TechSpot

Scan result of Farbar Recovery Scan Windows Web Access updater has stopped working popup

By GLaing
Dec 10, 2015
  1. Hi,
    I am on a Dell Latitude E6540 with i7 2.1ghz 4M Cache 16gb memory and 256gb SSD hard drive. On Dec 9th started receiving the Windows Web Access updater has stopped working popup window. I have symantic on the machine. I tried scans with Symantic, Malware bytes and combofix but the window still persists. I ran the farbar recovery scan tool but the logs will not paste I get an new page saying something happened will try in another message
     
  2. GLaing

    GLaing TS Rookie Topic Starter Posts: 32

    Here are the logs
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-12-2015
    Ran by laingg (administrator) on MGSN308PN (10-12-2015 16:02:03)
    Running from C:\Users\laingg\Downloads
    Loaded Profiles: laingg (Available Profiles: laingg & install)
    Platform: Windows 7 Enterprise Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Windows\System32\psxss.exe
    (AMD) C:\Windows\System32\atiesrxx.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Pulse Secure, LLC) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Pulse Secure, LLC) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\PrivService.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Matrix42 AG) C:\Windows\System32\Empirum\ERIS.exe
    (Storage Appliance Corp.) C:\ProgramData\Clickfree\FullImagingBackup\FibUac.exe
    (IBM Corp) C:\Lotus\Notes\SUService.exe
    (IBM) C:\Lotus\Notes\nsd.exe
    (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
    (IBM Corp) C:\Lotus\Notes\ntmulti.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVCM.EXE
    (pdfforge GmbH) C:\Program Files (x86)\PDF Architect 3\creator-ws.exe
    (Rosetta Stone Ltd.) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
    (Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
    (Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
    (Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe
    (Sierra Wireless, Inc.) C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe
    (Sierra Wireless, Inc.) C:\Program Files (x86)\Sierra Wireless Inc\Utils\SwiService.exe
    (Grayscale LLC) C:\Program Files (x86)\winwebuse\WinWebSync.exe
    (Grayscale LLC) C:\Program Files (x86)\winwebuse\WinWebSync_.exe
    () C:\ProgramData\Clickfree\FullImagingBackup\FullImagingService.exe
    (Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\Smc.exe
    (Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe
    (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Waves Audio Ltd.) C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Matrix42 AG) C:\Windows\System32\Empirum\ERIS_UI.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (The Eraser Project) C:\Program Files\Eraser\Eraser.exe
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
    (Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
    (Storage Appliance Corp.) C:\ProgramData\Clickfree\cfagent.exe
    (Storage Appliance Corp.) C:\ProgramData\Clickfree\FullImagingBackup\FibReminder.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
    (BitTorrent Inc.) C:\Users\laingg\AppData\Roaming\uTorrent\uTorrent.exe
    (Microsoft Corporation) C:\Windows\System32\StikyNot.exe
    (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
    (Dropbox, Inc.) C:\Users\laingg\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
    (SAMSUNG Electornics Co., Ltd.) C:\Users\laingg\AppData\Roaming\VERIZON\UA_ar\UA.exe
    (Sierra Wireless, Inc.) C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe
    (Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
    (msg services ag) C:\Program Files (x86)\msg services ag\AD Mapper Notify\ADMapperNotify.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
    (Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe
    (Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
    (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    (Pulse Secure, LLC) C:\Program Files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe
    (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
    (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
    (Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DeviceAgent.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
    (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
    (BitTorrent Inc.) C:\Users\laingg\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe
    (BitTorrent Inc.) C:\Users\laingg\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe
    (BitTorrent Inc.) C:\Users\laingg\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe
    (SAP AG) C:\Program Files (x86)\SAP\SapSetup\Setup\Updater\NwSapAutoWorkstationUpdateService.exe
    (O2Micro International) C:\Windows\System32\drivers\o2flash.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Grayscale LLC) C:\Program Files (x86)\winwebuse\WinWebUse.exe
    (Grayscale LLC) C:\Program Files (x86)\winwebuse\WinWebUse.exe
    (Grayscale LLC) C:\Program Files (x86)\winwebuse\WinWebUse.exe
    (Grayscale LLC) C:\Program Files (x86)\winwebuse\WinWebUse.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [708952 2013-10-31] (Alps Electric Co., Ltd.)
    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-10-31] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-10-31] (Realtek Semiconductor)
    HKLM\...\Run: [WavesSvc] => C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe [115968 2013-10-31] (Waves Audio Ltd.)
    HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-10-31] (Realtek Semiconductor)
    HKLM\...\Run: [erisui] => "C:\Windows\system32\Empirum\eris_ui" /hide
    HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [184112 2012-09-16] (Intel Corporation)
    HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
    HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [980920 2012-05-22] (The Eraser Project)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642816 2013-07-17] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [TRUUpdater] => C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe [355144 2013-05-02] (Sierra Wireless, Inc.)
    HKLM-x32\...\Run: [WatcherHelper] => C:\Program Files (x86)\Sierra Wireless Inc\3G Watcher\WaHelper.exe [164680 2013-05-02] (Sierra Wireless Inc.)
    HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [462974 2011-12-16] (Creative Technology Ltd)
    HKLM-x32\...\Run: [ADMapperNotify] => C:\Program Files (x86)\msg services ag\AD Mapper Notify\ADMapperNotify.exe [123392 2014-03-26] (msg services ag)
    HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [383544 2012-12-14] (Citrix Systems, Inc.)
    HKLM-x32\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
    HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
    HKLM-x32\...\Run: [Communicator] => C:\Program Files (x86)\Microsoft Lync\communicator.exe [12119360 2015-07-21] (Microsoft Corporation)
    HKLM-x32\...\Run: [IBM Lotus Notes Preloader] => C:\Lotus\Notes\nntspreld.exe [25480 2011-09-16] (IBM Corp)
    HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2092032 2014-02-03] (Dominik Reichl)
    HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1533728 2015-04-01] (Seagate Technology LLC)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [PulseSecure] => C:\Program Files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe [2826584 2015-03-11] (Pulse Secure, LLC)
    HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498728 2015-09-26] (Adobe Systems Inc.)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-3312761167-2807315300-1982944300-3653\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
    HKU\S-1-5-21-3312761167-2807315300-1982944300-3653\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [127304 2015-04-01] (Seagate Technology LLC)
    HKU\S-1-5-21-3312761167-2807315300-1982944300-3653\...\Run: [Dropbox Update] => C:\Users\laingg\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-29] (Dropbox, Inc.)
    HKU\S-1-5-21-3312761167-2807315300-1982944300-3653\...\Run: [GoogleChromeAutoLaunch_33E44ABAC57B1917778F5B063B7D127A] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [741704 2015-12-04] (Google Inc.)
    HKU\S-1-5-21-3312761167-2807315300-1982944300-3653\...\Run: [ClickfreeMonitor] => c:\programdata\Clickfree\cfagent.exe [354632 2013-11-28] (Storage Appliance Corp.)
    HKU\S-1-5-21-3312761167-2807315300-1982944300-3653\...\Run: [FibReminder] => c:\programdata\Clickfree\FullImagingBackup\FibReminder.exe [3634504 2013-11-28] (Storage Appliance Corp.)
    HKU\S-1-5-21-3312761167-2807315300-1982944300-3653\...\Run: [uTorrent] => C:\Users\laingg\AppData\Roaming\uTorrent\uTorrent.exe [2026520 2015-12-02] (BitTorrent Inc.)
    HKU\S-1-5-21-3312761167-2807315300-1982944300-3653\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
    HKU\S-1-5-21-3312761167-2807315300-1982944300-3653\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7935904 2015-12-10] (SUPERAntiSpyware)
    HKU\S-1-5-18\...\RunOnce: [screen] => powershell.exe c:\windows\msa\script\screen.ps1
    AppInit_DLLs-x32: C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll => C:\Program Files (x86)\Citrix\ICA Client\RSHook.dll [256568 2012-12-14] (Citrix Systems, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empirum Inventory.lnk [2015-12-09]
    ShortcutTarget: Empirum Inventory.lnk -> C:\Windows\System32\Empirum\EmpInventory.exe (Matrix42 AG)
    Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Citrix Receiver.lnk [2014-01-28]
    ShortcutTarget: Citrix Receiver.lnk -> C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe (Citrix Systems, Inc.)
    Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Citrix Receiver.lnk [2014-01-28]
    ShortcutTarget: Citrix Receiver.lnk -> C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe (Citrix Systems, Inc.)
    Startup: C:\Users\laingg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Citrix Receiver.lnk [2015-12-09]
    ShortcutTarget: Citrix Receiver.lnk -> C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe (Citrix Systems, Inc.)
    Startup: C:\Users\laingg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-12-09]
    ShortcutTarget: Dropbox.lnk -> C:\Users\laingg\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    Startup: C:\Users\laingg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk [2015-12-09]
    ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk -> (No File)
    Startup: C:\Users\laingg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk [2015-10-08]
    ShortcutTarget: Verizon Wireless Software Utility Application for Android – Samsung.lnk -> C:\Users\laingg\AppData\Roaming\VERIZON\UA_ar\UA.exe (SAMSUNG Electornics Co., Ltd.)
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
    Tcpip\..\Interfaces\{22F8A5A9-DF26-4B11-B297-56D9B536B8F4}: [DhcpNameServer] 75.75.75.75 75.75.76.76
    Tcpip\..\Interfaces\{30E5B348-CCB5-415D-AF8E-3514AB709A31}: [NameServer] 193.29.27.96,193.29.27.108
    Tcpip\..\Interfaces\{BE3395A6-A4D4-4123-B9DA-E844F0290748}: [DhcpNameServer] 75.75.75.75 75.75.76.76

    Internet Explorer:
    ==================
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-3312761167-2807315300-1982944300-3653\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-3312761167-2807315300-1982944300-3653\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    SearchScopes: HKLM -> DefaultScope {E60943C8-32BD-41AC-B32B-A0B0FA06B6DC} URL = hxxp://www.google.de/search?q={searchTerms}
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {E60943C8-32BD-41AC-B32B-A0B0FA06B6DC} URL = hxxp://www.google.de/search?q={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {DDE9F37F-19AE-414A-9A2D-D1F2CF18D935} URL = hxxp://www.google.de/search?q={searchTerms}
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {DDE9F37F-19AE-414A-9A2D-D1F2CF18D935} URL = hxxp://www.google.de/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3312761167-2807315300-1982944300-3653 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-3312761167-2807315300-1982944300-3653 -> {cf34d395-9ff1-49a0-98a5-8db1636431b1} URL = hxxp://houmpage.com/search/?src=ds&q={searchTerms}&ssid=1449696825&a=1024132&uuid=adfab84f-bd8c-4af8-a90b-7f1605790f07
    SearchScopes: HKU\S-1-5-21-3312761167-2807315300-1982944300-3653 -> {E60943C8-32BD-41AC-B32B-A0B0FA06B6DC} URL =
    BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\SnagIt 9\DLLx64\SnagItBHO64.dll [2008-05-15] (TechSmith Corporation)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-28] (Oracle Corporation)
    BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-06-29] (Adobe Systems Incorporated)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-28] (Oracle Corporation)
    BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-06-29] (Adobe Systems Incorporated)
    BHO-x32: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\SnagIt 9\SnagItBHO.dll [2008-05-15] (TechSmith Corporation)
    BHO-x32: PDF Architect 3 Helper -> {06E08260-0695-4EC1-A74B-1310D8899D93} -> C:\Program Files (x86)\PDF Architect 3\creator-ie-helper.dll [2015-04-24] (pdfforge GmbH)
    BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Lync\OCHelper.dll [2010-11-03] (Microsoft Corporation)
    BHO-x32: Symantec Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\bin\IPS\IPSBHO.DLL [2013-04-04] (Symantec Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-28] (Oracle Corporation)
    BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2015-06-29] (Adobe Systems Incorporated)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-28] (Oracle Corporation)
    BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2015-06-29] (Adobe Systems Incorporated)
    Toolbar: HKLM - SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 9\DLLx64\SnagItIEAddin64.dll [2008-05-15] (TechSmith Corporation)
    Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-06-29] (Adobe Systems Incorporated)
    Toolbar: HKLM-x32 - SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagItIEAddin.dll [2008-05-15] (TechSmith Corporation)
    Toolbar: HKLM-x32 - PDF Architect 3 Toolbar - {2DFF3579-5AA7-45B9-9328-1D38EA230861} - C:\Program Files (x86)\PDF Architect 3\creator-ie-plugin.dll [2015-04-24] (pdfforge GmbH)
    Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2015-06-29] (Adobe Systems Incorporated)
    Handler-x32: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll [2014-02-27] (SAP, Walldorf)
    Handler-x32: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll [2014-02-27] (SAP, Walldorf)
    Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
    Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)

    FireFox:
    ========
    FF ProfilePath: C:\Users\laingg\AppData\Roaming\Mozilla\Firefox\Profiles\u4ymof4y.default-1449696621196
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-08] ()
    FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-28] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-28] (Oracle Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-08] ()
    FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2012-12-14] (Citrix Systems, Inc.)
    FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-28] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-28] (Oracle Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-12-21] (Adobe Systems Inc.)
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
    FF Plugin-x32: PDF Architect 3 -> C:\Program Files (x86)\PDF Architect 3\np-previewer.dll [2015-04-24] (pdfforge GmbH)
    FF user.js: detected! => C:\Users\laingg\AppData\Roaming\Mozilla\Firefox\Profiles\u4ymof4y.default-1449696621196\user.js [2015-12-10]
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-07-21] ()
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
    FF HKLM-x32\...\Firefox\Extensions: [pdf_architect_3_conv@pdfarchitect.org] - C:\Program Files (x86)\PDF Architect 3\resources\pdfarchitect3firefoxextension
    FF Extension: PDF Architect 3 Creator - C:\Program Files (x86)\PDF Architect 3\resources\pdfarchitect3firefoxextension [2015-06-14] [not signed]
    FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
    FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2015-10-26] [not signed]
    FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\!666898493FC318475CD3A70580F3F69D6668.js [2015-12-09]

    Chrome:
    =======
    CHR Profile: C:\Users\laingg\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\laingg\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-29]
    CHR Extension: (Google Slides) - C:\Users\laingg\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-29]
    CHR Extension: (Google Drive) - C:\Users\laingg\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-20]
    CHR Extension: (YouTube) - C:\Users\laingg\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
    CHR Extension: (Google Search) - C:\Users\laingg\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
    CHR Extension: (Google Slides) - C:\Users\laingg\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2015-11-30]
    CHR Extension: (Google Slides) - C:\Users\laingg\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-29]
    CHR Extension: (Google Slides) - C:\Users\laingg\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-30]
    CHR Extension: (Google Slides) - C:\Users\laingg\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihdceheklapbalfikfdppfpgdgabaglp [2015-08-27]
    CHR Extension: (Google Slides) - C:\Users\laingg\AppData\Local\Google\Chrome\User Data\Default\Extensions\ildcggmkelabhbkiicdcfnpkfnmccpao [2015-12-10]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\laingg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-23]
    CHR Extension: (Gmail) - C:\Users\laingg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-29]
    CHR HKLM\...\Chrome\Extension: [ihdceheklapbalfikfdppfpgdgabaglp] - hxxps://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-3312761167-2807315300-1982944300-3653\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bmkckgpgekmanipelfidlhmkfcjicion] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [eefhnbpnnaaokmclnihgajdnlgljajjg] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2015-09-26]
    CHR HKLM-x32\...\Chrome\Extension: [ggebenakhmhfdkmkemdmllecchcldgec] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [ihdceheklapbalfikfdppfpgdgabaglp] - hxxps://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2015-12-10] (SUPERAntiSpyware.com)
    R2 ARPriv; C:\Program Files (x86)\Citrix\Receiver\PrivService.exe [367088 2012-12-14] (Citrix Systems, Inc.)
    S2 EraserSvc11510; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe [143928 2013-04-04] (Symantec Corporation)
    R2 ERIS; C:\Windows\system32\Empirum\Eris.exe [89432 2014-02-14] (Matrix42 AG)
    R2 FibUacService; C:\ProgramData\Clickfree\FullImagingBackup\FibUac.exe [37192 2013-11-28] (Storage Appliance Corp.)
    R2 FullImagingService; C:\programdata\Clickfree\FullImagingBackup\FullImagingService.exe [233120 2013-11-28] () [File not signed]
    R2 JuniperAccessService; C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe [162136 2015-03-11] (Pulse Secure, LLC)
    R2 LNSUSvc; C:\Lotus\Notes\SUService.exe [191664 2012-11-15] (IBM Corp)
    R2 Lotus Notes Diagnostics; C:\Lotus\Notes\nsd.exe [4455600 2012-11-15] (IBM)
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
    R2 msoidsvc; c:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2024864 2010-08-16] (Microsoft Corp.)
    R2 Multi-user Cleanup Service; C:\Lotus\Notes\ntmulti.exe [71048 2011-09-16] (IBM Corp)
    R2 NWSAPAutoWorkstationUpdateSvc; C:\Program Files (x86)\SAP\SAPsetup\Setup\Updater\NwSapAutoWorkstationUpdateService.exe [193144 2014-02-26] (SAP AG)
    S3 PDF Architect 3; C:\Program Files (x86)\PDF Architect 3\ws.exe [2244312 2015-04-24] (pdfforge GmbH)
    S3 PDF Architect 3 CrashHandler; C:\Program Files (x86)\PDF Architect 3\crash-handler-ws.exe [901336 2015-04-24] (pdfforge GmbH)
    R2 PDF Architect 3 Creator; C:\Program Files (x86)\PDF Architect 3\creator-ws.exe [740568 2015-04-24] (pdfforge GmbH)
    R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-10-31] (Realtek Semiconductor)
    R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16216 2015-02-13] (Seagate Technology LLC)
    R2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [157992 2015-04-01] (Seagate Technology LLC)
    R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe [143928 2013-04-04] (Symantec Corporation)
    R3 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\Smc.exe [2294112 2013-04-04] (Symantec Corporation)
    S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\snac64.exe [334288 2013-04-04] (Symantec Corporation)
    R2 SwiCardDetectSvc; C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [312136 2013-05-03] (Sierra Wireless, Inc.)
    R2 SwiService; C:\Program Files (x86)\Sierra Wireless Inc\Utils\SWIService.exe [314672 2013-09-13] (Sierra Wireless, Inc.)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2015-02-17] (Microsoft Corporation)
    R2 WinTaskSvc; C:\Program Files (x86)\winwebuse\WinWebSync.exe [140992 2015-12-09] (Grayscale LLC)
    R2 WinTaskSvc2; C:\Program Files (x86)\winwebuse\WinWebSync_.exe [140992 2015-12-09] (Grayscale LLC)
    R2 Dell.PowerManager.Service; C:\Windows\system32\dllhost.exe /Processid:{2EDBD99C-527B-4B14-BBF8-695CC286A653}

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36520 2013-10-31] (Advanced Micro Devices, Inc.)
    R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\BASHDefs\20151113.011\BHDrvx64.sys [1665608 2015-11-13] (Symantec Corporation)
    R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [132920 2013-04-23] (Motorola Solutions, Inc.)
    R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1385272 2013-04-23] (Motorola Solutions, Inc.)
    R1 ccSettings_{3771A34D-2132-48EA-A486-D62ECDF9D553}; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\ccSetx64.sys [168096 2013-04-04] (Symantec Corporation)
    R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [495376 2013-10-31] (Intel Corporation)
    S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
    R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-11-18] (Symantec Corporation)
    R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [157520 2015-11-18] (Symantec Corporation)
    R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2013-10-31] (Intel Corporation)
    R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\IPSDefs\20151208.014\IDSvia64.sys [767224 2015-12-04] (Symantec Corporation)
    R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHD64.sys [2261464 2013-10-31] (Realtek Semiconductor Corp.)
    S3 irstrtdv; C:\Windows\system32\drivers\irstrtdv.sys [43800 2013-10-31] (Intel Corporation)
    S3 ISCT; C:\Windows\system32\drivers\ISCTD64.sys [46568 2013-10-31] ()
    R1 jnprns; C:\Windows\System32\DRIVERS\jnprns.sys [507192 2015-03-11] (Juniper Networks)
    S4 jnprTdi_812_54585; C:\Windows\system32\Drivers\jnprTdi_812_54585.sys [108344 2015-03-11] (Pulse Secure, LLC)
    S3 jnprva; C:\Windows\System32\DRIVERS\jnprva.sys [30072 2013-10-03] (Juniper Networks, Inc.)
    R3 JnprVaMgr; C:\Windows\System32\DRIVERS\jnprvamgr.sys [45352 2013-10-03] (Juniper Networks, Inc.)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-10] (Malwarebytes)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
    R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\VirusDefs\20151208.019\ENG64.SYS [138488 2015-10-27] (Symantec Corporation)
    R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\VirusDefs\20151208.019\EX64.SYS [2148080 2015-10-27] (Symantec Corporation)
    R3 O2FJ2RDR; C:\Windows\System32\DRIVERS\O2FJ2w7x64.sys [185760 2013-10-31] (O2Micro )
    R3 PsxDrv; C:\Windows\System32\drivers\psxdrv.sys [10240 2009-07-13] (Microsoft Corporation)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SRTSP; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\SRTSP64.SYS [776352 2013-04-04] (Symantec Corporation)
    R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\SRTSPX64.SYS [37496 2013-04-04] (Symantec Corporation)
    R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_Accel.sys [89312 2013-03-27] (STMicroelectronics)
    S3 swg3knmea05; C:\Windows\system32\drivers\swg3knmea05.sys [269488 2013-10-31] (Sierra Wireless Incorporated)
    S3 swg3kser05; C:\Windows\system32\drivers\swg3kser05.sys [269488 2013-10-31] (Sierra Wireless Incorporated)
    S3 swibus05; C:\Windows\system32\drivers\swibus05.sys [87416 2013-10-31] (Sierra Wireless Inc.)
    S3 swibusflt05; C:\Windows\system32\drivers\swibusflt05.sys [87416 2013-10-31] (Sierra Wireless Inc.)
    S3 SWUMX20; no ImagePath
    R0 SymDS; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\SYMDS64.SYS [493216 2013-04-04] (Symantec Corporation)
    R0 SymEFA; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\SYMEFA64.SYS [1133216 2013-04-04] (Symantec Corporation)
    R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2015-02-17] (Symantec Corporation)
    R1 SymIRON; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\Ironx64.SYS [224416 2013-04-04] (Symantec Corporation)
    R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\SYMNETS.SYS [432800 2013-04-04] (Symantec Corporation)
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 dcdbas; system32\DRIVERS\dcdbas64.sys [X]
    S3 JNPRNA; system32\DRIVERS\jnprna6.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
  3. GLaing

