridge (HKU\S-1-5-21-1586536999-29697831-1294094069-1000\...\dda9ca0b023f4c56) (Version: 1.6.3.5 - Lenovo)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3603 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 3.1.3603 - CyberLink Corp.) Hidden
Macromedia Dreamweaver 8 (HKLM-x32\...\{0837A661-FEC3-48B3-876C-91E7D32048A9}) (Version: 8.0.0.2734 - Macromedia)
Macromedia Extension Manager (HKLM-x32\...\{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}) (Version: 1.7.240 - Macromedia, Inc.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 40.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
Mozy Sync (HKLM\...\{95DB05B2-371B-3957-A65A-7CD9433701AD}) (Version: 1.3.1.4068 - Mozy, Inc.)
MozyHome (HKLM\...\{81D29D4E-9658-BB63-D879-E6A625C01364}) (Version: 2.28.2.432 - Mozy, Inc.)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MuseScore 1.2 MuseScore score typesetter (HKLM-x32\...\MuseScore) (Version: 1.2.0 - Werner Schweer and Others)
Norton 360 Premier (HKLM-x32\...\N360) (Version: 22.7.0.76 - Symantec Corporation)
Onekey Theater (HKLM-x32\...\InstallShield_{D4B060B9-AD4A-4152-9D99-28B93C615AFE}) (Version: 2.0.2.7 - Lenovo)
Onekey Theater (x32 Version: 2.0.2.7 - Lenovo) Hidden
Online Plug-in (x32 Version: 13.4.300.10 - Citrix Systems, Inc.) Hidden
ooVoo (HKLM-x32\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 2.2.4.25 - ooVoo LLC.)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.7303 - CyberLink Corp.)
Python 2.7.3 (HKLM-x32\...\{C0C31BCC-56FB-42A7-8766-D29E1BD74C7C}) (Version: 2.7.3150 - Python Software Foundation)
qBittorrent 3.1.3 (HKLM-x32\...\qbittorrent) (Version: 3.1.3 - The qBittorrent project)
QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.21.531.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6505 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10008 - Realtek Semiconductor Corp.)
ResearchSoft Direct Export Helper (HKLM-x32\...\ResearchSoft Direct Export Helper) (Version:  - )
ScorpionSaver (HKLM-x32\...\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}) (Version: 1.0.0.0 - Adpeak, Inc.) <==== ATTENTION
ScorpionSaver Services (HKLM\...\{6E810AB6-F34E-49A3-A93F-9E503660F718}) (Version: 1.0.0.0 - Adpeak, Inc.) <==== ATTENTION
Self-service Plug-in (x32 Version: 3.4.300.43589 - Citrix Systems, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.101 - Skype Technologies S.A.)
SRS Control Panel (HKLM\...\{25EE6AF4-8FD6-4E09-AD9B-3ACC0B81D902}) (Version: 1.11.4800 - SRS Labs, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.7.0 - Synaptics Incorporated)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.6 - Lenovo)
UserGuide (x32 Version: 1.0.0.6 - Lenovo) Hidden
VeriFace (HKLM-x32\...\VeriFace) (Version: 4.0.0.1206 - Lenovo)
VSFilter 2.41.322 (0c3a1ea) Nightly (HKLM-x32\...\vsfilter_is1) (Version: 2.41.322 - MPC-HC Team)
Windows Driver Package - Lenovo (ACPIVPC) System  (12/02/2010 6.1.0.1) (HKLM\...\EA12B1FB53CE4E387C31A85236C41EF559B5E392) (Version: 12/02/2010 6.1.0.1 - Lenovo)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinZip 15.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BE}) (Version: 15.0.9302 - WinZip Computing, S.L. )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1586536999-29697831-1294094069-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Jon\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1586536999-29697831-1294094069-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1586536999-29697831-1294094069-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1586536999-29697831-1294094069-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1586536999-29697831-1294094069-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1586536999-29697831-1294094069-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1586536999-29697831-1294094069-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1586536999-29697831-1294094069-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1586536999-29697831-1294094069-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1586536999-29697831-1294094069-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1586536999-29697831-1294094069-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2575B262-CDD6-408B-8818-03BEC587BF3A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {284E170B-6D84-4C8A-8D6D-297E182D7B7C} - System32\Tasks\{D322CD7E-30F7-4941-878E-D6FD9DDBA1A4} => pcalua.exe -a "C:\Users\Jon\Downloads\OnCallSetup (1).exe" -d C:\Users\Jon\Downloads
Task: {2FF177AD-CA7C-4023-BB46-ECE607AA0521} - System32\Tasks\{51C73349-27F8-4227-BEBD-3BC5DE78951C} => pcalua.exe -a "C:\Users\Jon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PDK2THC2\cisco_vpnclient_5_0_05_0290.EXE" -d C:\Users\Jon\Desktop
Task: {36D38556-D7BB-4954-84C4-9727E4529F8B} - System32\Tasks\{62B7A7AE-922B-4C00-94F9-0E45F712B6F1} => pcalua.exe -a C:\Users\Jon\Desktop\Temporary\Fast_Track_USB_Installer_5_10_0_5128v4.exe -d C:\Users\Jon\Desktop\Temporary
Task: {44630D2F-7294-48C0-9741-B019496EED26} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\SymErr.exe [2016-05-23] (Symantec Corporation)
Task: {4593C08A-23F0-4927-86E4-28778A30C5A6} - System32\Tasks\{57387CBE-B59C-4E69-8F54-76AA0EFF5327} => pcalua.exe -a C:\Users\Jon\Downloads\cisco_vpnclient_5_0_05_0290.EXE -d C:\Users\Jon\Downloads
Task: {53569D9D-6845-49BE-AD02-562E3E061007} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {591C5A4D-9FA5-4AEA-96DD-71F0B5D1D875} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton 360 Premier\Upgrade.exe [2016-06-16] (Symantec Corporation)
Task: {593935E7-161C-40C7-93DA-9C30F84BA059} - System32\Tasks\{E48B69F2-6054-418F-AD31-71DE0646258A} => pcalua.exe -a C:\Users\Jon\Downloads\OnCallSetup.exe -d C:\Users\Jon\Downloads
Task: {616C28F9-D72F-4C32-9C98-4998855F0555} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\WSCStub.exe [2016-06-16] (Symantec Corporation)
Task: {921F78B4-1A3A-4E64-81DD-1FF621C9E63A} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2010-12-04] (CyberLink)
Task: {A27CDB4C-508D-4DD0-AB4D-4522819DE608} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1586536999-29697831-1294094069-1000UA => C:\Users\Jon\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-21] (Dropbox, Inc.)
Task: {BCA70F6B-C46A-4E8D-A1F7-D7665FE66C22} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-1586536999-29697831-1294094069-1000 => Rundll32.exe dfshim.dll,ShOpenVerbShortcut C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Lenovo Service Bridge.appref-ms
Task: {CC755630-1DC5-4AB7-8093-51ED6DDE5CB8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {E06D044C-700B-4791-9D44-8C46D5BAC51D} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\SymErr.exe [2016-05-23] (Symantec Corporation)
Task: {EA4726D8-D68A-46DD-AB3B-16FF13EE6388} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1586536999-29697831-1294094069-1000Core => C:\Users\Jon\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-21] (Dropbox, Inc.)
Task: {F25F2940-D2F9-4DB8-B114-CCF01B6EF3DD} - System32\Tasks\{1C56FE80-E45E-4B6E-980D-211BF1E372D9} => pcalua.exe -a C:\Users\Jon\Downloads\PennMedicinePulseVPN.exe -d C:\Users\Jon\Desktop

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1586536999-29697831-1294094069-1000Core.job => C:\Users\Jon\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1586536999-29697831-1294094069-1000UA.job => C:\Users\Jon\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2010-11-11 06:42 - 2010-11-11 06:42 - 00202144 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect64.dll
2010-11-11 06:44 - 2010-11-11 06:44 - 00156576 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll64.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-04-22 15:23 - 2012-04-22 15:23 - 01502720 _____ () C:\windows\system32\IcnOvrly.dll
2011-07-27 16:07 - 2011-07-27 16:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2011-04-13 23:01 - 2011-03-25 05:28 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-07-27 16:07 - 2011-07-27 16:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2012-04-22 15:26 - 2012-04-22 15:26 - 00100256 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
2008-12-19 23:20 - 2012-04-22 15:37 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2008-12-19 23:20 - 2012-04-22 15:37 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2016-02-16 18:59 - 2013-05-15 16:27 - 00096768 _____ () C:\Program Files (x86)\Edimax\Edimax Wireless LAN\WPSService20.exe
2013-10-10 17:48 - 2013-10-10 17:48 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2012-11-28 15:13 - 2012-11-28 15:13 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-11-28 15:13 - 2012-11-28 15:13 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-11-11 06:38 - 2010-11-11 06:38 - 00161696 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll
2010-11-11 06:39 - 2010-11-11 06:39 - 00133024 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2016-06-19 19:14 - 2016-06-15 05:15 - 01745560 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libglesv2.dll
2016-06-19 19:14 - 2016-06-15 05:15 - 00091288 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Microsoft:cf3BFqf7g79MM0lm [2160]
AlternateDataStreams: C:\ProgramData\Microsoft:pRmheSYvlSZTM8n8KWzK3 [2254]
AlternateDataStreams: C:\ProgramData\Temp:0FF263E8 [340]
AlternateDataStreams: C:\Users\Jon\Cookies:40osDOhNlUBO1BIN4tcy8tTzU [2302]
AlternateDataStreams: C:\Users\Jon\Cookies:GN8u9snwcrfF1cl3jOBAye5m [2220]
AlternateDataStreams: C:\Users\Jon\Local Settings:rBAZmbgEgqJC57PlLcFsoyh0jMi [2126]
AlternateDataStreams: C:\Users\Jon\AppData\Local:rBAZmbgEgqJC57PlLcFsoyh0jMi [2126]
AlternateDataStreams: C:\Users\Jon\AppData\Local\Application Data:rBAZmbgEgqJC57PlLcFsoyh0jMi [2126]
AlternateDataStreams: C:\Users\Jon\AppData\Local\Temp:BgyUZUvWqBsQYi8ZFG1NQO4c [2404]
AlternateDataStreams: C:\Users\Jon\AppData\Local\Temp:jxKhEOyuVIyYBU6j9Aj1CgwjB [2612]
AlternateDataStreams: C:\Users\Jon\AppData\Local\Temp:riMUZ4E5GfQ3IDmxt78SpEtr [1992]
AlternateDataStreams: C:\Users\Jon\AppData\Local\Temp:rwR3WbyrUCHGCFMKUE21XV7wX [2572]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1586536999-29697831-1294094069-1000\...\bioservers.org -> hxxp://www.bioservers.org
IE trusted site: HKU\S-1-5-21-1586536999-29697831-1294094069-1000\...\jhsph.edu -> hxxps://statepiaps.jhsph.edu

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2016-06-24 18:32 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1586536999-29697831-1294094069-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Jon^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
MSCONFIG\startupreg: CitrixReceiver => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
MSCONFIG\startupreg: ConnectionCenter => "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
MSCONFIG\startupreg: Dropbox Update => "C:\Users\Jon\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
MSCONFIG\startupreg: ISUSPM => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
MSCONFIG\startupreg: MobileAppSync => "C:\Program Files (x86)\Mobile App Sync\D2MClient.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: VeriFaceManager => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{811FCE89-06AE-4DA4-877A-D9F081D097DA}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel Wireless Display\WiDiApp.exe
FirewallRules: [{2A3C4040-11CC-467E-A020-B5B23936F6DF}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{E859223C-1344-4355-86D3-987FC655AE13}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{E8A8C664-E90F-4553-A0AD-01BB26953E10}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{6A649EB1-F752-41B0-8774-C6DBF5A6CD66}] => (Allow) LPort=2869
FirewallRules: [{F5E8D0D0-85FE-4BC8-905F-084A805B449C}] => (Allow) LPort=1900
FirewallRules: [{B0673C85-F1B7-4796-BC46-372D7EBB0335}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{81547268-9349-4D4E-A48F-542F67D39C10}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{FE2BCAD1-664B-4A4B-ACE5-DA4E597784C3}] => (Allow) C:\Users\Jon\AppData\Local\Temp\HP\OJ4500vG510n-z_Full_13_en\setup\hpznui40.exe
FirewallRules: [{7A779B23-1852-412E-A371-E676D95DB2E4}] => (Allow) C:\Users\Jon\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{192076A5-133E-4C74-ABC4-876C39B2F383}] => (Allow) C:\Users\Jon\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{0A09C46A-6544-468B-9184-83D902A894D1}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\DeviceSetup.exe
FirewallRules: [{AC9EC7A7-AA9B-433C-999B-0D003F1C79C2}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe
FirewallRules: [{70EDCC67-C829-4778-9EF7-29CD6CEB83F4}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{D8752022-3822-4BA4-9F23-CAC23DA75FC0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{43DC8ADF-D93C-4923-B7B8-80F2B29F2C85}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{053E5FA6-5A4E-4D93-98A4-8FAF74C0A8E5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7DC797CC-7AF8-47B3-81F2-DC4D1FC604C3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EE5E6E66-72E3-4BA7-99DF-C46027980D35}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{5C21CF8B-8CB1-4DA1-95AE-246FB0D387AB}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\21\stats.exe
FirewallRules: [{815A0412-0DA4-4B03-8482-C9DDFF45A407}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\21\WinWrapIDE.exe
FirewallRules: [{CA7119D9-CCC8-42B8-AA68-0FD246784251}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\21\stats.com
FirewallRules: [{147DBABE-6032-4589-B56F-222231007AF0}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\21\stats.exe
FirewallRules: [{2174246E-8173-4D2E-A740-2F7716CA2A52}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\21\WinWrapIDE.exe
FirewallRules: [{D88213B5-C12D-408D-90FB-D21AA8657D87}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\21\stats.com
FirewallRules: [TCP Query User{6B5AA8A2-A3C6-40DD-B9B4-762AB1F0C4E7}C:\users\jon\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\jon\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{846A9F02-A3E7-41EE-9658-FAF11710AC06}C:\users\jon\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\jon\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{C282E245-A5A2-4E29-9459-8FD6226A5A62}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{0EB2388F-E9FE-4DBB-8B5F-D8C8943AF16A}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{18DBA301-07E7-401B-AA78-47696DDB8A2E}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{759BCA42-86EA-439C-B06E-E54D5A385E66}] => (Allow) LPort=51001
FirewallRules: [{21684B86-125D-4503-9978-B744243EBFF2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0A893491-5987-4EE1-8D35-20B821CC0574}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1D8C60C7-4C9A-45E4-8862-C302AF907C61}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{0EDA51EF-C4BC-4FB9-A05B-A2ECB85D6AD2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

29-06-2016 00:00:00 Scheduled Checkpoint
01-07-2016 19:25:57 Windows Update
02-07-2016 12:07:54 Windows Update

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Broadcom Bluetooth 2.1 USB
Description: Broadcom Bluetooth 2.1 USB
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Broadcom
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/03/2016 01:58:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 2.3.173.0, time stamp: 0x56e065b4
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x2264
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (07/03/2016 01:58:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 2.3.173.0, time stamp: 0x56e065b4
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x206c
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (07/03/2016 01:55:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.com, version: 2.3.173.0, time stamp: 0x56e065b4
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x2050
Faulting application start time: 0xmbam.com0
Faulting application path: mbam.com1
Faulting module path: mbam.com2
Report Id: mbam.com3

Error: (07/03/2016 01:55:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 2.3.173.0, time stamp: 0x56e065b4
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x1c20
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (07/03/2016 01:54:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 2.3.173.0, time stamp: 0x56e065b4
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x1fd4
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (07/03/2016 01:47:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 2.3.173.0, time stamp: 0x56e065b4
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x128c
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (07/03/2016 01:45:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 2.3.173.0, time stamp: 0x56e065b4
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x478
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (07/03/2016 01:40:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 2.3.173.0, time stamp: 0x56e065b4
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x708
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (07/03/2016 01:38:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 2.3.173.0, time stamp: 0x56e065b4
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x1384
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (07/03/2016 01:34:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 0.0.0.0, time stamp: 0x56e065b4
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x1450
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3


System errors:
=============
Error: (07/03/2016 01:35:04 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (07/03/2016 01:34:03 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for DeleteFlag with the following error: 
%%5 = Access is denied.