    GLaing TS Rookie Topic Starter Posts: 32

    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-12-10 16:02 - 2015-12-10 16:02 - 00045098 _____ C:\Users\laingg\Downloads\FRST.txt
    2015-12-10 16:01 - 2015-12-10 16:02 - 00000000 ____D C:\FRST
    2015-12-10 16:01 - 2015-12-10 16:01 - 02369024 _____ (Farbar) C:\Users\laingg\Downloads\FRST64.exe
    2015-12-10 15:47 - 2015-12-10 15:47 - 00000000 ____D C:\Users\laingg\AppData\Roaming\msa
    2015-12-10 15:38 - 2015-12-10 15:38 - 00060713 _____ C:\ComboFix.txt
    2015-12-10 15:32 - 2015-12-10 15:38 - 00000000 ____D C:\ComboFix
    2015-12-10 15:32 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe
    2015-12-10 15:32 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe
    2015-12-10 15:32 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2015-12-10 15:32 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2015-12-10 15:32 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2015-12-10 15:32 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe
    2015-12-10 15:32 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe
    2015-12-10 15:32 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe
    2015-12-10 15:16 - 2015-12-10 15:38 - 00000000 ____D C:\Qoobox
    2015-12-10 15:16 - 2015-12-10 15:37 - 00000000 ____D C:\Windows\erdnt
    2015-12-10 15:15 - 2015-12-10 15:16 - 05640425 ____R (Swearware) C:\Users\laingg\Downloads\ComboFix.exe
    2015-12-10 13:56 - 2015-12-10 14:22 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
    2015-12-10 13:56 - 2015-12-10 13:56 - 00000000 ____D C:\Users\laingg\AppData\Roaming\SUPERAntiSpyware.com
    2015-12-10 13:56 - 2015-12-10 13:56 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
    2015-12-10 13:56 - 2015-12-10 13:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    2015-12-10 13:49 - 2015-12-10 14:43 - 00000000 ____D C:\SUPERDelete
    2015-12-09 20:08 - 2015-12-09 20:08 - 00000000 ___SD C:\Windows\system32\CompatTel
    2015-12-09 20:08 - 2015-12-09 20:08 - 00000000 ____D C:\Windows\system32\appraiser
    2015-12-09 18:10 - 2015-08-05 12:56 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
    2015-12-09 18:10 - 2015-08-05 12:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
    2015-12-09 18:06 - 2015-06-01 19:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
    2015-12-09 18:06 - 2015-06-01 18:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
    2015-12-09 18:04 - 2015-07-16 14:12 - 06131200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
    2015-12-09 18:04 - 2015-07-16 14:12 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
    2015-12-09 18:04 - 2015-07-16 14:12 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
    2015-12-09 18:04 - 2015-07-16 14:11 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
    2015-12-09 18:04 - 2015-07-16 14:11 - 01057792 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
    2015-12-09 18:04 - 2015-07-16 14:11 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
    2015-12-09 18:04 - 2015-07-11 08:15 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
    2015-12-09 18:03 - 2015-08-05 12:56 - 01110016 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
    2015-12-09 18:03 - 2015-07-30 08:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2015-12-09 18:03 - 2015-07-30 08:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
    2015-12-09 18:01 - 2015-08-06 13:04 - 14176768 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2015-12-09 18:01 - 2015-08-06 13:03 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
    2015-12-09 18:01 - 2015-08-06 12:44 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2015-12-09 18:01 - 2015-08-06 12:44 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
    2015-12-09 18:01 - 2015-07-15 13:15 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
    2015-12-09 18:01 - 2015-07-15 13:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
    2015-12-09 18:01 - 2015-07-15 13:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
    2015-12-09 18:00 - 2015-06-09 13:03 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
    2015-12-09 18:00 - 2015-06-09 13:03 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
    2015-12-09 17:59 - 2015-09-18 14:31 - 00391784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2015-12-09 17:59 - 2015-09-18 13:58 - 00345688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2015-12-09 17:59 - 2015-09-15 23:48 - 25851904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-12-09 17:59 - 2015-09-15 23:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2015-12-09 17:59 - 2015-09-15 23:36 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2015-12-09 17:59 - 2015-09-15 23:22 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2015-12-09 17:59 - 2015-09-15 23:21 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-12-09 17:59 - 2015-09-15 23:21 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-12-09 17:59 - 2015-09-15 23:21 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2015-12-09 17:59 - 2015-09-15 23:21 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2015-12-09 17:59 - 2015-09-15 23:21 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2015-12-09 17:59 - 2015-09-15 23:14 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2015-12-09 17:59 - 2015-09-15 23:13 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2015-12-09 17:59 - 2015-09-15 23:10 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-12-09 17:59 - 2015-09-15 23:09 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-12-09 17:59 - 2015-09-15 23:08 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2015-12-09 17:59 - 2015-09-15 23:08 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2015-12-09 17:59 - 2015-09-15 23:08 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2015-12-09 17:59 - 2015-09-15 23:08 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2015-12-09 17:59 - 2015-09-15 23:01 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2015-12-09 17:59 - 2015-09-15 22:58 - 20357632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2015-12-09 17:59 - 2015-09-15 22:58 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-12-09 17:59 - 2015-09-15 22:50 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2015-12-09 17:59 - 2015-09-15 22:46 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2015-12-09 17:59 - 2015-09-15 22:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2015-12-09 17:59 - 2015-09-15 22:45 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-12-09 17:59 - 2015-09-15 22:43 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-12-09 17:59 - 2015-09-15 22:41 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
    2015-12-09 17:59 - 2015-09-15 22:33 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2015-12-09 17:59 - 2015-09-15 22:33 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2015-12-09 17:59 - 2015-09-15 22:32 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2015-12-09 17:59 - 2015-09-15 22:32 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2015-12-09 17:59 - 2015-09-15 22:31 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2015-12-09 17:59 - 2015-09-15 22:31 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2015-12-09 17:59 - 2015-09-15 22:29 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-12-09 17:59 - 2015-09-15 22:29 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2015-12-09 17:59 - 2015-09-15 22:28 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2015-12-09 17:59 - 2015-09-15 22:28 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2015-12-09 17:59 - 2015-09-15 22:26 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-12-09 17:59 - 2015-09-15 22:26 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2015-12-09 17:59 - 2015-09-15 22:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2015-12-09 17:59 - 2015-09-15 22:24 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2015-12-09 17:59 - 2015-09-15 22:23 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2015-12-09 17:59 - 2015-09-15 22:22 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-12-09 17:59 - 2015-09-15 22:22 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2015-12-09 17:59 - 2015-09-15 22:22 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2015-12-09 17:59 - 2015-09-15 22:15 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2015-12-09 17:59 - 2015-09-15 22:11 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-12-09 17:59 - 2015-09-15 22:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2015-12-09 17:59 - 2015-09-15 22:07 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2015-12-09 17:59 - 2015-09-15 22:06 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2015-12-09 17:59 - 2015-09-15 22:05 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2015-12-09 17:59 - 2015-09-15 22:05 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2015-12-09 17:59 - 2015-09-15 22:04 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2015-12-09 17:59 - 2015-09-15 21:59 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-12-09 17:59 - 2015-09-15 21:58 - 12853760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2015-12-09 17:59 - 2015-09-15 21:58 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2015-12-09 17:59 - 2015-09-15 21:56 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2015-12-09 17:59 - 2015-09-15 21:55 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2015-12-09 17:59 - 2015-09-15 21:55 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2015-12-09 17:59 - 2015-09-15 21:48 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2015-12-09 17:59 - 2015-09-15 21:37 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2015-12-09 17:59 - 2015-09-15 21:34 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2015-12-09 17:59 - 2015-09-15 21:32 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2015-12-09 17:58 - 2015-08-05 12:56 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
    2015-12-09 17:58 - 2015-08-05 12:06 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
    2015-12-09 17:58 - 2015-07-14 22:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2015-12-09 17:58 - 2015-07-14 21:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2015-12-09 17:57 - 2015-07-14 22:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
    2015-12-09 17:57 - 2015-07-09 12:58 - 01632256 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
    2015-12-09 17:57 - 2015-07-09 12:58 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
    2015-12-09 17:57 - 2015-07-09 12:42 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
    2015-12-09 17:57 - 2015-07-09 12:42 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
    2015-12-09 17:56 - 2015-09-25 13:07 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
    2015-12-09 17:56 - 2015-09-25 13:07 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
    2015-12-09 17:56 - 2015-09-25 13:07 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
    2015-12-09 17:56 - 2015-09-25 13:07 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
    2015-12-09 17:56 - 2015-09-25 13:07 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
    2015-12-09 17:56 - 2015-09-25 13:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
    2015-12-09 17:56 - 2015-09-25 13:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
    2015-12-09 17:56 - 2015-09-25 13:06 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    2015-12-09 17:56 - 2015-09-25 13:06 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
    2015-12-09 17:56 - 2015-09-25 13:06 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
    2015-12-09 17:56 - 2015-09-25 13:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
    2015-12-09 17:56 - 2015-09-25 12:59 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
    2015-12-09 17:56 - 2015-09-25 12:59 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
    2015-12-09 17:56 - 2015-09-25 12:59 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
    2015-12-09 17:56 - 2015-09-25 12:59 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
    2015-12-09 17:56 - 2015-09-25 12:58 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
    2015-12-09 17:55 - 2015-09-28 22:16 - 05569472 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-12-09 17:55 - 2015-09-28 22:13 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2015-12-09 17:55 - 2015-09-28 22:11 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2015-12-09 17:55 - 2015-09-28 22:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
    2015-12-09 17:55 - 2015-09-28 22:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2015-12-09 17:55 - 2015-09-28 22:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
    2015-12-09 17:55 - 2015-09-28 22:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2015-12-09 17:55 - 2015-09-28 22:11 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2015-12-09 17:55 - 2015-09-28 22:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2015-12-09 17:55 - 2015-09-28 22:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
    2015-12-09 17:55 - 2015-09-28 22:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2015-12-09 17:55 - 2015-09-28 22:10 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2015-12-09 17:55 - 2015-09-28 22:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2015-12-09 17:55 - 2015-09-28 22:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2015-12-09 17:55 - 2015-09-28 22:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2015-12-09 17:55 - 2015-09-28 22:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2015-12-09 17:55 - 2015-09-28 22:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2015-12-09 17:55 - 2015-09-28 22:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
    2015-12-09 17:55 - 2015-09-28 22:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2015-12-09 17:55 - 2015-09-28 22:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2015-12-09 17:55 - 2015-09-28 22:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
    2015-12-09 17:55 - 2015-09-28 22:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
    2015-12-09 17:55 - 2015-09-28 22:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2015-12-09 17:55 - 2015-09-28 22:05 - 03990976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2015-12-09 17:55 - 2015-09-28 22:05 - 03936192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2015-12-09 17:55 - 2015-09-28 22:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2015-12-09 17:55 - 2015-09-28 22:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2015-12-09 17:55 - 2015-09-28 22:02 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2015-12-09 17:55 - 2015-09-28 22:01 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2015-12-09 17:55 - 2015-09-28 22:01 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2015-12-09 17:55 - 2015-09-28 22:01 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
    2015-12-09 17:55 - 2015-09-28 22:01 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
    2015-12-09 17:55 - 2015-09-28 22:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2015-12-09 17:55 - 2015-09-28 22:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2015-12-09 17:55 - 2015-09-28 22:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2015-12-09 17:55 - 2015-09-28 22:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2015-12-09 17:55 - 2015-09-28 22:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2015-12-09 17:55 - 2015-09-28 22:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2015-12-09 17:55 - 2015-09-28 22:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2015-12-09 17:55 - 2015-09-28 22:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2015-12-09 17:55 - 2015-09-28 22:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2015-12-09 17:55 - 2015-09-28 22:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2015-12-09 17:55 - 2015-09-28 22:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2015-12-09 17:55 - 2015-09-28 22:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2015-12-09 17:55 - 2015-09-28 22:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2015-12-09 17:55 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2015-12-09 17:55 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
    2015-12-09 17:55 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
    2015-12-09 17:55 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2015-12-09 17:55 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
    2015-12-09 17:55 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2015-12-09 17:55 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2015-12-09 17:55 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2015-12-09 17:55 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2015-12-09 17:55 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2015-12-09 17:55 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2015-12-09 17:55 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2015-12-09 17:55 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
    2015-12-09 17:55 - 2015-09-28 21:59 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2015-12-09 17:55 - 2015-09-28 21:59 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2015-12-09 17:55 - 2015-09-28 21:59 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2015-12-09 17:55 - 2015-09-28 21:59 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2015-12-09 17:55 - 2015-09-28 21:59 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2015-12-09 17:55 - 2015-09-28 21:59 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2015-12-09 17:55 - 2015-09-28 21:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2015-12-09 17:55 - 2015-09-28 21:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
    2015-12-09 17:55 - 2015-09-28 21:58 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2015-12-09 17:55 - 2015-09-28 21:58 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2015-12-09 17:55 - 2015-09-28 21:57 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2015-12-09 17:55 - 2015-09-28 21:57 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
    2015-12-09 17:55 - 2015-09-28 21:57 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2015-12-09 17:55 - 2015-09-28 21:57 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2015-12-09 17:55 - 2015-09-28 21:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2015-12-09 17:55 - 2015-09-28 21:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2015-12-09 17:55 - 2015-09-28 21:49 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2015-12-09 17:55 - 2015-09-28 21:49 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2015-12-09 17:55 - 2015-09-28 21:49 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2015-12-09 17:55 - 2015-09-28 21:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2015-12-09 17:55 - 2015-09-28 21:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2015-12-09 17:55 - 2015-09-28 21:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2015-12-09 17:55 - 2015-09-28 21:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2015-12-09 17:55 - 2015-09-28 21:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2015-12-09 17:55 - 2015-09-28 21:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2015-12-09 17:55 - 2015-09-28 21:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2015-12-09 17:55 - 2015-09-28 21:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2015-12-09 17:55 - 2015-09-28 21:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2015-12-09 17:55 - 2015-09-28 21:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2015-12-09 17:55 - 2015-09-28 21:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2015-12-09 17:55 - 2015-09-28 21:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2015-12-09 17:55 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2015-12-09 17:55 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2015-12-09 17:55 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2015-12-09 17:55 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2015-12-09 17:55 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2015-12-09 17:55 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2015-12-09 17:55 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2015-12-09 17:55 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2015-12-09 17:55 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2015-12-09 17:55 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2015-12-09 17:55 - 2015-09-28 21:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2015-12-09 17:55 - 2015-09-28 20:50 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
    2015-12-09 17:55 - 2015-09-28 20:49 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
    2015-12-09 17:55 - 2015-09-28 20:49 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2015-12-09 17:55 - 2015-09-28 20:43 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2015-12-09 17:55 - 2015-09-28 20:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2015-12-09 17:55 - 2015-09-28 20:40 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2015-12-09 17:55 - 2015-09-28 20:40 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2015-12-09 17:55 - 2015-09-28 20:40 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2015-12-09 17:55 - 2015-09-28 20:40 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2015-12-09 17:55 - 2015-09-15 13:17 - 00157016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2015-12-09 17:55 - 2015-09-15 13:17 - 00097112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2015-12-09 17:55 - 2015-09-15 13:11 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2015-12-09 17:55 - 2015-09-15 13:11 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2015-12-09 17:55 - 2015-09-15 13:11 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2015-12-09 17:55 - 2015-09-15 13:11 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2015-12-09 17:55 - 2015-09-15 13:11 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2015-12-09 17:55 - 2015-09-15 13:11 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2015-12-09 17:55 - 2015-09-15 13:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2015-12-09 17:55 - 2015-09-15 12:36 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2015-12-09 17:55 - 2015-09-15 12:36 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2015-12-09 17:55 - 2015-09-15 12:36 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2015-12-09 17:55 - 2015-09-15 12:35 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2015-12-09 17:55 - 2015-07-01 15:49 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
    2015-12-09 17:55 - 2015-07-01 15:48 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
    2015-12-09 17:55 - 2015-07-01 15:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
    2015-12-09 17:55 - 2015-07-01 15:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
    2015-12-09 17:54 - 2015-09-18 14:22 - 00025432 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
    2015-12-09 17:54 - 2015-09-18 14:19 - 01291264 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2015-12-09 17:54 - 2015-09-18 14:19 - 00766464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2015-12-09 17:54 - 2015-09-18 14:19 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2015-12-09 17:54 - 2015-09-18 14:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2015-12-09 17:54 - 2015-09-18 14:19 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
    2015-12-09 17:54 - 2015-09-18 14:09 - 01163776 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2015-12-09 17:54 - 2015-07-04 13:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
    2015-12-09 17:54 - 2015-07-04 12:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
    2015-12-09 17:54 - 2015-06-17 12:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2015-12-09 17:54 - 2015-06-17 12:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
    2015-12-09 17:54 - 2015-06-03 15:16 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
    2015-12-09 17:54 - 2015-06-03 15:16 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
    2015-12-09 17:52 - 2015-10-01 13:06 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
    2015-12-09 17:52 - 2015-10-01 13:04 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
    2015-12-09 17:52 - 2015-10-01 13:00 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
    2015-12-09 17:52 - 2015-10-01 13:00 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
    2015-12-09 17:52 - 2015-10-01 13:00 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
    2015-12-09 17:52 - 2015-10-01 13:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
    2015-12-09 17:52 - 2015-10-01 13:00 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
    2015-12-09 17:52 - 2015-10-01 12:50 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
    2015-12-09 17:52 - 2015-10-01 12:00 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
    2015-12-09 17:52 - 2015-07-18 08:08 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
    2015-12-09 17:52 - 2015-07-18 08:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
    2015-12-09 17:52 - 2015-07-18 08:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
    2015-12-09 17:52 - 2015-07-18 08:08 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
    2015-12-09 17:52 - 2015-07-18 08:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
    2015-12-09 17:52 - 2015-07-18 08:08 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
    2015-12-09 17:52 - 2015-07-18 08:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
    2015-12-09 17:52 - 2015-07-18 08:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
    2015-12-09 17:52 - 2015-07-18 08:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
    2015-12-09 17:52 - 2015-07-18 08:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
    2015-12-09 17:52 - 2015-07-18 08:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
    2015-12-09 17:52 - 2015-07-18 08:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
    2015-12-09 17:52 - 2015-07-18 08:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
    2015-12-09 17:52 - 2015-07-18 08:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
    2015-12-09 17:52 - 2015-07-18 08:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
    2015-12-09 17:52 - 2015-07-18 08:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
    2015-12-09 17:52 - 2015-07-18 08:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
    2015-12-09 17:52 - 2015-07-18 08:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
    2015-12-09 17:52 - 2015-07-18 08:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
    2015-12-09 17:52 - 2015-07-18 08:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
    2015-12-09 17:52 - 2015-07-18 08:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
    2015-12-09 17:52 - 2015-07-18 08:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
    2015-12-09 17:52 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
    2015-12-09 17:52 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
    2015-12-09 17:52 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
    2015-12-09 17:52 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
    2015-12-09 17:52 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
    2015-12-09 17:52 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
    2015-12-09 17:52 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
    2015-12-09 17:52 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
    2015-12-09 17:52 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
    2015-12-09 17:52 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
    2015-12-09 17:52 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
    2015-12-09 17:52 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
    2015-12-09 17:52 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
    2015-12-09 17:52 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
    2015-12-09 17:52 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
    2015-12-09 17:52 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
    2015-12-09 17:52 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
    2015-12-09 17:52 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
    2015-12-09 17:52 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
    2015-12-09 17:52 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
    2015-12-09 17:52 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
    2015-12-09 17:52 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
    2015-12-09 17:52 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
    2015-12-09 17:52 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
    2015-12-09 17:52 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
    2015-12-09 17:52 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
    2015-12-09 17:51 - 2015-07-30 13:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
    2015-12-09 17:51 - 2015-07-30 13:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
    2015-12-09 17:51 - 2015-07-30 13:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
    2015-12-09 17:51 - 2015-07-30 12:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
    2015-12-09 17:51 - 2015-07-30 12:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
    2015-12-09 17:51 - 2015-06-15 16:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
    2015-12-09 17:51 - 2015-06-15 16:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
    2015-12-09 17:51 - 2015-06-15 16:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
    2015-12-09 17:51 - 2015-06-15 16:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2015-12-09 17:51 - 2015-06-15 16:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
    2015-12-09 17:51 - 2015-06-15 16:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
    2015-12-09 17:51 - 2015-06-15 16:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
    2015-12-09 17:51 - 2015-06-15 16:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
    2015-12-09 17:50 - 2015-07-22 19:02 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
    2015-12-09 17:50 - 2015-07-22 19:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
    2015-12-09 17:50 - 2015-07-22 19:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
    2015-12-09 17:50 - 2015-07-22 12:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
    2015-12-09 17:50 - 2015-07-22 12:53 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
    2015-12-09 17:50 - 2015-07-22 11:48 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
    2015-12-09 17:49 - 2015-08-27 13:18 - 02004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
    2015-12-09 17:49 - 2015-08-27 13:18 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
    2015-12-09 17:49 - 2015-08-27 13:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
    2015-12-09 17:49 - 2015-08-27 13:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
    2015-12-09 17:49 - 2015-08-27 12:58 - 01391104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2015-12-09 17:49 - 2015-08-27 12:58 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2015-12-09 17:49 - 2015-08-27 12:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
    2015-12-09 17:49 - 2015-08-27 12:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
    2015-12-09 17:49 - 2015-07-09 12:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
    2015-12-09 17:49 - 2015-07-09 12:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
    2015-12-09 17:49 - 2015-07-09 12:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
    2015-12-09 17:49 - 2015-06-25 05:06 - 00115136 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
    2015-12-09 17:49 - 2015-06-25 05:01 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
    2015-12-09 17:49 - 2015-06-25 05:01 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
    2015-12-09 17:49 - 2015-06-25 04:44 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
    2015-12-09 17:47 - 2015-09-01 22:04 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
    2015-12-09 17:47 - 2015-09-01 22:04 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
    2015-12-09 17:47 - 2015-09-01 22:04 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
    2015-12-09 17:47 - 2015-09-01 22:04 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
    2015-12-09 17:47 - 2015-09-01 21:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
    2015-12-09 17:47 - 2015-09-01 21:48 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
    2015-12-09 17:47 - 2015-09-01 21:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
    2015-12-09 17:47 - 2015-09-01 21:47 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
    2015-12-09 17:47 - 2015-09-01 20:51 - 03209216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2015-12-09 17:47 - 2015-09-01 20:47 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
    2015-12-09 17:47 - 2015-09-01 20:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
    2015-12-09 17:04 - 2015-12-10 12:42 - 00036608 _____ C:\Windows\system32\Drivers\TrueSight.sys
    2015-12-09 17:03 - 2015-12-09 17:20 - 00000000 ____D C:\ProgramData\RogueKiller
    2015-12-09 17:03 - 2015-12-09 17:03 - 00000864 _____ C:\Users\Public\Desktop\RogueKiller.lnk
    2015-12-09 17:03 - 2015-12-09 17:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
    2015-12-09 17:03 - 2015-12-09 17:03 - 00000000 ____D C:\Program Files\RogueKiller
    2015-12-09 16:36 - 2015-12-09 16:36 - 00000000 ____D C:\ProgramData\boost_interprocess
    2015-12-09 16:35 - 2015-12-09 16:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\SpringFiles
    2015-12-09 16:34 - 2015-12-09 16:34 - 00000000 ____D C:\Users\laingg\AppData\Roaming\Itibiti
    2015-12-09 16:30 - 2015-12-09 16:30 - 00000000 ____D C:\Users\laingg\AppData\Local\CEF
    2015-12-09 16:29 - 2015-12-09 16:30 - 00000000 ____D C:\Program Files (x86)\winwebuse
    2015-12-07 07:23 - 2015-12-07 08:06 - 00032768 _____ C:\Users\laingg\Desktop\Card Summary.xls
    2015-12-05 18:39 - 2015-12-05 18:39 - 00000030 _____ C:\Users\laingg\Desktop\Movies.txt
    2015-12-04 11:36 - 2015-12-04 11:36 - 00228553 _____ C:\Users\laingg\Desktop\Pridoc Cancel.pdf
    2015-12-02 15:41 - 2015-12-02 15:51 - 00000000 ____D C:\Hold
    2015-12-02 15:28 - 2015-12-10 15:41 - 00000000 ____D C:\Users\laingg\AppData\LocalLow\uTorrent
    2015-12-02 10:46 - 2015-12-09 16:52 - 00001093 _____ C:\Users\laingg\Desktop\Directory Lister.lnk
    2015-12-02 10:46 - 2015-12-02 10:46 - 03617576 _____ (KRKSoft ) C:\Users\laingg\Downloads\directorylister2.exe
    2015-12-02 10:46 - 2015-12-02 10:46 - 00000000 ____D C:\Users\laingg\AppData\Roaming\KRKsoft
    2015-12-02 10:46 - 2015-12-02 10:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Directory Lister
    2015-12-02 10:46 - 2015-12-02 10:46 - 00000000 ____D C:\Program Files (x86)\Directory Lister
    2015-12-02 10:36 - 2015-12-02 10:36 - 00249227 _____ C:\Users\laingg\Downloads\dtlm.zip
    2015-12-01 11:26 - 2015-12-01 11:26 - 00104276 _____ C:\Users\laingg\Desktop\Form 433d IRS Installment Plan.pdf
    2015-11-30 14:35 - 2015-11-30 14:35 - 00069534 _____ C:\Users\laingg\Downloads\Invoice #433180 for George & Fran Laing.pdf
    2015-11-17 12:21 - 2015-11-17 12:21 - 00000159 _____ C:\Users\laingg\Desktop\Trigger Program solution for 2 BW systems.txt
    2015-11-16 13:35 - 2015-11-16 13:35 - 00055372 _____ C:\Users\laingg\Downloads\Estimate # 432527 for George & Fran Laing.pdf
    2015-11-16 13:35 - 2015-11-16 13:35 - 00055372 _____ C:\Users\laingg\Downloads\Estimate # 432527 for George & Fran Laing (1).pdf
    2015-11-14 17:47 - 2015-11-14 17:47 - 00000000 ____D C:\Users\laingg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
     
  4. GLaing

    GLaing TS Rookie Topic Starter Posts: 32

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-12-10 16:02 - 2015-04-03 16:02 - 00000000 ____D C:\Users\laingg\AppData\Roaming\uTorrent
    2015-12-10 16:02 - 2015-02-28 16:26 - 00000000 ____D C:\Users\laingg\AppData\Local\CrashDumps
    2015-12-10 16:02 - 2009-07-13 22:20 - 00000000 ____D C:\Windows
    2015-12-10 15:58 - 2015-08-22 09:55 - 00000434 _____ C:\Windows\Tasks\FaxArchive_CN41BFW0V705KC.job
    2015-12-10 15:49 - 2009-07-13 23:45 - 00021792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-12-10 15:49 - 2009-07-13 23:45 - 00021792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-12-10 15:47 - 2015-02-18 09:18 - 00000000 ____D C:\Users\laingg\AppData\Local\Deployment
    2015-12-10 15:47 - 2015-02-18 09:18 - 00000000 ____D C:\Users\laingg\AppData\Local\Apps\2.0
    2015-12-10 15:47 - 2015-02-18 09:16 - 00000000 ____D C:\Users\laingg\Tracing
    2015-12-10 15:47 - 2015-02-17 05:17 - 00000464 _____ C:\Windows\system32\config\netlogon.ftl
    2015-12-10 15:47 - 2009-07-14 00:13 - 00785858 _____ C:\Windows\system32\PerfStringBackup.INI
    2015-12-10 15:47 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
    2015-12-10 15:46 - 2015-02-28 16:48 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-12-10 15:43 - 2015-06-29 08:16 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-12-10 15:41 - 2015-06-29 08:16 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-12-10 15:41 - 2015-03-04 10:06 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-12-10 15:41 - 2015-02-28 17:30 - 00000000 ___RD C:\Users\laingg\Dropbox
    2015-12-10 15:41 - 2015-02-28 17:20 - 00000000 ____D C:\Users\laingg\AppData\Roaming\Dropbox
    2015-12-10 15:41 - 2015-02-17 14:11 - 00000000 ____D C:\Windows\system32\Empirum
    2015-12-10 15:41 - 2009-07-14 00:08 - 00032656 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2015-12-10 15:41 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2015-12-10 15:41 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Registration
    2015-12-10 15:37 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini
    2015-12-10 15:08 - 2015-06-29 07:57 - 00000922 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3312761167-2807315300-1982944300-3653UA.job
    2015-12-10 15:03 - 2015-02-17 14:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Lync
    2015-12-10 15:03 - 2015-02-17 14:48 - 00000000 ____D C:\Program Files (x86)\Microsoft Lync
    2015-12-10 10:17 - 2015-02-18 11:02 - 00000000 __SHD C:\Users\laingg\AppData\Local\EmieUserList
    2015-12-10 10:17 - 2015-02-18 11:02 - 00000000 __SHD C:\Users\laingg\AppData\Local\EmieSiteList
    2015-12-10 10:17 - 2015-02-18 11:02 - 00000000 __SHD C:\Users\laingg\AppData\Local\EmieBrowserModeList
    2015-12-10 03:26 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\AppCompat
    2015-12-10 00:15 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
    2015-12-09 23:22 - 2009-07-13 23:45 - 00412376 _____ C:\Windows\system32\FNTCACHE.DAT
    2015-12-09 20:08 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions
    2015-12-09 19:08 - 2015-06-29 07:57 - 00000870 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3312761167-2807315300-1982944300-3653Core.job
    2015-12-09 18:11 - 2015-02-17 14:41 - 00000000 ____D C:\ProgramData\Microsoft Help
    2015-12-09 18:10 - 2015-02-17 15:37 - 00000000 ____D C:\Windows\system32\MRT
    2015-12-09 17:56 - 2009-07-13 21:34 - 00000580 _____ C:\Windows\win.ini
    2015-12-09 17:48 - 2015-02-17 14:48 - 00000000 ____D C:\Program Files\Microsoft Lync
    2015-12-09 16:53 - 2009-07-14 00:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
    2015-12-09 16:52 - 2015-09-27 13:13 - 00001149 _____ C:\Users\Public\Desktop\Rosetta Stone.lnk
    2015-12-09 16:52 - 2015-07-29 11:17 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk
    2015-12-09 16:52 - 2015-07-29 11:17 - 00002204 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk
    2015-12-09 16:52 - 2015-07-29 11:17 - 00002043 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk
    2015-12-09 16:52 - 2015-07-29 11:17 - 00002026 _____ C:\Users\Public\Desktop\Adobe Acrobat XI Pro.lnk
    2015-12-09 16:52 - 2015-07-29 10:55 - 00002566 _____ C:\Users\laingg\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
    2015-12-09 16:52 - 2015-06-29 08:16 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2015-12-09 16:52 - 2015-06-04 05:59 - 00001157 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2015-12-09 16:52 - 2015-06-04 05:59 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2015-12-09 16:52 - 2015-03-19 08:51 - 00001146 _____ C:\Users\laingg\Desktop\SAP Logon.lnk
    2015-12-09 16:52 - 2015-03-04 10:06 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-12-09 16:52 - 2015-02-28 17:09 - 00000983 _____ C:\Users\Public\Desktop\Winamp.lnk
    2015-12-09 16:52 - 2015-02-28 16:47 - 00001070 _____ C:\Users\Public\Desktop\VLC media player.lnk
    2015-12-09 16:52 - 2015-02-28 15:44 - 00002711 _____ C:\Users\Public\Desktop\Seagate Dashboard.lnk
    2015-12-09 16:52 - 2015-02-27 16:43 - 00001274 _____ C:\Users\laingg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad.lnk
    2015-12-09 16:52 - 2015-02-27 14:34 - 00001268 _____ C:\Users\laingg\Desktop\Notepad.lnk
    2015-12-09 16:52 - 2015-02-27 13:43 - 00002158 _____ C:\Users\Public\Desktop\HP Officejet Pro 8600.lnk
    2015-12-09 16:52 - 2015-02-27 13:43 - 00000954 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
    2015-12-09 16:52 - 2015-02-18 09:28 - 00003011 _____ C:\Users\laingg\Desktop\Microsoft Outlook 2010.lnk
    2015-12-09 16:52 - 2015-02-18 09:28 - 00002575 _____ C:\Users\laingg\Desktop\Microsoft Lync 2010.lnk
    2015-12-09 16:52 - 2015-02-18 09:18 - 00001076 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Dellcall Help Information.lnk
    2015-12-09 16:52 - 2015-02-18 09:16 - 00001423 _____ C:\Users\laingg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2015-12-09 16:52 - 2015-02-18 09:16 - 00000859 _____ C:\Users\laingg\Desktop\Downloads.lnk
    2015-12-09 16:52 - 2015-02-17 14:57 - 00001753 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eraser.lnk
    2015-12-09 16:52 - 2015-02-17 14:57 - 00001747 _____ C:\Users\Public\Desktop\Eraser.lnk
    2015-12-09 16:52 - 2015-02-17 14:57 - 00001039 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
    2015-12-09 16:52 - 2015-02-17 14:47 - 00001932 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Activate Matrix42 Empirum via Pulse.lnk
    2015-12-09 16:52 - 2015-02-17 14:40 - 00002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
    2015-12-09 16:52 - 2015-02-17 14:40 - 00002050 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix Receiver.lnk
    2015-12-09 16:52 - 2015-02-17 14:40 - 00002019 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
    2015-12-09 16:52 - 2015-02-17 14:38 - 00002054 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Switchable Graphics.lnk
    2015-12-09 16:52 - 2015-02-17 14:16 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
    2015-12-09 16:52 - 2009-07-14 00:01 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
    2015-12-09 16:52 - 2009-07-13 23:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    2015-12-09 16:52 - 2009-07-13 23:57 - 00001292 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
    2015-12-09 16:52 - 2009-07-13 23:57 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
    2015-12-09 16:52 - 2009-07-13 23:54 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
    2015-12-09 16:52 - 2009-07-13 23:49 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
    2015-12-09 16:51 - 2015-02-18 09:16 - 00000000 ____D C:\Users\laingg
    2015-12-09 16:51 - 2015-02-17 14:39 - 00000000 ____D C:\Windows\{CAC1E444-ECC4-4FF8-B328-5E547FD608F8}
    2015-12-09 16:48 - 2015-03-31 15:10 - 00000000 ____D C:\Users\laingg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Verizon
    2015-12-09 16:47 - 2015-02-28 15:57 - 00000000 ____D C:\Users\laingg\AppData\Roaming\Store
    2015-12-09 16:28 - 2015-02-18 10:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2015-12-08 19:46 - 2015-02-28 16:48 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-12-08 19:46 - 2015-02-17 15:38 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-12-08 19:46 - 2015-02-17 15:38 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-12-04 08:39 - 2015-06-29 08:16 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2015-12-04 08:39 - 2015-06-29 08:16 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2015-12-03 14:49 - 2015-02-17 14:49 - 00000000 ____D C:\Bitlocker
    2015-12-02 10:44 - 2015-06-04 15:14 - 00000000 ____D C:\Program Files (x86)\ChilliTorrent
    2015-12-02 10:18 - 2015-04-23 16:10 - 00011248 _____ C:\Users\laingg\Desktop\2015 Billable Hours.xlsx
    2015-11-19 12:04 - 2015-03-04 10:44 - 00000000 ____D C:\Users\laingg\Documents\Meine empfangenen Dateien