Error: (07/03/2016 01:34:03 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for DeleteFlag with the following error: 
%%5 = Access is denied.


Error: (07/03/2016 01:31:24 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (07/03/2016 01:31:04 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

Error: (07/03/2016 01:30:01 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: 
%%2 = The system cannot find the file specified.


Error: (07/03/2016 01:29:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMProtector service failed to start due to the following error: 
%%2 = The system cannot find the file specified.


Error: (07/03/2016 01:24:34 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for DeleteFlag with the following error: 
%%5 = Access is denied.


Error: (07/03/2016 01:24:34 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for DeleteFlag with the following error: 
%%5 = Access is denied.


Error: (07/03/2016 01:12:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz
Percentage of memory in use: 36%
Total physical RAM: 8106.14 MB
Available physical RAM: 5146.81 MB
Total Virtual: 16210.46 MB
Available Virtual: 13068.63 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:421.81 GB) (Free:251.79 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:26.26 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 93296C60)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=421.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=14.8 GB) - (Type=12)

==================== End of Addition.txt ============================

20160703_133748.jpg

Link to post
Share on other sites

Hello and :welcome:

 

FRST.gif Scan with Farbar Recovery Scan Tool
 
Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.


Please upload them into your next reply.

Link to post
Share on other sites

Thanks so much!

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-07-2016
Ran by Jon (administrator) on JON-PC (03-07-2016 17:49:19)
Running from C:\Users\Jon\Downloads
Loaded Profiles: Jon (Available Profiles: Jon)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Avid Technology, Inc.) C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
(Juniper Networks, Inc.) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\n360.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\Edimax\Edimax Wireless LAN\WPSService20.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
(Avid Technology, Inc.) C:\Windows\System32\M-AudioTaskBarIcon64.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe
(Mozy, Inc.) C:\Program Files\MozyHome\mozystat.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
() C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\n360.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Lenovo) C:\Users\Jon\AppData\Local\Apps\2.0\7Z8W83LE.KRN\0RCY7DDE.6AE\lsb...tion_2d7b41b05b24775e_0001.0006_6c5982beb50abfca\LSB.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Mozy, Inc.) C:\Program Files\MozyHome\mozybackup.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Mozy, Inc.) C:\Program Files\MozyHome\mozybackup.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2538280 2010-12-22] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13353064 2011-11-14] (Realtek Semiconductor)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [789920 2012-04-22] (Lenovo)
HKLM\...\Run: [M-Audio Taskbar Icon] => C:\windows\System32\M-AudioTaskBarIcon64.exe [634888 2009-02-11] (Avid Technology, Inc.)
HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2012-04-22] (Lenovo)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-07-27] (Intel(R) Corporation)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2012-04-22] (Lenovo(beijing) Limited)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9769888 2012-04-22] (Lenovo (Beijing) Limited)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [DNS7reminder] => "C:\Program Files (x86)\Nuance\NaturallySpeaking13\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking13\Ereg.ini"
HKLM-x32\...\Run: [DigidesignMMERefresh] => C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe [77824 2009-06-18] (Avid Technology, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1586536999-29697831-1294094069-1000\...\Run: [HP Officejet 6700 (NET)] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2676584 2011-09-09] (Hewlett-Packard Co.)
HKU\S-1-5-21-1586536999-29697831-1294094069-1000\...\MountPoints2: {23844499-5145-11e2-9c64-c01885eb94df} - E:\MotoCastSetup.exe -a
HKU\S-1-5-21-1586536999-29697831-1294094069-1000\...\MountPoints2: {2384457c-5145-11e2-9c64-c01885eb94df} - E:\MotoCastSetup.exe -a
HKU\S-1-5-21-1586536999-29697831-1294094069-1000\...\MountPoints2: {5950878a-a331-11e1-9aa6-c01885eb94df} - E:\setup.exe -a
HKU\S-1-5-21-1586536999-29697831-1294094069-1000\...\MountPoints2: {7624bfd4-c44f-11e4-9fd3-c01885eb94df} - E:\VerizonSWUpgradeAssistantLauncher.exe
HKU\S-1-5-21-1586536999-29697831-1294094069-1000\...\MountPoints2: {84a463c2-5436-11e5-a259-c01885eb94df} - E:\DT4000_Launcher.exe
HKU\S-1-5-21-1586536999-29697831-1294094069-1000\...\MountPoints2: {f9184e96-9b86-11e4-bdab-c01885eb94df} - E:\VerizonSWUpgradeAssistantLauncher.exe
HKU\S-1-5-21-1586536999-29697831-1294094069-1000\...\MountPoints2: {ff372f93-b8b7-11e5-8332-c01885eb94df} - E:\VerizonSWUpgradeAssistantLauncher.exe
AppInit_DLLs-x32: C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll => C:\Program Files (x86)\Citrix\ICA Client\RSHook.dll [256392 2014-01-08] (Citrix Systems, Inc.)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\22.7.0.76\buShell.dll [2016-06-09] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\22.7.0.76\buShell.dll [2016-06-09] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\22.7.0.76\buShell.dll [2016-06-09] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ mozysyncNotUploaded] -> {34DF8AC2-A6BB-4855-B45A-CC1B4D9183E3} => C:\Program Files\Mozy Sync\mozysyncshell.dll [2014-10-31] (Mozy, Inc.)
ShellIconOverlayIdentifiers: [ mozysyncPendingChanges] -> {6673BC77-4A7B-4299-A130-14312E6B203A} => C:\Program Files\Mozy Sync\mozysyncshell.dll [2014-10-31] (Mozy, Inc.)
ShellIconOverlayIdentifiers: [ mozysyncUpToDate] -> {04547006-32F5-4635-844B-B8D7FCE47692} => C:\Program Files\Mozy Sync\mozysyncshell.dll [2014-10-31] (Mozy, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [mozy] -> {b32a6748-f273-4546-b60a-3c5adc239de5} => C:\Program Files\MozyHome\mozyshell.dll [2015-02-02] (Mozy, Inc.)
ShellIconOverlayIdentifiers: [mozy2] -> {747E722C-CB46-4a9d-BDFE-192AAD5099B1} => C:\Program Files\MozyHome\mozyshell.dll [2015-02-02] (Mozy, Inc.)
ShellIconOverlayIdentifiers: [mozy3] -> {EE6F5A00-7898-40f7-AB77-51FF9D6DEB20} => C:\Program Files\MozyHome\mozyshell.dll [2015-02-02] (Mozy, Inc.)
ShellIconOverlayIdentifiers: [VeriFace Enc] -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\windows\system32\IcnOvrly.dll [2012-04-22] ()
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MozyHome Status.lnk [2015-09-05]
ShortcutTarget: MozyHome Status.lnk -> C:\Program Files\MozyHome\mozystat.exe (Mozy, Inc.)
Startup: C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 6700 (Network).lnk [2016-07-03]
ShortcutTarget: Monitor Ink Alerts - HP Officejet 6700 (Network).lnk -> C:\Program Files\HP\HP Officejet 6700\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog9-x64 01 C:\windows\system32\AdpeakProxy64.dll [439296 2013-10-16] (Adpeak, Inc.)
Winsock: Catalog9-x64 02 C:\windows\system32\AdpeakProxy64.dll [439296 2013-10-16] (Adpeak, Inc.)
Winsock: Catalog9-x64 03 C:\windows\system32\AdpeakProxy64.dll [439296 2013-10-16] (Adpeak, Inc.)
Winsock: Catalog9-x64 04 C:\windows\system32\AdpeakProxy64.dll [439296 2013-10-16] (Adpeak, Inc.)
Winsock: Catalog9-x64 15 C:\windows\system32\AdpeakProxy64.dll [439296 2013-10-16] (Adpeak, Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{749D408D-0402-4F32-B959-7FD450A9C4F7}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKU\S-1-5-21-1586536999-29697831-1294094069-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1586536999-29697831-1294094069-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1586536999-29697831-1294094069-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1586536999-29697831-1294094069-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-1586536999-29697831-1294094069-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NSBU&chn=1000&geo=US&ver=22&locale=en_US&gct=kwd&qsrc=2869
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation)
BHO: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\dgnriaie_x64.dll [2014-07-12] (Nuance Communications, Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-22] (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation)
BHO-x32: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\dgnriaie.dll [2014-07-12] (Nuance Communications, Inc.)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-20] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-22] (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-20] (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-22] (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-22] (Google Inc.)
Toolbar: HKU\S-1-5-21-1586536999-29697831-1294094069-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-22] (Google Inc.)
Toolbar: HKU\S-1-5-21-1586536999-29697831-1294094069-1000 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {CC679CB8-DC4B-458B-B817-D447B3B6AC31} hxxps://vpn3.its.yale.edu/CACHE/stc/1/binaries/vpnweb.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-01-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-01-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-01-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-01-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-01-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-01-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-01-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-01-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-01-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-01-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-01-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-01-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-01-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-01-08] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-01-08] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-01-08] (Citrix Systems, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\agp6acug.default-1385335376492
FF DefaultSearchEngine.US: Google
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll [2012-09-28] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: nuance.com/DgnRia2_x86_64 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\npDgnRia2_x64.dll [2014-07-12] (Nuance Communications, Inc.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll [2012-09-28] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-10-31] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2014-01-08] (Citrix Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-20] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-09] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-04-23] (Adobe Systems Inc.)
FF Plugin-x32: nuance.com/DgnRia2 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\npDgnRia2.dll [2014-07-12] (Nuance Communications, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Jon\AppData\Roaming\mozilla\plugins\npatgpc.dll [2015-09-05] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Jon\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2013-07-30] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Jon\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll [2013-07-30] ()
FF Plugin ProgramFiles/Appdata: C:\Users\Jon\AppData\Roaming\mozilla\plugins\npo1d.dll [2013-07-30] (Google)
FF SearchPlugin: C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\agp6acug.default-1385335376492\searchplugins\safesearch.xml [2015-10-11]
FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFAddon [2016-07-01]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFAddon

Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN"
CHR Profile: C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (Norton Security Toolbar) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2016-06-30]
CHR Extension: (Google Docs Offline) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Norton Identity Safe) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-16]
CHR Extension: (Cisco WebEx Extension) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2015-09-05]
CHR Extension: (Google Scholar Button) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldipcbpaocekfooobnbcddclnhejkcpn [2015-04-21]
CHR Extension: (Skype) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-05-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\Exts\Chrome.crx [2016-07-01]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\Exts\Chrome.crx [2016-07-01]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [956192 2011-02-15] (Broadcom Corporation.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
R2 DigiRefresh; C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe [77824 2009-06-18] (Avid Technology, Inc.) [File not signed]
S3 digiSPTIService; C:\Program Files (x86)\Digidesign\Pro Tools\digiSPTIService.exe [159744 2009-06-18] (Avid Technology, Inc.) [File not signed]
R2 DragonLoggerService; C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe [137280 2014-07-12] (Nuance Communications, Inc.)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 mozybackup; C:\Program Files\MozyHome\mozybackup.exe [55040 2015-02-02] (Mozy, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-27] ()
R2 N360; C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\N360.exe [289080 2016-06-17] (Symantec Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WPSService20; C:\Program Files (x86)\Edimax\Edimax Wireless LAN\WPSService20.exe [96768 2013-05-15] () [File not signed]
S2 0235271344641637mcinstcleanup; C:\Users\Jon\AppData\Local\Temp\023527~1.EXE -cleanup -nolog [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\BASHDefs\20160701.003\BHDrvx64.sys [1832176 2016-05-12] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1607000.04C\ccSetx64.sys [174328 2016-06-01] (Symantec Corporation)
R1 DNE; C:\Windows\System32\DRIVERS\dnelwf64.sys [131160 2012-04-24] (Citrix Systems, Inc.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497392 2016-05-04] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156912 2016-05-04] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\IPSDefs\20160701.001\IDSvia64.sys [876248 2016-05-25] (Symantec Corporation)
R3 jnprna; C:\Windows\System32\DRIVERS\jnprna6.sys [504176 2011-04-19] (Juniper Networks, Inc.)
S3 MAUSBFT; C:\Windows\System32\DRIVERS\mausbft.sys [185864 2009-02-11] (Avid Technology, Inc.)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R1 mozyFilter; C:\Windows\System32\DRIVERS\mozy.sys [69320 2015-02-02] (Mozy, Inc.)
R1 NEOFLTR_8011_36363; C:\windows\system32\Drivers\NEOFLTR_8011_36363.SYS [108344 2015-05-24] (Juniper Networks, Inc.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [1525904 2012-12-26] (Realtek Semiconductor Corporation                           )
R3 SPUVCbv; C:\Windows\System32\Drivers\usbvideo.sys [185344 2013-07-12] (Microsoft Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1607000.04C\SRTSP64.SYS [773360 2016-06-01] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1607000.04C\SRTSPX64.SYS [48888 2016-06-01] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1607000.04C\SYMEFASI64.SYS [1627352 2016-06-01] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [101112 2016-07-01] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1607000.04C\Ironx64.SYS [291056 2016-06-01] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1607000.04C\SYMNETS.SYS [567536 2016-06-01] (Symantec Corporation)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-10-10] (Cisco Systems, Inc.)
U2 CLKMSVC10_3A60B698; no ImagePath
U2 CLKMSVC10_C3B3B687; no ImagePath
U2 DriverService; no ImagePath
U2 IAStorDataMgrSvc; no ImagePath
U2 idealife Update Service; no ImagePath
U3 IGRS; no ImagePath
U2 IviRegMgr; no ImagePath
S3 NAVENG; \??\C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\SDSDefs\20160630.020\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\SDSDefs\20160630.020\EX64.SYS [X]
U2 nvUpdatusService; no ImagePath
U2 Oasis2Service; no ImagePath
U2 PCCarerServic; no ImagePath
U2 ReadyComm.DirectRouter; no ImagePath
U2 RichVideo; no ImagePath
U2 RtLedService; no ImagePath
U2 SoftwareService; no ImagePath
U2 Stereo Service; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-03 14:05 - 2016-07-03 14:06 - 00044016 _____ C:\Users\Jon\Downloads\Addition.txt
2016-07-03 14:03 - 2016-07-03 17:49 - 00033161 _____ C:\Users\Jon\Downloads\FRST.txt
2016-07-03 14:03 - 2016-07-03 17:49 - 00000000 ____D C:\FRST
2016-07-03 14:03 - 2016-07-03 14:03 - 02390016 _____ (Farbar) C:\Users\Jon\Downloads\FRST64.exe
2016-07-03 13:53 - 2016-07-03 13:57 - 00002416 _____ C:\Users\Jon\Desktop\Rkill.txt
2016-07-03 13:52 - 2016-07-03 13:52 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Jon\Downloads\rkill.exe
2016-07-03 13:34 - 2016-07-03 13:34 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-07-03 13:34 - 2016-07-03 13:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-07-03 13:34 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2016-07-03 13:34 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2016-07-03 13:33 - 2016-07-03 13:55 - 00140672 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2016-07-03 13:31 - 2016-07-03 13:31 - 06705178 _____ C:\Users\Jon\Downloads\mbam-chameleon-3.1.33.0.zip
2016-07-03 13:14 - 2016-07-03 13:14 - 00000000 ____D C:\Users\MyApp\AppData\Local\CrashDumps
2016-07-03 13:12 - 2016-07-03 13:12 - 00112728 _____ C:\Users\MyApp\AppData\Local\GDIPFONTCACHEV1.DAT
2016-07-03 13:12 - 2016-07-03 13:12 - 00001413 _____ C:\Users\MyApp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-07-03 13:12 - 2016-07-03 13:12 - 00000000 ____D C:\Users\MyApp\AppData\Roaming\Intel
2016-07-03 13:12 - 2016-07-03 13:12 - 00000000 ____D C:\Users\MyApp\AppData\Roaming\Adobe
2016-07-03 13:11 - 2016-07-03 13:12 - 00002086 _____ C:\Users\MyApp\Desktop\OneKey Recovery.lnk
2016-07-03 13:11 - 2016-07-03 13:12 - 00001118 _____ C:\Users\MyApp\Desktop\Cyberlink Power2Go.lnk
2016-07-03 13:11 - 2016-07-03 13:12 - 00000000 ____D C:\Users\MyApp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2016-07-03 13:11 - 2016-07-03 13:11 - 00000020 ___SH C:\Users\MyApp\ntuser.ini
2016-07-03 13:11 - 2016-07-03 13:11 - 00000000 _SHDL C:\Users\MyApp\My Documents
2016-07-03 13:11 - 2016-07-03 13:11 - 00000000 _SHDL C:\Users\MyApp\Documents\My Videos
2016-07-03 13:11 - 2016-07-03 13:11 - 00000000 _SHDL C:\Users\MyApp\Documents\My Pictures
2016-07-03 13:11 - 2016-07-03 13:11 - 00000000 _SHDL C:\Users\MyApp\Documents\My Music
2016-07-03 13:11 - 2016-07-03 13:11 - 00000000 ____D C:\Users\MyApp\AppData\Local\VirtualStore
2016-07-03 13:11 - 2016-07-03 13:11 - 00000000 ____D C:\Users\MyApp\AppData\Local\Google
2016-07-03 13:11 - 2016-07-03 13:11 - 00000000 ____D C:\Users\MyApp
2016-07-03 13:11 - 2012-07-03 18:10 - 00000000 ____D C:\Users\MyApp\AppData\Roaming\Juniper Networks
2016-07-03 13:11 - 2012-06-03 14:21 - 00000000 ____D C:\Users\MyApp\AppData\Roaming\Macromedia
2016-07-03 13:11 - 2012-05-12 16:52 - 00000000 ____D C:\Users\MyApp\AppData\Local\Microsoft Help
2016-07-03 13:11 - 2011-09-28 23:37 - 00000000 ____D C:\Users\MyApp\AppData\Roaming\Media Center Programs
2016-07-03 13:11 - 2010-12-19 01:31 - 00000189 _____ C:\Users\MyApp\Desktop\Lenovo Telephony Start Now.url
2016-07-03 13:02 - 2016-07-03 13:06 - 00225948 _____ C:\TDSSKiller.3.1.0.9_03.07.2016_13.02.33_log.txt
2016-07-03 12:58 - 2016-07-03 13:26 - 00000000 ____D C:\Program Files (x86)\My App
2016-07-03 12:55 - 2016-07-03 12:55 - 00004472 _____ C:\TDSSKiller.3.1.0.9_03.07.2016_12.55.04_log.txt
2016-07-03 12:53 - 2016-07-03 12:54 - 04633146 _____ C:\Users\Jon\Downloads\tdsskiller.zip
2016-07-03 12:26 - 2016-07-03 12:26 - 00000085 _____ C:\windows\wininit.ini
2016-07-02 18:36 - 2016-07-02 18:36 - 00000000 ____D C:\Users\Jon\AppData\Local\GWX
2016-07-02 18:19 - 2016-07-02 18:30 - 00000000 ___SD C:\windows\system32\GWX
2016-07-02 18:19 - 2016-07-02 18:19 - 00000000 ___SD C:\windows\SysWOW64\GWX
2016-07-02 18:19 - 2016-07-02 18:19 - 00000000 ___SD C:\windows\system32\CompatTel
2016-07-02 18:19 - 2016-07-02 18:19 - 00000000 ____D C:\windows\system32\appraiser
2016-07-02 14:20 - 2015-01-08 19:44 - 00419936 _____ C:\windows\SysWOW64\locale.nls
2016-07-02 14:20 - 2015-01-08 19:43 - 00419936 _____ C:\windows\system32\locale.nls
2016-07-02 14:08 - 2015-07-30 09:13 - 00124624 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2016-07-02 14:08 - 2015-07-30 09:13 - 00103120 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-07-02 14:06 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\windows\system32\IEUDINIT.EXE
2016-07-02 14:02 - 2016-07-02 14:02 - 24917504 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 19607040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 14404096 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 12829696 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 06026240 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 04305920 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2016-07-02 14:02 - 2016-07-02 14:02 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2016-07-02 14:02 - 2016-07-02 14:02 - 02426880 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 02278912 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2016-07-02 14:02 - 2016-07-02 14:02 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2016-07-02 14:02 - 2016-07-02 14:02 - 01950720 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 01309696 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00942592 _____ (Microsoft Corporation) C:\windows\system32\jsIntl.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2016-07-02 14:02 - 2016-07-02 14:02 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00720384 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2016-07-02 14:02 - 2016-07-02 14:02 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00645120 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsIntl.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00616104 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dat
2016-07-02 14:02 - 2016-07-02 14:02 - 00616104 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dat
2016-07-02 14:02 - 2016-07-02 14:02 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00503808 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2016-07-02 14:02 - 2016-07-02 14:02 - 00389840 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00342728 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2016-07-02 14:02 - 2016-07-02 14:02 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\msls31.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\url.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00235008 _____ (Microsoft Corporation) C:\windows\system32\elshyph.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00233472 _____ (Microsoft Corporation) C:\windows\SysWOW64\url.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00208384 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00194048 _____ (Microsoft Corporation) C:\windows\SysWOW64\elshyph.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00182272 _____ (Microsoft Corporation) C:\windows\SysWOW64\msls31.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00167424 _____ (Microsoft Corporation) C:\windows\system32\iexpress.exe
2016-07-02 14:02 - 2016-07-02 14:02 - 00151552 _____ (Microsoft Corporation) C:\windows\SysWOW64\iexpress.exe
2016-07-02 14:02 - 2016-07-02 14:02 - 00147968 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2016-07-02 14:02 - 2016-07-02 14:02 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\wextract.exe
2016-07-02 14:02 - 2016-07-02 14:02 - 00139264 _____ (Microsoft Corporation) C:\windows\SysWOW64\wextract.exe
2016-07-02 14:02 - 2016-07-02 14:02 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00131072 _____ (Microsoft Corporation) C:\windows\system32\IEAdvpack.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00127488 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00116736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iepeers.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2016-07-02 14:02 - 2016-07-02 14:02 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2016-07-02 14:02 - 2016-07-02 14:02 - 00111616 _____ (Microsoft Corporation) C:\windows\SysWOW64\IEAdvpack.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00105984 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00101376 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00090112 _____ (Microsoft Corporation) C:\windows\system32\SetIEInstalledDate.exe
2016-07-02 14:02 - 2016-07-02 14:02 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00086016 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2016-07-02 14:02 - 2016-07-02 14:02 - 00083456 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\icardie.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\tdc.ocx
2016-07-02 14:02 - 2016-07-02 14:02 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00074240 _____ (Microsoft Corporation) C:\windows\SysWOW64\SetIEInstalledDate.exe
2016-07-02 14:02 - 2016-07-02 14:02 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2016-07-02 14:02 - 2016-07-02 14:02 - 00069120 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardie.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdc.ocx
2016-07-02 14:02 - 2016-07-02 14:02 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\pngfilt.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00056832 _____ (Microsoft Corporation) C:\windows\SysWOW64\pngfilt.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\msfeedsbs.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00048640 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmler.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\mshtmler.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00048128 _____ (Microsoft Corporation) C:\windows\system32\imgutil.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedsbs.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\imgutil.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\licmgr10.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00024576 _____ (Microsoft Corporation) C:\windows\SysWOW64\licmgr10.dll
2016-07-02 14:02 - 2016-07-02 14:02 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\mshta.exe
2016-07-02 14:02 - 2016-07-02 14:02 - 00013312 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshta.exe
2016-07-02 14:02 - 2016-07-02 14:02 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\msfeedssync.exe
2016-07-02 14:02 - 2016-07-02 14:02 - 00012800 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeedssync.exe
2016-07-02 14:02 - 2016-07-02 14:02 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2016-07-02 12:10 - 2014-06-30 18:24 - 00008856 _____ (Microsoft Corporation) C:\windows\system32\icardres.dll
2016-07-02 12:10 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardres.dll
2016-07-02 12:10 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\windows\SysWOW64\TsWpfWrp.exe
2016-07-02 12:10 - 2014-06-06 02:12 - 00035480 _____ (Microsoft Corporation) C:\windows\system32\TsWpfWrp.exe
2016-07-02 12:10 - 2014-03-09 17:48 - 01389208 _____ (Microsoft Corporation) C:\windows\system32\icardagt.exe
2016-07-02 12:10 - 2014-03-09 17:48 - 00171160 _____ (Microsoft Corporation) C:\windows\system32\infocardapi.dll
2016-07-02 12:10 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardagt.exe
2016-07-02 12:10 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\windows\SysWOW64\infocardapi.dll
2016-07-02 12:05 - 2015-11-19 10:07 - 00994760 _____ (Microsoft Corporation) C:\windows\system32\ucrtbase.dll
2016-07-02 12:05 - 2015-11-19 10:07 - 00063840 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-07-02 12:05 - 2015-11-19 10:07 - 00020832 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-07-02 12:05 - 2015-11-19 10:07 - 00019808 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-07-02 12:05 - 2015-11-19 10:07 - 00017760 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-07-02 12:05 - 2015-11-19 10:07 - 00017760 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-07-02 12:05 - 2015-11-19 10:07 - 00016224 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-07-02 12:05 - 2015-11-19 10:07 - 00015712 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-07-02 12:05 - 2015-11-19 10:07 - 00014176 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-07-02 12:05 - 2015-11-19 10:07 - 00014176 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-07-02 12:05 - 2015-11-19 10:07 - 00013664 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-07-02 12:05 - 2015-11-19 10:07 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-07-02 12:05 - 2015-11-19 10:07 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-07-02 12:05 - 2015-11-19 10:07 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-07-02 12:05 - 2015-11-19 10:07 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-07-02 12:05 - 2015-11-19 10:07 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-07-02 12:05 - 2015-11-19 10:07 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-07-02 12:05 - 2015-11-19 10:07 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-07-02 12:05 - 2015-11-19 10:07 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-07-02 12:05 - 2015-11-19 10:07 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-07-02 12:05 - 2015-11-19 10:07 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-07-02 12:05 - 2015-11-19 10:07 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-07-02 12:05 - 2015-11-19 10:07 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-2-0.dll
2016-07-02 12:05 - 2015-11-19 10:06 - 00922432 _____ (Microsoft Corporation) C:\windows\SysWOW64\ucrtbase.dll
2016-07-02 12:05 - 2015-11-19 10:06 - 00066400 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-07-02 12:05 - 2015-11-19 10:06 - 00022368 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-07-02 12:05 - 2015-11-19 10:06 - 00019808 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-07-02 12:05 - 2015-11-19 10:06 - 00017760 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-07-02 12:05 - 2015-11-19 10:06 - 00017760 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-07-02 12:05 - 2015-11-19 10:06 - 00016224 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-07-02 12:05 - 2015-11-19 10:06 - 00015712 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-07-02 12:05 - 2015-11-19 10:06 - 00014176 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-07-02 12:05 - 2015-11-19 10:06 - 00014176 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2016-07-02 12:05 - 2015-11-19 10:06 - 00013664 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-07-02 12:05 - 2015-11-19 10:06 - 00012640 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-07-02 12:05 - 2015-11-19 10:06 - 00012640 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-07-02 12:05 - 2015-11-19 10:06 - 00012640 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-07-02 12:05 - 2015-11-19 10:06 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-07-02 12:05 - 2015-11-19 10:06 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-07-02 12:05 - 2015-11-19 10:06 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-07-02 12:05 - 2015-11-19 10:06 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2016-07-02 12:05 - 2015-11-19 10:06 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2016-07-02 12:05 - 2015-11-19 10:06 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2016-07-02 12:05 - 2015-11-19 10:06 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2016-07-02 12:05 - 2015-11-19 10:06 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2016-07-02 12:05 - 2015-11-19 10:06 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2016-07-02 00:51 - 2015-07-30 14:06 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2016-07-02 00:51 - 2015-07-30 13:57 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2016-07-02 00:51 - 2015-07-22 20:02 - 01390592 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll
2016-07-02 00:51 - 2015-07-22 20:02 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
2016-07-02 00:51 - 2015-07-22 13:53 - 00635392 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll
2016-07-02 00:51 - 2015-07-22 12:48 - 00041984 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll
2016-07-02 00:51 - 2015-07-14 23:19 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\basesrv.dll
2016-07-02 00:50 - 2016-05-12 13:20 - 00154856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2016-07-02 00:50 - 2016-05-12 13:20 - 00095464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2016-07-02 00:50 - 2016-05-12 13:15 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2016-07-02 00:50 - 2016-05-12 13:15 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2016-07-02 00:50 - 2016-05-12 13:15 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2016-07-02 00:50 - 2016-05-12 13:15 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2016-07-02 00:50 - 2016-05-12 13:14 - 01464320 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2016-07-02 00:50 - 2016-05-12 13:14 - 01212928 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2016-07-02 00:50 - 2016-05-12 13:14 - 00730624 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2016-07-02 00:50 - 2016-05-12 13:14 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2016-07-02 00:50 - 2016-05-12 13:14 - 00463872 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2016-07-02 00:50 - 2016-05-12 13:14 - 00344064 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2016-07-02 00:50 - 2016-05-12 13:14 - 00316416 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2016-07-02 00:50 - 2016-05-12 13:14 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2016-07-02 00:50 - 2016-05-12 13:14 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
2016-07-02 00:50 - 2016-05-12 13:14 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2016-07-02 00:50 - 2016-05-12 13:14 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2016-07-02 00:50 - 2016-05-12 13:14 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2016-07-02 00:50 - 2016-05-12 13:14 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2016-07-02 00:50 - 2016-05-12 13:14 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2016-07-02 00:50 - 2016-05-12 11:18 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2016-07-02 00:50 - 2016-05-12 11:18 - 00666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2016-07-02 00:50 - 2016-05-12 11:18 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2016-07-02 00:50 - 2016-05-12 11:18 - 00342528 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2016-07-02 00:50 - 2016-05-12 11:18 - 00260608 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2016-07-02 00:50 - 2016-05-12 11:18 - 00251392 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2016-07-02 00:50 - 2016-05-12 11:18 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2016-07-02 00:50 - 2016-05-12 11:18 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2016-07-02 00:50 - 2016-05-12 11:18 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2016-07-02 00:50 - 2016-05-12 11:18 - 00141312 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll
2016-07-02 00:50 - 2016-05-12 11:18 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2016-07-02 00:50 - 2016-05-12 11:18 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2016-07-02 00:50 - 2016-05-12 11:18 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2016-07-02 00:50 - 2016-05-12 11:18 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2016-07-02 00:50 - 2016-05-12 11:18 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2016-07-02 00:50 - 2016-05-12 11:05 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2016-07-02 00:50 - 2016-05-12 10:58 - 00464896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv.sys
2016-07-02 00:50 - 2016-05-12 10:58 - 00405504 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys
2016-07-02 00:50 - 2016-05-12 10:58 - 00291328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2016-07-02 00:50 - 2016-05-12 10:58 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys
2016-07-02 00:50 - 2016-05-12 10:58 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2016-07-02 00:50 - 2016-05-12 10:58 - 00129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2016-07-02 00:50 - 2016-05-12 10:57 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2016-07-02 00:50 - 2016-05-12 10:56 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2016-07-02 00:50 - 2016-05-12 10:51 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2016-07-02 00:50 - 2016-05-12 09:05 - 00459640 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2016-07-02 00:50 - 2016-05-12 09:05 - 00297984 _____ (Microsoft Corporation) C:\windows\system32\bcryptprimitives.dll
2016-07-02 00:50 - 2016-05-12 09:04 - 00249352 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcryptprimitives.dll
2016-07-02 00:50 - 2016-03-17 18:56 - 02084864 _____ (Microsoft Corporation) C:\windows\system32\ole32.dll
2016-07-02 00:50 - 2016-03-17 18:28 - 01414144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ole32.dll
2016-07-02 00:50 - 2016-03-16 14:50 - 00156672 _____ (Microsoft Corporation) C:\windows\system32\mtxoci.dll
2016-07-02 00:50 - 2016-03-16 14:28 - 00176128 _____ (Microsoft Corporation) C:\windows\SysWOW64\msorcl32.dll
2016-07-02 00:50 - 2016-03-16 14:28 - 00111616 _____ (Microsoft Corporation) C:\windows\SysWOW64\mtxoci.dll