    ==================== Files in the root of some directories =======

    2015-06-04 15:13 - 2015-06-04 15:13 - 0000064 _____ () C:\Users\laingg\AppData\Local\aac087a41ca72b555aa11d4a31f1a191
    2015-02-27 13:41 - 2015-02-27 13:41 - 0000057 _____ () C:\ProgramData\Ament.ini

    Some files in TEMP:
    ====================
    C:\Users\laingg\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpp5ks73.dll


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
     
  5. GLaing

    GLaing TS Rookie Topic Starter Posts: 32

    LastRegBack: 2015-12-10 00:08

    ==================== End of FRST.txt ============================
    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-12-10 16:02 - 2015-04-03 16:02 - 00000000 ____D C:\Users\laingg\AppData\Roaming\uTorrent
    2015-12-10 16:02 - 2015-02-28 16:26 - 00000000 ____D C:\Users\laingg\AppData\Local\CrashDumps
    2015-12-10 16:02 - 2009-07-13 22:20 - 00000000 ____D C:\Windows
    2015-12-10 15:58 - 2015-08-22 09:55 - 00000434 _____ C:\Windows\Tasks\FaxArchive_CN41BFW0V705KC.job
    2015-12-10 15:49 - 2009-07-13 23:45 - 00021792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-12-10 15:49 - 2009-07-13 23:45 - 00021792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-12-10 15:47 - 2015-02-18 09:18 - 00000000 ____D C:\Users\laingg\AppData\Local\Deployment
    2015-12-10 15:47 - 2015-02-18 09:18 - 00000000 ____D C:\Users\laingg\AppData\Local\Apps\2.0
    2015-12-10 15:47 - 2015-02-18 09:16 - 00000000 ____D C:\Users\laingg\Tracing
    2015-12-10 15:47 - 2015-02-17 05:17 - 00000464 _____ C:\Windows\system32\config\netlogon.ftl
    2015-12-10 15:47 - 2009-07-14 00:13 - 00785858 _____ C:\Windows\system32\PerfStringBackup.INI
    2015-12-10 15:47 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
    2015-12-10 15:46 - 2015-02-28 16:48 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-12-10 15:43 - 2015-06-29 08:16 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-12-10 15:41 - 2015-06-29 08:16 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-12-10 15:41 - 2015-03-04 10:06 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-12-10 15:41 - 2015-02-28 17:30 - 00000000 ___RD C:\Users\laingg\Dropbox
    2015-12-10 15:41 - 2015-02-28 17:20 - 00000000 ____D C:\Users\laingg\AppData\Roaming\Dropbox
    2015-12-10 15:41 - 2015-02-17 14:11 - 00000000 ____D C:\Windows\system32\Empirum
    2015-12-10 15:41 - 2009-07-14 00:08 - 00032656 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2015-12-10 15:41 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2015-12-10 15:41 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Registration
    2015-12-10 15:37 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini
    2015-12-10 15:08 - 2015-06-29 07:57 - 00000922 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3312761167-2807315300-1982944300-3653UA.job
    2015-12-10 15:03 - 2015-02-17 14:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Lync
    2015-12-10 15:03 - 2015-02-17 14:48 - 00000000 ____D C:\Program Files (x86)\Microsoft Lync
    2015-12-10 10:17 - 2015-02-18 11:02 - 00000000 __SHD C:\Users\laingg\AppData\Local\EmieUserList
    2015-12-10 10:17 - 2015-02-18 11:02 - 00000000 __SHD C:\Users\laingg\AppData\Local\EmieSiteList
    2015-12-10 10:17 - 2015-02-18 11:02 - 00000000 __SHD C:\Users\laingg\AppData\Local\EmieBrowserModeList
    2015-12-10 03:26 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\AppCompat
    2015-12-10 00:15 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
    2015-12-09 23:22 - 2009-07-13 23:45 - 00412376 _____ C:\Windows\system32\FNTCACHE.DAT
    2015-12-09 20:08 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions
    2015-12-09 19:08 - 2015-06-29 07:57 - 00000870 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3312761167-2807315300-1982944300-3653Core.job
    2015-12-09 18:11 - 2015-02-17 14:41 - 00000000 ____D C:\ProgramData\Microsoft Help
    2015-12-09 18:10 - 2015-02-17 15:37 - 00000000 ____D C:\Windows\system32\MRT
    2015-12-09 17:56 - 2009-07-13 21:34 - 00000580 _____ C:\Windows\win.ini
    2015-12-09 17:48 - 2015-02-17 14:48 - 00000000 ____D C:\Program Files\Microsoft Lync
    2015-12-09 16:53 - 2009-07-14 00:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
    2015-12-09 16:52 - 2015-09-27 13:13 - 00001149 _____ C:\Users\Public\Desktop\Rosetta Stone.lnk
    2015-12-09 16:52 - 2015-07-29 11:17 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk
    2015-12-09 16:52 - 2015-07-29 11:17 - 00002204 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk
    2015-12-09 16:52 - 2015-07-29 11:17 - 00002043 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk
    2015-12-09 16:52 - 2015-07-29 11:17 - 00002026 _____ C:\Users\Public\Desktop\Adobe Acrobat XI Pro.lnk
    2015-12-09 16:52 - 2015-07-29 10:55 - 00002566 _____ C:\Users\laingg\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
    2015-12-09 16:52 - 2015-06-29 08:16 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2015-12-09 16:52 - 2015-06-04 05:59 - 00001157 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2015-12-09 16:52 - 2015-06-04 05:59 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2015-12-09 16:52 - 2015-03-19 08:51 - 00001146 _____ C:\Users\laingg\Desktop\SAP Logon.lnk
    2015-12-09 16:52 - 2015-03-04 10:06 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-12-09 16:52 - 2015-02-28 17:09 - 00000983 _____ C:\Users\Public\Desktop\Winamp.lnk
    2015-12-09 16:52 - 2015-02-28 16:47 - 00001070 _____ C:\Users\Public\Desktop\VLC media player.lnk
    2015-12-09 16:52 - 2015-02-28 15:44 - 00002711 _____ C:\Users\Public\Desktop\Seagate Dashboard.lnk
    2015-12-09 16:52 - 2015-02-27 16:43 - 00001274 _____ C:\Users\laingg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad.lnk
    2015-12-09 16:52 - 2015-02-27 14:34 - 00001268 _____ C:\Users\laingg\Desktop\Notepad.lnk
    2015-12-09 16:52 - 2015-02-27 13:43 - 00002158 _____ C:\Users\Public\Desktop\HP Officejet Pro 8600.lnk
    2015-12-09 16:52 - 2015-02-27 13:43 - 00000954 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
    2015-12-09 16:52 - 2015-02-18 09:28 - 00003011 _____ C:\Users\laingg\Desktop\Microsoft Outlook 2010.lnk
    2015-12-09 16:52 - 2015-02-18 09:28 - 00002575 _____ C:\Users\laingg\Desktop\Microsoft Lync 2010.lnk
    2015-12-09 16:52 - 2015-02-18 09:18 - 00001076 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Dellcall Help Information.lnk
    2015-12-09 16:52 - 2015-02-18 09:16 - 00001423 _____ C:\Users\laingg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2015-12-09 16:52 - 2015-02-18 09:16 - 00000859 _____ C:\Users\laingg\Desktop\Downloads.lnk
    2015-12-09 16:52 - 2015-02-17 14:57 - 00001753 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eraser.lnk
    2015-12-09 16:52 - 2015-02-17 14:57 - 00001747 _____ C:\Users\Public\Desktop\Eraser.lnk
    2015-12-09 16:52 - 2015-02-17 14:57 - 00001039 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
    2015-12-09 16:52 - 2015-02-17 14:47 - 00001932 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Activate Matrix42 Empirum via Pulse.lnk
    2015-12-09 16:52 - 2015-02-17 14:40 - 00002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
    2015-12-09 16:52 - 2015-02-17 14:40 - 00002050 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix Receiver.lnk
    2015-12-09 16:52 - 2015-02-17 14:40 - 00002019 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
    2015-12-09 16:52 - 2015-02-17 14:38 - 00002054 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Switchable Graphics.lnk
    2015-12-09 16:52 - 2015-02-17 14:16 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
    2015-12-09 16:52 - 2009-07-14 00:01 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
    2015-12-09 16:52 - 2009-07-13 23:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    2015-12-09 16:52 - 2009-07-13 23:57 - 00001292 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
    2015-12-09 16:52 - 2009-07-13 23:57 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
    2015-12-09 16:52 - 2009-07-13 23:54 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
    2015-12-09 16:52 - 2009-07-13 23:49 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
    2015-12-09 16:51 - 2015-02-18 09:16 - 00000000 ____D C:\Users\laingg
    2015-12-09 16:51 - 2015-02-17 14:39 - 00000000 ____D C:\Windows\{CAC1E444-ECC4-4FF8-B328-5E547FD608F8}
    2015-12-09 16:48 - 2015-03-31 15:10 - 00000000 ____D C:\Users\laingg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Verizon
    2015-12-09 16:47 - 2015-02-28 15:57 - 00000000 ____D C:\Users\laingg\AppData\Roaming\Store
    2015-12-09 16:28 - 2015-02-18 10:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2015-12-08 19:46 - 2015-02-28 16:48 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-12-08 19:46 - 2015-02-17 15:38 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-12-08 19:46 - 2015-02-17 15:38 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-12-04 08:39 - 2015-06-29 08:16 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2015-12-04 08:39 - 2015-06-29 08:16 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2015-12-03 14:49 - 2015-02-17 14:49 - 00000000 ____D C:\Bitlocker
    2015-12-02 10:44 - 2015-06-04 15:14 - 00000000 ____D C:\Program Files (x86)\ChilliTorrent
    2015-12-02 10:18 - 2015-04-23 16:10 - 00011248 _____ C:\Users\laingg\Desktop\2015 Billable Hours.xlsx
    2015-11-19 12:04 - 2015-03-04 10:44 - 00000000 ____D C:\Users\laingg\Documents\Meine empfangenen Dateien
     
  6. GLaing

    GLaing TS Rookie Topic Starter Posts: 32

    ==================== Files in the root of some directories =======

    2015-06-04 15:13 - 2015-06-04 15:13 - 0000064 _____ () C:\Users\laingg\AppData\Local\aac087a41ca72b555aa11d4a31f1a191
    2015-02-27 13:41 - 2015-02-27 13:41 - 0000057 _____ () C:\ProgramData\Ament.ini

    Some files in TEMP:
    ====================
    C:\Users\laingg\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpp5ks73.dll


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-12-10 00:08

    ==================== End of FRST.txt ============================
     
  7. GLaing

    GLaing TS Rookie Topic Starter Posts: 32

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:09-12-2015
    Ran by laingg (2015-12-10 16:02:22)
    Running from C:\Users\laingg\Downloads
    Windows 7 Enterprise Service Pack 1 (X64) (2015-02-17 10:18:12)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-3997167818-2217542986-3996327632-500 - Administrator - Enabled)
    Guest (S-1-5-21-3997167818-2217542986-3996327632-501 - Limited - Disabled)
    install (S-1-5-21-3997167818-2217542986-3996327632-1000 - Administrator - Enabled) => C:\Users\install

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Symantec Endpoint Protection (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Symantec Endpoint Protection (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    µTorrent (HKU\S-1-5-21-3312761167-2807315300-1982944300-3653\...\uTorrent) (Version: 3.4.5.41372 - BitTorrent Inc.)
    7-Zip 9.20 (HKLM\...\Igor Pavlov 7-Zip 9.20) (Version: 9.20 - Igor Pavlov)
    7-Zip 9.20 (x64 edition) (Version: 9.20.00.0 - Igor Pavlov) Hidden
    Active Directory Mapping Tool 1.1.8 (HKLM\...\msg Active Directory Mapping Tool 1.1.8) (Version: 1.1.8 - msg)
    AD Mapper Notify (x32 Version: 1.1.8 - msg services ag) Hidden
    AD Password Checker 1.0 (HKLM\...\msg AD Password Checker 1.0) (Version: 1.0 - msg)
    Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.13 - Adobe Systems)
    Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.228 - Adobe Systems Incorporated)
    Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated)
    AMD Catalyst Install Manager (HKLM\...\{C49F01A6-1151-BE59-8BD2-107CD8AC3088}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
    Anywhere Appshare (HKLM-x32\...\{A318D343-D601-4463-B872-0A3B27DDA5A9}) (Version: 6.5.1 - Anywhere Conference)
    Bios_Settings 2.0 (HKLM\...\msa Bios_Settings 2.0) (Version: 2.0 - msa)
    Bitlocker 1.0 (HKLM\...\msa Bitlocker 1.0) (Version: 1.0 - msa)
    Catalyst AMD HD8790M 8.0.911 (HKLM\...\AMD Catalyst AMD HD8790M 8.0.911) (Version: 8.0.911 - AMD)
    Citrix Receiver 3.4.0.29585 (HKLM-x32\...\Citrix Citrix Receiver 3.4.0.29585) (Version: 3.4.0.29585 - Citrix)
    Clickfree Easy Image (HKLM-x32\...\Clickfree Easy Image) (Version: - Storage Appliance Corp.)
    Default Settings 2.0 (HKLM\...\msa Default Settings 2.0) (Version: 2.0 - msa)
    Dell Power Manager (HKLM\...\{E45D7941-F3F0-4E8E-AD55-DCE2FE0AE6D8}) (Version: 1.1.0 - Dell Inc.)
    Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.134 - ALPS ELECTRIC CO., LTD.)
    Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.54 - Creative Technology Ltd)
    DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
    Directory Lister v2.02 (HKLM-x32\...\Directory Lister Pro_is1) (Version: 2.02 - KRKSoft)
    Dropbox (HKU\S-1-5-21-3312761167-2807315300-1982944300-3653\...\Dropbox) (Version: 3.10.11 - Dropbox, Inc.)
    Empirum Agent 15.1 (HKLM\...\Matrix42 Empirum Agent 15.1) (Version: 15.1 - Matrix42)
    Endpoint Protection 12.1.2015.2015 (HKLM\...\Symantec Endpoint Protection 12.1.2015.2015) (Version: 12.1.2015.2015 - Symantec)
    Engineering Client Viewer 7.0 (HKLM-x32\...\SAP_Engineering Client Viewer 7.0) (Version: - SAP AG)
    Eraser 6.0.10.2620 (Version: 6.0.2620 - The Eraser Project) Hidden
    Eraser 6.0.2620 (HKLM\...\The Eraser Project Eraser 6.0.2620) (Version: 6.0.2620 - The Eraser Project)
    Erste Schritte 2.0 (HKLM\...\msa Erste Schritte 2.0) (Version: 2.0 - msa)
    Flash Player 12.0.0.38 (HKLM\...\Adobe Flash Player 12.0.0.38) (Version: 12.0.0.38 - Adobe)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.80 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
    HDX RealTime Media Engine 1.4.100 (HKLM-x32\...\Citrix HDX RealTime Media Engine 1.4.100) (Version: 1.4.100 - Citrix)
    HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
    HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
    HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
    HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{2BF5E9CC-C55D-4B0F-ACAF-FFE77F333CD8}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
    I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
    Internet Explorer KB2964358 1.0 (HKLM\...\Microsoft Internet Explorer KB2964358 1.0) (Version: 1.0 - Microsoft)
    Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
    Java 1.7.0.51 (HKLM\...\Oracle Java 1.7.0.51) (Version: 1.7.0.51 - Oracle)
    Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
    Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
    Java SE Development Kit 6 Update 10 1.6.0.100 (HKLM\...\Oracle Java SE Development Kit 6 Update 10 1.6.0.100) (Version: 1.6.0.100 - Oracle)
    Junos Pulse 5.1.2.54585 (Version: 5.1.2.54585 - Juniper Networks) Hidden
    Kee Pass 2.25 (HKLM\...\Dominik Reichl Kee Pass 2.25) (Version: 2.25 - Dominik Reichl)
    KeePass Password Safe 2.25 (x32 Version: 2.25 - Dominik Reichl) Hidden
    Lotus Notes 8.5.3 (Basic) (x32 Version: 8.53.11258 - IBM) Hidden
    Lotus Notes 8.53.11287 (HKLM\...\IBM Lotus Notes 8.53.11287) (Version: 8.53.11287 - IBM)
    lync2010mui (x32 Version: 1.0.0 - <no manufacturer>) Hidden
    lync2010mui 4.0.7577.0 (HKLM\...\Microsoft lync2010mui 4.0.7577.0) (Version: 4.0.7577.0 - Microsoft)
    Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
    Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft Lync 2010 (HKLM\...\{58A013B1-1613-4978-881A-FCA43710C84A}) (Version: 4.0.7577.4478 - Microsoft Corporation)
    Microsoft Lync 2010, MUI (HKLM-x32\...\{CEECF731-3F08-4210-8073-7E87F58C01D3}) (Version: 4.0.7577.0 - Microsoft Corporation)
    Microsoft Office 2010 Primary Interop Assemblies (HKLM-x32\...\{90140000-1146-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1150 - Microsoft Corporation)
    Microsoft Online Services-Anmelde-Assistent (HKLM\...\{5D62CA9E-C68A-4BED-A1E9-7D38D9DDC2DB}) (Version: 7.250.4122.0 - Microsoft Corporation)
    Microsoft redistributable runtime DLLs VS2005 SP1(x86) (HKLM-x32\...\{CEC7A786-A9C8-4EF7-BB59-6518E3B3C878}) (Version: 8.0.50727.4053 - SAP)
    Microsoft redistributable runtime DLLs VS2008 SP1(x86) (HKLM-x32\...\{A47A9101-6EB5-4314-BDA1-297880FBB908}) (Version: 9.0 - SAP AG)
    Microsoft redistributable runtime DLLs VS2010 SP1 (x86) (HKLM-x32\...\{2385C070-EC26-4AB9-8718-E605C977C0ED}) (Version: 10.0.40219.1 - SAP)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.5 - Mozilla)
    MSG Outlook Addin 1.0.35 (x32 Version: 1.0.35 - msg services ag) Hidden
    msg.PrintClient (x32 Version: 1.0.0.0 - msg services ag) Hidden
    msgCommonPlugin (HKU\S-1-5-21-3312761167-2807315300-1982944300-3653\...\5C03B70F466253CDBE2696AC65AE0F78CA3C5F94) (Version: 1.0.0.35 - msg services ag)
    Office 2010 SP2 14.2 (HKLM-x32\...\Microsoft Office 2010 SP2 14.2) (Version: 14.2 - Microsoft)
    Online Plug-in (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden
    PDF Architect 3 (HKLM-x32\...\PDF Architect 3) (Version: 3.0.52.22600 - pdfforge GmbH)
    PDF Architect 3 Create Module (x32 Version: 3.0.13.22993 - pdfforge GmbH) Hidden
    PDF Architect 3 Edit Module (x32 Version: 3.0.13.22993 - pdfforge GmbH) Hidden
    PDF Architect 3 View Module (x32 Version: 3.0.13.22993 - pdfforge GmbH) Hidden
    PDFCreator 1.7.2 (HKLM\...\GNU PDFCreator 1.7.2) (Version: 1.7.2 - GNU)
    PM2Client 15.1 (HKLM\...\matrix42 PM2Client) (Version: 15.1 - matrix42)
    Power Manager 1.1.0 (HKLM\...\Dell Power Manager 1.1.0) (Version: 1.1.0 - Dell)
    PowerXpressHybrid (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
    PrintClient 1.0.0.0 (HKLM-x32\...\msg PrintClient 1.0.0.0) (Version: 1.0.0.0 - msg)
    PROSetWireless Software for Bluetooth Technology 3.1.1306.340 (HKLM\...\Intel PROSetWireless Software for Bluetooth Technology 3.1.1306.340) (Version: 3.1.1306.340 - Intel)
    Prosis 2.3.3 (HKLM\...\msg Prosis 2.3.3) (Version: 2.3.3 - msg)
    Prosis2 (HKLM-x32\...\{A14581CC-D6D9-4986-855B-C77AD2360895}) (Version: 2.3.3 - )
    Pulse Config 2015.06.23 (HKLM\...\Juniper Networks Pulse Config 2015.06.23) (Version: 2015.06.23 - Juniper Networks)
    Pulse Secure (Version: 5.1.54585 - Pulse Secure, LLC) Hidden
    Pulse Secure 5.1 (HKLM-x32\...\Pulse Secure 5.1) (Version: 5.1.54585 - Pulse Secure, LLC)
    PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
    Reader 11.0.06 (HKLM\...\Adobe Reader 11.0.06) (Version: 11.0.06 - Adobe)
    Realtek Audio COM Components (HKLM-x32\...\{2355B503-9B11-4449-861D-1C1748B26320}) (Version: 1.0.2 - Realtek Semiconductor Corp.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5988 - Realtek Semiconductor Corp.)
    RogueKiller version 11 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 11 - Adlice Software)
    Rosetta Stone Language Training (HKLM-x32\...\{00384623-4937-4D7D-BDD9-23513D1C50AB}) (Version: 5.0.37.0 - Rosetta Stone, Ltd)
    Rosetta Stone Ltd Services (HKLM-x32\...\{3165E4A6-D5DE-46B0-8597-D55E2B826B84}) (Version: 3.2.21 - Rosetta Stone Ltd.)
    SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
    SAP Business Explorer (HKLM-x32\...\SAPBI) (Version: 7.30 - SAP AG)
    SAP GUI for Windows 7.30 (HKLM-x32\...\SAPGUI710) (Version: 7.30 Compilation 3 - SAP AG)
    SAPgui 7.30.08 (HKLM-x32\...\SAP SAPgui 7.30.08) (Version: 7.30.08 - SAP)
    SAPlogon_Verteilung 2.0 (HKLM-x32\...\msg SAPlogon_Verteilung 2.0) (Version: 2.0 - msg)
    SAPSetup Automatic Workstation Update Service (HKLM-x32\...\SAP_WUS) (Version: - SAP AG)
    Seagate Dashboard (HKLM-x32\...\{EA266F00-A8E7-43A0-8DED-FBFE3F076934}) (Version: 4.0.2102.0 - Seagate)
    Security Patch KB3079904 1.0 (HKLM\...\Microsoft Security Patch KB3079904 1.0) (Version: 1.0 - Microsoft)
    Self-service Plug-in (x32 Version: 3.4.0.33684 - Citrix Systems, Inc.) Hidden
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
    Sierra Wireless AirCard Watcher (HKLM-x32\...\{87AE66E1-F431-4683-A98F-CAB9AE0FBA97}) (Version: 6.0.3830.8201 - Sierra Wireless Inc.)
    Sierra Wireless Dell Driver Package (HKLM-x32\...\SWIDellDrvInstaller) (Version: 3.8.1309.3948 - Sierra Wireless Inc.)
    Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
    Slingplayer for Chrome Installer (x32 Version: 0.0.0.74 - Sling Media) Hidden
    SlingplayerForChrome (HKLM-x32\...\{b94752f2-074a-4cc1-ad3b-cedc52319351}) (Version: 0.0.0.74 - Sling Media)
    SnagIt 9 (HKLM-x32\...\{59991D18-A988-45AB-B1BF-5ADE6E64CD3F}) (Version: 9.0.0 - TechSmith Corporation)
    ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.10.0046 - ST Microelectronics)
    ST Microelectronics Accelerometer Free Fall Protection 3.0 (HKLM\...\Dell ST Microelectronics Accelerometer Free Fall Protection 3.0) (Version: 3.0 - Dell)
    SUABnR (HKLM-x32\...\InstallShield_{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.)
    SUABnR (x32 Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.) Hidden
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1026 - SUPERAntiSpyware.com)
    Symantec Endpoint Protection (Version: 12.1.2015.2015 - Symantec Corporation) Hidden
    UserToLocalAdmin 1.0 (Version: 1.0 - msa) Hidden
    Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM-x32\...\{002CFA1B-7085-4489-A1CD-DAFC05BAA545}) (Version: 2.15.1003 - Samsung Electronics Co., Ltd.)
    Verizon Wireless Software Utility Application for Android - Samsung (HKLM-x32\...\{9E835F39-6633-4D1C-92CC-006F4D2F5E08}) (Version: 2.15.1001 - Samsung Electronics Co., Ltd.)
    Visio Viewer 2010 14.0.4763.1000 (HKLM-x32\...\Microsoft Visio Viewer 2010 14.0.4763.1000) (Version: 14.0.4763.1000 - Microsoft)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
    Webcam Central 1.40.54 (HKLM\...\Dell Webcam Central 1.40.54) (Version: 1.40.54 - Dell)
    Winamp (HKLM-x32\...\Winamp) (Version: 5.65 - Nullsoft, Inc)
    Window Web Access (HKLM-x32\...\Window Web Access) (Version: 1.41 - Grayscale LLC)
    Wireless 5570 HSPA 13.8.1050 (HKLM\...\Dell Wireless 5570 HSPA 13.8.1050) (Version: 13.8.1050 - Dell)
    WLAN Settings 1.0 (HKLM\...\msa WLAN Settings 1.0) (Version: 1.0 - msa)
     
  8. GLaing

    GLaing TS Rookie Topic Starter Posts: 32

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-3312761167-2807315300-1982944300-3653_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\laingg\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3312761167-2807315300-1982944300-3653_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3312761167-2807315300-1982944300-3653_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3312761167-2807315300-1982944300-3653_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3312761167-2807315300-1982944300-3653_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3312761167-2807315300-1982944300-3653_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3312761167-2807315300-1982944300-3653_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3312761167-2807315300-1982944300-3653_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3312761167-2807315300-1982944300-3653_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3312761167-2807315300-1982944300-3653_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-3312761167-2807315300-1982944300-3653_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)

    ==================== Restore Points =========================

    14-11-2015 19:28:39 Scheduled Checkpoint
    22-11-2015 00:00:01 Scheduled Checkpoint
    30-11-2015 00:00:00 Scheduled Checkpoint
    08-12-2015 00:00:00 Scheduled Checkpoint
    09-12-2015 17:47:26 Windows Update

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 21:34 - 2015-12-10 15:49 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

    127.0.0.1 localhost

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {0567AE72-DC3D-404E-9126-9BAB0BF60786} - System32\Tasks\HP AR Program Upload - 8c73b8e1c1f140c18696e094c5dd7c6acc424af37d74400f9af602fe520cfcb5 => C:\Program Files\HP\HP Officejet Pro 8600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
    Task: {0FFA8840-3200-4510-AF47-846CB5DDB6EF} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2015-04-01] (Seagate Technology LLC)
    Task: {13B6C879-E20E-4D4F-A62B-56BBE59E1142} - \Tempo Runner coz32host -> No File <==== ATTENTION
    Task: {3AA06B3A-9CB1-4257-BFB5-C6C1D7DDF4D6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-29] (Google Inc.)
    Task: {3F3130C4-DD78-4C20-BBE2-502A94E0F83E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-08] (Adobe Systems Incorporated)
    Task: {4F8853D9-F5F0-495E-B305-1D66886D45DB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
    Task: {5DAA432B-3A36-4FAD-A4DE-EA0B786ADB76} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3312761167-2807315300-1982944300-3653Core => C:\Users\laingg\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-29] (Dropbox, Inc.)
    Task: {6BF0611F-CC8C-40F0-9106-DACDB03EA670} - System32\Tasks\FaxArchive_CN41BFW0V705KC => C:\Program Files\HP\HP Officejet Pro 8600\Bin\FaxApplications.exe [2012-10-17] (Hewlett-Packard Co.)
    Task: {6EB94A7A-E93C-4507-9C6E-61DDDC386434} - System32\Tasks\{E98045C8-CAAA-48A4-AEAD-21AC912D03DC} => pcalua.exe -a C:\Users\laingg\AppData\Roaming\uTorrent\uTorrent.exe -c /UNINSTALL
    Task: {74C5B51B-A749-4104-9163-D23E05A79FB8} - System32\Tasks\laingg DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2015-04-01] (Seagate Technology LLC)
    Task: {7993F5E9-ED3A-456D-B855-8B8A8852E285} - System32\Tasks\{72563B30-98AE-4341-A122-46AD4F56D3D6} => C:\Program Files (x86)\Microsoft Lync\communicator.exe [2015-07-21] (Microsoft Corporation)
    Task: {8F2705DD-3524-4FB1-8922-6BB10A9FC065} - \amiupdaterExi -> No File <==== ATTENTION
    Task: {AAE694C3-46FA-4C68-9AFE-8115A7E38738} - System32\Tasks\{7881F97E-AF70-4BFE-B3C5-4949B5E69540} => C:\Users\laingg\AppData\Roaming\uTorrent\uTorrent.exe [2015-12-02] (BitTorrent Inc.)
    Task: {CBB4EF96-F64B-4237-A635-0A38488BCF73} - System32\Tasks\{8C5D43F8-FEFB-4C3E-88EA-DC33E27867C2} => C:\Program Files (x86)\Microsoft Lync\communicator.exe [2015-07-21] (Microsoft Corporation)
    Task: {D74E13E2-7332-41C7-AE75-D7240BFA0A50} - \amiupdaterExd -> No File <==== ATTENTION
    Task: {DAE17A6B-CF26-4953-B5B4-888431FDE4B6} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3312761167-2807315300-1982944300-3653UA => C:\Users\laingg\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-29] (Dropbox, Inc.)
    Task: {DF0D8E7C-9604-4E81-B1F8-BD35FCD801C4} - \Tempo Runner cozahost -> No File <==== ATTENTION
    Task: {F2899D84-B357-46D7-8284-F491F96C5430} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
    Task: {F4D785E3-50A5-4496-B62B-8D5E976DEC87} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-29] (Google Inc.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
     