2016-07-02 00:50 - 2016-03-15 20:16 - 00760320 _____ (Microsoft Corporation) C:\windows\system32\samsrv.dll
2016-07-02 00:50 - 2016-03-15 20:16 - 00106496 _____ (Microsoft Corporation) C:\windows\system32\samlib.dll
2016-07-02 00:50 - 2016-03-15 19:53 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\samlib.dll
2016-07-02 00:50 - 2015-07-10 13:51 - 03722752 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2016-07-02 00:50 - 2015-07-10 13:34 - 03221504 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2016-07-02 00:49 - 2016-05-18 12:10 - 00312832 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2016-07-02 00:49 - 2016-05-18 12:09 - 00405504 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2016-07-02 00:49 - 2016-05-13 18:15 - 00382184 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2016-07-02 00:49 - 2016-05-13 18:09 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2016-07-02 00:49 - 2016-05-13 18:09 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2016-07-02 00:49 - 2016-05-13 18:09 - 00041472 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2016-07-02 00:49 - 2016-05-13 18:09 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2016-07-02 00:49 - 2016-05-13 17:54 - 00308456 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2016-07-02 00:49 - 2016-05-13 17:50 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2016-07-02 00:49 - 2016-05-13 17:49 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2016-07-02 00:49 - 2016-05-13 17:49 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2016-07-02 00:49 - 2016-05-13 17:27 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2016-07-02 00:49 - 2016-05-12 13:15 - 00105472 _____ (Microsoft Corporation) C:\windows\system32\winipsec.dll
2016-07-02 00:49 - 2016-05-12 13:14 - 00794624 _____ (Microsoft Corporation) C:\windows\system32\gpsvc.dll
2016-07-02 00:49 - 2016-05-12 13:14 - 00502272 _____ (Microsoft Corporation) C:\windows\system32\IPSECSVC.DLL
2016-07-02 00:49 - 2016-05-12 13:14 - 00373760 _____ (Microsoft Corporation) C:\windows\system32\polstore.dll
2016-07-02 00:49 - 2016-05-12 13:14 - 00096256 _____ (Microsoft Corporation) C:\windows\system32\gpapi.dll
2016-07-02 00:49 - 2016-05-12 13:14 - 00075776 _____ (Microsoft Corporation) C:\windows\system32\FwRemoteSvr.dll
2016-07-02 00:49 - 2016-05-12 11:18 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\polstore.dll
2016-07-02 00:49 - 2016-05-12 11:18 - 00079360 _____ (Microsoft Corporation) C:\windows\SysWOW64\gpapi.dll
2016-07-02 00:49 - 2016-05-12 11:18 - 00070144 _____ (Microsoft Corporation) C:\windows\SysWOW64\winipsec.dll
2016-07-02 00:49 - 2016-05-12 11:18 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\FwRemoteSvr.dll
2016-07-02 00:49 - 2016-05-12 11:03 - 03217408 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2016-07-02 00:49 - 2016-05-11 13:02 - 00483840 _____ (Microsoft Corporation) C:\windows\system32\StructuredQuery.dll
2016-07-02 00:49 - 2016-05-11 13:02 - 00444928 _____ (Microsoft Corporation) C:\windows\system32\winhttp.dll
2016-07-02 00:49 - 2016-05-11 13:02 - 00327168 _____ (Microsoft Corporation) C:\windows\system32\mswsock.dll
2016-07-02 00:49 - 2016-05-11 13:02 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\ws2_32.dll
2016-07-02 00:49 - 2016-05-11 11:19 - 00363520 _____ (Microsoft Corporation) C:\windows\SysWOW64\StructuredQuery.dll
2016-07-02 00:49 - 2016-05-11 11:19 - 00351744 _____ (Microsoft Corporation) C:\windows\SysWOW64\winhttp.dll
2016-07-02 00:49 - 2016-05-11 11:19 - 00231424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mswsock.dll
2016-07-02 00:49 - 2016-05-11 11:19 - 00206336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ws2_32.dll
2016-07-02 00:49 - 2016-05-11 11:11 - 00025088 _____ (Microsoft Corporation) C:\windows\system32\netbtugc.exe
2016-07-02 00:49 - 2016-05-11 11:01 - 00026624 _____ (Microsoft Corporation) C:\windows\SysWOW64\netbtugc.exe
2016-07-02 00:49 - 2016-05-11 10:58 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netbt.sys
2016-07-02 00:49 - 2016-04-14 09:49 - 00603648 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10level9.dll
2016-07-02 00:49 - 2016-04-14 09:21 - 00647680 _____ (Microsoft Corporation) C:\windows\system32\d3d10level9.dll
2016-07-02 00:49 - 2016-04-09 03:01 - 00986344 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2016-07-02 00:49 - 2016-04-09 03:01 - 00264936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgmms1.sys
2016-07-02 00:49 - 2016-04-09 02:58 - 14186496 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2016-07-02 00:49 - 2016-04-09 02:57 - 01867776 _____ (Microsoft Corporation) C:\windows\system32\ExplorerFrame.dll
2016-07-02 00:49 - 2016-04-09 02:57 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\cdd.dll
2016-07-02 00:49 - 2016-04-09 02:54 - 12881408 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2016-07-02 00:49 - 2016-04-09 02:54 - 01499648 _____ (Microsoft Corporation) C:\windows\SysWOW64\ExplorerFrame.dll
2016-07-02 00:49 - 2016-04-09 01:53 - 03231232 _____ (Microsoft Corporation) C:\windows\explorer.exe
2016-07-02 00:49 - 2016-04-09 01:44 - 02973184 _____ (Microsoft Corporation) C:\windows\SysWOW64\explorer.exe
2016-07-02 00:49 - 2016-04-09 00:20 - 01230848 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2016-07-02 00:49 - 2016-04-08 23:52 - 01424896 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2016-07-02 00:49 - 2016-03-09 14:54 - 00275456 _____ (Microsoft Corporation) C:\windows\system32\InkEd.dll
2016-07-02 00:49 - 2016-03-09 14:34 - 00216064 _____ (Microsoft Corporation) C:\windows\SysWOW64\InkEd.dll
2016-07-02 00:49 - 2016-03-06 14:53 - 01885696 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2016-07-02 00:49 - 2016-03-06 14:53 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2016-07-02 00:49 - 2016-03-06 14:38 - 01240576 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2016-07-02 00:49 - 2016-03-06 14:38 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2016-07-02 00:49 - 2016-02-03 14:58 - 00862208 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2016-07-02 00:49 - 2016-02-03 14:52 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\asycfilt.dll
2016-07-02 00:49 - 2016-02-03 14:49 - 00572416 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2016-07-02 00:49 - 2016-02-03 14:43 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\asycfilt.dll
2016-07-02 00:49 - 2016-02-02 14:57 - 00511488 _____ (Microsoft Corporation) C:\windows\system32\rpcss.dll
2016-07-02 00:49 - 2016-01-20 20:51 - 00073664 _____ (Microsoft Corporation) C:\windows\system32\Drivers\disk.sys
2016-07-02 00:49 - 2015-10-13 00:57 - 00950720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys
2016-07-02 00:49 - 2015-07-10 13:51 - 00158720 _____ (Microsoft Corporation) C:\windows\system32\aaclient.dll
2016-07-02 00:49 - 2015-07-10 13:51 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2016-07-02 00:49 - 2015-07-10 13:34 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2016-07-02 00:49 - 2015-07-10 13:33 - 00131584 _____ (Microsoft Corporation) C:\windows\SysWOW64\aaclient.dll
2016-07-02 00:49 - 2015-01-16 22:48 - 01067520 _____ (Microsoft Corporation) C:\windows\system32\msctf.dll
2016-07-02 00:49 - 2015-01-16 22:30 - 00828928 _____ (Microsoft Corporation) C:\windows\SysWOW64\msctf.dll
2016-07-02 00:44 - 2016-02-12 14:52 - 03169792 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2016-07-02 00:44 - 2016-02-12 14:52 - 00192512 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2016-07-02 00:44 - 2016-02-12 14:52 - 00098816 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2016-07-02 00:44 - 2016-02-12 14:44 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2016-07-02 00:44 - 2016-02-12 14:39 - 00174080 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2016-07-02 00:44 - 2016-02-12 14:22 - 02610688 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2016-07-02 00:44 - 2016-02-12 14:19 - 00709120 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2016-07-02 00:44 - 2016-02-12 14:18 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2016-07-02 00:44 - 2016-02-12 14:18 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2016-07-02 00:44 - 2016-02-12 14:18 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2016-07-02 00:44 - 2016-02-12 14:18 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2016-07-02 00:44 - 2016-02-12 14:18 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2016-07-02 00:44 - 2016-02-12 14:06 - 00573440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2016-07-02 00:44 - 2016-02-12 14:05 - 00093696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2016-07-02 00:44 - 2016-02-12 14:05 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2016-07-02 00:44 - 2016-02-12 14:05 - 00030208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2016-07-02 00:43 - 2016-06-06 12:58 - 00041704 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2016-07-02 00:43 - 2016-06-06 12:50 - 01204224 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2016-07-02 00:43 - 2016-06-03 09:05 - 01413120 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2016-07-02 00:43 - 2016-05-27 09:06 - 00569856 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2016-07-02 00:43 - 2016-05-27 09:06 - 00544256 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2016-07-02 00:43 - 2016-05-27 09:06 - 00276480 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2016-07-02 00:43 - 2016-05-27 09:06 - 00265216 _____ (Microsoft Corporation) C:\windows\system32\centel.dll
2016-07-02 00:43 - 2016-05-22 09:06 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2016-07-02 00:43 - 2016-05-12 13:15 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2016-07-02 00:43 - 2016-05-12 11:18 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2016-07-02 00:43 - 2016-04-14 12:46 - 00114408 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2016-07-02 00:43 - 2016-04-14 12:42 - 03243520 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2016-07-02 00:43 - 2016-04-14 12:42 - 01941504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2016-07-02 00:43 - 2016-04-14 12:42 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2016-07-02 00:43 - 2016-04-14 12:42 - 00070144 _____ (Microsoft Corporation) C:\windows\system32\appinfo.dll
2016-07-02 00:43 - 2016-04-14 12:42 - 00025088 _____ (Microsoft Corporation) C:\windows\system32\msimsg.dll
2016-07-02 00:43 - 2016-04-14 11:33 - 02365440 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2016-07-02 00:43 - 2016-04-14 11:33 - 01806848 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2016-07-02 00:43 - 2016-04-14 11:33 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
2016-07-02 00:43 - 2016-04-14 11:33 - 00025088 _____ (Microsoft Corporation) C:\windows\SysWOW64\msimsg.dll
2016-07-02 00:43 - 2016-04-14 11:19 - 00128000 _____ (Microsoft Corporation) C:\windows\system32\msiexec.exe
2016-07-02 00:43 - 2016-04-14 11:11 - 00073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\msiexec.exe
2016-07-02 00:43 - 2016-03-23 18:40 - 01239720 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2016-07-02 00:43 - 2016-03-23 18:40 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2016-07-02 00:43 - 2016-01-22 02:18 - 00961024 _____ (Microsoft Corporation) C:\windows\system32\CPFilters.dll
2016-07-02 00:43 - 2016-01-22 02:18 - 00723968 _____ (Microsoft Corporation) C:\windows\system32\EncDec.dll
2016-07-02 00:43 - 2016-01-22 02:04 - 00642048 _____ (Microsoft Corporation) C:\windows\SysWOW64\CPFilters.dll
2016-07-02 00:43 - 2016-01-22 02:04 - 00535040 _____ (Microsoft Corporation) C:\windows\SysWOW64\EncDec.dll
2016-07-02 00:43 - 2016-01-07 13:42 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2016-07-02 00:43 - 2015-07-09 13:58 - 01632256 _____ (Microsoft Corporation) C:\windows\system32\dwmcore.dll
2016-07-02 00:43 - 2015-07-09 13:58 - 00082944 _____ (Microsoft Corporation) C:\windows\system32\dwmapi.dll
2016-07-02 00:43 - 2015-07-09 13:42 - 01372160 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmcore.dll
2016-07-02 00:43 - 2015-07-09 13:42 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmapi.dll
2016-07-02 00:42 - 2016-04-09 03:02 - 00631176 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2016-07-02 00:42 - 2016-04-09 03:01 - 05546216 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2016-07-02 00:42 - 2016-04-09 03:01 - 00706280 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2016-07-02 00:42 - 2016-04-09 02:59 - 03998952 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2016-07-02 00:42 - 2016-04-09 02:59 - 03943144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2016-07-02 00:42 - 2016-04-09 02:59 - 01732864 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2016-07-02 00:42 - 2016-04-09 02:58 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2016-07-02 00:42 - 2016-04-09 02:58 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2016-07-02 00:42 - 2016-04-09 02:58 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2016-07-02 00:42 - 2016-04-09 02:58 - 00215552 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2016-07-02 00:42 - 2016-04-09 02:58 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2016-07-02 00:42 - 2016-04-09 02:58 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2016-07-02 00:42 - 2016-04-09 02:58 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2016-07-02 00:42 - 2016-04-09 02:57 - 01314112 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2016-07-02 00:42 - 2016-04-09 02:57 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2016-07-02 00:42 - 2016-04-09 02:57 - 00880640 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2016-07-02 00:42 - 2016-04-09 02:57 - 00419840 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2016-07-02 00:42 - 2016-04-09 02:57 - 00059904 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2016-07-02 00:42 - 2016-04-09 02:57 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2016-07-02 00:42 - 2016-04-09 02:57 - 00034816 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2016-07-02 00:42 - 2016-04-09 02:57 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2016-07-02 00:42 - 2016-04-09 02:57 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2016-07-02 00:42 - 2016-04-09 02:57 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:57 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:57 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:57 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:57 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:57 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:57 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:57 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:54 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2016-07-02 00:42 - 2016-04-09 02:54 - 00644096 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2016-07-02 00:42 - 2016-04-09 02:54 - 00275456 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2016-07-02 00:42 - 2016-04-09 02:54 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2016-07-02 00:42 - 2016-04-09 02:54 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2016-07-02 00:42 - 2016-04-09 02:54 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2016-07-02 00:42 - 2016-04-09 02:54 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:54 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2016-07-02 00:42 - 2016-04-09 02:54 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 01:52 - 00148480 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2016-07-02 00:42 - 2016-04-09 01:52 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2016-07-02 00:42 - 2016-04-09 01:52 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2016-07-02 00:42 - 2016-04-09 01:48 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2016-07-02 00:42 - 2016-04-09 01:47 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2016-07-02 00:42 - 2016-04-09 01:43 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2016-07-02 00:42 - 2016-04-09 01:38 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2016-07-02 00:42 - 2016-04-09 01:38 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2016-07-02 00:42 - 2016-04-09 01:38 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2016-07-02 00:42 - 2016-04-09 01:38 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2016-07-02 00:42 - 2016-04-09 01:37 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 01:37 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 01:37 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-07-02 00:42 - 2016-04-09 01:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-07-02 00:42 - 2016-04-06 11:27 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\jnwmon.dll
2016-07-02 00:42 - 2016-03-23 18:43 - 00457400 _____ (Microsoft Corporation) C:\windows\system32\ci.dll
2016-07-02 00:42 - 2016-03-23 18:40 - 00634432 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2016-07-02 00:42 - 2016-03-23 18:40 - 00546656 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2016-07-02 00:42 - 2016-03-09 15:00 - 00396800 _____ (Microsoft Corporation) C:\windows\system32\webio.dll
2016-07-02 00:42 - 2016-03-09 14:40 - 00316416 _____ (Microsoft Corporation) C:\windows\SysWOW64\webio.dll
2016-07-02 00:42 - 2016-02-09 05:57 - 14634496 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2016-07-02 00:42 - 2016-02-09 05:57 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2016-07-02 00:42 - 2016-02-09 05:56 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\msdxm.ocx
2016-07-02 00:42 - 2016-02-09 05:56 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\dxmasf.dll
2016-07-02 00:42 - 2016-02-09 05:55 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\seclogon.dll
2016-07-02 00:42 - 2016-02-09 05:54 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\spwmp.dll
2016-07-02 00:42 - 2016-02-09 05:51 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2016-07-02 00:42 - 2016-02-09 05:51 - 11411456 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2016-07-02 00:42 - 2016-02-09 05:13 - 00008192 _____ (Microsoft Corporation) C:\windows\SysWOW64\spwmp.dll
2016-07-02 00:42 - 2016-02-09 05:13 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdxm.ocx
2016-07-02 00:42 - 2016-02-09 05:13 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxmasf.dll
2016-07-02 00:42 - 2016-02-05 14:56 - 00020480 _____ (Microsoft Corporation) C:\windows\system32\tbs.dll
2016-07-02 00:42 - 2016-02-05 14:54 - 00109568 _____ (Microsoft Corporation) C:\windows\system32\fveapibase.dll
2016-07-02 00:42 - 2016-02-05 13:33 - 00015360 _____ (Microsoft Corporation) C:\windows\SysWOW64\tbs.dll
2016-07-02 00:42 - 2016-02-04 21:19 - 00381440 _____ (Microsoft Corporation) C:\windows\system32\mfds.dll
2016-07-02 00:42 - 2016-02-04 14:41 - 00296448 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfds.dll
2016-07-02 00:42 - 2015-11-05 15:05 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\wshrm.dll
2016-07-02 00:42 - 2015-11-05 15:02 - 00014848 _____ (Microsoft Corporation) C:\windows\SysWOW64\wshrm.dll
2016-07-02 00:42 - 2015-11-05 05:53 - 00146944 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rmcast.sys
2016-07-02 00:42 - 2015-06-03 16:21 - 00451080 _____ (Microsoft Corporation) C:\windows\system32\fveapi.dll
2016-07-02 00:42 - 2014-11-10 23:08 - 00241152 _____ (Microsoft Corporation) C:\windows\system32\pku2u.dll
2016-07-02 00:42 - 2014-11-10 22:44 - 00186880 _____ (Microsoft Corporation) C:\windows\SysWOW64\pku2u.dll
2016-07-02 00:41 - 2016-02-03 14:07 - 00091648 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBSTOR.SYS
2016-07-02 00:41 - 2016-01-11 15:11 - 01684416 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2016-07-02 00:41 - 2014-07-16 22:07 - 01118720 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2016-07-02 00:41 - 2014-07-16 22:07 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
2016-07-02 00:41 - 2014-07-16 22:07 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\winsta.dll
2016-07-02 00:41 - 2014-07-16 22:07 - 00150528 _____ (Microsoft Corporation) C:\windows\system32\rdpcorekmts.dll
2016-07-02 00:41 - 2014-07-16 21:40 - 00157696 _____ (Microsoft Corporation) C:\windows\SysWOW64\winsta.dll
2016-07-02 00:41 - 2014-07-16 21:39 - 01051136 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe
2016-07-02 00:41 - 2014-07-16 21:21 - 00212480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpwd.sys
2016-07-02 00:41 - 2014-07-16 21:21 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys
2016-07-02 00:35 - 2014-08-11 22:02 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\IMJP10K.DLL
2016-07-02 00:35 - 2014-08-11 21:36 - 00701440 _____ (Microsoft Corporation) C:\windows\SysWOW64\IMJP10K.DLL
2016-07-01 19:25 - 2014-10-29 22:03 - 00165888 _____ (Microsoft Corporation) C:\windows\system32\charmap.exe
2016-07-01 19:25 - 2014-10-29 21:45 - 00155136 _____ (Microsoft Corporation) C:\windows\SysWOW64\charmap.exe
2016-07-01 18:04 - 2016-07-03 12:52 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-07-01 18:04 - 2016-07-03 12:26 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-07-01 18:04 - 2016-07-01 18:04 - 00000000 ____D C:\windows\System32\Tasks\Safer-Networking
2016-07-01 18:03 - 2016-07-01 18:03 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Jon\Downloads\spybot-2.4.exe
2016-07-01 17:55 - 2016-07-01 17:55 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Jon\Downloads\iExplore.exe
2016-07-01 17:55 - 2016-07-01 17:55 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Jon\Downloads\iExplore (1).exe
2016-07-01 15:29 - 2016-07-01 15:29 - 01108744 _____ C:\Users\Jon\Downloads\IMG_5603.mp4
2016-07-01 14:20 - 2016-07-01 14:20 - 00378281 _____ C:\Users\Jon\Downloads\Offenders with Intellectual and Developmental Disabilities Sentencing Challenges after the Abolition of Execution in the United States.pdf
2016-07-01 14:09 - 2016-07-01 14:09 - 00000000 ____D C:\windows\System32\Tasks\Norton 360
2016-07-01 14:03 - 2016-07-01 14:03 - 00003206 _____ C:\windows\System32\Tasks\Norton WSC Integration
2016-07-01 14:03 - 2016-07-01 14:03 - 00002225 _____ C:\Users\Public\Desktop\Norton 360.lnk
2016-07-01 09:21 - 2016-07-01 09:21 - 00062464 _____ C:\Users\Jon\Downloads\DAILY OPEN ENCOUNTERS_07012016.xls
2016-06-30 14:18 - 2016-06-30 14:18 - 00287025 _____ C:\Users\Jon\Downloads\Ahold_global_CR_policies.pdf
2016-06-30 11:32 - 2016-06-30 11:32 - 00020186 _____ C:\Users\Jon\Downloads\Copy of 1317 Psychiatry 7.2.16.xlsx
2016-06-29 20:02 - 2016-06-29 20:02 - 00025192 _____ C:\Users\Jon\Downloads\Office Assignments 2016-2017 (1).xlsx
2016-06-28 18:15 - 2016-06-28 18:15 - 00084886 _____ C:\Users\Jon\Downloads\1_153319_saved_contract_joy_-_71201[2].pdf
2016-06-28 18:14 - 2016-06-28 18:15 - 00036214 _____ C:\Users\Jon\Downloads\1_153319_joy_michelle[4].pdf
2016-06-28 18:14 - 2016-06-28 18:14 - 00191287 _____ C:\Users\Jon\Downloads\1_153319_joy_michelle_-_fbi.pdf
2016-06-28 18:14 - 2016-06-28 18:14 - 00172614 _____ C:\Users\Jon\Downloads\1_153319_joy_michelle[6].pdf
2016-06-28 13:31 - 2016-06-28 13:31 - 00074772 _____ C:\Users\Jon\Downloads\{17F0B6B3-68E3-4E33-9A02-CC67A8F3E7E6}.pdf
2016-06-27 19:14 - 2016-06-27 19:14 - 00025192 _____ C:\Users\Jon\Downloads\Office Assignments 2016-2017.xlsx
2016-06-24 16:27 - 2016-06-24 16:27 - 00000000 ____D C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-06-24 15:31 - 2016-06-24 15:31 - 00604889 _____ C:\Users\Jon\Documents\Scan0013.pdf
2016-06-24 10:48 - 2016-06-24 10:48 - 00203264 _____ C:\Users\Jon\Downloads\Moonlighting Schedule - Aug 16 to Jan 17 draft 06.23.16.xls
2016-06-09 20:39 - 2016-06-09 20:39 - 00269260 _____ C:\Users\Jon\Downloads\OS Assessment Report.pdf
2016-06-09 20:23 - 2016-06-09 20:23 - 00132140 _____ C:\Users\Jon\Downloads\msg0000 (3).WAV
2016-06-08 22:56 - 2016-06-08 22:57 - 00000000 ____D C:\Users\Jon\Desktop\Songs
2016-06-07 18:33 - 2016-06-07 18:33 - 00009799 _____ C:\Users\Jon\Downloads\Copy of Shared Holiday Rotation Schedule.xlsx
2016-06-07 18:31 - 2016-06-07 18:31 - 00012643 _____ C:\Users\Jon\Downloads\Holiday Schedule 2013.xlsx
2016-06-07 17:58 - 2016-06-07 17:58 - 00012407 _____ C:\Users\Jon\Downloads\Contact Information.xlsx
2016-06-07 17:58 - 2016-06-07 17:58 - 00012407 _____ C:\Users\Jon\Downloads\Contact Information (1).xlsx
2016-06-07 17:50 - 2016-06-07 17:50 - 00940238 _____ C:\Users\Jon\Downloads\Danilo Rojas-Velasquez LOR (1).pdf
2016-06-07 17:34 - 2016-06-07 17:34 - 00635943 _____ C:\Users\Jon\Downloads\KarinaMS Transcript (1).pdf
2016-06-07 17:33 - 2016-06-07 17:33 - 01591017 _____ C:\Users\Jon\Downloads\Melina Zuniga MS Transcript.pdf
2016-06-07 17:32 - 2016-06-07 17:32 - 00635943 _____ C:\Users\Jon\Downloads\KarinaMS Transcript.pdf
2016-06-07 17:31 - 2016-06-07 17:31 - 01067594 _____ C:\Users\Jon\Downloads\Fabiola MS Transcript.pdf
2016-06-07 17:31 - 2016-06-07 17:31 - 01067594 _____ C:\Users\Jon\Downloads\Fabiola MS Transcript (1).pdf
2016-06-07 17:26 - 2016-06-07 17:26 - 00016662 _____ C:\Users\Jon\Downloads\UPHS-CHOP Visiting Clerkship.xlsx
2016-06-07 17:25 - 2016-06-07 17:25 - 00493485 _____ C:\Users\Jon\Downloads\Trevor LOR.pdf
2016-06-07 17:22 - 2016-06-07 17:22 - 00202859 _____ C:\Users\Jon\Downloads\CV_Trevor York.pdf
2016-06-07 17:16 - 2016-06-07 17:16 - 00079409 _____ C:\Users\Jon\Downloads\Melina LOR.pdf
2016-06-07 17:10 - 2016-06-07 17:10 - 00143073 _____ C:\Users\Jon\Downloads\CV_KarinaMJ.pdf
2016-06-07 17:05 - 2016-06-07 17:05 - 01480948 _____ C:\Users\Jon\Downloads\Fabiola A. Arbelo-Cruz LoR May 19 2016.pdf
2016-06-07 17:05 - 2016-06-07 17:05 - 00073470 _____ C:\Users\Jon\Downloads\Danilo Rojas-Velasquez_Transcript.pdf
2016-06-07 17:04 - 2016-06-07 17:04 - 00940238 _____ C:\Users\Jon\Downloads\Danilo Rojas-Velasquez LOR.pdf
2016-06-04 11:27 - 2016-06-04 11:27 - 00000277 _____ C:\Users\Jon\Downloads\scholar (87).enw
2016-06-04 11:20 - 2016-06-04 11:20 - 00000228 _____ C:\Users\Jon\Downloads\scholar (86).enw

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-03 17:25 - 2015-06-21 18:13 - 00000910 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1586536999-29697831-1294094069-1000UA.job
2016-07-03 17:17 - 2009-07-14 00:45 - 00021280 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-03 17:17 - 2009-07-14 00:45 - 00021280 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-03 17:14 - 2009-07-14 01:13 - 00782510 _____ C:\windows\system32\PerfStringBackup.INI
2016-07-03 17:14 - 2009-07-13 23:20 - 00000000 ____D C:\windows\inf
2016-07-03 17:13 - 2012-04-22 15:33 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-03 17:08 - 2012-04-22 15:33 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-03 17:08 - 2012-04-22 15:25 - 00652973 _____ C:\windows\system32\fastboot.set
2016-07-03 17:08 - 2009-07-14 01:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-07-03 15:54 - 2015-12-06 19:17 - 00000000 ____D C:\windows\System32\Tasks\Remediation
2016-07-03 14:15 - 2013-10-14 09:26 - 01466368 ___SH C:\Users\Jon\Downloads\Thumbs.db
2016-07-03 13:58 - 2013-01-10 23:09 - 00000000 ____D C:\Users\Jon\AppData\Local\CrashDumps
2016-07-03 13:34 - 2016-01-22 15:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-07-03 13:06 - 2016-01-13 21:36 - 01017266 _____ C:\windows\ntbtlog.txt
2016-07-03 10:52 - 2015-02-02 19:24 - 00004426 _____ C:\windows\mozy.blk
2016-07-03 10:52 - 2015-02-02 19:24 - 00001354 _____ C:\windows\mozy.flt
2016-07-03 10:30 - 2009-07-13 23:20 - 00000000 ____D C:\windows\AppCompat
2016-07-03 10:25 - 2015-06-21 18:13 - 00000858 _____ C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1586536999-29697831-1294094069-1000Core.job
2016-07-02 22:19 - 2015-12-16 17:50 - 00000000 ____D C:\Users\Jon\AppData\Local\Deployment
2016-07-02 18:33 - 2012-05-10 02:07 - 00001413 _____ C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-07-02 18:26 - 2012-05-17 12:59 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-07-02 18:26 - 2009-07-14 00:45 - 00406792 _____ C:\windows\system32\FNTCACHE.DAT
2016-07-02 18:25 - 2012-05-17 12:59 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-07-02 18:21 - 2009-07-13 23:20 - 00000000 ____D C:\windows\PolicyDefinitions
2016-07-02 18:20 - 2009-07-13 23:20 - 00000000 ____D C:\windows\SysWOW64\Dism
2016-07-02 18:20 - 2009-07-13 23:20 - 00000000 ____D C:\windows\system32\Dism
2016-07-02 18:20 - 2009-07-13 23:20 - 00000000 ____D C:\windows\system32\AdvancedInstallers
2016-07-02 18:18 - 2011-09-28 23:37 - 00000000 ____D C:\Program Files\Windows Journal
2016-07-02 16:06 - 2009-07-13 23:20 - 00000000 ____D C:\windows\rescache
2016-07-02 13:38 - 2014-01-08 03:06 - 00000000 ____D C:\windows\system32\MRT
2016-07-02 13:27 - 2012-05-15 11:59 - 142482544 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-07-02 13:22 - 2014-11-20 20:09 - 00775124 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2016-07-02 13:15 - 2012-05-17 13:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-07-02 13:04 - 2009-07-13 22:34 - 00000537 _____ C:\windows\win.ini
2016-07-01 18:07 - 2015-12-06 19:17 - 00000000 ____D C:\Program Files\Common Files\AV
2016-07-01 17:44 - 2012-04-22 15:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo Games
2016-07-01 17:44 - 2012-04-22 15:25 - 00000000 ____D C:\ProgramData\Lenovo Games
2016-07-01 17:44 - 2012-04-22 15:25 - 00000000 ____D C:\Program Files (x86)\Lenovo Games
2016-07-01 17:44 - 2009-07-14 01:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-07-01 14:03 - 2015-06-29 15:56 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2016-07-01 14:03 - 2015-06-10 23:24 - 00000000 ____D C:\windows\system32\Drivers\N360x64
2016-07-01 08:35 - 2015-06-10 23:27 - 00101112 _____ (Symantec Corporation) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
2016-07-01 08:35 - 2015-06-10 23:27 - 00008270 _____ C:\windows\system32\Drivers\SYMEVENT64x86.CAT
2016-06-24 16:27 - 2012-07-31 19:30 - 00000000 ____D C:\Users\Jon\AppData\Roaming\Dropbox
2016-06-21 14:15 - 2012-11-29 18:38 - 02889216 ___SH C:\Users\Jon\Desktop\Thumbs.db
2016-06-20 22:08 - 2014-12-07 16:57 - 00000000 ____D C:\Users\Jon\Desktop\Music to transfer
2016-06-19 19:15 - 2012-04-22 15:33 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