  9. GLaing

    GLaing TS Rookie Topic Starter Posts: 32

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3312761167-2807315300-1982944300-3653Core.job => C:\Users\laingg\AppData\Local\Dropbox\Update\DropboxUpdate.exe
    Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3312761167-2807315300-1982944300-3653UA.job => C:\Users\laingg\AppData\Local\Dropbox\Update\DropboxUpdate.exe
    Task: C:\Windows\Tasks\FaxArchive_CN41BFW0V705KC.job => C:\Program Files\HP\HP Officejet Pro 8600\Bin\FaxApplications.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2015-02-17 12:31 - 2013-05-16 17:15 - 00149504 _____ () C:\Windows\system32\Empirum\zlib1.dll
    2015-07-12 08:01 - 2013-11-28 10:34 - 00233120 ____R () C:\programdata\Clickfree\FullImagingBackup\FullImagingService.exe
    2015-07-12 08:01 - 2013-11-28 10:34 - 00158536 ____R () C:\programdata\Clickfree\FullImagingBackup\VssClientDll.dll
    2013-09-04 18:17 - 2013-09-04 18:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
    2010-10-20 09:23 - 2010-10-20 09:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    2013-09-04 18:14 - 2013-09-04 18:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    2010-10-20 09:45 - 2010-10-20 09:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    2015-12-10 15:41 - 2015-12-10 15:41 - 00071168 _____ () c:\users\laingg\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpp5ks73.dll
    2015-03-04 16:45 - 2015-09-02 19:11 - 00012800 _____ () C:\Users\laingg\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
    2015-03-04 16:45 - 2015-09-02 19:11 - 00779776 _____ () C:\Users\laingg\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
    2015-07-30 22:09 - 2015-09-02 19:11 - 00056320 _____ () C:\Users\laingg\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll
    2015-03-04 16:45 - 2015-09-02 19:11 - 00012288 _____ () C:\Users\laingg\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
    2013-05-02 08:21 - 2013-05-02 08:21 - 00254280 _____ () C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\WebUpdtAPI.dll
    2015-12-09 00:46 - 2015-12-04 16:32 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\libglesv2.dll
    2015-12-09 00:46 - 2015-12-04 16:32 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\libegl.dll
    2015-12-09 00:46 - 2015-12-04 16:32 - 16573256 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\PepperFlash\pepflashplayer.dll
    2015-12-06 04:42 - 2015-12-06 04:42 - 53432832 _____ () C:\Program Files (x86)\WinWebUse\libcef.dll
    2015-01-14 05:55 - 2015-01-14 05:55 - 00386560 _____ () C:\Program Files (x86)\WinWebUse\log4cplusU.dll
    2015-12-06 04:42 - 2015-12-06 04:42 - 01976832 _____ () C:\Program Files (x86)\WinWebUse\libglesv2.dll
    2015-12-06 04:42 - 2015-12-06 04:42 - 00075264 _____ () C:\Program Files (x86)\WinWebUse\libegl.dll
    2015-11-06 23:36 - 2015-11-06 23:36 - 16496456 _____ () C:\Program Files (x86)\WinWebUse\plugins\pepflashplayer.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SepMasterService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-3312761167-2807315300-1982944300-3653\...\msg-gillardon.de -> msg-gillardon.de
    IE trusted site: HKU\S-1-5-21-3312761167-2807315300-1982944300-3653\...\msg-global.com -> msg-global.com
    IE trusted site: HKU\S-1-5-21-3312761167-2807315300-1982944300-3653\...\msg.ag -> int.root.msg.ag
    IE trusted site: HKU\S-1-5-21-3312761167-2807315300-1982944300-3653\...\msg.de -> hxxps://citrix.msg.de
    IE trusted site: HKU\S-1-5-21-3312761167-2807315300-1982944300-3653\...\prevo.ch -> prevo.ch

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3312761167-2807315300-1982944300-3653\Control Panel\Desktop\\Wallpaper ->
    DNS Servers: 75.75.75.75 - 75.75.76.76
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
    FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
    FirewallRules: [{3E6DF53C-D5DF-4846-8E57-58A65D6690F7}] => (Allow) LPort=10043
    FirewallRules: [{CFB74DF5-E566-4E12-BF33-5284232EC1E7}] => (Allow) C:\Windows\System32\Empirum\swdepot.exe
    FirewallRules: [{710897CC-A4C6-49B1-B9B4-20D4E8A60388}] => (Allow) C:\Windows\System32\Empirum\swdepot.exe
    FirewallRules: [{0984F1ED-5D20-463E-8138-D5908DA287DE}] => (Allow) LPort=10043
    FirewallRules: [{7C04B5EA-BD72-460A-96E9-D512B55DC6A6}] => (Allow) LPort=10043
    FirewallRules: [{928352C6-00FB-4C3B-A9B8-BA7598382B6F}] => (Allow) C:\Windows\System32\Empirum\swdepot.exe
    FirewallRules: [{BE5F98E8-8E39-4127-BAB4-712BE17A3F10}] => (Allow) C:\Windows\System32\Empirum\swdepot.exe
    FirewallRules: [{2F9239C7-82A8-4AFB-A4E3-133FB78BDC6C}] => (Allow) C:\Windows\System32\Empirum\swdepot.exe
    FirewallRules: [{26329B09-1A53-418A-9E76-E8AC8B9496D4}] => (Allow) C:\Windows\System32\Empirum\swdepot.exe
    FirewallRules: [{B6D5CE18-DBC2-420C-8257-6FF6F89E2E67}] => (Allow) C:\Program Files (x86)\Microsoft Lync\communicator.exe
    FirewallRules: [{B5755D43-B240-4BC6-983F-BA9B54D003B6}] => (Allow) C:\Program Files (x86)\Microsoft Lync\UcMapi.exe
    FirewallRules: [{2D1663DD-E033-4C4A-B7A1-C954BEB33048}] => (Allow) C:\Program Files\Microsoft Lync\UcMapi64.exe
    FirewallRules: [{6FD8A489-4F8C-470B-B53D-533B1F5AC942}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\Smc.exe
    FirewallRules: [{BD1D12A8-7DE8-4740-900E-C8753B962303}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\Smc.exe
    FirewallRules: [{57A7C3AC-4FB2-4A77-9812-4D48A4BEDBFC}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\snac64.exe
    FirewallRules: [{BD0DB9E1-7A0A-441F-B3DD-DDD4FA9CE2B6}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\snac64.exe
    FirewallRules: [{73020ACE-0178-44E9-A530-7677B5659DBA}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [{E9E35FB8-46C8-49CE-8E4A-7266E885D198}] => (Allow) C:\Program Files (x86)\Microsoft Lync\communicator.exe
    FirewallRules: [{6C56213F-A7C2-4AD7-92DC-AA269134C871}] => (Allow) C:\Program Files (x86)\Microsoft Lync\communicator.exe
    FirewallRules: [{AF0159DD-D8C2-412B-83DB-0B9DD32BD045}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe
    FirewallRules: [{D0F2EC4D-D1E2-4D1E-B127-539AABD5AEE9}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe
    FirewallRules: [{9F11B4E6-80F5-49E4-8AA8-0CAEE67A8697}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe
    FirewallRules: [{6C16D081-D39A-4890-8FC5-74AADE833883}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe
    FirewallRules: [{23C264A6-45CE-4BB2-802F-EFFDA091F31B}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
    FirewallRules: [{029B4804-DE4A-4B4C-BCE3-8E2CE722E34D}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
    FirewallRules: [TCP Query User{D2882720-7EC6-43E6-AF40-00FF60663EE3}C:\program files (x86)\citrix\ica client\wfica32.exe] => (Allow) C:\program files (x86)\citrix\ica client\wfica32.exe
    FirewallRules: [UDP Query User{C6084D87-D1F6-4C47-B57D-1E31E3B480D8}C:\program files (x86)\citrix\ica client\wfica32.exe] => (Allow) C:\program files (x86)\citrix\ica client\wfica32.exe
    FirewallRules: [{4AB03917-8DBB-4F8C-BD65-A1998B865AFD}] => (Block) C:\program files (x86)\citrix\ica client\wfica32.exe
    FirewallRules: [{CEDE3A8B-62FE-4FAB-8A03-8F4E8069A19F}] => (Block) C:\program files (x86)\citrix\ica client\wfica32.exe
    FirewallRules: [TCP Query User{7AA9CAF8-D2F0-4308-A712-69E22AC05C62}C:\program files (x86)\citrix\ica client\wfica32.exe] => (Allow) C:\program files (x86)\citrix\ica client\wfica32.exe
    FirewallRules: [UDP Query User{AF75898C-B980-4769-AC5A-62AC9FA628CF}C:\program files (x86)\citrix\ica client\wfica32.exe] => (Allow) C:\program files (x86)\citrix\ica client\wfica32.exe
    FirewallRules: [{E2D91926-949E-42F7-B880-471BF5B6DE6F}] => (Allow) LPort=8888
    FirewallRules: [TCP Query User{13488B63-960E-40DD-9EC3-A75E33507113}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
    FirewallRules: [UDP Query User{E7F0AF4A-214F-4E51-8536-19B813646EBB}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
    FirewallRules: [{729b1b77-9b4f-40dd-8ce8-0bf0c5c40a93}] => (Allow) C:\ProgramData\micron\1.1.0.29\cozaghost.exe
    FirewallRules: [{03A7D5D0-B25B-48F6-8EDE-17DFF126B90E}] => (Allow) C:\ProgramData\micron\1.1.0.29\cozaghost.exe
    FirewallRules: [{72E7DFD4-9F12-4925-BD71-012883255B55}] => (Allow) C:\ProgramData\micron\1.1.0.29\cozaghost.exe
    FirewallRules: [{89743051-6705-4426-84A6-716BB60342B5}] => (Allow) C:\ProgramData\micron\1.1.0.29\cozaghost.exe
    FirewallRules: [{8131FDF6-E2B0-48F1-AF0B-1A54934BE5BE}] => (Allow) C:\ProgramData\micron\1.1.0.29\cozaghost.exe
    FirewallRules: [{C6E8072A-A099-4F6E-A0F0-86560B00082F}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
    FirewallRules: [{AFFD7CE7-E987-4B55-9DFB-862A29C08EDA}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
    FirewallRules: [{FF790EFE-84DF-41D2-9EEA-B3143BA1A531}] => (Allow) C:\Users\laingg\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [{1024F303-11DA-487D-A435-4B3E3A42401C}] => (Allow) C:\Users\laingg\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [TCP Query User{B0DBDC12-C523-479A-9A8C-8D61F83DFEBE}C:\users\laingg\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\laingg\appdata\roaming\dropbox\bin\dropbox.exe
    FirewallRules: [UDP Query User{AEF56AF4-363F-4972-A57B-8EF5385861EF}C:\users\laingg\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\laingg\appdata\roaming\dropbox\bin\dropbox.exe
    FirewallRules: [{2DCB9A15-E000-4B5C-8E37-E7B20C481394}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{D04DD28C-9B92-4995-B748-959D10E6DE67}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [TCP Query User{6A483581-A6D3-400D-A625-EEA4F29D2671}C:\program files (x86)\chillitorrent\chillitorrent.exe] => (Allow) C:\program files (x86)\chillitorrent\chillitorrent.exe
    FirewallRules: [UDP Query User{EF2C2B9E-126D-423C-AD94-3200CB0B70C5}C:\program files (x86)\chillitorrent\chillitorrent.exe] => (Allow) C:\program files (x86)\chillitorrent\chillitorrent.exe
    FirewallRules: [TCP Query User{3BD7617A-CFD3-4D82-B078-682929A0AB3B}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
    FirewallRules: [UDP Query User{08119E84-BA15-47BE-8E29-8D8CD8E50655}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
    FirewallRules: [{9543D086-A913-48FE-B377-9E8167271492}] => (Allow) LPort=8888
    FirewallRules: [{B063C6D8-8ED3-4713-9FD1-DF8863C48474}] => (Allow) C:\Users\laingg\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{0D4A2F76-D101-457A-A8E3-E7E01081DB7B}] => (Allow) C:\Users\laingg\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{1E93B6E8-F7CD-40BB-80B1-DD2341C43C0C}] => (Allow) C:\Users\laingg\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{ABF52209-F528-4395-BA59-0627B8DE06C0}] => (Allow) C:\Users\laingg\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{923B969D-B85C-4625-8FC5-3F18F08451E3}] => (Allow) C:\Users\laingg\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{9500C1BB-A4EF-4E6F-970F-7136A1613B89}] => (Allow) C:\Users\laingg\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [TCP Query User{F01654D8-1616-4969-A188-92FCA543E03A}C:\program files (x86)\slingplayerforchrome\slingplayerforchrome.exe] => (Allow) C:\program files (x86)\slingplayerforchrome\slingplayerforchrome.exe
    FirewallRules: [UDP Query User{4534CC69-18D2-4777-8DF5-EC3D39FEAB2B}C:\program files (x86)\slingplayerforchrome\slingplayerforchrome.exe] => (Allow) C:\program files (x86)\slingplayerforchrome\slingplayerforchrome.exe
    FirewallRules: [TCP Query User{A7C3847F-68AF-40D7-9813-9A3F82D44DAC}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
    FirewallRules: [UDP Query User{59049620-FB53-43D5-8189-F5404840DC23}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
    FirewallRules: [{EE2F6E71-672B-4166-B9B5-14F64FA60D02}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdServices.exe
    FirewallRules: [{20DB9DCD-DCDC-478B-8316-9EF383352D39}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdServices.exe
    FirewallRules: [{5D089AFF-9639-40A7-9DC8-EBE8EA306189}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
    FirewallRules: [{26BEA993-D9B6-4481-BA73-55C2D933D5A0}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
    FirewallRules: [{1201EEFC-7302-41C6-9DA2-CA25F89B2C26}] => (Allow) C:\Program Files (x86)\Directory Lister\DirListerPro.exe
    FirewallRules: [{A774874C-4683-42C9-BC03-AB50EDA10F22}] => (Allow) C:\Program Files (x86)\Directory Lister\DirListerPro.exe
    FirewallRules: [{0723FC0B-EE26-482E-84E3-70D6CAABD5BB}] => (Allow) C:\Program Files (x86)\Directory Lister\DirListerPro.exe
    FirewallRules: [{6521F98B-CC39-4EF6-BE34-25A69963EE88}] => (Allow) C:\Program Files (x86)\Directory Lister\DirListerPro.exe
    FirewallRules: [{0F37E277-CB45-48CB-A491-601217FF8598}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{2EAA3F8C-491C-4D42-8F10-28B753683177}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩敷畢敳睜湩敷畢敳攮數
    FirewallRules: [{56C81F7D-D158-4A8E-9964-AED229F6CB53}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩敷畢敳睜湩敷畢敳⹟硥e
    FirewallRules: [{C6AE9824-F3FC-465A-9D34-E8DEEF43F893}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
    FirewallRules: [{2AC2573F-F5D8-49DE-ADCF-A0FD53F94532}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
    FirewallRules: [{F674266E-9524-44EE-93A4-C439FAFA9983}] => (Allow) C:\Program Files (x86)\SpringFiles\SpringFiles.exe
    FirewallRules: [{14A8C7BD-13D3-4BC9-A534-23CDC9C32AC7}] => (Allow) C:\Program Files (x86)\SpringFiles\SpringFiles.exe
    FirewallRules: [{6EE1F9AB-03F7-4AF1-950E-C940319BF557}] => (Allow) C:\Program Files (x86)\SpringFiles\downloader.exe
    FirewallRules: [{5ECA8B64-9C59-477C-9B2B-3E5F32C841F4}] => (Allow) C:\Program Files (x86)\SpringFiles\downloader.exe
    FirewallRules: [{2CCC6A67-DF26-4802-8A9F-D876406833A4}] => (Allow) C:\Program Files (x86)\Microsoft Lync\communicator.exe
    FirewallRules: [{52CA165F-C35B-488E-9590-237215B8B6A8}] => (Allow) C:\Program Files (x86)\Microsoft Lync\communicator.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Sierra Wireless Inc\3G Watcher\TRUUpdater.exe] => C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe:*:Enabled:TRUUpdater
     
  10. GLaing

    GLaing TS Rookie Topic Starter Posts: 32

    ==================== Faulty Device Manager Devices =============

    Name: Teredo Tunneling Pseudo-Interface
    Description: Microsoft Teredo Tunneling Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (12/10/2015 04:01:57 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: winwebtask_.exe, version: 1.3.2.9, time stamp: 0x56681513
    Faulting module name: winwebtask_.exe, version: 1.3.2.9, time stamp: 0x56681513
    Exception code: 0xc0000005
    Fault offset: 0x000020c0
    Faulting process id: 0x15a0
    Faulting application start time: 0xwinwebtask_.exe0
    Faulting application path: winwebtask_.exe1
    Faulting module path: winwebtask_.exe2
    Report Id: winwebtask_.exe3

    Error: (12/10/2015 03:55:41 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: winwebtask_.exe, version: 1.3.2.9, time stamp: 0x56681513
    Faulting module name: winwebtask_.exe, version: 1.3.2.9, time stamp: 0x56681513
    Exception code: 0xc0000005
    Fault offset: 0x000020c0
    Faulting process id: 0x2668
    Faulting application start time: 0xwinwebtask_.exe0
    Faulting application path: winwebtask_.exe1
    Faulting module path: winwebtask_.exe2
    Report Id: winwebtask_.exe3

    Error: (12/10/2015 03:49:08 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: winwebtask_.exe, version: 1.3.2.9, time stamp: 0x56681513
    Faulting module name: winwebtask_.exe, version: 1.3.2.9, time stamp: 0x56681513
    Exception code: 0xc0000005
    Fault offset: 0x000020c0
    Faulting process id: 0x340
    Faulting application start time: 0xwinwebtask_.exe0
    Faulting application path: winwebtask_.exe1
    Faulting module path: winwebtask_.exe2
    Report Id: winwebtask_.exe3

    Error: (12/10/2015 03:48:39 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: winwebtask_.exe, version: 1.3.2.9, time stamp: 0x56681513
    Faulting module name: winwebtask_.exe, version: 1.3.2.9, time stamp: 0x56681513
    Exception code: 0xc0000005
    Fault offset: 0x000020c0
    Faulting process id: 0x15d4
    Faulting application start time: 0xwinwebtask_.exe0
    Faulting application path: winwebtask_.exe1
    Faulting module path: winwebtask_.exe2
    Report Id: winwebtask_.exe3

    Error: (12/10/2015 03:48:10 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: winwebtask_.exe, version: 1.3.2.9, time stamp: 0x56681513
    Faulting module name: winwebtask_.exe, version: 1.3.2.9, time stamp: 0x56681513
    Exception code: 0xc0000005
    Fault offset: 0x000020c0
    Faulting process id: 0x3e8
    Faulting application start time: 0xwinwebtask_.exe0
    Faulting application path: winwebtask_.exe1
    Faulting module path: winwebtask_.exe2
    Report Id: winwebtask_.exe3

    Error: (12/10/2015 03:47:35 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: winwebtask_.exe, version: 1.3.2.9, time stamp: 0x56681513
    Faulting module name: winwebtask_.exe, version: 1.3.2.9, time stamp: 0x56681513
    Exception code: 0xc0000005
    Fault offset: 0x000020c0
    Faulting process id: 0x2284
    Faulting application start time: 0xwinwebtask_.exe0
    Faulting application path: winwebtask_.exe1
    Faulting module path: winwebtask_.exe2
    Report Id: winwebtask_.exe3

    Error: (12/10/2015 03:41:35 PM) (Source: AutoEnrollment) (EventID: 6) (User: )
    Description: INT\laingg0x8007003aThe specified server cannot perform the requested operation.

    Error: (12/10/2015 03:41:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (12/10/2015 03:30:14 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: winwebtask_.exe, version: 1.3.2.9, time stamp: 0x56681513
    Faulting module name: winwebtask_.exe, version: 1.3.2.9, time stamp: 0x56681513
    Exception code: 0xc0000005
    Fault offset: 0x000020c0
    Faulting process id: 0x276c
    Faulting application start time: 0xwinwebtask_.exe0
    Faulting application path: winwebtask_.exe1
    Faulting module path: winwebtask_.exe2
    Report Id: winwebtask_.exe3

    Error: (12/10/2015 03:22:02 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: winwebtask_.exe, version: 1.3.2.9, time stamp: 0x56681513
    Faulting module name: winwebtask_.exe, version: 1.3.2.9, time stamp: 0x56681513
    Exception code: 0xc0000005
    Fault offset: 0x000020c0
    Faulting process id: 0x1628
    Faulting application start time: 0xwinwebtask_.exe0
    Faulting application path: winwebtask_.exe1
    Faulting module path: winwebtask_.exe2
    Report Id: winwebtask_.exe3


    System errors:
    =============
    Error: (12/10/2015 03:46:58 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalLaunch{DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}{B292921D-AF50-400C-9B75-0C57A7F29BA1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

    Error: (12/10/2015 03:46:58 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalLaunch{DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}{B292921D-AF50-400C-9B75-0C57A7F29BA1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

    Error: (12/10/2015 03:43:55 PM) (Source: TermService) (EventID: 1067) (User: )
    Description: The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted.
    .

    Error: (12/10/2015 03:41:26 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: INT)
    Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

    Error: (12/10/2015 03:41:25 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
    Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

    Error: (12/10/2015 03:41:20 PM) (Source: NETLOGON) (EventID: 5719) (User: )
    Description: This computer was not able to set up a secure session with a domain
    controller in domain INT due to the following:
    %%1311

    This may lead to authentication problems. Make sure that this
    computer is connected to the network. If the problem persists,
    please contact your domain administrator.



    ADDITIONAL INFO

    If this computer is a domain controller for the specified domain, it
    sets up the secure session to the primary domain controller emulator in the specified
    domain. Otherwise, this computer sets up the secure session to any domain controller
    in the specified domain.

    Error: (12/10/2015 03:41:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalLaunch{DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}{B292921D-AF50-400C-9B75-0C57A7F29BA1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

    Error: (12/10/2015 03:40:28 PM) (Source: DCOM) (EventID: 10010) (User: )
    Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

    Error: (12/10/2015 03:37:05 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
    Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

    Error: (12/10/2015 03:36:45 PM) (Source: Application Popup) (EventID: 1060) (User: )
    Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.


    CodeIntegrity:
    ===================================
    Date: 2015-12-10 15:36:45.005
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2015-12-10 15:36:44.990
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7-4610M CPU @ 3.00GHz
    Percentage of memory in use: 30%
    Total physical RAM: 16289.18 MB
    Available physical RAM: 11391.09 MB
    Total Virtual: 32576.56 MB
    Available Virtual: 27169.86 MB

    ==================== Drives ================================

    Drive c: (OSDisk) (Fixed) (Total:230.37 GB) (Free:141.44 GB) NTFS
    Drive e: (Seagate Backup Plus Drive) (Fixed) (Total:2794.51 GB) (Free:2569.75 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 54ADA4EE)
    Partition 1: (Not Active) - (Size=230.4 GB) - (Type=07 NTFS)
    Partition 2: (Active) - (Size=300 MB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=7.8 GB) - (Type=0C)
    Attempted reading MBR returned 0 bytes.
    Could not read MBR for disk 1.

    ==================== End of Addition.txt ============================
     
  11. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ======================================

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2
    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
    [​IMG] Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
    NOTE. If you already have MBAM 2.0 installed scroll down.
    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    If you already have MBAM 2.0 installed:
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    How to get logs:
    (Export log to save as txt)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • Attach that saved log to your next reply.
    (Copy to clipboard for pasting into forum replies or tickets)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.
    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
  12. GLaing

    GLaing TS Rookie Topic Starter Posts: 32

    Log from Roguekiller
    RogueKiller V11.0.2.0 (x64) [Dec 7 2015] (Free) by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/software/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : laingg [Administrator]
    Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
    Mode : Delete -- Date : 12/10/2015 17:08:10

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 2 ¤¤¤
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{30E5B348-CCB5-415D-AF8E-3514AB709A31} | NameServer : 193.29.27.96,193.29.27.108 ([X][X]) -> Replaced ()
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{30E5B348-CCB5-415D-AF8E-3514AB709A31} | NameServer : 193.29.27.96,193.29.27.108 ([X][EUROPEAN UNION (EU)]) -> Replaced ()

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 1 ¤¤¤
    [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost

    ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: SAMSUNG SSD PM851 2.5 7m SCSI Disk Device +++++
    --- User ---
    [MBR] 1137241a67e677e89eee3211ed066549
    [BSP] a05f02e5d553a9d65e0ee8224de688fd : Windows Vista/7/8|VT.Unknown MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 235898 MB [Unknown Bootstrap | Unknown Bootloader]
    1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 483121152 | Size: 300 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    2 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 483735552 | Size: 7999 MB
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive1: Seagate Backup+ Desk USB Device +++++
    Error reading User MBR! ([57] The parameter is incorrect. )
    Error reading LL1 MBR! ([79] The semaphore timeout period has expired. )
    Error reading LL2 MBR! ([32] The request is not supported. )
     
  13. GLaing

    GLaing TS Rookie Topic Starter Posts: 32

    Results from MBAM 2.2.0.1024 Premium version
    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 12/10/2015
    Scan Time: 5:10 PM
    Logfile: MBAM Scan.txt
    Administrator: Yes

    Version: 2.2.0.1024
    Malware Database: v2015.12.10.06
    Rootkit Database: v2015.12.07.01
    License: Premium
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: laingg

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 401314
    Time Elapsed: 5 min, 8 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     
  14. GLaing

    GLaing TS Rookie Topic Starter Posts: 32

    Results of ADW Cleaner
    # AdwCleaner v5.024 - Logfile created 10/12/2015 at 17:23:13
    # Updated 07/12/2015 by Xplode
    # Database : 2015-12-07.3 [Server]
    # Operating system : Windows 7 Enterprise Service Pack 1 (x64)
    # Username : laingg - MGSN308PN
    # Running from : C:\Users\laingg\Downloads\adwcleaner_5.024 (1).exe
    # Option : Cleaning
    # Support : http://toolslib.net/forum

    ***** [ Services ] *****


    ***** [ Folders ] *****

    [-] Folder Deleted : C:\Users\laingg\AppData\Local\globalUpdate
    [-] Folder Deleted : C:\Users\laingg\AppData\Roaming\Store
    [-] Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\SwiftMediaConverter

    ***** [ Files ] *****

    [-] File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\yahoo.xml
    [-] File Deleted : C:\Users\laingg\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_album-list-for-winamp.software.informer.com_0.localstorage
    [-] File Deleted : C:\Users\laingg\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_album-list-for-winamp.software.informer.com_0.localstorage-journal
    [-] File Deleted : C:\Users\laingg\AppData\Roaming\Mozilla\Firefox\Profiles\u4ymof4y.default-1449696621196\invalidprefs.js
    [-] File Deleted : C:\Users\laingg\AppData\Roaming\Mozilla\Firefox\Profiles\u4ymof4y.default-1449696621196\user.js

    ***** [ DLLs ] *****


    ***** [ Shortcuts ] *****


    ***** [ Scheduled tasks ] *****


    ***** [ Registry ] *****

    [-] Key Deleted : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
    [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\BHO.DLL
    [-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
    [-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
    [-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION [BackgroundHost.exe]
    [-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_WEBOC_MOVESIZECHILD [BackgroundHost.exe]
    [-] Key Deleted : HKLM\SOFTWARE\ba2a29c2-bd5c-47fb-a1a0-182c7e1fb0d0
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8F7D0A5-7074-40B8-9BDC-1174BDD0A132}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D14D64BC-A0E4-42E3-BB72-FB41EA43C198}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DD1F043F-ABC8-4643-8B95-D2C5B22BB019}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F3E8F9-F747-4DD6-BA6B-82A6CE1E0860}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED0B64D4-BF27-4521-AD27-190F49BF5EA7}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{023E9EC8-B147-40EB-B0B3-DF90618FB371}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0522D9A4-4D57-437D-978D-E5B3B6C9005D}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07F41522-AF7D-4F26-B394-094F059FDB8A}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0C40F472-7407-4467-8914-1DEA7C326972}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{212E6D43-6062-492A-B8CC-144669FF11ED}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{224FE662-1E6D-4BC0-AEBB-9E2FB4057BE9}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A807417-B46D-4D37-8C9A-19AC6DE204F9}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3CC60715-D6C5-429D-830E-43FA3F86C61D}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4517D94C-19BA-46FA-BE66-2A30CEAC4A85}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{555D7146-94A8-4C94-AE76-C39CDC7F7705}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59D188FA-757A-424E-8C93-F58FFD896BD7}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8120D9D6-785C-4413-9C0C-DF2028C56FAD}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{823AE2EB-E62C-4847-B192-C99B91B92416}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9B4F7CFE-987D-410E-A8E4-20182E0B3C24}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9B9A45F4-18FC-484A-BACA-076D78273D8E}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A6D54287-7939-466A-8579-92546D946C8C}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A78EDAFB-926F-4D93-AB13-8232D7378EB1}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{88C20E16-1EB7-40CE-820C-6CFCB41B1D2F}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{41634761-D0BA-4C1A-9AC2-04AEE9511370}
    [-] Key Deleted : HKCU\Software\GlobalUpdate
    [-] Key Deleted : HKCU\Software\InstalledBrowserExtensions
    [-] Key Deleted : HKCU\Software\Store
    [-] Key Deleted : HKCU\Software\SwiftMediaConverterApp
    [-] Key Deleted : HKCU\Software\DAILYPCCLEAN
    [-] Key Deleted : HKCU\Software\Yahoo\Companion
    [-] Key Deleted : HKCU\Software\Yahoo\YFriendsBar
    [-] Key Deleted : HKCU\Software\WEBAPP
    [-] Key Deleted : HKCU\Software\tstamptoken
    [-] Key Deleted : HKCU\Software\AppDataLow\Software\Yahoo\Companion
    [-] Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
    [-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion
    [-] Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
    [-] Key Deleted : HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_

    ***** [ Web browsers ] *****

    [-] [C:\Users\laingg\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
    [-] [C:\Users\laingg\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search.conduit.com
    [-] [C:\Users\laingg\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com

    *************************

    :: "Tracing" keys removed
    :: Winsock settings cleared

    ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [7553 bytes] ##########
     
  15. GLaing

    GLaing TS Rookie Topic Starter Posts: 32

    Results of JRT
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.0.1 (11.24.2015)
    Operating System: Windows 7 Enterprise x64
    Ran by laingg (Administrator) on Thu 12/10/2015 at 17:28:43.00
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    File System: 2

    Successfully deleted: C:\Users\laingg\AppData\Local\aac087a41ca72b555aa11d4a31f1a191 (File)
    Successfully deleted: C:\Users\laingg\AppData\Roaming\itibiti (Folder)



    Registry: 7

    Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_33E44ABAC57B1917778F5B063B7D127A (Registry Value)
    Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
    Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{cf34d395-9ff1-49a0-98a5-8db1636431b1} (Registry Key)
    Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E60943C8-32BD-41AC-B32B-A0B0FA06B6DC} (Registry Key)
    Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
    Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06E08260-0695-4EC1-A74B-1310D8899D93} (Registry Key)
    Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{2DFF3579-5AA7-45B9-9328-1D38EA230861} (Registry Value)




    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Thu 12/10/2015 at 17:30:54.38
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  16. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  17. GLaing

    GLaing TS Rookie Topic Starter Posts: 32

    Hi issue still present. Result of combofix
    ComboFix 15-12-07.01 - laingg 12/11/2015 7:58.2.4 - x64
    Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.16289.13093 [GMT -5:00]
    Running from: c:\users\laingg\Downloads\ComboFix.exe
    AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Symantec Endpoint Protection *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\laingg\AppData\Local\assembly\tmp
    c:\users\laingg\AppData\Roaming\MSA
    c:\users\laingg\AppData\Roaming\MSA\Outlook\msaProfile.xml
    .
    .
    ((((((((((((((((((((((((( Files Created from 2015-11-11 to 2015-12-11 )))))))))))))))))))))))))))))))
    .
    .
    2015-12-11 13:02 . 2015-12-11 13:02 -------- d-----w- c:\users\install\AppData\Local\temp
    2015-12-11 13:02 . 2015-12-11 13:02 -------- d-----w- c:\users\Default\AppData\Local\temp
    2015-12-10 22:20 . 2015-12-10 22:23 -------- d-----w- C:\AdwCleaner
    2015-12-10 21:01 . 2015-12-10 21:02 -------- d-----w- C:\FRST
    2015-12-10 18:56 . 2015-12-10 18:56 -------- d-----w- c:\users\laingg\AppData\Roaming\SUPERAntiSpyware.com
    2015-12-10 18:56 . 2015-12-10 19:22 -------- d-----w- c:\program files\SUPERAntiSpyware
    2015-12-10 18:56 . 2015-12-10 18:56 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2015-12-10 18:49 . 2015-12-10 19:43 -------- d-----w- C:\SUPERDelete
    2015-12-10 01:08 . 2015-12-10 01:08 -------- d-s---w- c:\windows\system32\CompatTel
    2015-12-10 01:08 . 2015-12-10 01:08 -------- d-----w- c:\windows\system32\appraiser
    2015-12-09 23:10 . 2015-08-05 17:56 169984 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\rtscom.dll
    2015-12-09 23:10 . 2015-08-05 17:56 353280 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\InkDiv.dll
    2015-12-09 23:10 . 2015-08-05 17:41 126464 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\rtscom.dll
    2015-12-09 23:10 . 2015-08-05 17:40 274944 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\InkDiv.dll
    2015-12-09 23:10 . 2015-08-05 17:56 1372160 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
    2015-12-09 23:10 . 2015-08-05 17:56 275456 ----a-w- c:\windows\system32\InkEd.dll
    2015-12-09 23:10 . 2015-08-05 17:56 2103296 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\InkObj.dll
    2015-12-09 23:10 . 2015-08-05 17:40 939520 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
    2015-12-09 23:10 . 2015-08-05 17:40 216064 ----a-w- c:\windows\SysWow64\InkEd.dll
    2015-12-09 23:10 . 2015-08-05 17:40 1415168 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\InkObj.dll
    2015-12-09 23:06 . 2015-06-02 00:07 254976 ----a-w- c:\windows\system32\cewmdm.dll
    2015-12-09 23:06 . 2015-06-01 23:47 210432 ----a-w- c:\windows\SysWow64\cewmdm.dll
    2015-12-09 23:04 . 2015-07-16 19:12 856064 ----a-w- c:\windows\SysWow64\rdvidcrl.dll
    2015-12-09 23:04 . 2015-07-16 19:12 53248 ----a-w- c:\windows\SysWow64\tsgqec.dll
    2015-12-09 23:04 . 2015-07-16 19:12 6131200 ----a-w- c:\windows\SysWow64\mstscax.dll
    2015-12-09 23:04 . 2015-07-16 19:11 62976 ----a-w- c:\windows\system32\tsgqec.dll
    2015-12-09 23:04 . 2015-07-16 19:11 7077376 ----a-w- c:\windows\system32\mstscax.dll
    2015-12-09 23:04 . 2015-07-16 19:11 1057792 ----a-w- c:\windows\system32\rdvidcrl.dll
    2015-12-09 23:04 . 2015-07-11 13:15 429568 ----a-w- c:\windows\system32\wksprt.exe
    2015-12-09 23:03 . 2015-08-05 17:56 1110016 ----a-w- c:\windows\system32\schedsvc.dll
    2015-12-09 23:03 . 2015-07-30 13:13 103120 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
    2015-12-09 23:03 . 2015-07-30 13:13 124624 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2015-12-09 23:01 . 2015-07-15 18:10 1743360 ----a-w- c:\windows\system32\sysmain.dll
    2015-12-09 23:01 . 2015-07-15 18:10 11264 ----a-w- c:\windows\system32\msmmsp.dll
    2015-12-09 23:01 . 2015-07-15 18:15 94656 ----a-w- c:\windows\system32\drivers\mountmgr.sys
    2015-12-09 23:01 . 2015-07-15 18:02 2560 ----a-w- c:\windows\system32\drivers\en-US\mountmgr.sys.mui
    2015-12-09 23:01 . 2015-08-06 18:04 14176768 ----a-w- c:\windows\system32\shell32.dll
    2015-12-09 23:01 . 2015-08-06 18:03 1866752 ----a-w- c:\windows\system32\ExplorerFrame.dll
    2015-12-09 23:01 . 2015-08-06 17:44 1498624 ----a-w- c:\windows\SysWow64\ExplorerFrame.dll
    2015-12-09 23:00 . 2015-06-09 18:03 3180544 ----a-w- c:\windows\system32\rdpcorets.dll
    2015-12-09 23:00 . 2015-06-09 18:03 16384 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
    2015-12-09 22:58 . 2015-08-05 17:06 39936 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
    2015-12-09 22:58 . 2015-08-05 17:56 22528 ----a-w- c:\windows\system32\icaapi.dll
    2015-12-09 22:58 . 2015-07-15 03:17 2048 ----a-w- c:\windows\system32\tzres.dll
    2015-12-09 22:58 . 2015-07-15 02:54 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2015-12-09 22:57 . 2015-07-09 17:58 82944 ----a-w- c:\windows\system32\dwmapi.dll
    2015-12-09 22:57 . 2015-07-09 17:58 1632256 ----a-w- c:\windows\system32\dwmcore.dll
    2015-12-09 22:57 . 2015-07-09 17:42 67584 ----a-w- c:\windows\SysWow64\dwmapi.dll
    2015-12-09 22:57 . 2015-07-09 17:42 1372160 ----a-w- c:\windows\SysWow64\dwmcore.dll
    2015-12-09 22:57 . 2015-07-15 03:19 52736 ----a-w- c:\windows\system32\basesrv.dll
    2015-12-09 22:55 . 2015-09-29 03:11 86528 ----a-w- c:\windows\system32\TSpkg.dll
    2015-12-09 22:54 . 2015-06-17 17:47 404992 ----a-w- c:\windows\system32\gdi32.dll
    2015-12-09 22:54 . 2015-06-17 17:37 312320 ----a-w- c:\windows\SysWow64\gdi32.dll
    2015-12-09 22:54 . 2015-09-18 19:19 73216 ----a-w- c:\windows\system32\acmigration.dll
    2015-12-09 22:54 . 2015-06-03 20:16 1239720 ----a-w- c:\windows\system32\aitstatic.exe
    2015-12-09 22:54 . 2015-09-18 19:19 700416 ----a-w- c:\windows\system32\invagent.dll
    2015-12-09 22:54 . 2015-09-18 19:19 766464 ----a-w- c:\windows\system32\generaltel.dll
    2015-12-09 22:54 . 2015-09-18 19:19 503808 ----a-w- c:\windows\system32\devinv.dll
    2015-12-09 22:54 . 2015-09-18 19:09 1163776 ----a-w- c:\windows\system32\aeinv.dll
    2015-12-09 22:54 . 2015-06-03 20:16 193536 ----a-w- c:\windows\system32\aepic.dll
    2015-12-09 22:54 . 2015-07-04 18:07 2087424 ----a-w- c:\windows\system32\ole32.dll
    2015-12-09 22:54 . 2015-07-04 17:48 1414656 ----a-w- c:\windows\SysWow64\ole32.dll
    2015-12-09 22:51 . 2015-06-15 21:45 504320 ----a-w- c:\windows\system32\msihnd.dll
    2015-12-09 22:51 . 2015-06-15 21:45 3242496 ----a-w- c:\windows\system32\msi.dll
    2015-12-09 22:51 . 2015-06-15 21:44 128000 ----a-w- c:\windows\system32\msiexec.exe
    2015-12-09 22:51 . 2015-06-15 21:43 337408 ----a-w- c:\windows\SysWow64\msihnd.dll
    2015-12-09 22:51 . 2015-06-15 21:43 2364416 ----a-w- c:\windows\SysWow64\msi.dll
    2015-12-09 22:51 . 2015-06-15 21:42 73216 ----a-w- c:\windows\SysWow64\msiexec.exe
    2015-12-09 22:51 . 2015-06-15 21:42 25088 ----a-w- c:\windows\system32\msimsg.dll
    2015-12-09 22:51 . 2015-06-15 21:37 25088 ----a-w- c:\windows\SysWow64\msimsg.dll
    2015-12-09 22:51 . 2015-07-30 18:06 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
    2015-12-09 22:51 . 2015-07-30 18:06 1180160 ----a-w- c:\windows\system32\FntCache.dll
    2015-12-09 22:51 . 2015-07-30 17:57 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
    2015-12-09 22:51 . 2015-07-30 17:57 1251328 ----a-w- c:\windows\SysWow64\DWrite.dll
    2015-12-09 22:51 . 2015-07-30 18:06 1648128 ----a-w- c:\windows\system32\DWrite.dll
    2015-12-09 22:50 . 2015-07-23 00:02 1390592 ----a-w- c:\windows\system32\diagtrack.dll
    2015-12-09 22:50 . 2015-07-23 00:02 879104 ----a-w- c:\windows\system32\tdh.dll
    2015-12-09 22:50 . 2015-07-22 17:53 635392 ----a-w- c:\windows\SysWow64\tdh.dll
    2015-12-09 22:50 . 2015-07-22 16:48 41984 ----a-w- c:\windows\system32\UtcResources.dll
    2015-12-09 22:50 . 2015-07-23 00:02 879104 ----a-w- c:\windows\system32\advapi32.dll
    2015-12-09 22:50 . 2015-07-22 17:53 641536 ----a-w- c:\windows\SysWow64\advapi32.dll
    2015-12-09 22:47 . 2015-09-02 03:04 41984 ----a-w- c:\windows\system32\lpk.dll
    2015-12-09 22:47 . 2015-09-02 03:04 100864 ----a-w- c:\windows\system32\fontsub.dll
    2015-12-09 22:47 . 2015-09-02 03:04 14336 ----a-w- c:\windows\system32\dciman32.dll
    2015-12-09 22:47 . 2015-09-02 03:04 46080 ----a-w- c:\windows\system32\atmlib.dll
    2015-12-09 22:47 . 2015-09-02 02:48 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
    2015-12-09 22:47 . 2015-09-02 02:48 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
    2015-12-09 22:47 . 2015-09-02 02:48 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
    2015-12-09 22:47 . 2015-09-02 02:47 25600 ----a-w- c:\windows\SysWow64\lpk.dll
    2015-12-09 22:47 . 2015-09-02 01:51 3209216 ----a-w- c:\windows\system32\win32k.sys
    2015-12-09 22:47 . 2015-09-02 01:47 372736 ----a-w- c:\windows\system32\atmfd.dll
    2015-12-09 22:47 . 2015-09-02 01:33 299520 ----a-w- c:\windows\SysWow64\atmfd.dll
    2015-12-09 22:04 . 2015-12-10 21:48 36608 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2015-12-09 22:03 . 2015-12-09 22:20 -------- d-----w- c:\programdata\RogueKiller
    2015-12-09 22:03 . 2015-12-09 22:03 -------- d-----w- c:\program files\RogueKiller
    2015-12-09 21:36 . 2015-12-09 21:36 -------- d-----w- c:\programdata\boost_interprocess
    2015-12-09 21:30 . 2015-12-09 21:30 -------- d-----w- c:\users\laingg\AppData\Local\CEF
    2015-12-09 21:29 . 2015-12-09 21:30 -------- d-----w- c:\program files (x86)\winwebuse
    2015-12-02 20:41 . 2015-12-02 20:51 -------- d-----w- C:\Hold
    2015-12-02 15:46 . 2015-12-02 15:46 -------- d-----w- c:\users\laingg\AppData\Roaming\KRKsoft
    2015-12-02 15:46 . 2015-12-02 15:46 -------- d-----w- c:\program files (x86)\Directory Lister
    2015-11-17 14:51 . 2015-11-17 14:51 82432 ----a-w- c:\users\laingg\AppData\Roaming\Microsoft\MSXML2\msxml4r.dll
    2015-11-17 14:51 . 2015-11-17 14:51 44544 ----a-w- c:\users\laingg\AppData\Roaming\Microsoft\MSXML2\msxml4a.dll
    2015-11-17 14:51 . 2015-11-17 14:51 1275392 ----a-w- c:\users\laingg\AppData\Roaming\Microsoft\MSXML2\msxml4.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2015-12-10 23:08 . 2015-03-04 15:06 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2015-12-09 00:46 . 2015-02-17 20:38 796864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2015-12-09 00:46 . 2015-02-17 20:38 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2015-10-30 11:54 . 2015-10-30 11:54 57344 ----a-r- c:\users\laingg\AppData\Roaming\Microsoft\Installer\{002CFA1B-7085-4489-A1CD-DAFC05BAA545}\NewShortcut2_004CA6CE20F84A5EAA175F820D52B1AC.exe
    2015-10-30 11:54 . 2015-10-30 11:54 53248 ----a-r- c:\users\laingg\AppData\Roaming\Microsoft\Installer\{002CFA1B-7085-4489-A1CD-DAFC05BAA545}\ARPPRODUCTICON.exe
    2015-10-08 17:41 . 2015-10-08 17:41 57344 ----a-r- c:\users\laingg\AppData\Roaming\Microsoft\Installer\{9E835F39-6633-4D1C-92CC-006F4D2F5E08}\NewShortcut11_98798AFA4B0B41FAA9B8FF8835A64952.exe
    2015-10-08 17:41 . 2015-10-08 17:41 57344 ----a-r- c:\users\laingg\AppData\Roaming\Microsoft\Installer\{9E835F39-6633-4D1C-92CC-006F4D2F5E08}\NewShortcut1_3F3768693B314C7692F69858832BE52C.exe
    2015-10-08 17:41 . 2015-10-08 17:41 53248 ----a-r- c:\users\laingg\AppData\Roaming\Microsoft\Installer\{9E835F39-6633-4D1C-92CC-006F4D2F5E08}\ARPPRODUCTICON.exe
    2015-10-05 13:50 . 2015-03-04 15:06 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
    2015-10-05 13:50 . 2015-03-04 15:06 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2015-10-05 13:50 . 2015-03-04 15:06 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
    2015-10-02 17:09 . 2015-02-17 20:37 143481208 ----a-w- c:\windows\system32\MRT.exe
    2015-09-29 02:58 . 2015-12-09 22:55 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2015-12-08 21:33 199488 ----a-w- c:\users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2015-12-08 21:33 199488 ----a-w- c:\users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
    @="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
    @="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
    2015-12-08 21:33 199488 ----a-w- c:\users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
    @="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
    @="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
    2015-12-08 21:33 199488 ----a-w- c:\users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2015-12-08 21:33 199488 ----a-w- c:\users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
    @="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
    @="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
    2015-12-08 21:33 199488 ----a-w- c:\users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2015-12-08 21:33 199488 ----a-w- c:\users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
    @="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
    @="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
    2015-12-08 21:33 199488 ----a-w- c:\users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2015-12-08 21:33 199488 ----a-w- c:\users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2015-12-08 21:33 199488 ----a-w- c:\users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
    @="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
    @="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
    2015-12-08 21:33 199488 ----a-w- c:\users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
    @="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
    @="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
    2015-12-08 21:33 199488 ----a-w- c:\users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2015-12-08 21:33 199488 ----a-w- c:\users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
    @="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
    @="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
    2015-12-08 21:33 199488 ----a-w- c:\users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2015-12-08 21:33 199488 ----a-w- c:\users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
    @="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
    @="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
    2015-12-08 21:33 199488 ----a-w- c:\users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
    "HP Officejet Pro 8600 (NET)"="c:\program files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" [2012-10-17 2573416]
    "Uploader"="c:\program files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe" [2015-04-01 127304]
    "Dropbox Update"="c:\users\laingg\AppData\Local\Dropbox\Update\DropboxUpdate.exe" [2015-06-29 134512]
    "ClickfreeMonitor"="c:\programdata\Clickfree\cfagent.exe" [2013-11-28 354632]
    "FibReminder"="c:\programdata\Clickfree\FullImagingBackup\FibReminder.exe" [2013-11-28 3634504]
    "uTorrent"="c:\users\laingg\AppData\Roaming\uTorrent\uTorrent.exe" [2015-12-02 2026520]
    "RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [BU]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2015-12-10 7935904]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-07-17 642816]
    "TRUUpdater"="c:\program files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe" [2013-05-02 355144]
    "WatcherHelper"="c:\program files (x86)\Sierra Wireless Inc\3G Watcher\WaHelper.exe" [2013-05-02 164680]
    "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-12-16 462974]
    "ADMapperNotify"="c:\program files (x86)\msg services ag\AD Mapper Notify\ADMapperNotify.exe" [2014-03-26 123392]
    "ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2012-12-14 383544]
    "CitrixReceiver"="c:\programdata\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk" [BU]
    "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
    "Communicator"="c:\program files (x86)\Microsoft Lync\communicator.exe" [2015-07-21 12119360]
    "IBM Lotus Notes Preloader"="c:\lotus\Notes\nntspreld.exe" [2011-09-16 25480]
    "KeePass 2 PreLoad"="c:\program files (x86)\KeePass Password Safe 2\KeePass.exe" [2014-02-03 2092032]
    "DBAgent"="c:\program files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe" [2015-04-01 1533728]
    "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
    "PulseSecure"="c:\program files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe" [2015-03-11 2826584]
    "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [2015-09-26 3498728]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "screen"="powershell.exe" [BU]
    .
    c:\users\laingg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Citrix Receiver.lnk - c:\program files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe [2012-12-12 54320]
    Dropbox.lnk - c:\users\laingg\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-5-4 24952456]
    Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk - c:\windows\system32\RunDll32.exe [2009-7-13 45568]
    Verizon Wireless Software Utility Application for Android – Samsung.lnk - c:\users\laingg\AppData\Roaming\VERIZON\UA_ar\UA.exe [2015-10-5 1245504]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Empirum Inventory.lnk - c:\windows\System32\Empirum\EmpInventory.exe [2015-2-17 3901784]
    .
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Citrix Receiver.lnk - c:\program files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe [2012-12-12 54320]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "DisableCAD"= 1 (0x1)
    "EnableLinkedConnections"= 1 (0x1)
    "MaxGPOScriptWait"= 180 (0xb4)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~2\Citrix\ICACLI~1\RSHook.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u msoidssp
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3312761167-2807315300-1982944300-3653\Scripts\Logon\0\0]
    "Script"=startPopup.bat
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3312761167-2807315300-1982944300-3653\Scripts\Logon\0\1]
    "Script"=msg.Services.LogonScript.Main.wsf
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3312761167-2807315300-1982944300-3653\Scripts\Logon\0\2]
    "Script"=writetodbuser.vbs
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 EraserSvc11510;Symantec Eraser Service;c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe;c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe [x]
    R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R3 dcdbas;System Management Driver;c:\windows\system32\DRIVERS\dcdbas64.sys;c:\windows\SYSNATIVE\DRIVERS\dcdbas64.sys [x]
    R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 irstrtdv;Intel(R) Rapid Start Technology Driver;c:\windows\system32\drivers\irstrtdv.sys;c:\windows\SYSNATIVE\drivers\irstrtdv.sys [x]
    R3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\drivers\ISCTD64.sys;c:\windows\SYSNATIVE\drivers\ISCTD64.sys [x]
    R3 JNPRNA;Juniper Network Agent Miniport;c:\windows\system32\DRIVERS\jnprna6.sys;c:\windows\SYSNATIVE\DRIVERS\jnprna6.sys [x]
    R3 jnprva;Juniper Networks Virtual Adapter Service;c:\windows\system32\DRIVERS\jnprva.sys;c:\windows\SYSNATIVE\DRIVERS\jnprva.sys [x]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
    R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
    R3 PDF Architect 3 CrashHandler;PDF Architect 3 CrashHandler;c:\program files (x86)\PDF Architect 3\crash-handler-ws.exe;c:\program files (x86)\PDF Architect 3\crash-handler-ws.exe [x]
    R3 PDF Architect 3;PDF Architect 3;c:\program files (x86)\PDF Architect 3\ws.exe;c:\program files (x86)\PDF Architect 3\ws.exe [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
    R3 swg3knmea05;Sierra Wireless QMI NMEA Communication - Dell;c:\windows\system32\drivers\swg3knmea05.sys;c:\windows\SYSNATIVE\drivers\swg3knmea05.sys [x]
    R3 swg3kser05;Sierra Wireless QMI USB Device for Legacy Serial Communication - Dell;c:\windows\system32\drivers\swg3kser05.sys;c:\windows\SYSNATIVE\drivers\swg3kser05.sys [x]
    R3 swibus05;Sierra Wireless Bus Enumerator 05;c:\windows\system32\drivers\swibus05.sys;c:\windows\SYSNATIVE\drivers\swibus05.sys [x]
    R3 swibusflt05;Sierra Wireless Bus Enumerator Filter 05;c:\windows\system32\drivers\swibusflt05.sys;c:\windows\SYSNATIVE\drivers\swibusflt05.sys [x]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
    R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
    R4 jnprTdi_812_54585;Juniper Networks TDI Filter Driver (jnprTdi_812_54585);c:\windows\system32\Drivers\jnprTdi_812_54585.sys;c:\windows\SYSNATIVE\Drivers\jnprTdi_812_54585.sys [x]
    R4 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
    S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\drivers\amdkmpfd.sys;c:\windows\SYSNATIVE\drivers\amdkmpfd.sys [x]
    S0 iaStorA;iaStorA;c:\windows\system32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
    S0 iaStorF;iaStorF;c:\windows\system32\drivers\iaStorF.sys;c:\windows\SYSNATIVE\drivers\iaStorF.sys [x]
    S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys;c:\windows\SYSNATIVE\DRIVERS\stdcfltn.sys [x]
    S0 SymDS;Symantec Data Store;c:\windows\system32\Drivers\SEP\0C0107DF\07DF.105\x64\SYMDS64.SYS;c:\windows\SYSNATIVE\Drivers\SEP\0C0107DF\07DF.105\x64\SYMDS64.SYS [x]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\Drivers\SEP\0C0107DF\07DF.105\x64\SYMEFA64.SYS;c:\windows\SYSNATIVE\Drivers\SEP\0C0107DF\07DF.105\x64\SYMEFA64.SYS [x]
    S1 BHDrvx64;BHDrvx64;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\BASHDefs\20151113.011\BHDrvx64.sys;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\BASHDefs\20151113.011\BHDrvx64.sys [x]
    S1 ccSettings_{3771A34D-2132-48EA-A486-D62ECDF9D553};Symantec Endpoint Protection 12.1.2015.2015.105 Settings Manager;c:\windows\system32\Drivers\SEP\0C0107DF\07DF.105\x64\ccSetx64.sys;c:\windows\SYSNATIVE\Drivers\SEP\0C0107DF\07DF.105\x64\ccSetx64.sys [x]
    S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]
    S1 IDSVia64;IDSVia64;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\IPSDefs\20151208.014\IDSvia64.sys;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\IPSDefs\20151208.014\IDSvia64.sys [x]
    S1 jnprns;Juniper Network Service;c:\windows\system32\DRIVERS\jnprns.sys;c:\windows\SYSNATIVE\DRIVERS\jnprns.sys [x]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\Drivers\SEP\0C0107DF\07DF.105\x64\Ironx64.SYS;c:\windows\SYSNATIVE\Drivers\SEP\0C0107DF\07DF.105\x64\Ironx64.SYS [x]
    S1 SYMNETS;Symantec Network Security WFP Driver;c:\windows\system32\Drivers\SEP\0C0107DF\07DF.105\x64\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\SEP\0C0107DF\07DF.105\x64\SYMNETS.SYS [x]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
    S2 ARPriv;Citrix Receiver Install Helper Service;c:\program files (x86)\Citrix\Receiver\PrivService.exe;c:\program files (x86)\Citrix\Receiver\PrivService.exe [x]
    S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
    S2 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
    S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
    S2 Dell.PowerManager.Service;Dell.PowerManager.Service;c:\windows\system32\dllhost.exe;c:\windows\SYSNATIVE\dllhost.exe [x]
    S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
    S2 ERIS;Empirum Remote Installation Service;c:\windows\system32\Empirum\Eris.exe;c:\windows\SYSNATIVE\Empirum\Eris.exe [x]
    S2 FibUacService;FibUacService;c:\programdata\Clickfree\FullImagingBackup\FibUac.exe;c:\programdata\Clickfree\FullImagingBackup\FibUac.exe [x]
    S2 FullImagingService;FullImagingService;c:\programdata\Clickfree\FullImagingBackup\FullImagingService.exe;c:\programdata\Clickfree\FullImagingBackup\FullImagingService.exe [x]
    S2 JuniperAccessService;Pulse Secure Network Service;c:\program files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe;c:\program files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe [x]
    S2 LNSUSvc;Lotus Notes Smart Upgrade Service;c:\lotus\Notes\SUService.exe;c:\lotus\Notes\SUService.exe [x]
    S2 Lotus Notes Diagnostics;Lotus Notes Diagnostics;c:\lotus\Notes\nsd.exe;c:\lotus\Notes\nsd.exe [x]
    S2 msoidsvc;Microsoft Online Services Sign-in Assistant;c:\program files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE;c:\program files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [x]
    S2 NWSAPAutoWorkstationUpdateSvc;SAPSetup Automatic Workstation Update Service;c:\program files (x86)\SAP\SAPsetup\Setup\Updater\NwSapAutoWorkstationUpdateService.exe;c:\program files (x86)\SAP\SAPsetup\Setup\Updater\NwSapAutoWorkstationUpdateService.exe [x]
    S2 PDF Architect 3 Creator;PDF Architect 3 Creator;c:\program files (x86)\PDF Architect 3\creator-ws.exe;c:\program files (x86)\PDF Architect 3\creator-ws.exe [x]
    S2 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe;c:\program files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe [x]
    S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]
    S2 Seagate Dashboard Services;Seagate Dashboard Services;c:\program files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe;c:\program files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [x]
    S2 Seagate MobileBackup Service;Seagate MobileBackup Service;c:\program files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe;c:\program files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [x]
    S2 SepMasterService;Symantec Endpoint Protection;c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe;c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe [x]
    S2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;c:\program files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe;c:\program files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [x]
    S2 SwiService;Sierra Wireless Service;c:\program files (x86)\Sierra Wireless Inc\Utils\SWIService.exe;c:\program files (x86)\Sierra Wireless Inc\Utils\SWIService.exe [x]
    S2 WinTaskSvc;Window Web Access;c:\program files (x86)\winwebuse\WinWebSync.exe;c:\program files (x86)\winwebuse\WinWebSync.exe [x]
    S2 WinTaskSvc2;Window Web Access2;c:\program files (x86)\winwebuse\WinWebSync_.exe;c:\program files (x86)\winwebuse\WinWebSync_.exe [x]
    S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
    S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
    S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
    S3 e1dexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver D;c:\windows\system32\DRIVERS\e1d62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1d62x64.sys [x]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
    S3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
    S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
    S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
    S3 JnprVaMgr;Juniper Networks Virtual Adapter Manager Service;c:\windows\system32\DRIVERS\jnprvamgr.sys;c:\windows\SYSNATIVE\DRIVERS\jnprvamgr.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
    S3 O2FJ2RDR;O2FJ2RDR;c:\windows\system32\DRIVERS\O2FJ2w7x64.sys;c:\windows\SYSNATIVE\DRIVERS\O2FJ2w7x64.sys [x]
    S3 PsxDrv;PsxDrv;c:\windows\system32\drivers\psxdrv.sys;c:\windows\SYSNATIVE\drivers\psxdrv.sys [x]
    S3 ST_ACCEL;STMicroelectronics Accelerometer Service;c:\windows\system32\DRIVERS\ST_Accel.sys;c:\windows\SYSNATIVE\DRIVERS\ST_Accel.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2015-12-09 05:45 1000264 ----a-w- c:\program files (x86)\Google\Chrome\Application\47.0.2526.80\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2015-12-11 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-17 00:46]
    .
    2015-12-11 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3312761167-2807315300-1982944300-3653Core.job
    - c:\users\laingg\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-29 12:57]
    .
    2015-12-11 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3312761167-2807315300-1982944300-3653UA.job
    - c:\users\laingg\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-29 12:57]
    .
    2015-12-11 c:\windows\Tasks\FaxArchive_CN41BFW0V705KC.job
    - c:\program files\HP\HP Officejet Pro 8600\Bin\FaxApplications.exe [2012-10-17 09:34]
    .
    2015-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-06-29 13:16]
    .
    2015-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-06-29 13:16]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2015-12-08 21:33 236352 ----a-w- c:\users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2015-12-08 21:33 236352 ----a-w- c:\users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
    @="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
    2015-12-08 21:33 236352 ----a-w- c:\users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
    @="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
    2015-12-08 21:33 236352 ----a-w- c:\users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2015-12-08 21:33 236352 ----a-w- c:\users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
    @="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
    2015-12-08 21:33 236352 ----a-w- c:\users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2015-12-08 21:33 236352 ----a-w- c:\users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
    @="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
    2015-12-08 21:33 236352 ----a-w- c:\users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "erisui"="c:\windows\system32\Empirum\eris_ui" [X]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2013-11-01 708952]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-11-01 165872]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-11-01 407536]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2013-11-01 444400]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2013-11-01 7202520]
    "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2013-11-01 1321688]
    "WavesSvc"="c:\program files\Realtek\Audio\HDA\WavesSvc64.exe" [2013-11-01 115968]
    "RtHDVBg_PushButton"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2013-11-01 1321688]
    "BLEServicesCtrl"="c:\program files (x86)\Intel\Bluetooth\BleServicesCtrl.exe" [2012-09-17 184112]
    "BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshellex.dll" [2013-05-21 7830328]
    "Eraser"="c:\progra~1\Eraser\Eraser.exe" [2012-05-22 980920]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2014-02-28 558496]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = <-loopback>
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
    Trusted Zone: msg-gillardon.de
    Trusted Zone: msg-global.com
    Trusted Zone: msg.ag\int.root
    Trusted Zone: msg.ag\root
    Trusted Zone: msg.de
    Trusted Zone: msg.de\citrix
    Trusted Zone: prevo.ch
    TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
    FF - ProfilePath - c:\users\laingg\AppData\Roaming\Mozilla\Firefox\Profiles\u4ymof4y.default-1449696621196\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    Toolbar-Locked - (no file)
    AddRemove-{1B9604EE-B104-45C8-8551-5F63BA631E23} - c:\programdata\{FA77A43D-F6ED-4924-87B5-517C061388C6}\WeatherBugSetup.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SepMasterService]
    "ImagePath"="\"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe\" /s \"Symantec Endpoint Protection\" /m \"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\sms.dll\" /prefetch:1"
    --
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SmcService]
    "ImagePath"="\"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\Smc.exe\" /prefetch:1"
    .
     