==================== Files in the root of some directories =======

2014-11-20 21:06 - 2014-11-20 21:06 - 0001915 _____ () C:\Users\Jon\AppData\Roaming\SAS7_000.DAT
2012-11-24 12:38 - 2012-11-24 12:38 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-05-09 14:37 - 2012-11-24 12:34 - 0008016 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\Jon\AppData\Local\Temp\ImageViewer4.exe
C:\Users\Jon\AppData\Local\Temp\ose00000.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-06-28 20:21

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-07-2016
Ran by Jon (2016-07-03 17:50:52)
Running from C:\Users\Jon\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2012-05-10 06:06:35)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

7C67FBA2BB3D4386B201 (S-1-5-21-1586536999-29697831-1294094069-1003 - Limited - Enabled)
Administrator (S-1-5-21-1586536999-29697831-1294094069-500 - Administrator - Disabled)
Guest (S-1-5-21-1586536999-29697831-1294094069-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1586536999-29697831-1294094069-1002 - Limited - Enabled)
Jon (S-1-5-21-1586536999-29697831-1294094069-1000 - Administrator - Enabled) => C:\Users\Jon

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton 360 Premier (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 Premier (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton 360 Premier (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Ableton Live 8 (HKLM-x32\...\{3CBF4CD3-9370-44A0-B464-A21E588DD122}) (Version: 8.0.0.0 - Ableton)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.4.402.278 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.16) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.16 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}) (Version: 6.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BrowserSafeguard with RocketTab (HKLM-x32\...\Browsersafeguard) (Version:  - Browsersafeguard) <==== ATTENTION
calibre (HKLM-x32\...\{D9A85F14-FFA5-40B1-8402-80D510D48D01}) (Version: 1.8.0 - Kovid Goyal)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.04072 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.04072 - Cisco Systems, Inc.) Hidden
Cisco WebEx Meetings (HKU\S-1-5-21-1586536999-29697831-1294094069-1000\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 13.4.300.10 - Citrix Systems, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Digidesign Pro Tools M-Powered Essential 8.0.2 (HKLM-x32\...\{FE8CD9C9-7650-4B8D-928A-85D6CAB6CA59}) (Version: 8.0.2 - Digidesign, A Division of Avid Technology, Inc.)
DNE Update (HKLM\...\{CE057713-FF03-49E6-A0B5-EF102C80117F}) (Version: 4.9.1.18389 - Deterministic Networks, Inc.)
Dragon NaturallySpeaking 13 (HKLM-x32\...\{33EA20FB-5389-4938-BA59-2BCD9BB68F41}) (Version: 13.00.000 - Nuance Communications Inc.)
Dropbox (HKU\S-1-5-21-1586536999-29697831-1294094069-1000\...\Dropbox) (Version: 5.4.24 - Dropbox, Inc.)
Edimax Wireless LAN (HKLM-x32\...\{B63CCD1C-A133-4DF8-8306-DA0387231152}) (Version: 1.00.0205.2 - Edimax Technology Co.)
EndNote X5 (HKLM-x32\...\{86B3F2D6-AC2B-0015-8AE1-F2F77F781B0C}) (Version: 15.0.0.5478 - Thomson Reuters)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 6.0.2.1 - Lenovo)
Energy Management (x32 Version: 6.0.2.1 - Lenovo) Hidden
Fast Track (HKLM-x32\...\{3A1D9EDD-1284-4A0F-9B6F-512DCF5ED9D5}) (Version: 5.10.00.5128v4 - M-Audio)
FredV2Step3 (HKLM-x32\...\{944B3A84-C728-487E-8306-CD3B52092B34}) (Version: 1.00.0000 - USMLE)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet 6700 Basic Device Software (HKLM\...\{C0CA6788-386E-4BE1-B214-629E746A5302}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
HP Officejet 6700 Help (HKLM-x32\...\{50DA41E2-0701-43E2-A8BB-FAA0CB64B28B}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IBM SPSS Statistics 21 (HKLM\...\{1E26B9C2-ED08-4EEA-83C8-A786502B41E5}) (Version: 21.0.0.0 - IBM Corp)
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2342 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{25FBDA9A-E868-4B3B-B9FF-D923818511A1}) (Version: 14.2.0000 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel(R) Wireless Display (HKLM-x32\...\{F84906ED-BB54-4889-B131-FED9C9056FC8}) (Version: 2.0.27.0 - Intel Corporation)
Interlok driver setup x64 (HKLM\...\{25613C10-27D2-410B-942B-D922D5C3A7BE}) (Version: 5.8.10 - PACE Anti-Piracy)
iTunes (HKLM\...\{0E5D76AD-A3FB-48D5-8400-8903B10317D3}) (Version: 11.0.1.12 - Apple Inc.)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
JavaFX 2.1.0 (HKLM-x32\...\{1111706F-666A-4037-7777-210328764D10}) (Version: 2.1.0 - Oracle Corporation)
join.me (HKU\S-1-5-21-1586536999-29697831-1294094069-1000\...\JoinMe) (Version: 1.5.2.214 - LogMeIn, Inc.)
Juniper Citrix Services Client (HKU\S-1-5-21-1586536999-29697831-1294094069-1000\...\Juniper_Citrix_Services) (Version: 8.0.11.36363 - Juniper Networks)
Juniper Networks Network Connect 7.1.0 (HKLM-x32\...\Juniper Network Connect 7.1.0) (Version: 7.1.0.20169 - Juniper Networks)
Juniper Networks Network Connect 7.4.0 (HKLM-x32\...\Juniper Network Connect 7.4.0) (Version: 7.4.0.30667 - Juniper Networks)
Juniper Networks Network Connect 8.0 (HKLM-x32\...\Juniper Network Connect 8.0) (Version: 8.0.11.36363 - Juniper Networks)
Juniper Networks Secure Application Manager (HKLM-x32\...\Neoteris_Secure_Application_Manager) (Version: 8.0.11.36363 - Juniper Networks)
Juniper Networks Setup Client (HKU\S-1-5-21-1586536999-29697831-1294094069-1000\...\Juniper_Setup_Client) (Version: 8.0.11.56747 - Juniper Networks)
Juniper Networks, Inc. Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.8000 - Broadcom Corporation)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}) (Version: 1.11.0209.1 - Lenovo EasyCamera)
Lenovo EE Boot Optimizer (HKLM\...\Lenovo EE Boot Optimizer) (Version: 0.0.1.5 - Lenovo)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1628 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.1628 - CyberLink Corp.) Hidden
Lenovo Service Bridge (HKU\S-1-5-21-1586536999-29697831-1294094069-1000\...\dda9ca0b023f4c56) (Version: 1.6.3.5 - Lenovo)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3603 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 3.1.3603 - CyberLink Corp.) Hidden
Macromedia Dreamweaver 8 (HKLM-x32\...\{0837A661-FEC3-48B3-876C-91E7D32048A9}) (Version: 8.0.0.2734 - Macromedia)
Macromedia Extension Manager (HKLM-x32\...\{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}) (Version: 1.7.240 - Macromedia, Inc.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 40.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
Mozy Sync (HKLM\...\{95DB05B2-371B-3957-A65A-7CD9433701AD}) (Version: 1.3.1.4068 - Mozy, Inc.)
MozyHome (HKLM\...\{81D29D4E-9658-BB63-D879-E6A625C01364}) (Version: 2.28.2.432 - Mozy, Inc.)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MuseScore 1.2 MuseScore score typesetter (HKLM-x32\...\MuseScore) (Version: 1.2.0 - Werner Schweer and Others)
Norton 360 Premier (HKLM-x32\...\N360) (Version: 22.7.0.76 - Symantec Corporation)
Onekey Theater (HKLM-x32\...\InstallShield_{D4B060B9-AD4A-4152-9D99-28B93C615AFE}) (Version: 2.0.2.7 - Lenovo)
Onekey Theater (x32 Version: 2.0.2.7 - Lenovo) Hidden
Online Plug-in (x32 Version: 13.4.300.10 - Citrix Systems, Inc.) Hidden
ooVoo (HKLM-x32\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 2.2.4.25 - ooVoo LLC.)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.7303 - CyberLink Corp.)
Python 2.7.3 (HKLM-x32\...\{C0C31BCC-56FB-42A7-8766-D29E1BD74C7C}) (Version: 2.7.3150 - Python Software Foundation)
qBittorrent 3.1.3 (HKLM-x32\...\qbittorrent) (Version: 3.1.3 - The qBittorrent project)
QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.21.531.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6505 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10008 - Realtek Semiconductor Corp.)
ResearchSoft Direct Export Helper (HKLM-x32\...\ResearchSoft Direct Export Helper) (Version:  - )
ScorpionSaver (HKLM-x32\...\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}) (Version: 1.0.0.0 - Adpeak, Inc.) <==== ATTENTION
ScorpionSaver Services (HKLM\...\{6E810AB6-F34E-49A3-A93F-9E503660F718}) (Version: 1.0.0.0 - Adpeak, Inc.) <==== ATTENTION
Self-service Plug-in (x32 Version: 3.4.300.43589 - Citrix Systems, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.101 - Skype Technologies S.A.)
SRS Control Panel (HKLM\...\{25EE6AF4-8FD6-4E09-AD9B-3ACC0B81D902}) (Version: 1.11.4800 - SRS Labs, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.7.0 - Synaptics Incorporated)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.6 - Lenovo)
UserGuide (x32 Version: 1.0.0.6 - Lenovo) Hidden
VeriFace (HKLM-x32\...\VeriFace) (Version: 4.0.0.1206 - Lenovo)
VSFilter 2.41.322 (0c3a1ea) Nightly (HKLM-x32\...\vsfilter_is1) (Version: 2.41.322 - MPC-HC Team)
Windows Driver Package - Lenovo (ACPIVPC) System  (12/02/2010 6.1.0.1) (HKLM\...\EA12B1FB53CE4E387C31A85236C41EF559B5E392) (Version: 12/02/2010 6.1.0.1 - Lenovo)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinZip 15.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BE}) (Version: 15.0.9302 - WinZip Computing, S.L. )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1586536999-29697831-1294094069-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Jon\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1586536999-29697831-1294094069-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1586536999-29697831-1294094069-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1586536999-29697831-1294094069-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1586536999-29697831-1294094069-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1586536999-29697831-1294094069-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1586536999-29697831-1294094069-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1586536999-29697831-1294094069-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1586536999-29697831-1294094069-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1586536999-29697831-1294094069-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1586536999-29697831-1294094069-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Jon\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2575B262-CDD6-408B-8818-03BEC587BF3A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {284E170B-6D84-4C8A-8D6D-297E182D7B7C} - System32\Tasks\{D322CD7E-30F7-4941-878E-D6FD9DDBA1A4} => pcalua.exe -a "C:\Users\Jon\Downloads\OnCallSetup (1).exe" -d C:\Users\Jon\Downloads
Task: {2FF177AD-CA7C-4023-BB46-ECE607AA0521} - System32\Tasks\{51C73349-27F8-4227-BEBD-3BC5DE78951C} => pcalua.exe -a "C:\Users\Jon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PDK2THC2\cisco_vpnclient_5_0_05_0290.EXE" -d C:\Users\Jon\Desktop
Task: {36D38556-D7BB-4954-84C4-9727E4529F8B} - System32\Tasks\{62B7A7AE-922B-4C00-94F9-0E45F712B6F1} => pcalua.exe -a C:\Users\Jon\Desktop\Temporary\Fast_Track_USB_Installer_5_10_0_5128v4.exe -d C:\Users\Jon\Desktop\Temporary
Task: {44630D2F-7294-48C0-9741-B019496EED26} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\SymErr.exe [2016-05-23] (Symantec Corporation)
Task: {4593C08A-23F0-4927-86E4-28778A30C5A6} - System32\Tasks\{57387CBE-B59C-4E69-8F54-76AA0EFF5327} => pcalua.exe -a C:\Users\Jon\Downloads\cisco_vpnclient_5_0_05_0290.EXE -d C:\Users\Jon\Downloads
Task: {53569D9D-6845-49BE-AD02-562E3E061007} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {593935E7-161C-40C7-93DA-9C30F84BA059} - System32\Tasks\{E48B69F2-6054-418F-AD31-71DE0646258A} => pcalua.exe -a C:\Users\Jon\Downloads\OnCallSetup.exe -d C:\Users\Jon\Downloads
Task: {616C28F9-D72F-4C32-9C98-4998855F0555} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\WSCStub.exe [2016-06-16] (Symantec Corporation)
Task: {82276F44-6B0A-4897-A3C4-36BD402DDD25} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton 360 Premier\Upgrade.exe [2016-06-16] (Symantec Corporation)
Task: {921F78B4-1A3A-4E64-81DD-1FF621C9E63A} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2010-12-04] (CyberLink)
Task: {A27CDB4C-508D-4DD0-AB4D-4522819DE608} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1586536999-29697831-1294094069-1000UA => C:\Users\Jon\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-21] (Dropbox, Inc.)
Task: {BCA70F6B-C46A-4E8D-A1F7-D7665FE66C22} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-1586536999-29697831-1294094069-1000 => Rundll32.exe dfshim.dll,ShOpenVerbShortcut C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Lenovo Service Bridge.appref-ms
Task: {CC755630-1DC5-4AB7-8093-51ED6DDE5CB8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {E06D044C-700B-4791-9D44-8C46D5BAC51D} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\SymErr.exe [2016-05-23] (Symantec Corporation)
Task: {EA4726D8-D68A-46DD-AB3B-16FF13EE6388} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1586536999-29697831-1294094069-1000Core => C:\Users\Jon\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-21] (Dropbox, Inc.)
Task: {F25F2940-D2F9-4DB8-B114-CCF01B6EF3DD} - System32\Tasks\{1C56FE80-E45E-4B6E-980D-211BF1E372D9} => pcalua.exe -a C:\Users\Jon\Downloads\PennMedicinePulseVPN.exe -d C:\Users\Jon\Desktop