  18. GLaing

    GLaing TS Rookie Topic Starter Posts: 32

    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3312761167-2807315300-1982944300-3653\Software\Citrix\PrinterProperties\HP Officejet Pro 8600 (Network)\M*¬ ,*F*6*E*3*0*1*C*8*0*0*0*0*0*0*0*0*\CitrixPrinterData]
    "PrinterName"="M€"
    "PortName"="Client:4:Microsoft XPS Document Writer"
    "DriverName"="Citrix Universal Printer"
    "PrintProcessor"="Citrix Print Processor"
    "DataType"="RAW"
    "Parameters"=""
    "Comment"="Auto Restored Client Printer MGSN57SG"
    "Location"=""
    "Status"=dword:00000080
    "Attributes"=dword:00008040
    "CreatedHow"=dword:00000004
    "CommonAttributes"=dword:00000000
    "CommonDevmode"=hex:4d,80,00,47,53,54,53,34,32,32,49,5c,4d,80,2c,4c,6f,63,61,
    6c,4f,6e,6c,79,2c,44,72,76,43,6f,6e,00,01,04,00,05,9c,00,00,00,03,ff,00,00,\
    "UserDevmode"=hex:4d,00,ac,20,00,00,47,00,53,00,54,00,53,00,34,00,32,00,32,00,
    49,00,5c,00,4d,00,ac,20,2c,00,4c,00,6f,00,63,00,61,00,6c,00,4f,00,6e,00,6c,\
    .
    [HKEY_USERS\S-1-5-21-3312761167-2807315300-1982944300-3653\Software\Citrix\PrinterProperties\Microsoft XPS Document Writer\M*¬ ,*3*F*A*F*E*F*4*7*F*F*F*F*F*F*F*F*\CitrixPrinterData]
    "PrinterName"="M€"
    "PortName"="Client:6:Microsoft XPS Document Writer"
    "DriverName"="Citrix Universal Printer"
    "PrintProcessor"="Citrix Print Processor"
    "DataType"="RAW"
    "Parameters"=""
    "Comment"="Auto Restored Client Printer MGSN308PN"
    "Location"=""
    "Status"=dword:00000000
    "Attributes"=dword:00008040
    "CreatedHow"=dword:00000004
    "CommonAttributes"=dword:00000000
    "CommonDevmode"=hex:4d,80,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
    00,00,00,00,00,00,00,00,00,00,00,00,00,01,04,00,05,9c,00,00,00,03,ff,00,00,\
    "UserDevmode"=hex:4d,00,ac,20,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    .
    [HKEY_USERS\S-1-5-21-3312761167-2807315300-1982944300-3653\Software\Citrix\PrinterProperties\Microsoft XPS Document Writer\M*¬ ,*5*1*7*6*B*0*C*A*0*0*0*0*0*0*0*0*\CitrixPrinterData]
    "PrinterName"="M€"
    "PortName"="Client:2:Microsoft XPS Document Writer"
    "DriverName"="Citrix Universal Printer"
    "PrintProcessor"="Citrix Print Processor"
    "DataType"="RAW"
    "Parameters"=""
    "Comment"="Auto Restored Client Printer MGSN270PN"
    "Location"=""
    "Status"=dword:00000080
    "Attributes"=dword:00008040
    "CreatedHow"=dword:00000004
    "CommonAttributes"=dword:00000000
    "CommonDevmode"=hex:4d,80,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
    00,00,00,00,00,00,00,00,00,00,00,00,00,01,04,00,05,9c,00,00,00,03,ff,00,00,\
    "UserDevmode"=hex:4d,00,ac,20,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    .
    [HKEY_USERS\S-1-5-21-3312761167-2807315300-1982944300-3653\Software\Citrix\PrinterProperties\Microsoft XPS Document Writer\M*¬ ,*8*1*7*F*1*C*E*1*F*F*F*F*F*F*F*F*\CitrixPrinterData]
    "PrinterName"="M€"
    "PortName"="Client:5:Microsoft XPS Document Writer"
    "DriverName"="Citrix Universal Printer"
    "PrintProcessor"="Citrix Print Processor"
    "DataType"="RAW"
    "Parameters"=""
    "Comment"="Auto Restored Client Printer MGSN308PN"
    "Location"=""
    "Status"=dword:00000000
    "Attributes"=dword:00008040
    "CreatedHow"=dword:00000004
    "CommonAttributes"=dword:00000000
    "CommonDevmode"=hex:4d,80,00,52,4d,53,58,50,52,44,31,30,31,5c,4d,80,2c,4c,6f,
    63,61,6c,4f,6e,6c,79,2c,44,72,76,43,00,01,04,00,05,9c,00,00,00,03,ff,00,00,\
    "UserDevmode"=hex:4d,00,ac,20,00,00,52,00,4d,00,53,00,58,00,50,00,52,00,44,00,
    31,00,30,00,31,00,5c,00,4d,00,ac,20,2c,00,4c,00,6f,00,63,00,61,00,6c,00,4f,\
    .
    [HKEY_USERS\S-1-5-21-3312761167-2807315300-1982944300-3653\Software\Citrix\PrinterProperties\Microsoft XPS Document Writer\M*¬ ,*F*3*A*E*7*B*D*7*F*F*F*F*F*F*F*F*\CitrixPrinterData]
    "PrinterName"="M€"
    "PortName"="Client:4:Microsoft XPS Document Writer"
    "DriverName"="Citrix Universal Printer"
    "PrintProcessor"="Citrix Print Processor"
    "DataType"="RAW"
    "Parameters"=""
    "Comment"="Auto Restored Client Printer MGSN308PN"
    "Location"=""
    "Status"=dword:00000000
    "Attributes"=dword:00008040
    "CreatedHow"=dword:00000004
    "CommonAttributes"=dword:00000000
    "CommonDevmode"=hex:4d,80,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
    00,00,00,00,00,00,00,00,00,00,00,00,00,01,04,00,05,9c,00,00,00,03,ff,00,00,\
    "UserDevmode"=hex:4d,00,ac,20,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    .
    [HKEY_USERS\S-1-5-21-3312761167-2807315300-1982944300-3653\Software\Citrix\PrinterProperties\Microsoft XPS Document Writer\M*¬ ,*F*3*A*E*7*B*D*7*F*F*F*F*F*F*F*F*\PrinterDriverData]
    "InitDriverVersion"=dword:00000600
    "Model"="Microsoft XPS Document Writer"
    "PrinterDataSize"=dword:00000230
    "PrinterData"=hex:00,06,30,02,80,08,00,00,80,1a,06,00,00,00,00,00,00,00,00,00,
    64,00,58,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,ca,d2,f6,72,00,\
    "FeatureKeywordSize"=dword:00000002
    "FeatureKeyword"=hex:00,00
    "Forms?"=dword:72f6d2ca
    .
    [HKEY_USERS\S-1-5-21-3312761167-2807315300-1982944300-3653\Software\Citrix\PrinterProperties\Microsoft XPS Document Writer\M*¬ ,*F*6*E*3*0*1*C*8*0*0*0*0*0*0*0*0*\CitrixPrinterData]
    "PrinterName"="M€"
    "PortName"="Client:13:Microsoft XPS Document Writer"
    "DriverName"="Citrix Universal Printer"
    "PrintProcessor"="Citrix Print Processor"
    "DataType"="RAW"
    "Parameters"=""
    "Comment"="Auto Restored Client Printer M-042"
    "Location"=""
    "Status"=dword:00000080
    "Attributes"=dword:00008040
    "CreatedHow"=dword:00000004
    "CommonAttributes"=dword:00000000
    "CommonDevmode"=hex:4d,80,00,47,53,54,53,34,32,33,49,5c,4d,80,2c,4c,6f,63,61,
    6c,4f,6e,6c,79,2c,44,72,76,43,6f,6e,00,01,04,00,05,9c,00,00,00,03,ff,00,00,\
    "UserDevmode"=hex:4d,00,ac,20,00,00,47,00,53,00,54,00,53,00,34,00,32,00,33,00,
    49,00,5c,00,4d,00,ac,20,2c,00,4c,00,6f,00,63,00,61,00,6c,00,4f,00,6e,00,6c,\
    .
    [HKEY_USERS\S-1-5-21-3312761167-2807315300-1982944300-3653\Software\Citrix\PrinterProperties\Savin MP C3002 PCL 5c\M*¬ ,*1*5*5*5*1*E*A*F*0*0*0*0*0*0*0*0*\CitrixPrinterData]
    "PrinterName"="M€"
    "PortName"="Client:1:Microsoft XPS Document Writer"
    "DriverName"="Citrix Universal Printer"
    "PrintProcessor"="Citrix Print Processor"
    "DataType"="RAW"
    "Parameters"=""
    "Comment"="Auto Restored Client Printer HOME_COMPUTER_4"
    "Location"=""
    "Status"=dword:00000080
    "Attributes"=dword:00008040
    "CreatedHow"=dword:00000004
    "CommonAttributes"=dword:00000000
    "CommonDevmode"=hex:4d,80,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
    00,00,00,00,00,00,00,00,00,00,00,00,00,01,04,00,05,9c,00,00,00,03,ff,00,00,\
    "UserDevmode"=hex:4d,00,ac,20,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    .
    [HKEY_USERS\S-1-5-21-3312761167-2807315300-1982944300-3653\Software\Citrix\PrinterProperties\Send To OneNote 2010\M*¬ ,*1*5*5*5*1*E*A*F*0*0*0*0*0*0*0*0*\CitrixPrinterData]
    "PrinterName"="M€"
    "PortName"="Client:3:Microsoft XPS Document Writer"
    "DriverName"="Citrix Universal Printer"
    "PrintProcessor"="Citrix Print Processor"
    "DataType"="RAW"
    "Parameters"=""
    "Comment"="Auto Restored Client Printer CSCINDAE750775"
    "Location"=""
    "Status"=dword:00000080
    "Attributes"=dword:00008040
    "CreatedHow"=dword:00000004
    "CommonAttributes"=dword:00000000
    "CommonDevmode"=hex:4d,80,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
    00,00,00,00,00,00,00,00,00,00,00,00,00,01,04,00,05,9c,00,00,00,03,ff,00,00,\
    "UserDevmode"=hex:4d,00,ac,20,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    .
    [HKEY_USERS\S-1-5-21-3312761167-2807315300-1982944300-3653\Software\Citrix\PrinterProperties\Send To OneNote 2010\M*¬ ,*1*5*5*5*1*E*A*F*0*0*0*0*0*0*0*0*\PrinterDriverData]
    "InitDriverVersion"=dword:00000600
    "Model"="Microsoft XPS Document Writer"
    "PrinterDataSize"=dword:00000230
    "PrinterData"=hex:00,06,30,02,80,08,00,00,80,1a,06,00,00,00,00,00,00,00,00,00,
    64,00,58,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,ca,d2,f6,72,00,\
    "FeatureKeywordSize"=dword:00000002
    "FeatureKeyword"=hex:00,00
    "Forms?"=dword:72f6d2ca
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_20_0_0_228_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_20_0_0_228_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_20_0_0_228_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_20_0_0_228_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_228.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.20"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_228.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_228.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_228.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\CurrentVersion]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2015-12-11 08:03:41
    ComboFix-quarantined-files.txt 2015-12-11 13:03
    ComboFix2.txt 2015-12-10 20:38
    .
    Pre-Run: 152,916,623,360 bytes free
    Post-Run: 152,887,050,240 bytes free
    .
    - - End Of File - - 177C0B99F520984ECC402813D59365B4
    A36C5E4F47E84449FF07ED3517B43A31
     
  19. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

    • Double click to run it.
    • Make sure you checkmark Addition.txt box.
    • Press Scan button.
    • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
     
  20. GLaing

    GLaing TS Rookie Topic Starter Posts: 32

    Hi
    I have bitlocker so took some time to get into safe mode here are the safe mode logs
    Also worth noting since this problem started I also get a EmpInv.txt log that opens up on restart of PC.

    Rkill.
    Rkill 2.8.3 by Lawrence Abrams (Grinler)
    http://www.bleepingcomputer.com/
    Copyright 2008-2015 BleepingComputer.com
    More Information about Rkill can be found at this link:
    http://www.bleepingcomputer.com/forums/topic308364.html

    Program started at: 12/11/2015 11:26:43 AM in x64 mode. (Safe Mode)
    Windows Version: Windows 7 Enterprise Service Pack 1

    Checking for Windows services to stop:

    * No malware services found to stop.

    Checking for processes to terminate:

    * No malware processes found to kill.

    Checking Registry for malware related settings:

    * No issues found in the Registry.

    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

    Performing miscellaneous checks:

    * Windows Defender Disabled

    [HKLM\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware" = dword:00000001

    * Windows Defender Disabled

    [HKLM\SOFTWARE\Policies\Microsoft\Windows Defender]
    "DisableAntiSpyware" = dword:00000001

    Checking Windows Service Integrity:

    * Base Filtering Engine (BFE) is not Running.
    Startup Type set to: Automatic

    * DHCP Client (Dhcp) is not Running.
    Startup Type set to: Automatic

    * DNS Client (Dnscache) is not Running.
    Startup Type set to: Automatic

    * COM+ Event System (EventSystem) is not Running.
    Startup Type set to: Automatic

    * Windows Firewall (MpsSvc) is not Running.
    Startup Type set to: Automatic

    * Network Connections (Netman) is not Running.
    Startup Type set to: Manual

    * Network Store Interface Service (nsi) is not Running.
    Startup Type set to: Automatic

    * Windows Defender (WinDefend) is not Running.
    Startup Type set to: Manual

    * Security Center (wscsvc) is not Running.
    Startup Type set to: Automatic (Delayed Start)

    * Windows Update (wuauserv) is not Running.
    Startup Type set to: Automatic (Delayed Start)

    * Ancillary Function Driver for Winsock (AFD) is not Running.
    Startup Type set to: System

    * Windows Firewall Authorization Driver (mpsdrv) is not Running.
    Startup Type set to: Manual

    * NetBT (NetBT) is not Running.
    Startup Type set to: System

    * NSI proxy service driver. (nsiproxy) is not Running.
    Startup Type set to: System

    * NetIO Legacy TDI Support Driver (tdx) is not Running.
    Startup Type set to: System

    Searching for Missing Digital Signatures:

    * No issues found.

    Checking HOSTS File:

    * HOSTS file entries found:

    127.0.0.1 localhost

    Program finished at: 12/11/2015 11:26:51 AM
    Execution time: 0 hours(s), 0 minute(s), and 8 seconds(s)
     
  21. GLaing

    GLaing TS Rookie Topic Starter Posts: 32

    Renamed Combofix
    ComboFix 15-12-07.01 - laingg 12/11/2015 11:28:09.3.4 - x64 MINIMAL
    Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.16289.13852 [GMT -5:00]
    Running from: c:\users\laingg\Desktop\New_Version.exe
    AV: Symantec Endpoint Protection *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Symantec Endpoint Protection *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\laingg\AppData\Local\assembly\tmp
    c:\users\laingg\AppData\Roaming\MSA
    c:\users\laingg\AppData\Roaming\MSA\Outlook\msaProfile.xml
    .
    .
    ((((((((((((((((((((((((( Files Created from 2015-11-11 to 2015-12-11 )))))))))))))))))))))))))))))))
    .
    .
    2015-12-11 16:30 . 2015-12-11 16:30 -------- d-----w- c:\users\install\AppData\Local\temp
    2015-12-11 16:30 . 2015-12-11 16:30 -------- d-----w- c:\users\Default\AppData\Local\temp
    2015-12-10 18:56 . 2015-12-10 18:56 -------- d-----w- c:\users\laingg\AppData\Roaming\SUPERAntiSpyware.com
    2015-12-10 18:56 . 2015-12-10 19:22 -------- d-----w- c:\program files\SUPERAntiSpyware
    2015-12-10 18:56 . 2015-12-10 18:56 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2015-12-10 18:49 . 2015-12-10 19:43 -------- d-----w- C:\SUPERDelete
    2015-12-10 01:08 . 2015-12-10 01:08 -------- d-s---w- c:\windows\system32\CompatTel
    2015-12-10 01:08 . 2015-12-10 01:08 -------- d-----w- c:\windows\system32\appraiser
    2015-12-09 23:10 . 2015-08-05 17:56 169984 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\rtscom.dll
    2015-12-09 23:10 . 2015-08-05 17:56 353280 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\InkDiv.dll
    2015-12-09 23:10 . 2015-08-05 17:41 126464 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\rtscom.dll
    2015-12-09 23:10 . 2015-08-05 17:40 274944 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\InkDiv.dll
    2015-12-09 23:10 . 2015-08-05 17:56 1372160 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
    2015-12-09 23:10 . 2015-08-05 17:56 275456 ----a-w- c:\windows\system32\InkEd.dll
    2015-12-09 23:10 . 2015-08-05 17:56 2103296 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\InkObj.dll
    2015-12-09 23:10 . 2015-08-05 17:40 939520 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
    2015-12-09 23:10 . 2015-08-05 17:40 216064 ----a-w- c:\windows\SysWow64\InkEd.dll
    2015-12-09 23:10 . 2015-08-05 17:40 1415168 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\InkObj.dll
    2015-12-09 23:06 . 2015-06-02 00:07 254976 ----a-w- c:\windows\system32\cewmdm.dll
    2015-12-09 23:06 . 2015-06-01 23:47 210432 ----a-w- c:\windows\SysWow64\cewmdm.dll
    2015-12-09 23:04 . 2015-07-16 19:12 856064 ----a-w- c:\windows\SysWow64\rdvidcrl.dll
    2015-12-09 23:04 . 2015-07-16 19:12 53248 ----a-w- c:\windows\SysWow64\tsgqec.dll
    2015-12-09 23:04 . 2015-07-16 19:12 6131200 ----a-w- c:\windows\SysWow64\mstscax.dll
    2015-12-09 23:04 . 2015-07-16 19:11 62976 ----a-w- c:\windows\system32\tsgqec.dll
    2015-12-09 23:04 . 2015-07-16 19:11 7077376 ----a-w- c:\windows\system32\mstscax.dll
    2015-12-09 23:04 . 2015-07-16 19:11 1057792 ----a-w- c:\windows\system32\rdvidcrl.dll
    2015-12-09 23:04 . 2015-07-11 13:15 429568 ----a-w- c:\windows\system32\wksprt.exe
    2015-12-09 23:03 . 2015-08-05 17:56 1110016 ----a-w- c:\windows\system32\schedsvc.dll
    2015-12-09 23:03 . 2015-07-30 13:13 103120 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
    2015-12-09 23:03 . 2015-07-30 13:13 124624 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2015-12-09 23:01 . 2015-07-15 18:10 1743360 ----a-w- c:\windows\system32\sysmain.dll
    2015-12-09 23:01 . 2015-07-15 18:10 11264 ----a-w- c:\windows\system32\msmmsp.dll
    2015-12-09 23:01 . 2015-07-15 18:15 94656 ----a-w- c:\windows\system32\drivers\mountmgr.sys
    2015-12-09 23:01 . 2015-07-15 18:02 2560 ----a-w- c:\windows\system32\drivers\en-US\mountmgr.sys.mui
    2015-12-09 23:01 . 2015-08-06 18:04 14176768 ----a-w- c:\windows\system32\shell32.dll
    2015-12-09 23:01 . 2015-08-06 18:03 1866752 ----a-w- c:\windows\system32\ExplorerFrame.dll
    2015-12-09 23:01 . 2015-08-06 17:44 1498624 ----a-w- c:\windows\SysWow64\ExplorerFrame.dll
    2015-12-09 23:00 . 2015-06-09 18:03 3180544 ----a-w- c:\windows\system32\rdpcorets.dll
    2015-12-09 23:00 . 2015-06-09 18:03 16384 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
    2015-12-09 22:58 . 2015-08-05 17:06 39936 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
    2015-12-09 22:58 . 2015-08-05 17:56 22528 ----a-w- c:\windows\system32\icaapi.dll
    2015-12-09 22:58 . 2015-07-15 03:17 2048 ----a-w- c:\windows\system32\tzres.dll
    2015-12-09 22:58 . 2015-07-15 02:54 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2015-12-09 22:57 . 2015-07-09 17:58 82944 ----a-w- c:\windows\system32\dwmapi.dll
    2015-12-09 22:57 . 2015-07-09 17:58 1632256 ----a-w- c:\windows\system32\dwmcore.dll
    2015-12-09 22:57 . 2015-07-09 17:42 67584 ----a-w- c:\windows\SysWow64\dwmapi.dll
    2015-12-09 22:57 . 2015-07-09 17:42 1372160 ----a-w- c:\windows\SysWow64\dwmcore.dll
    2015-12-09 22:57 . 2015-07-15 03:19 52736 ----a-w- c:\windows\system32\basesrv.dll
    2015-12-09 22:55 . 2015-09-29 03:11 86528 ----a-w- c:\windows\system32\TSpkg.dll
    2015-12-09 22:54 . 2015-06-17 17:47 404992 ----a-w- c:\windows\system32\gdi32.dll
    2015-12-09 22:54 . 2015-06-17 17:37 312320 ----a-w- c:\windows\SysWow64\gdi32.dll
    2015-12-09 22:54 . 2015-09-18 19:19 73216 ----a-w- c:\windows\system32\acmigration.dll
    2015-12-09 22:54 . 2015-06-03 20:16 1239720 ----a-w- c:\windows\system32\aitstatic.exe
    2015-12-09 22:54 . 2015-09-18 19:19 700416 ----a-w- c:\windows\system32\invagent.dll
    2015-12-09 22:54 . 2015-09-18 19:19 766464 ----a-w- c:\windows\system32\generaltel.dll
    2015-12-09 22:54 . 2015-09-18 19:19 503808 ----a-w- c:\windows\system32\devinv.dll
    2015-12-09 22:54 . 2015-09-18 19:09 1163776 ----a-w- c:\windows\system32\aeinv.dll
    2015-12-09 22:54 . 2015-06-03 20:16 193536 ----a-w- c:\windows\system32\aepic.dll
    2015-12-09 22:54 . 2015-07-04 18:07 2087424 ----a-w- c:\windows\system32\ole32.dll
    2015-12-09 22:54 . 2015-07-04 17:48 1414656 ----a-w- c:\windows\SysWow64\ole32.dll
    2015-12-09 22:51 . 2015-06-15 21:45 504320 ----a-w- c:\windows\system32\msihnd.dll
    2015-12-09 22:51 . 2015-06-15 21:45 3242496 ----a-w- c:\windows\system32\msi.dll
    2015-12-09 22:51 . 2015-06-15 21:44 128000 ----a-w- c:\windows\system32\msiexec.exe
    2015-12-09 22:51 . 2015-06-15 21:43 337408 ----a-w- c:\windows\SysWow64\msihnd.dll
    2015-12-09 22:51 . 2015-06-15 21:43 2364416 ----a-w- c:\windows\SysWow64\msi.dll
    2015-12-09 22:51 . 2015-06-15 21:42 73216 ----a-w- c:\windows\SysWow64\msiexec.exe
    2015-12-09 22:51 . 2015-06-15 21:42 25088 ----a-w- c:\windows\system32\msimsg.dll
    2015-12-09 22:51 . 2015-06-15 21:37 25088 ----a-w- c:\windows\SysWow64\msimsg.dll
    2015-12-09 22:51 . 2015-07-30 18:06 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
    2015-12-09 22:51 . 2015-07-30 18:06 1180160 ----a-w- c:\windows\system32\FntCache.dll
    2015-12-09 22:51 . 2015-07-30 17:57 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
    2015-12-09 22:51 . 2015-07-30 17:57 1251328 ----a-w- c:\windows\SysWow64\DWrite.dll
    2015-12-09 22:51 . 2015-07-30 18:06 1648128 ----a-w- c:\windows\system32\DWrite.dll
    2015-12-09 22:50 . 2015-07-23 00:02 1390592 ----a-w- c:\windows\system32\diagtrack.dll
    2015-12-09 22:50 . 2015-07-23 00:02 879104 ----a-w- c:\windows\system32\tdh.dll
    2015-12-09 22:50 . 2015-07-22 17:53 635392 ----a-w- c:\windows\SysWow64\tdh.dll
    2015-12-09 22:50 . 2015-07-22 16:48 41984 ----a-w- c:\windows\system32\UtcResources.dll
    2015-12-09 22:50 . 2015-07-23 00:02 879104 ----a-w- c:\windows\system32\advapi32.dll
    2015-12-09 22:50 . 2015-07-22 17:53 641536 ----a-w- c:\windows\SysWow64\advapi32.dll
    2015-12-09 22:47 . 2015-09-02 03:04 41984 ----a-w- c:\windows\system32\lpk.dll
    2015-12-09 22:47 . 2015-09-02 03:04 100864 ----a-w- c:\windows\system32\fontsub.dll
    2015-12-09 22:47 . 2015-09-02 03:04 14336 ----a-w- c:\windows\system32\dciman32.dll
    2015-12-09 22:47 . 2015-09-02 03:04 46080 ----a-w- c:\windows\system32\atmlib.dll
    2015-12-09 22:47 . 2015-09-02 02:48 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
    2015-12-09 22:47 . 2015-09-02 02:48 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
    2015-12-09 22:47 . 2015-09-02 02:48 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
    2015-12-09 22:47 . 2015-09-02 02:47 25600 ----a-w- c:\windows\SysWow64\lpk.dll
    2015-12-09 22:47 . 2015-09-02 01:51 3209216 ----a-w- c:\windows\system32\win32k.sys
    2015-12-09 22:47 . 2015-09-02 01:47 372736 ----a-w- c:\windows\system32\atmfd.dll
    2015-12-09 22:47 . 2015-09-02 01:33 299520 ----a-w- c:\windows\SysWow64\atmfd.dll
    2015-12-09 22:04 . 2015-12-10 21:48 36608 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2015-12-09 22:03 . 2015-12-09 22:20 -------- d-----w- c:\programdata\RogueKiller
    2015-12-09 22:03 . 2015-12-09 22:03 -------- d-----w- c:\program files\RogueKiller
    2015-12-09 21:36 . 2015-12-09 21:36 -------- d-----w- c:\programdata\boost_interprocess
    2015-12-09 21:30 . 2015-12-09 21:30 -------- d-----w- c:\users\laingg\AppData\Local\CEF
    2015-12-09 21:29 . 2015-12-09 21:30 -------- d-----w- c:\program files (x86)\winwebuse
    2015-12-02 20:41 . 2015-12-02 20:51 -------- d-----w- C:\Hold
    2015-12-02 15:46 . 2015-12-02 15:46 -------- d-----w- c:\users\laingg\AppData\Roaming\KRKsoft
    2015-12-02 15:46 . 2015-12-02 15:46 -------- d-----w- c:\program files (x86)\Directory Lister
    2015-11-17 14:51 . 2015-11-17 14:51 82432 ----a-w- c:\users\laingg\AppData\Roaming\Microsoft\MSXML2\msxml4r.dll
    2015-11-17 14:51 . 2015-11-17 14:51 44544 ----a-w- c:\users\laingg\AppData\Roaming\Microsoft\MSXML2\msxml4a.dll
    2015-11-17 14:51 . 2015-11-17 14:51 1275392 ----a-w- c:\users\laingg\AppData\Roaming\Microsoft\MSXML2\msxml4.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2015-12-10 23:08 . 2015-03-04 15:06 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2015-12-09 00:46 . 2015-02-17 20:38 796864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2015-12-09 00:46 . 2015-02-17 20:38 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2015-10-30 11:54 . 2015-10-30 11:54 57344 ----a-r- c:\users\laingg\AppData\Roaming\Microsoft\Installer\{002CFA1B-7085-4489-A1CD-DAFC05BAA545}\NewShortcut2_004CA6CE20F84A5EAA175F820D52B1AC.exe
    2015-10-30 11:54 . 2015-10-30 11:54 53248 ----a-r- c:\users\laingg\AppData\Roaming\Microsoft\Installer\{002CFA1B-7085-4489-A1CD-DAFC05BAA545}\ARPPRODUCTICON.exe
    2015-10-08 17:41 . 2015-10-08 17:41 57344 ----a-r- c:\users\laingg\AppData\Roaming\Microsoft\Installer\{9E835F39-6633-4D1C-92CC-006F4D2F5E08}\NewShortcut11_98798AFA4B0B41FAA9B8FF8835A64952.exe
    2015-10-08 17:41 . 2015-10-08 17:41 57344 ----a-r- c:\users\laingg\AppData\Roaming\Microsoft\Installer\{9E835F39-6633-4D1C-92CC-006F4D2F5E08}\NewShortcut1_3F3768693B314C7692F69858832BE52C.exe
    2015-10-08 17:41 . 2015-10-08 17:41 53248 ----a-r- c:\users\laingg\AppData\Roaming\Microsoft\Installer\{9E835F39-6633-4D1C-92CC-006F4D2F5E08}\ARPPRODUCTICON.exe
    2015-10-05 13:50 . 2015-03-04 15:06 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
    2015-10-05 13:50 . 2015-03-04 15:06 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2015-10-05 13:50 . 2015-03-04 15:06 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
    2015-10-02 17:09 . 2015-02-17 20:37 143481208 ----a-w- c:\windows\system32\MRT.exe
    2015-09-29 02:58 . 2015-12-09 22:55 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2015-12-08 21:33 199488 ----a-w- c:\users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2015-12-08 21:33 199488 ----a-w- c:\users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
    @="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
    @="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
    2015-12-08 21:33 199488 ----a-w- c:\users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
    @="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
    @="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
    2015-12-08 21:33 199488 ----a-w- c:\users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2015-12-08 21:33 199488 ----a-w- c:\users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
    @="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
    @="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
    2015-12-08 21:33 199488 ----a-w- c:\users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2015-12-08 21:33 199488 ----a-w- c:\users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
    @="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
    @="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
    2015-12-08 21:33 199488 ----a-w- c:\users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2015-12-08 21:33 199488 ----a-w- c:\users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2015-12-08 21:33 199488 ----a-w- c:\users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
    @="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
    @="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
    2015-12-08 21:33 199488 ----a-w- c:\users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
    @="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
    @="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
    2015-12-08 21:33 199488 ----a-w- c:\users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2015-12-08 21:33 199488 ----a-w- c:\users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
    @="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
    @="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
    2015-12-08 21:33 199488 ----a-w- c:\users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2015-12-08 21:33 199488 ----a-w- c:\users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
    @="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
    @="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
    2015-12-08 21:33 199488 ----a-w- c:\users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
    "HP Officejet Pro 8600 (NET)"="c:\program files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" [2012-10-17 2573416]
    "Uploader"="c:\program files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe" [2015-04-01 127304]
    "Dropbox Update"="c:\users\laingg\AppData\Local\Dropbox\Update\DropboxUpdate.exe" [2015-06-29 134512]
    "ClickfreeMonitor"="c:\programdata\Clickfree\cfagent.exe" [2013-11-28 354632]
    "FibReminder"="c:\programdata\Clickfree\FullImagingBackup\FibReminder.exe" [2013-11-28 3634504]
    "uTorrent"="c:\users\laingg\AppData\Roaming\uTorrent\uTorrent.exe" [2015-12-02 2026520]
    "RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [BU]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2015-12-10 7935904]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-07-17 642816]
    "TRUUpdater"="c:\program files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe" [2013-05-02 355144]
    "WatcherHelper"="c:\program files (x86)\Sierra Wireless Inc\3G Watcher\WaHelper.exe" [2013-05-02 164680]
    "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-12-16 462974]
    "ADMapperNotify"="c:\program files (x86)\msg services ag\AD Mapper Notify\ADMapperNotify.exe" [2014-03-26 123392]
    "ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2012-12-14 383544]
    "CitrixReceiver"="c:\programdata\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk" [BU]
    "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
    "Communicator"="c:\program files (x86)\Microsoft Lync\communicator.exe" [2015-07-21 12119360]
    "IBM Lotus Notes Preloader"="c:\lotus\Notes\nntspreld.exe" [2011-09-16 25480]
    "KeePass 2 PreLoad"="c:\program files (x86)\KeePass Password Safe 2\KeePass.exe" [2014-02-03 2092032]
    "DBAgent"="c:\program files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe" [2015-04-01 1533728]
    "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
    "PulseSecure"="c:\program files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe" [2015-03-11 2826584]
    "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [2015-09-26 3498728]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "screen"="powershell.exe" [BU]
    .
    c:\users\laingg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Citrix Receiver.lnk - c:\program files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe [2012-12-12 54320]
    Dropbox.lnk - c:\users\laingg\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-5-4 24952456]
    Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk - c:\windows\system32\RunDll32.exe [2009-7-13 45568]
    Verizon Wireless Software Utility Application for Android – Samsung.lnk - c:\users\laingg\AppData\Roaming\VERIZON\UA_ar\UA.exe [2015-10-5 1245504]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Empirum Inventory.lnk - c:\windows\System32\Empirum\EmpInventory.exe [2015-2-17 3901784]
    .
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Citrix Receiver.lnk - c:\program files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe [2012-12-12 54320]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "DisableCAD"= 1 (0x1)
    "EnableLinkedConnections"= 1 (0x1)
    "MaxGPOScriptWait"= 180 (0xb4)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~2\Citrix\ICACLI~1\RSHook.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u msoidssp
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3312761167-2807315300-1982944300-3653\Scripts\Logon\0\0]
    "Script"=startPopup.bat
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3312761167-2807315300-1982944300-3653\Scripts\Logon\0\1]
    "Script"=msg.Services.LogonScript.Main.wsf
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3312761167-2807315300-1982944300-3653\Scripts\Logon\0\2]
    "Script"=writetodbuser.vbs
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    R1 BHDrvx64;BHDrvx64;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\BASHDefs\20151113.011\BHDrvx64.sys;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\BASHDefs\20151113.011\BHDrvx64.sys [x]
    R1 ccSettings_{3771A34D-2132-48EA-A486-D62ECDF9D553};Symantec Endpoint Protection 12.1.2015.2015.105 Settings Manager;c:\windows\system32\Drivers\SEP\0C0107DF\07DF.105\x64\ccSetx64.sys;c:\windows\SYSNATIVE\Drivers\SEP\0C0107DF\07DF.105\x64\ccSetx64.sys [x]
    R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]
    R1 IDSVia64;IDSVia64;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\IPSDefs\20151208.014\IDSvia64.sys;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\IPSDefs\20151208.014\IDSvia64.sys [x]
    R1 jnprns;Juniper Network Service;c:\windows\system32\DRIVERS\jnprns.sys;c:\windows\SYSNATIVE\DRIVERS\jnprns.sys [x]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\Drivers\SEP\0C0107DF\07DF.105\x64\Ironx64.SYS;c:\windows\SYSNATIVE\Drivers\SEP\0C0107DF\07DF.105\x64\Ironx64.SYS [x]
    R1 SYMNETS;Symantec Network Security WFP Driver;c:\windows\system32\Drivers\SEP\0C0107DF\07DF.105\x64\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\SEP\0C0107DF\07DF.105\x64\SYMNETS.SYS [x]
    R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
    R2 ARPriv;Citrix Receiver Install Helper Service;c:\program files (x86)\Citrix\Receiver\PrivService.exe;c:\program files (x86)\Citrix\Receiver\PrivService.exe [x]
    R2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
    R2 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
    R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
     
  22. GLaing

    GLaing TS Rookie Topic Starter Posts: 32

    R2 Dell.PowerManager.Service;Dell.PowerManager.Service;c:\windows\system32\dllhost.exe;c:\windows\SYSNATIVE\dllhost.exe [x]
    R2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
    R2 EraserSvc11510;Symantec Eraser Service;c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe;c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe [x]
    R2 ERIS;Empirum Remote Installation Service;c:\windows\system32\Empirum\Eris.exe;c:\windows\SYSNATIVE\Empirum\Eris.exe [x]
    R2 FibUacService;FibUacService;c:\programdata\Clickfree\FullImagingBackup\FibUac.exe;c:\programdata\Clickfree\FullImagingBackup\FibUac.exe [x]
    R2 FullImagingService;FullImagingService;c:\programdata\Clickfree\FullImagingBackup\FullImagingService.exe;c:\programdata\Clickfree\FullImagingBackup\FullImagingService.exe [x]
    R2 JuniperAccessService;Pulse Secure Network Service;c:\program files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe;c:\program files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe [x]
    R2 LNSUSvc;Lotus Notes Smart Upgrade Service;c:\lotus\Notes\SUService.exe;c:\lotus\Notes\SUService.exe [x]
    R2 Lotus Notes Diagnostics;Lotus Notes Diagnostics;c:\lotus\Notes\nsd.exe;c:\lotus\Notes\nsd.exe [x]
    R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
    R2 msoidsvc;Microsoft Online Services Sign-in Assistant;c:\program files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE;c:\program files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [x]
    R2 NWSAPAutoWorkstationUpdateSvc;SAPSetup Automatic Workstation Update Service;c:\program files (x86)\SAP\SAPsetup\Setup\Updater\NwSapAutoWorkstationUpdateService.exe;c:\program files (x86)\SAP\SAPsetup\Setup\Updater\NwSapAutoWorkstationUpdateService.exe [x]
    R2 PDF Architect 3 Creator;PDF Architect 3 Creator;c:\program files (x86)\PDF Architect 3\creator-ws.exe;c:\program files (x86)\PDF Architect 3\creator-ws.exe [x]
    R2 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe;c:\program files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe [x]
    R2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]
    R2 Seagate Dashboard Services;Seagate Dashboard Services;c:\program files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe;c:\program files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [x]
    R2 Seagate MobileBackup Service;Seagate MobileBackup Service;c:\program files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe;c:\program files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [x]
    R2 SepMasterService;Symantec Endpoint Protection;c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe;c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;c:\program files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe;c:\program files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [x]
    R2 SwiService;Sierra Wireless Service;c:\program files (x86)\Sierra Wireless Inc\Utils\SWIService.exe;c:\program files (x86)\Sierra Wireless Inc\Utils\SWIService.exe [x]
    R2 WinTaskSvc;Window Web Access;c:\program files (x86)\winwebuse\WinWebSync.exe;c:\program files (x86)\winwebuse\WinWebSync.exe [x]
    R2 WinTaskSvc2;Window Web Access2;c:\program files (x86)\winwebuse\WinWebSync_.exe;c:\program files (x86)\winwebuse\WinWebSync_.exe [x]
    R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
    R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
    R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
    R3 dcdbas;System Management Driver;c:\windows\system32\DRIVERS\dcdbas64.sys;c:\windows\SYSNATIVE\DRIVERS\dcdbas64.sys [x]
    R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
    R3 e1dexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver D;c:\windows\system32\DRIVERS\e1d62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1d62x64.sys [x]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
    R3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
    R3 irstrtdv;Intel(R) Rapid Start Technology Driver;c:\windows\system32\drivers\irstrtdv.sys;c:\windows\SYSNATIVE\drivers\irstrtdv.sys [x]
    R3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\drivers\ISCTD64.sys;c:\windows\SYSNATIVE\drivers\ISCTD64.sys [x]
    R3 JNPRNA;Juniper Network Agent Miniport;c:\windows\system32\DRIVERS\jnprna6.sys;c:\windows\SYSNATIVE\DRIVERS\jnprna6.sys [x]
    R3 jnprva;Juniper Networks Virtual Adapter Service;c:\windows\system32\DRIVERS\jnprva.sys;c:\windows\SYSNATIVE\DRIVERS\jnprva.sys [x]
    R3 JnprVaMgr;Juniper Networks Virtual Adapter Manager Service;c:\windows\system32\DRIVERS\jnprvamgr.sys;c:\windows\SYSNATIVE\DRIVERS\jnprvamgr.sys [x]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
    R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
    R3 PDF Architect 3 CrashHandler;PDF Architect 3 CrashHandler;c:\program files (x86)\PDF Architect 3\crash-handler-ws.exe;c:\program files (x86)\PDF Architect 3\crash-handler-ws.exe [x]
    R3 PDF Architect 3;PDF Architect 3;c:\program files (x86)\PDF Architect 3\ws.exe;c:\program files (x86)\PDF Architect 3\ws.exe [x]
    R3 PsxDrv;PsxDrv;c:\windows\system32\drivers\psxdrv.sys;c:\windows\SYSNATIVE\drivers\psxdrv.sys [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
    R3 swg3knmea05;Sierra Wireless QMI NMEA Communication - Dell;c:\windows\system32\drivers\swg3knmea05.sys;c:\windows\SYSNATIVE\drivers\swg3knmea05.sys [x]
    R3 swg3kser05;Sierra Wireless QMI USB Device for Legacy Serial Communication - Dell;c:\windows\system32\drivers\swg3kser05.sys;c:\windows\SYSNATIVE\drivers\swg3kser05.sys [x]
    R3 swibus05;Sierra Wireless Bus Enumerator 05;c:\windows\system32\drivers\swibus05.sys;c:\windows\SYSNATIVE\drivers\swibus05.sys [x]
    R3 swibusflt05;Sierra Wireless Bus Enumerator Filter 05;c:\windows\system32\drivers\swibusflt05.sys;c:\windows\SYSNATIVE\drivers\swibusflt05.sys [x]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
    R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
    R4 jnprTdi_812_54585;Juniper Networks TDI Filter Driver (jnprTdi_812_54585);c:\windows\system32\Drivers\jnprTdi_812_54585.sys;c:\windows\SYSNATIVE\Drivers\jnprTdi_812_54585.sys [x]
    R4 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
    S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\drivers\amdkmpfd.sys;c:\windows\SYSNATIVE\drivers\amdkmpfd.sys [x]
    S0 iaStorA;iaStorA;c:\windows\system32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
    S0 iaStorF;iaStorF;c:\windows\system32\drivers\iaStorF.sys;c:\windows\SYSNATIVE\drivers\iaStorF.sys [x]
    S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys;c:\windows\SYSNATIVE\DRIVERS\stdcfltn.sys [x]
    S0 SymDS;Symantec Data Store;c:\windows\system32\Drivers\SEP\0C0107DF\07DF.105\x64\SYMDS64.SYS;c:\windows\SYSNATIVE\Drivers\SEP\0C0107DF\07DF.105\x64\SYMDS64.SYS [x]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\Drivers\SEP\0C0107DF\07DF.105\x64\SYMEFA64.SYS;c:\windows\SYSNATIVE\Drivers\SEP\0C0107DF\07DF.105\x64\SYMEFA64.SYS [x]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
    S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
    S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
    S3 O2FJ2RDR;O2FJ2RDR;c:\windows\system32\DRIVERS\O2FJ2w7x64.sys;c:\windows\SYSNATIVE\DRIVERS\O2FJ2w7x64.sys [x]
    S3 ST_ACCEL;STMicroelectronics Accelerometer Service;c:\windows\system32\DRIVERS\ST_Accel.sys;c:\windows\SYSNATIVE\DRIVERS\ST_Accel.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2015-12-09 05:45 1000264 ----a-w- c:\program files (x86)\Google\Chrome\Application\47.0.2526.80\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2015-12-11 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-17 00:46]
    .
    2015-12-11 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3312761167-2807315300-1982944300-3653Core.job
    - c:\users\laingg\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-29 12:57]
    .
    2015-12-11 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3312761167-2807315300-1982944300-3653UA.job
    - c:\users\laingg\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-29 12:57]
    .
    2015-12-11 c:\windows\Tasks\FaxArchive_CN41BFW0V705KC.job
    - c:\program files\HP\HP Officejet Pro 8600\Bin\FaxApplications.exe [2012-10-17 09:34]
    .
    2015-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-06-29 13:16]
    .
    2015-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-06-29 13:16]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2015-12-08 21:33 236352 ----a-w- c:\users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2015-12-08 21:33 236352 ----a-w- c:\users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
    @="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
    2015-12-08 21:33 236352 ----a-w- c:\users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
    @="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
    2015-12-08 21:33 236352 ----a-w- c:\users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2015-12-08 21:33 236352 ----a-w- c:\users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
    @="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
    2015-12-08 21:33 236352 ----a-w- c:\users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2015-12-08 21:33 236352 ----a-w- c:\users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
    @="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
    2015-12-08 21:33 236352 ----a-w- c:\users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "erisui"="c:\windows\system32\Empirum\eris_ui" [X]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2013-11-01 708952]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-11-01 165872]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-11-01 407536]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2013-11-01 444400]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2013-11-01 7202520]
    "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2013-11-01 1321688]
    "WavesSvc"="c:\program files\Realtek\Audio\HDA\WavesSvc64.exe" [2013-11-01 115968]
    "RtHDVBg_PushButton"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2013-11-01 1321688]
    "BLEServicesCtrl"="c:\program files (x86)\Intel\Bluetooth\BleServicesCtrl.exe" [2012-09-17 184112]
    "BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshellex.dll" [2013-05-21 7830328]
    "Eraser"="c:\progra~1\Eraser\Eraser.exe" [2012-05-22 980920]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2014-02-28 558496]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = <-loopback>
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
    Trusted Zone: msg-gillardon.de
    Trusted Zone: msg-global.com
    Trusted Zone: msg.ag\int.root
    Trusted Zone: msg.ag\root
    Trusted Zone: msg.de
    Trusted Zone: msg.de\citrix
    Trusted Zone: prevo.ch
    TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
    FF - ProfilePath - c:\users\laingg\AppData\Roaming\Mozilla\Firefox\Profiles\u4ymof4y.default-1449696621196\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    AddRemove-{1B9604EE-B104-45C8-8551-5F63BA631E23} - c:\programdata\{FA77A43D-F6ED-4924-87B5-517C061388C6}\WeatherBugSetup.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SepMasterService]
    "ImagePath"="\"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe\" /s \"Symantec Endpoint Protection\" /m \"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\sms.dll\" /prefetch:1"
    --
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SmcService]
    "ImagePath"="\"c:\program files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\Smc.exe\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3312761167-2807315300-1982944300-3653\Software\Citrix\PrinterProperties\HP Officejet Pro 8600 (Network)\M*¬ ,*F*6*E*3*0*1*C*8*0*0*0*0*0*0*0*0*\CitrixPrinterData]
    "PrinterName"="M€"
    "PortName"="Client:4:Microsoft XPS Document Writer"
    "DriverName"="Citrix Universal Printer"
    "PrintProcessor"="Citrix Print Processor"
    "DataType"="RAW"
    "Parameters"=""
    "Comment"="Auto Restored Client Printer MGSN57SG"
    "Location"=""
    "Status"=dword:00000080
    "Attributes"=dword:00008040
    "CreatedHow"=dword:00000004
    "CommonAttributes"=dword:00000000
    "CommonDevmode"=hex:4d,80,00,47,53,54,53,34,32,32,49,5c,4d,80,2c,4c,6f,63,61,
    6c,4f,6e,6c,79,2c,44,72,76,43,6f,6e,00,01,04,00,05,9c,00,00,00,03,ff,00,00,\
    "UserDevmode"=hex:4d,00,ac,20,00,00,47,00,53,00,54,00,53,00,34,00,32,00,32,00,
    49,00,5c,00,4d,00,ac,20,2c,00,4c,00,6f,00,63,00,61,00,6c,00,4f,00,6e,00,6c,\
    .
    [HKEY_USERS\S-1-5-21-3312761167-2807315300-1982944300-3653\Software\Citrix\PrinterProperties\Microsoft XPS Document Writer\M*¬ ,*3*F*A*F*E*F*4*7*F*F*F*F*F*F*F*F*\CitrixPrinterData]
    "PrinterName"="M€"
    "PortName"="Client:6:Microsoft XPS Document Writer"
    "DriverName"="Citrix Universal Printer"
    "PrintProcessor"="Citrix Print Processor"
    "DataType"="RAW"
    "Parameters"=""
    "Comment"="Auto Restored Client Printer MGSN308PN"
    "Location"=""
    "Status"=dword:00000000
    "Attributes"=dword:00008040
    "CreatedHow"=dword:00000004
    "CommonAttributes"=dword:00000000
    "CommonDevmode"=hex:4d,80,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
    00,00,00,00,00,00,00,00,00,00,00,00,00,01,04,00,05,9c,00,00,00,03,ff,00,00,\
    "UserDevmode"=hex:4d,00,ac,20,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    .
    [HKEY_USERS\S-1-5-21-3312761167-2807315300-1982944300-3653\Software\Citrix\PrinterProperties\Microsoft XPS Document Writer\M*¬ ,*5*1*7*6*B*0*C*A*0*0*0*0*0*0*0*0*\CitrixPrinterData]
    "PrinterName"="M€"
    "PortName"="Client:2:Microsoft XPS Document Writer"
    "DriverName"="Citrix Universal Printer"
    "PrintProcessor"="Citrix Print Processor"
    "DataType"="RAW"
    "Parameters"=""
    "Comment"="Auto Restored Client Printer MGSN270PN"
    "Location"=""
    "Status"=dword:00000080
    "Attributes"=dword:00008040
    "CreatedHow"=dword:00000004
    "CommonAttributes"=dword:00000000
    "CommonDevmode"=hex:4d,80,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
    00,00,00,00,00,00,00,00,00,00,00,00,00,01,04,00,05,9c,00,00,00,03,ff,00,00,\
    "UserDevmode"=hex:4d,00,ac,20,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    .
    [HKEY_USERS\S-1-5-21-3312761167-2807315300-1982944300-3653\Software\Citrix\PrinterProperties\Microsoft XPS Document Writer\M*¬ ,*8*1*7*F*1*C*E*1*F*F*F*F*F*F*F*F*\CitrixPrinterData]
    "PrinterName"="M€"
    "PortName"="Client:5:Microsoft XPS Document Writer"
    "DriverName"="Citrix Universal Printer"
    "PrintProcessor"="Citrix Print Processor"
    "DataType"="RAW"
    "Parameters"=""
    "Comment"="Auto Restored Client Printer MGSN308PN"
    "Location"=""
    "Status"=dword:00000000
    "Attributes"=dword:00008040
    "CreatedHow"=dword:00000004
    "CommonAttributes"=dword:00000000
    "CommonDevmode"=hex:4d,80,00,52,4d,53,58,50,52,44,31,30,31,5c,4d,80,2c,4c,6f,
    63,61,6c,4f,6e,6c,79,2c,44,72,76,43,00,01,04,00,05,9c,00,00,00,03,ff,00,00,\
    "UserDevmode"=hex:4d,00,ac,20,00,00,52,00,4d,00,53,00,58,00,50,00,52,00,44,00,
    31,00,30,00,31,00,5c,00,4d,00,ac,20,2c,00,4c,00,6f,00,63,00,61,00,6c,00,4f,\
    .
    [HKEY_USERS\S-1-5-21-3312761167-2807315300-1982944300-3653\Software\Citrix\PrinterProperties\Microsoft XPS Document Writer\M*¬ ,*F*3*A*E*7*B*D*7*F*F*F*F*F*F*F*F*\CitrixPrinterData]
    "PrinterName"="M€"
    "PortName"="Client:4:Microsoft XPS Document Writer"
    "DriverName"="Citrix Universal Printer"
    "PrintProcessor"="Citrix Print Processor"
    "DataType"="RAW"
    "Parameters"=""
    "Comment"="Auto Restored Client Printer MGSN308PN"
    "Location"=""
    "Status"=dword:00000000
    "Attributes"=dword:00008040
    "CreatedHow"=dword:00000004
    "CommonAttributes"=dword:00000000
    "CommonDevmode"=hex:4d,80,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
    00,00,00,00,00,00,00,00,00,00,00,00,00,01,04,00,05,9c,00,00,00,03,ff,00,00,\
    "UserDevmode"=hex:4d,00,ac,20,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    .
    [HKEY_USERS\S-1-5-21-3312761167-2807315300-1982944300-3653\Software\Citrix\PrinterProperties\Microsoft XPS Document Writer\M*¬ ,*F*3*A*E*7*B*D*7*F*F*F*F*F*F*F*F*\PrinterDriverData]
    "InitDriverVersion"=dword:00000600
    "Model"="Microsoft XPS Document Writer"
    "PrinterDataSize"=dword:00000230
    "PrinterData"=hex:00,06,30,02,80,08,00,00,80,1a,06,00,00,00,00,00,00,00,00,00,
    64,00,58,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,ca,d2,f6,72,00,\
    "FeatureKeywordSize"=dword:00000002
    "FeatureKeyword"=hex:00,00
    "Forms?"=dword:72f6d2ca
    .
    [HKEY_USERS\S-1-5-21-3312761167-2807315300-1982944300-3653\Software\Citrix\PrinterProperties\Microsoft XPS Document Writer\M*¬ ,*F*6*E*3*0*1*C*8*0*0*0*0*0*0*0*0*\CitrixPrinterData]
    "PrinterName"="M€"
    "PortName"="Client:13:Microsoft XPS Document Writer"
    "DriverName"="Citrix Universal Printer"
    "PrintProcessor"="Citrix Print Processor"
    "DataType"="RAW"
    "Parameters"=""
    "Comment"="Auto Restored Client Printer M-042"
    "Location"=""
    "Status"=dword:00000080
    "Attributes"=dword:00008040
    "CreatedHow"=dword:00000004
    "CommonAttributes"=dword:00000000
    "CommonDevmode"=hex:4d,80,00,47,53,54,53,34,32,33,49,5c,4d,80,2c,4c,6f,63,61,
    6c,4f,6e,6c,79,2c,44,72,76,43,6f,6e,00,01,04,00,05,9c,00,00,00,03,ff,00,00,\
    "UserDevmode"=hex:4d,00,ac,20,00,00,47,00,53,00,54,00,53,00,34,00,32,00,33,00,
    49,00,5c,00,4d,00,ac,20,2c,00,4c,00,6f,00,63,00,61,00,6c,00,4f,00,6e,00,6c,\
    .
    [HKEY_USERS\S-1-5-21-3312761167-2807315300-1982944300-3653\Software\Citrix\PrinterProperties\Savin MP C3002 PCL 5c\M*¬ ,*1*5*5*5*1*E*A*F*0*0*0*0*0*0*0*0*\CitrixPrinterData]
    "PrinterName"="M€"
    "PortName"="Client:1:Microsoft XPS Document Writer"
    "DriverName"="Citrix Universal Printer"
    "PrintProcessor"="Citrix Print Processor"
    "DataType"="RAW"
    "Parameters"=""
    "Comment"="Auto Restored Client Printer HOME_COMPUTER_4"
    "Location"=""
    "Status"=dword:00000080
    "Attributes"=dword:00008040
    "CreatedHow"=dword:00000004
    "CommonAttributes"=dword:00000000
    "CommonDevmode"=hex:4d,80,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
    00,00,00,00,00,00,00,00,00,00,00,00,00,01,04,00,05,9c,00,00,00,03,ff,00,00,\
    "UserDevmode"=hex:4d,00,ac,20,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    .
    [HKEY_USERS\S-1-5-21-3312761167-2807315300-1982944300-3653\Software\Citrix\PrinterProperties\Send To OneNote 2010\M*¬ ,*1*5*5*5*1*E*A*F*0*0*0*0*0*0*0*0*\CitrixPrinterData]
    "PrinterName"="M€"
    "PortName"="Client:3:Microsoft XPS Document Writer"
    "DriverName"="Citrix Universal Printer"
    "PrintProcessor"="Citrix Print Processor"
    "DataType"="RAW"
    "Parameters"=""
    "Comment"="Auto Restored Client Printer CSCINDAE750775"
    "Location"=""
    "Status"=dword:00000080
    "Attributes"=dword:00008040
    "CreatedHow"=dword:00000004
    "CommonAttributes"=dword:00000000
    "CommonDevmode"=hex:4d,80,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
    00,00,00,00,00,00,00,00,00,00,00,00,00,01,04,00,05,9c,00,00,00,03,ff,00,00,\
    "UserDevmode"=hex:4d,00,ac,20,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
    00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
    .
    [HKEY_USERS\S-1-5-21-3312761167-2807315300-1982944300-3653\Software\Citrix\PrinterProperties\Send To OneNote 2010\M*¬ ,*1*5*5*5*1*E*A*F*0*0*0*0*0*0*0*0*\PrinterDriverData]
    "InitDriverVersion"=dword:00000600
    "Model"="Microsoft XPS Document Writer"
    "PrinterDataSize"=dword:00000230
    "PrinterData"=hex:00,06,30,02,80,08,00,00,80,1a,06,00,00,00,00,00,00,00,00,00,
    64,00,58,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,ca,d2,f6,72,00,\
    "FeatureKeywordSize"=dword:00000002
    "FeatureKeyword"=hex:00,00
    "Forms?"=dword:72f6d2ca
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_20_0_0_228_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_20_0_0_228_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_20_0_0_228_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_20_0_0_228_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_228.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.20"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_228.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_228.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_228.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\CurrentVersion]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2015-12-11 11:31:52
    ComboFix-quarantined-files.txt 2015-12-11 16:31
    ComboFix2.txt 2015-12-11 13:03
    ComboFix3.txt 2015-12-10 20:38
    .
    Pre-Run: 152,679,292,928 bytes free
    Post-Run: 152,519,536,640 bytes free
    .
    - - End Of File - - F40208334C29A3E57EE9B7F0EE5A8FB1
    A36C5E4F47E84449FF07ED3517B43A31
     