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1586536999-29697831-1294094069-1000Core.job => C:\Users\Jon\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1586536999-29697831-1294094069-1000UA.job => C:\Users\Jon\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2010-11-11 06:42 - 2010-11-11 06:42 - 00202144 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect64.dll
2010-11-11 06:44 - 2010-11-11 06:44 - 00156576 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll64.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-04-22 15:23 - 2012-04-22 15:23 - 01502720 _____ () C:\windows\system32\IcnOvrly.dll
2012-04-22 15:23 - 2012-04-22 15:23 - 00622592 _____ () C:\windows\system32\SimpleExt.dll
2011-07-27 16:07 - 2011-07-27 16:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2016-02-16 18:59 - 2013-05-15 16:27 - 00096768 _____ () C:\Program Files (x86)\Edimax\Edimax Wireless LAN\WPSService20.exe
2011-04-13 23:01 - 2011-03-25 05:28 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-07-27 16:07 - 2011-07-27 16:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2008-12-19 23:20 - 2012-04-22 15:37 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2008-12-19 23:20 - 2012-04-22 15:37 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2012-04-22 15:26 - 2012-04-22 15:26 - 00100256 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
2013-10-10 17:48 - 2013-10-10 17:48 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2012-11-28 15:13 - 2012-11-28 15:13 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-11-28 15:13 - 2012-11-28 15:13 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-11-11 06:38 - 2010-11-11 06:38 - 00161696 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll
2010-11-11 06:39 - 2010-11-11 06:39 - 00133024 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll
2016-06-19 19:14 - 2016-06-15 05:15 - 01745560 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libglesv2.dll
2016-06-19 19:14 - 2016-06-15 05:15 - 00091288 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libegl.dll
2016-06-19 19:14 - 2016-06-15 05:15 - 17599640 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Microsoft:cf3BFqf7g79MM0lm [2160]
AlternateDataStreams: C:\ProgramData\Microsoft:pRmheSYvlSZTM8n8KWzK3 [2254]
AlternateDataStreams: C:\ProgramData\Temp:0FF263E8 [340]
AlternateDataStreams: C:\Users\Jon\Cookies:40osDOhNlUBO1BIN4tcy8tTzU [2302]
AlternateDataStreams: C:\Users\Jon\Cookies:GN8u9snwcrfF1cl3jOBAye5m [2220]
AlternateDataStreams: C:\Users\Jon\Local Settings:rBAZmbgEgqJC57PlLcFsoyh0jMi [2126]
AlternateDataStreams: C:\Users\Jon\AppData\Local:rBAZmbgEgqJC57PlLcFsoyh0jMi [2126]
AlternateDataStreams: C:\Users\Jon\AppData\Local\Application Data:rBAZmbgEgqJC57PlLcFsoyh0jMi [2126]
AlternateDataStreams: C:\Users\Jon\AppData\Local\Temp:BgyUZUvWqBsQYi8ZFG1NQO4c [2404]
AlternateDataStreams: C:\Users\Jon\AppData\Local\Temp:jxKhEOyuVIyYBU6j9Aj1CgwjB [2612]
AlternateDataStreams: C:\Users\Jon\AppData\Local\Temp:riMUZ4E5GfQ3IDmxt78SpEtr [1992]
AlternateDataStreams: C:\Users\Jon\AppData\Local\Temp:rwR3WbyrUCHGCFMKUE21XV7wX [2572]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1586536999-29697831-1294094069-1000\...\bioservers.org -> hxxp://www.bioservers.org
IE trusted site: HKU\S-1-5-21-1586536999-29697831-1294094069-1000\...\jhsph.edu -> hxxps://statepiaps.jhsph.edu

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2016-06-24 18:32 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1586536999-29697831-1294094069-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Jon^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
MSCONFIG\startupreg: CitrixReceiver => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
MSCONFIG\startupreg: ConnectionCenter => "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
MSCONFIG\startupreg: Dropbox Update => "C:\Users\Jon\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
MSCONFIG\startupreg: ISUSPM => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
MSCONFIG\startupreg: MobileAppSync => "C:\Program Files (x86)\Mobile App Sync\D2MClient.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: VeriFaceManager => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{811FCE89-06AE-4DA4-877A-D9F081D097DA}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel Wireless Display\WiDiApp.exe
FirewallRules: [{2A3C4040-11CC-467E-A020-B5B23936F6DF}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{E859223C-1344-4355-86D3-987FC655AE13}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{E8A8C664-E90F-4553-A0AD-01BB26953E10}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{6A649EB1-F752-41B0-8774-C6DBF5A6CD66}] => (Allow) LPort=2869
FirewallRules: [{F5E8D0D0-85FE-4BC8-905F-084A805B449C}] => (Allow) LPort=1900
FirewallRules: [{B0673C85-F1B7-4796-BC46-372D7EBB0335}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{81547268-9349-4D4E-A48F-542F67D39C10}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{FE2BCAD1-664B-4A4B-ACE5-DA4E597784C3}] => (Allow) C:\Users\Jon\AppData\Local\Temp\HP\OJ4500vG510n-z_Full_13_en\setup\hpznui40.exe
FirewallRules: [{7A779B23-1852-412E-A371-E676D95DB2E4}] => (Allow) C:\Users\Jon\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{192076A5-133E-4C74-ABC4-876C39B2F383}] => (Allow) C:\Users\Jon\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{0A09C46A-6544-468B-9184-83D902A894D1}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\DeviceSetup.exe
FirewallRules: [{AC9EC7A7-AA9B-433C-999B-0D003F1C79C2}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe
FirewallRules: [{70EDCC67-C829-4778-9EF7-29CD6CEB83F4}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{D8752022-3822-4BA4-9F23-CAC23DA75FC0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{43DC8ADF-D93C-4923-B7B8-80F2B29F2C85}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{053E5FA6-5A4E-4D93-98A4-8FAF74C0A8E5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7DC797CC-7AF8-47B3-81F2-DC4D1FC604C3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EE5E6E66-72E3-4BA7-99DF-C46027980D35}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{5C21CF8B-8CB1-4DA1-95AE-246FB0D387AB}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\21\stats.exe
FirewallRules: [{815A0412-0DA4-4B03-8482-C9DDFF45A407}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\21\WinWrapIDE.exe
FirewallRules: [{CA7119D9-CCC8-42B8-AA68-0FD246784251}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\21\stats.com
FirewallRules: [{147DBABE-6032-4589-B56F-222231007AF0}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\21\stats.exe
FirewallRules: [{2174246E-8173-4D2E-A740-2F7716CA2A52}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\21\WinWrapIDE.exe
FirewallRules: [{D88213B5-C12D-408D-90FB-D21AA8657D87}] => (Allow) C:\Program Files\IBM\SPSS\Statistics\21\stats.com
FirewallRules: [TCP Query User{6B5AA8A2-A3C6-40DD-B9B4-762AB1F0C4E7}C:\users\jon\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\jon\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{846A9F02-A3E7-41EE-9658-FAF11710AC06}C:\users\jon\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\jon\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{C282E245-A5A2-4E29-9459-8FD6226A5A62}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{0EB2388F-E9FE-4DBB-8B5F-D8C8943AF16A}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{18DBA301-07E7-401B-AA78-47696DDB8A2E}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{759BCA42-86EA-439C-B06E-E54D5A385E66}] => (Allow) LPort=51001
FirewallRules: [{21684B86-125D-4503-9978-B744243EBFF2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0A893491-5987-4EE1-8D35-20B821CC0574}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1D8C60C7-4C9A-45E4-8862-C302AF907C61}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{0EDA51EF-C4BC-4FB9-A05B-A2ECB85D6AD2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

29-06-2016 00:00:00 Scheduled Checkpoint
01-07-2016 19:25:57 Windows Update
02-07-2016 12:07:54 Windows Update

==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Broadcom Bluetooth 2.1 USB
Description: Broadcom Bluetooth 2.1 USB
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Broadcom
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/03/2016 05:08:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/03/2016 05:07:18 PM) (Source: DNS logging) (EventID: 0) (User: )
Description: Logger: Socket error: 10054

Error: (07/03/2016 05:03:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5024

Error: (07/03/2016 05:03:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5024

Error: (07/03/2016 05:03:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/03/2016 05:03:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4025

Error: (07/03/2016 05:03:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4025

Error: (07/03/2016 05:03:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/03/2016 05:03:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3011

Error: (07/03/2016 05:03:27 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3011


System errors:
=============
Error: (07/03/2016 05:09:54 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (07/03/2016 05:09:42 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

Error: (07/03/2016 04:17:24 PM) (Source: DCOM) (EventID: 10016) (User: Jon-PC)
Description: machine-defaultLocalActivation{000C101C-0000-0000-C000-000000000046}{000C101C-0000-0000-C000-000000000046}Jon-PCJonS-1-5-21-1586536999-29697831-1294094069-1000LocalHost (Using LRPC)

Error: (07/03/2016 03:52:26 PM) (Source: DCOM) (EventID: 10016) (User: Jon-PC)
Description: machine-defaultLocalActivation{000C101C-0000-0000-C000-000000000046}{000C101C-0000-0000-C000-000000000046}Jon-PCJonS-1-5-21-1586536999-29697831-1294094069-1000LocalHost (Using LRPC)

Error: (07/03/2016 01:35:04 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (07/03/2016 01:34:03 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for DeleteFlag with the following error: 
%%5 = Access is denied.


Error: (07/03/2016 01:34:03 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for DeleteFlag with the following error: 
%%5 = Access is denied.


Error: (07/03/2016 01:31:24 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (07/03/2016 01:31:04 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

Error: (07/03/2016 01:30:01 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: 
%%2 = The system cannot find the file specified.

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz
Percentage of memory in use: 35%
Total physical RAM: 8106.14 MB
Available physical RAM: 5221.07 MB
Total Virtual: 16210.46 MB
Available Virtual: 13282.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:421.81 GB) (Free:251.85 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:26.26 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 93296C60)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=421.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=14.8 GB) - (Type=12)

==================== End of Addition.txt ============================

 

 

Link to post
Share on other sites

adwcleaner_new.png Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your Desktop.

  • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan.
  • When finished, please click Cleaning.
  • Your PC should reboot now.
  • After reboot, logfile will be opened. Copy its content into your next reply.

Note: Reports will be saved in your system partition, usually at C:\Adwcleaner

 

 

51a612a8b27e2-Zoek.png Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    createsrpoint;
    autoclean;
    emptyclsid;
    emptyalltemp;
    ipconfig /flushdns >>"%temp%\log.txt";b
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Upload it in your next reply.

 

Link to post
Share on other sites

Part 1: Adwcleaner (copied and attached) -

 

# AdwCleaner v5.201 - Logfile created 04/07/2016 at 13:57:20
# Updated 30/06/2016 by ToolsLib
# Database : 2016-07-04.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Jon - JON-PC
# Running from : C:\Users\Jon\Desktop\AdwCleaner.exe
# Option : Clean
# Support : https://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\Partner
[#] Folder Deleted : C:\ProgramData\Application Data\Partner
[-] Folder Deleted : C:\Users\Jon\AppData\Local\Browsersafeguard
[-] Folder Deleted : C:\Program Files\Level Quality Watcher

***** [ Files ] *****

[-] File Deleted : C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\agp6acug.default-1385335376492\searchplugins\safesearch.xml
[-] File Deleted : C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_trytoseeitmyway.com_0.localstorage
[-] File Deleted : C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_trytoseeitmyway.com_0.localstorage-journal
[-] File Deleted : C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
[-] File Deleted : C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
[-] File Deleted : C:\windows\SysNative\AdpeakProxy.ini
[-] File Deleted : C:\windows\SysNative\AdpeakProxy64.dll
[-] File Deleted : C:\windows\SysNative\AdpeakProxyOff.ini

***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\PCProxy.DataContainer
[-] Key Deleted : HKLM\SOFTWARE\Classes\PCProxy.DataContainer.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\PCProxy.DataController
[-] Key Deleted : HKLM\SOFTWARE\Classes\PCProxy.DataController.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\PCProxy.DataStatistics
[-] Key Deleted : HKLM\SOFTWARE\Classes\PCProxy.DataStatistics.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\PCProxy.DataTable
[-] Key Deleted : HKLM\SOFTWARE\Classes\PCProxy.DataTable.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\PCProxy.DataTableFields
[-] Key Deleted : HKLM\SOFTWARE\Classes\PCProxy.DataTableFields.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\PCProxy.DataTableHolder
[-] Key Deleted : HKLM\SOFTWARE\Classes\PCProxy.DataTableHolder.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\PCProxy.LSPLogic
[-] Key Deleted : HKLM\SOFTWARE\Classes\PCProxy.LSPLogic.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\PCProxy.ProxyChecks
[-] Key Deleted : HKLM\SOFTWARE\Classes\PCProxy.ProxyChecks.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\PCProxy.ReadOnlyManager
[-] Key Deleted : HKLM\SOFTWARE\Classes\PCProxy.ReadOnlyManager.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\PCProxy.WatchDog
[-] Key Deleted : HKLM\SOFTWARE\Classes\PCProxy.WatchDog.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\PCProxy.WFPController
[-] Key Deleted : HKLM\SOFTWARE\Classes\PCProxy.WFPController.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.Protector
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9DC8FA51-B596-4F77-802C-5B295919C205}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3E28F712-0D6C-4EE3-AC8C-8F060F5D7C33}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EEBC7FF-67DA-4B90-9251-C2C5696E4B48}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{74137531-80F7-406F-9543-7D11385FA8C8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{832599B2-55BF-4437-8F3E-030CF5AEB262}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9B7B034B-944A-4261-B487-862F642F7615}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE91F9CE-0900-4E2A-B673-F3F6E4FC54D9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD67706E-819E-4EBD-BF8D-6D6147CC7A49}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22511E2E-7970-414E-BC7C-28D16C4AF54D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C5311E-016D-4999-BCB1-499898429D6C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2C4B6DB8-6413-403B-A038-16A352CFE8B9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{46803190-228D-470E-90FE-F5E0CEA9C4F2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5180FE16-2E09-497B-9C8B-5A6F029ECECB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A4F6E1B3-469E-46EF-A936-FBA9D5EFD2B9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C97AF157-6A27-4F57-9D47-E2D3E4761B77}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED0D2C81-7DB5-4599-B7C0-1033418B5672}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowserSafeGuard
[-] Key Deleted : [x64] HKLM\SOFTWARE\LevelQualityWatcher
[-] Key Deleted : [x64] HKLM\SOFTWARE\Scorpion Saver
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6E810AB6-F34E-49A3-A93F-9E503660F718}
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\Scorpion Saver
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\6BA018E6E43F3A949AF3E90563067F81
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\6BA018E6E43F3A949AF3E90563067F81
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\070C83CAC0BBFE455B6212FB4397793C
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1C19AC53289098045B06B0DD1D37CBAB
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23D9E9D21B4E77E41B9F50DD22F24E20
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23EEA1F105A7F45449974D9B95E7AC89
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26982796A8AFD1246B95E00265A95BF9
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2A498D792D0AD2F4DADF03B3C066122B
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\32DA746012E6D4F488AAD113D6FA4A44
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\382E585E62B6F595CB727CEBAB9E48A0
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3B786268CB4A7F156A3BDF6701444F22
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3FB1AAC4382437047A03618BF727B859
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42D92D0D75AFEF74297E03876C8D9D33
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4D2EB987C8C8A46578D4943D5A9A1467
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50FFE845C555A6E4BADB7CB7A145BFEB
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6FB4398202577895B83B74B08F79C3A2
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\715A3348920B6534690067594BB69F60
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7617C782A0FD4D15288CD4E4ECF84C67
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7AB2AE85638F6255CA2F35481D3A8828
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B7B13B037A7C2A42AC3E3EAF14D7107
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D05B2942E9CC80499F397F6114DFB35
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8591B8948E1C4A04F90505B3CDEE8555
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D841C5FEC311624CB88D49DB3884FA7
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9BBBCEE5468FF9C569B1F7A24F6ED3D8
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A1A8F5D2D938A495DBE3BC97E2BC5FA3
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD746BF3B3B3FD8409B86604BA85982A
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C697F962E048A434B8AE269E702964C8
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D2E5AC6B3591558529A290643010F81B
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5E8CD27C9B1C435AAB81D8619DCEFE3
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F355F0DB7A2E3A14B8E7A568FBA25937
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6BA018E6E43F3A949AF3E90563067F81
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}

***** [ Web browsers ] *****


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [10112 bytes] - [04/07/2016 13:57:20]
C:\AdwCleaner\AdwCleaner[S1].txt - [10035 bytes] - [04/07/2016 13:55:25]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [10260 bytes] ##########
 

AdwCleaner[C1].txt

Link to post
Share on other sites

Part 2: Zoek (copied and attached) -

 


Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by Jon on Mon 07/04/2016 at 14:02:25.03.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Jon\Desktop\zoek.exe [Scan all users] [Script inserted] 

==== System Restore Info ======================

7/4/2016 2:07:14 PM Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\PROGRA~2\InterLok deleted successfully
C:\PROGRA~2\Lenovo Games deleted successfully
C:\PROGRA~2\Malwarebytes' Anti-Malware deleted successfully
C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~3\Lenovo Games deleted successfully
C:\PROGRA~3\PCSettings deleted successfully
C:\Users\Jon\AppData\Roaming\Malwarebytes deleted successfully
C:\Users\Jon\AppData\Roaming\TeamViewer deleted successfully
C:\Users\Jon\AppData\Local\calibre-cache deleted successfully
C:\Users\Jon\AppData\Local\LenovoServiceBridge deleted successfully
C:\Users\MyApp\AppData\Local\VirtualStore deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1586536999-29697831-1294094069-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6D53EC84-6AAE-4787-AEEE-F4628F01010C} deleted successfully
HKEY_USERS\S-1-5-21-1586536999-29697831-1294094069-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6D53EC84-6AAE-4787-AEEE-F4628F01010C} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{6D53EC84-6AAE-4787-AEEE-F4628F01010C} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Batch Command(s) Run By Tool======================


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

==== Deleting Files \ Folders ======================

C:\PROGRA~2\InterLok not found
C:\PROGRA~2\Lenovo Games not found
"c:\windows\Installer\a6dc23.msi" not found
C:\Users\Jon\AppData\Roaming\calibre deleted
C:\PROGRA~3\OneKey Recovery deleted
C:\Users\Jon\F3C1DE9E5E164BA9B8547B53A45E3579.TMP deleted
C:\windows\Installer\{6E810AB6-F34E-49A3-A93F-9E503660F718} deleted
C:\Users\Jon\Downloads\Addendum INITIAL APP Bundle (1).pdf deleted
C:\Users\Jon\Downloads\Addendum INITIAL APP Bundle.pdf deleted
C:\windows\wininit.ini deleted
C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\agp6acug.default-1385335376492\jetpack deleted
"C:\windows\Installer\708847.msi" deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\agp6acug.default-1385335376492
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.search.defaultenginename.US", "Google");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{C1A2A613-35F1-4FCF-B27F-2840527B6556}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFAddon" [07/01/2016 02:03 PM]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{C1A2A613-35F1-4FCF-B27F-2840527B6556}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFAddon" [07/01/2016 02:03 PM]

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Skype - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\agp6acug.default-1385335376492
4DEEF5125602885EE00243EC3D18E68D    - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll -    Shockwave Flash
01815AF8A63F6DD5FF0AA94AA6E5FD23    - C:\Users\Jon\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll -    Google Talk Plugin
5C075DC43D9BF0230DFB049C1ADC75F4    - C:\Users\Jon\AppData\Roaming\Mozilla\plugins\npo1d.dll -    Google Talk Plugin Video Renderer
595AC36B25E33791A54E4A72F2AEAB10    - C:\Users\Jon\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll -    Google Talk Plugin Video Accelerator
EA0BE0B714604B706E37ED8EBAE0D89C    - C:\Users\Jon\AppData\Roaming\Mozilla\plugins\npatgpc.dll -    ActiveTouch General Plugin Container


==== Chromium Look ======================

Google Chrome Version: 46.0.2490.86

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
cjabmdjcfcfdmffimndhafhblfmpjdpe - C:\Program Files (x86)\Norton 360\Engine\22.7.0.76\Exts\Chrome.crx[05/31/2016 04:19 AM]
iikflkcanblccfahdhdonehdalibjnif - No path found[]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[05/25/2016 10:31 AM]

Norton Security Toolbar - Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe
Norton Identity Safe - Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif
Skype - Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Norton Identity Safe - MyApp\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif
Skype - MyApp\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl

==== Chromium Fix ======================

C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_toolbar.yahoo.com_0.localstorage deleted successfully
C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_toolbar.yahoo.com_0.localstorage-journal deleted successfully
C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.saveur.com_0.localstorage deleted successfully
C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.saveur.com_0.localstorage-journal deleted successfully
C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ad-s2.media6degrees.com_0.localstorage deleted successfully
C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ad-s2.media6degrees.com_0.localstorage-journal deleted successfully
C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ad.doubleclick.net_0.localstorage deleted successfully
C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ad.doubleclick.net_0.localstorage-journal deleted successfully
C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ads.spotible.com_0.localstorage deleted successfully
C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ads.spotible.com_0.localstorage-journal deleted successfully
C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_adserver.adtechus.com_0.localstorage deleted successfully
C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_adserver.adtechus.com_0.localstorage-journal deleted successfully
C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_adservices.picadmedia.com_0.localstorage deleted successfully
C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_adservices.picadmedia.com_0.localstorage-journal deleted successfully
C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.bringhub.com_0.localstorage deleted successfully
C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.bringhub.com_0.localstorage-journal deleted successfully
C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.cmptch.com_0.localstorage deleted successfully
C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.cmptch.com_0.localstorage-journal deleted successfully
C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.foodity.com_0.localstorage deleted successfully
C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.foodity.com_0.localstorage-journal deleted successfully
C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfully
C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully
C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully
C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully
C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d10lpsik1i8c69.cloudfront.net_0.localstorage deleted successfully
C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d10lpsik1i8c69.cloudfront.net_0.localstorage-journal deleted successfully
C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d22j4fzzszoii2.cloudfront.net_0.localstorage deleted successfully
C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d22j4fzzszoii2.cloudfront.net_0.localstorage-journal deleted successfully
C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_dsms0mj1bbhn4.cloudfront.net_0.localstorage deleted successfully
C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_dsms0mj1bbhn4.cloudfront.net_0.localstorage-journal deleted successfully
C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_services1.capitalone.com_0.localstorage deleted successfully
C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_services1.capitalone.com_0.localstorage-journal deleted successfully
C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_services2.capitalone.com_0.localstorage deleted successfully
C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_services2.capitalone.com_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.com/?gws_rd=ssl"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.com/?gws_rd=ssl"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
HKLM\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
HKLM\Wow6432Node\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
HKCU\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\201498728B43EBC44B401A237E795E05 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3A9F56B942D9A2546BFE41756DE52495 deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{27894102-34B8-4CBE-B404-A132E797E550} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9B65F9A3-9D24-452A-B6EF-1457D65E4259} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\201498728B43EBC44B401A237E795E05 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\3A9F56B942D9A2546BFE41756DE52495 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileAppSync deleted successfully

==== Empty IE Cache ======================

C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Jon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Jon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Jon\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Jon\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\MyApp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Jon\AppData\Local\Mozilla\Firefox\Profiles\agp6acug.default-1385335376492\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\MyApp\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=88 folders=11 18134171 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Jon\AppData\Local\Temp will be emptied at reboot
C:\Users\MyApp\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\windows\Temp successfully emptied
C:\Users\Jon\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

==== EOF on Mon 07/04/2016 at 14:30:46.55 ======================
 

zoek-results.txt

Link to post
Share on other sites

FRST.gif Scan with Farbar Recovery Scan Tool
 
Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.


Please upload them into your next reply.

Link to post
Share on other sites

FRST.gif Fix with Farbar Recovery Scan Tool

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif


icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finishes FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

 

 

 

mbam-old.png Uninstall outdated Malwarebytes' Anti-Malware

Please download MBAM-clean and save it to your desktop.

  • Right-click on mbam-clean.exe icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • It will ask you to reboot the machine - please do so.

After that follow my next instructions to download & install the newset MBAM version.

51a46ae42d560-malwarebytes_anti_malware. Scan with Malwarebytes' Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.

  • Install the progam and select update.
  • Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
  • In the same tab, under PUP and PUM detections make sure it is set to Treat detections as malware.
  • Click the Scan tab, choose Threat Scan is checked and click Start Scan.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • At the bottom click Export and choose Text file.


Save the file to your desktop and include its content in your next reply.

fixlist.txt

Link to post
Share on other sites

Since there are no more problems, we can declare this PC clean thumbs_up_smiley.gif

Now, we can proceed with post-cleanup procedures. Let's remove my tools and create a new, non infected restore point concurrently deleting old ones.


Step 1. - Creation of system restore point and tools removal.


Download DelFix by Xplode and save it to your desktop.

  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings

  • Push Run and wait until the tool completes his work.
  • All tools we used should be gone. Tool will create an report for you (C:\DelFix.txt). I don't need it for review.


Tool deletes old system restore points and creates a fresh system restore point after cleaning.


Step 2. - Tips and tricks to keep your computer clean, safe and in a good shape.


Security tips - highly recommended reading:


Maintenance tips:


Additional software that I personally use and install on all my clients devices:

  • Malwarebytes' Anti-Malware(paid version highly recommended) - to scan your system from time to time in search for malware.
  • Malwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.
  • McShield - to prevent infections spread by removable media.
  • Unchecky - to prevent from installing additional foistware, implemented in legitimate installations.
  • CryptoPrevent - tool for protection against Cryptolocker and similar ransomware infections.
  • Adblock - to surf the web without annoying ads!
  • Qualys BrowserCheck - cloud service that scans your browsers and plugins to see if they’re all up-to-date.

My help is free for everybody.


If you're happy with the help provided and/or wish to show your appreciaton, please consider a donation: btn_donateCC_LG.gif
Thank you!

Stay safe,
TwinHeadedEagle :)

Link to post
Share on other sites

  • 5 weeks later...
  • Root Admin

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.