  23. GLaing

    GLaing TS Rookie Topic Starter Posts: 32

    Farbar results Status: Issue still persists
    First
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-12-2015
    Ran by laingg (administrator) on MGSN308PN (11-12-2015 11:40:38)
    Running from C:\Users\laingg\Downloads
    Loaded Profiles: laingg (Available Profiles: laingg & install)
    Platform: Windows 7 Enterprise Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
     
  24. GLaing

    GLaing TS Rookie Topic Starter Posts: 32

    (Microsoft Corporation) C:\Windows\System32\psxss.exe
    (AMD) C:\Windows\System32\atiesrxx.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Pulse Secure, LLC) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Pulse Secure, LLC) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\PrivService.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Matrix42 AG) C:\Windows\System32\Empirum\ERIS.exe
    (Storage Appliance Corp.) C:\ProgramData\Clickfree\FullImagingBackup\FibUac.exe
    (IBM Corp) C:\Lotus\Notes\SUService.exe
    (IBM) C:\Lotus\Notes\nsd.exe
    (Microsoft Corporation) C:\Windows\System32\msiexec.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
    (IBM Corp) C:\Lotus\Notes\ntmulti.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVCM.EXE
    (pdfforge GmbH) C:\Program Files (x86)\PDF Architect 3\creator-ws.exe
    (Rosetta Stone Ltd.) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
    (Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
    (Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
    (Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe
    (Sierra Wireless, Inc.) C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe
    (Sierra Wireless, Inc.) C:\Program Files (x86)\Sierra Wireless Inc\Utils\SwiService.exe
    (Grayscale LLC) C:\Program Files (x86)\winwebuse\WinWebSync.exe
    (Grayscale LLC) C:\Program Files (x86)\winwebuse\WinWebSync_.exe
    () C:\ProgramData\Clickfree\FullImagingBackup\FullImagingService.exe
    (Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\Smc.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe
    (Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
    (Waves Audio Ltd.) C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Matrix42 AG) C:\Windows\System32\Empirum\ERIS_UI.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
    (The Eraser Project) C:\Program Files\Eraser\Eraser.exe
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
    (Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
    (Dropbox, Inc.) C:\Users\laingg\AppData\Local\Dropbox\Update\DropboxUpdate.exe
    (Storage Appliance Corp.) C:\ProgramData\Clickfree\cfagent.exe
    (Storage Appliance Corp.) C:\ProgramData\Clickfree\FullImagingBackup\FibReminder.exe
    (BitTorrent Inc.) C:\Users\laingg\AppData\Roaming\uTorrent\uTorrent.exe
    (Microsoft Corporation) C:\Windows\System32\StikyNot.exe
    (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
    (Dropbox, Inc.) C:\Users\laingg\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (Sierra Wireless, Inc.) C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe
    (SAMSUNG Electornics Co., Ltd.) C:\Users\laingg\AppData\Roaming\VERIZON\UA_ar\UA.exe
    (Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
    (msg services ag) C:\Program Files (x86)\msg services ag\AD Mapper Notify\ADMapperNotify.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
    (Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
    (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    (Pulse Secure, LLC) C:\Program Files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe
    (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
    (BitTorrent Inc.) C:\Users\laingg\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe
    (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
    (BitTorrent Inc.) C:\Users\laingg\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe
    (BitTorrent Inc.) C:\Users\laingg\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe
    (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
    (Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DeviceAgent.exe
    (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (SAP AG) C:\Program Files (x86)\SAP\SapSetup\Setup\Updater\NwSapAutoWorkstationUpdateService.exe
    (O2Micro International) C:\Windows\System32\drivers\o2flash.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    (Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Grayscale LLC) C:\Program Files (x86)\winwebuse\WinWebUse_.exe
    (Grayscale LLC) C:\Program Files (x86)\winwebuse\WinWebUse_.exe
    (Grayscale LLC) C:\Program Files (x86)\winwebuse\WinWebUse_.exe
    (Grayscale LLC) C:\Program Files (x86)\winwebuse\WinWebUse_.exe
    (Grayscale LLC) C:\Program Files (x86)\winwebuse\winwebtask.exe
    (Grayscale LLC) C:\Program Files (x86)\winwebuse\WinWebUse.exe
    (Grayscale LLC) C:\Program Files (x86)\winwebuse\WinWebUse.exe
    (Grayscale LLC) C:\Program Files (x86)\winwebuse\WinWebUse.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [708952 2013-10-31] (Alps Electric Co., Ltd.)
    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-10-31] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-10-31] (Realtek Semiconductor)
    HKLM\...\Run: [WavesSvc] => C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe [115968 2013-10-31] (Waves Audio Ltd.)
    HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-10-31] (Realtek Semiconductor)
    HKLM\...\Run: [erisui] => "C:\Windows\system32\Empirum\eris_ui" /hide
    HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [184112 2012-09-16] (Intel Corporation)
    HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
    HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [980920 2012-05-22] (The Eraser Project)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642816 2013-07-17] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [TRUUpdater] => C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe [355144 2013-05-02] (Sierra Wireless, Inc.)
    HKLM-x32\...\Run: [WatcherHelper] => C:\Program Files (x86)\Sierra Wireless Inc\3G Watcher\WaHelper.exe [164680 2013-05-02] (Sierra Wireless Inc.)
    HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [462974 2011-12-16] (Creative Technology Ltd)
    HKLM-x32\...\Run: [ADMapperNotify] => C:\Program Files (x86)\msg services ag\AD Mapper Notify\ADMapperNotify.exe [123392 2014-03-26] (msg services ag)
    HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [383544 2012-12-14] (Citrix Systems, Inc.)
    HKLM-x32\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
    HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
    HKLM-x32\...\Run: [Communicator] => C:\Program Files (x86)\Microsoft Lync\communicator.exe [12119360 2015-07-21] (Microsoft Corporation)
    HKLM-x32\...\Run: [IBM Lotus Notes Preloader] => C:\Lotus\Notes\nntspreld.exe [25480 2011-09-16] (IBM Corp)
    HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2092032 2014-02-03] (Dominik Reichl)
    HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1533728 2015-04-01] (Seagate Technology LLC)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [PulseSecure] => C:\Program Files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe [2826584 2015-03-11] (Pulse Secure, LLC)
    HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498728 2015-09-26] (Adobe Systems Inc.)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-3312761167-2807315300-1982944300-3653\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
    HKU\S-1-5-21-3312761167-2807315300-1982944300-3653\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [127304 2015-04-01] (Seagate Technology LLC)
    HKU\S-1-5-21-3312761167-2807315300-1982944300-3653\...\Run: [Dropbox Update] => C:\Users\laingg\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-29] (Dropbox, Inc.)
    HKU\S-1-5-21-3312761167-2807315300-1982944300-3653\...\Run: [ClickfreeMonitor] => c:\programdata\Clickfree\cfagent.exe [354632 2013-11-28] (Storage Appliance Corp.)
    HKU\S-1-5-21-3312761167-2807315300-1982944300-3653\...\Run: [FibReminder] => c:\programdata\Clickfree\FullImagingBackup\FibReminder.exe [3634504 2013-11-28] (Storage Appliance Corp.)
    HKU\S-1-5-21-3312761167-2807315300-1982944300-3653\...\Run: [uTorrent] => C:\Users\laingg\AppData\Roaming\uTorrent\uTorrent.exe [2026520 2015-12-02] (BitTorrent Inc.)
    HKU\S-1-5-21-3312761167-2807315300-1982944300-3653\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
    HKU\S-1-5-21-3312761167-2807315300-1982944300-3653\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7935904 2015-12-10] (SUPERAntiSpyware)
    HKU\S-1-5-18\...\RunOnce: [screen] => powershell.exe c:\windows\msa\script\screen.ps1
    AppInit_DLLs-x32: C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll => C:\Program Files (x86)\Citrix\ICA Client\RSHook.dll [256568 2012-12-14] (Citrix Systems, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\laingg\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empirum Inventory.lnk [2015-12-09]
    ShortcutTarget: Empirum Inventory.lnk -> C:\Windows\System32\Empirum\EmpInventory.exe (Matrix42 AG)
    Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Citrix Receiver.lnk [2014-01-28]
    ShortcutTarget: Citrix Receiver.lnk -> C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe (Citrix Systems, Inc.)
    Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Citrix Receiver.lnk [2014-01-28]
    ShortcutTarget: Citrix Receiver.lnk -> C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe (Citrix Systems, Inc.)
    Startup: C:\Users\laingg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Citrix Receiver.lnk [2015-12-09]
    ShortcutTarget: Citrix Receiver.lnk -> C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe (Citrix Systems, Inc.)
    Startup: C:\Users\laingg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-12-10]
    ShortcutTarget: Dropbox.lnk -> C:\Users\laingg\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    Startup: C:\Users\laingg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk [2015-12-09]
    ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk -> (No File)
    Startup: C:\Users\laingg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk [2015-10-08]
    ShortcutTarget: Verizon Wireless Software Utility Application for Android – Samsung.lnk -> C:\Users\laingg\AppData\Roaming\VERIZON\UA_ar\UA.exe (SAMSUNG Electornics Co., Ltd.)
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
    Tcpip\..\Interfaces\{22F8A5A9-DF26-4B11-B297-56D9B536B8F4}: [DhcpNameServer] 75.75.75.75 75.75.76.76
    Tcpip\..\Interfaces\{BE3395A6-A4D4-4123-B9DA-E844F0290748}: [DhcpNameServer] 75.75.75.75 75.75.76.76

    Internet Explorer:
    ==================
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-3312761167-2807315300-1982944300-3653\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-3312761167-2807315300-1982944300-3653\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    SearchScopes: HKLM -> DefaultScope {E60943C8-32BD-41AC-B32B-A0B0FA06B6DC} URL = hxxp://www.google.de/search?q={searchTerms}
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {E60943C8-32BD-41AC-B32B-A0B0FA06B6DC} URL = hxxp://www.google.de/search?q={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {DDE9F37F-19AE-414A-9A2D-D1F2CF18D935} URL = hxxp://www.google.de/search?q={searchTerms}
    SearchScopes: HKLM-x32 -> {DDE9F37F-19AE-414A-9A2D-D1F2CF18D935} URL = hxxp://www.google.de/search?q={searchTerms}
    BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\SnagIt 9\DLLx64\SnagItBHO64.dll [2008-05-15] (TechSmith Corporation)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-02-28] (Oracle Corporation)
    BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-06-29] (Adobe Systems Incorporated)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-28] (Oracle Corporation)
    BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-06-29] (Adobe Systems Incorporated)
    BHO-x32: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\SnagIt 9\SnagItBHO.dll [2008-05-15] (TechSmith Corporation)
    BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Lync\OCHelper.dll [2010-11-03] (Microsoft Corporation)
    BHO-x32: Symantec Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\bin\IPS\IPSBHO.DLL [2013-04-04] (Symantec Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-28] (Oracle Corporation)
    BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2015-06-29] (Adobe Systems Incorporated)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-28] (Oracle Corporation)
    BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2015-06-29] (Adobe Systems Incorporated)
    Toolbar: HKLM - SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 9\DLLx64\SnagItIEAddin64.dll [2008-05-15] (TechSmith Corporation)
    Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-06-29] (Adobe Systems Incorporated)
    Toolbar: HKLM-x32 - SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagItIEAddin.dll [2008-05-15] (TechSmith Corporation)
    Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2015-06-29] (Adobe Systems Incorporated)
    Handler-x32: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll [2014-02-27] (SAP, Walldorf)
    Handler-x32: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll [2014-02-27] (SAP, Walldorf)
    Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
    Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)

    FireFox:
    ========
    FF ProfilePath: C:\Users\laingg\AppData\Roaming\Mozilla\Firefox\Profiles\u4ymof4y.default-1449696621196
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-08] ()
    FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-28] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-28] (Oracle Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-08] ()
    FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2012-12-14] (Citrix Systems, Inc.)
    FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-28] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-28] (Oracle Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-12-21] (Adobe Systems Inc.)
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
    FF Plugin-x32: PDF Architect 3 -> C:\Program Files (x86)\PDF Architect 3\np-previewer.dll [2015-04-24] (pdfforge GmbH)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-07-21] ()
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
    FF HKLM-x32\...\Firefox\Extensions: [pdf_architect_3_conv@pdfarchitect.org] - C:\Program Files (x86)\PDF Architect 3\resources\pdfarchitect3firefoxextension
    FF Extension: PDF Architect 3 Creator - C:\Program Files (x86)\PDF Architect 3\resources\pdfarchitect3firefoxextension [2015-06-14] [not signed]
    FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
    FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2015-10-26] [not signed]
    FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\!666898493FC318475CD3A70580F3F69D6668.js [2015-12-09]

    Chrome:
    =======
    CHR Profile: C:\Users\laingg\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\laingg\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-29]
    CHR Extension: (Google Slides) - C:\Users\laingg\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-29]
    CHR Extension: (Google Drive) - C:\Users\laingg\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-20]
    CHR Extension: (YouTube) - C:\Users\laingg\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
    CHR Extension: (Google Search) - C:\Users\laingg\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
    CHR Extension: (Google Slides) - C:\Users\laingg\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2015-11-30]
    CHR Extension: (Google Slides) - C:\Users\laingg\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-29]
    CHR Extension: (Google Slides) - C:\Users\laingg\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-30]
    CHR Extension: (Google Slides) - C:\Users\laingg\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihdceheklapbalfikfdppfpgdgabaglp [2015-08-27]
    CHR Extension: (Google Slides) - C:\Users\laingg\AppData\Local\Google\Chrome\User Data\Default\Extensions\ildcggmkelabhbkiicdcfnpkfnmccpao [2015-12-10]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\laingg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-23]
    CHR Extension: (Gmail) - C:\Users\laingg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-29]
    CHR HKLM\...\Chrome\Extension: [ihdceheklapbalfikfdppfpgdgabaglp] - hxxps://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-3312761167-2807315300-1982944300-3653\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bmkckgpgekmanipelfidlhmkfcjicion] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [eefhnbpnnaaokmclnihgajdnlgljajjg] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2015-09-26]
    CHR HKLM-x32\...\Chrome\Extension: [ggebenakhmhfdkmkemdmllecchcldgec] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [ihdceheklapbalfikfdppfpgdgabaglp] - hxxps://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2015-12-10] (SUPERAntiSpyware.com)
    R2 ARPriv; C:\Program Files (x86)\Citrix\Receiver\PrivService.exe [367088 2012-12-14] (Citrix Systems, Inc.)
    S2 EraserSvc11510; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe [143928 2013-04-04] (Symantec Corporation)
    R2 ERIS; C:\Windows\system32\Empirum\Eris.exe [89432 2014-02-14] (Matrix42 AG)
    R2 FibUacService; C:\ProgramData\Clickfree\FullImagingBackup\FibUac.exe [37192 2013-11-28] (Storage Appliance Corp.)
    R2 FullImagingService; C:\programdata\Clickfree\FullImagingBackup\FullImagingService.exe [233120 2013-11-28] () [File not signed]
    R2 JuniperAccessService; C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe [162136 2015-03-11] (Pulse Secure, LLC)
    R2 LNSUSvc; C:\Lotus\Notes\SUService.exe [191664 2012-11-15] (IBM Corp)
    R2 Lotus Notes Diagnostics; C:\Lotus\Notes\nsd.exe [4455600 2012-11-15] (IBM)
    S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
    R2 msoidsvc; c:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2024864 2010-08-16] (Microsoft Corp.)
    R2 Multi-user Cleanup Service; C:\Lotus\Notes\ntmulti.exe [71048 2011-09-16] (IBM Corp)
    R2 NWSAPAutoWorkstationUpdateSvc; C:\Program Files (x86)\SAP\SAPsetup\Setup\Updater\NwSapAutoWorkstationUpdateService.exe [193144 2014-02-26] (SAP AG)
    S3 PDF Architect 3; C:\Program Files (x86)\PDF Architect 3\ws.exe [2244312 2015-04-24] (pdfforge GmbH)
    S3 PDF Architect 3 CrashHandler; C:\Program Files (x86)\PDF Architect 3\crash-handler-ws.exe [901336 2015-04-24] (pdfforge GmbH)
    R2 PDF Architect 3 Creator; C:\Program Files (x86)\PDF Architect 3\creator-ws.exe [740568 2015-04-24] (pdfforge GmbH)
    R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-10-31] (Realtek Semiconductor)
    R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16216 2015-02-13] (Seagate Technology LLC)
    R2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [157992 2015-04-01] (Seagate Technology LLC)
    R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe [143928 2013-04-04] (Symantec Corporation)
    R3 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\Smc.exe [2294112 2013-04-04] (Symantec Corporation)
    S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\snac64.exe [334288 2013-04-04] (Symantec Corporation)
    R2 SwiCardDetectSvc; C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [312136 2013-05-03] (Sierra Wireless, Inc.)
    R2 SwiService; C:\Program Files (x86)\Sierra Wireless Inc\Utils\SWIService.exe [314672 2013-09-13] (Sierra Wireless, Inc.)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2015-02-17] (Microsoft Corporation)
    R2 WinTaskSvc; C:\Program Files (x86)\winwebuse\WinWebSync.exe [140992 2015-12-09] (Grayscale LLC)
    R2 WinTaskSvc2; C:\Program Files (x86)\winwebuse\WinWebSync_.exe [140992 2015-12-09] (Grayscale LLC)
    R2 Dell.PowerManager.Service; C:\Windows\system32\dllhost.exe /Processid:{2EDBD99C-527B-4B14-BBF8-695CC286A653}
     
  25. GLaing

    GLaing TS Rookie Topic Starter Posts: 32

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36520 2013-10-31] (Advanced Micro Devices, Inc.)
    R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\BASHDefs\20151113.011\BHDrvx64.sys [1665608 2015-11-13] (Symantec Corporation)
    R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [132920 2013-04-23] (Motorola Solutions, Inc.)
    R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1385272 2013-04-23] (Motorola Solutions, Inc.)
    R1 ccSettings_{3771A34D-2132-48EA-A486-D62ECDF9D553}; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\ccSetx64.sys [168096 2013-04-04] (Symantec Corporation)
    R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [495376 2013-10-31] (Intel Corporation)
    S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
    R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-11-18] (Symantec Corporation)
    R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [157520 2015-11-18] (Symantec Corporation)
    R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2013-10-31] (Intel Corporation)
    R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\IPSDefs\20151208.014\IDSvia64.sys [767224 2015-12-04] (Symantec Corporation)
    R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHD64.sys [2261464 2013-10-31] (Realtek Semiconductor Corp.)
    S3 irstrtdv; C:\Windows\system32\drivers\irstrtdv.sys [43800 2013-10-31] (Intel Corporation)
    S3 ISCT; C:\Windows\system32\drivers\ISCTD64.sys [46568 2013-10-31] ()
    R1 jnprns; C:\Windows\System32\DRIVERS\jnprns.sys [507192 2015-03-11] (Juniper Networks)
    S4 jnprTdi_812_54585; C:\Windows\system32\Drivers\jnprTdi_812_54585.sys [108344 2015-03-11] (Pulse Secure, LLC)
    S3 jnprva; C:\Windows\System32\DRIVERS\jnprva.sys [30072 2013-10-03] (Juniper Networks, Inc.)
    R3 JnprVaMgr; C:\Windows\System32\DRIVERS\jnprvamgr.sys [45352 2013-10-03] (Juniper Networks, Inc.)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
    S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-10] (Malwarebytes)
    S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
    R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\VirusDefs\20151208.019\ENG64.SYS [138488 2015-10-27] (Symantec Corporation)
    R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\VirusDefs\20151208.019\EX64.SYS [2148080 2015-10-27] (Symantec Corporation)
    R3 O2FJ2RDR; C:\Windows\System32\DRIVERS\O2FJ2w7x64.sys [185760 2013-10-31] (O2Micro )
    R3 PsxDrv; C:\Windows\System32\drivers\psxdrv.sys [10240 2009-07-13] (Microsoft Corporation)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SRTSP; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\SRTSP64.SYS [776352 2013-04-04] (Symantec Corporation)
    R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\SRTSPX64.SYS [37496 2013-04-04] (Symantec Corporation)
    R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_Accel.sys [89312 2013-03-27] (STMicroelectronics)
    S3 swg3knmea05; C:\Windows\system32\drivers\swg3knmea05.sys [269488 2013-10-31] (Sierra Wireless Incorporated)
    S3 swg3kser05; C:\Windows\system32\drivers\swg3kser05.sys [269488 2013-10-31] (Sierra Wireless Incorporated)
    S3 swibus05; C:\Windows\system32\drivers\swibus05.sys [87416 2013-10-31] (Sierra Wireless Inc.)
    S3 swibusflt05; C:\Windows\system32\drivers\swibusflt05.sys [87416 2013-10-31] (Sierra Wireless Inc.)
    S3 SWUMX20; no ImagePath
    R0 SymDS; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\SYMDS64.SYS [493216 2013-04-04] (Symantec Corporation)
    R0 SymEFA; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\SYMEFA64.SYS [1133216 2013-04-04] (Symantec Corporation)
    R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2015-02-17] (Symantec Corporation)
    R1 SymIRON; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\Ironx64.SYS [224416 2013-04-04] (Symantec Corporation)
    R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\SYMNETS.SYS [432800 2013-04-04] (Symantec Corporation)
    S3 catchme; \??\C:\New_Version\catchme.sys [X]
    S3 dcdbas; system32\DRIVERS\dcdbas64.sys [X]
    S3 JNPRNA; system32\DRIVERS\jnprna6.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-12-11 11:32 - 2015-12-11 11:32 - 00059329 _____ C:\Users\laingg\Desktop\myname combofix log.txt
    2015-12-11 11:31 - 2015-12-11 11:31 - 00059329 _____ C:\ComboFix.txt
    2015-12-11 11:26 - 2015-12-11 11:27 - 00005198 _____ C:\Users\laingg\Desktop\Rkill.txt
    2015-12-11 11:25 - 2015-12-11 11:32 - 00243072 _____ C:\Windows\ntbtlog.txt
    2015-12-11 10:43 - 2015-12-11 10:43 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\laingg\Desktop\iExplore.exe
    2015-12-11 10:41 - 2015-12-11 10:41 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\laingg\Desktop\rkill.exe
    2015-12-11 10:38 - 2015-12-11 10:38 - 05640425 ____R (Swearware) C:\Users\laingg\Desktop\New_Version.exe
    2015-12-10 20:36 - 2015-12-10 20:36 - 00000000 ____D C:\Users\laingg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
    2015-12-10 17:30 - 2015-12-10 17:30 - 00001692 _____ C:\Users\laingg\Desktop\JRT.txt
    2015-12-10 17:26 - 2015-12-10 17:26 - 01599336 _____ (Malwarebytes) C:\Users\laingg\Downloads\JRT.exe
    2015-12-10 17:20 - 2015-12-10 17:23 - 00000000 ____D C:\AdwCleaner
    2015-12-10 17:19 - 2015-12-10 17:20 - 01738240 _____ C:\Users\laingg\Downloads\adwcleaner_5.024 (1).exe
    2015-12-10 17:19 - 2015-12-10 17:19 - 01738240 _____ C:\Users\laingg\Downloads\adwcleaner_5.024.exe
    2015-12-10 17:17 - 2015-12-10 17:17 - 00001059 _____ C:\Users\laingg\Downloads\MBAM Scan.txt
    2015-12-10 16:47 - 2015-12-10 16:47 - 20829256 _____ C:\Users\laingg\Downloads\RogueKiller.exe
    2015-12-10 16:10 - 2015-12-10 16:36 - 00000234 _____ C:\Users\laingg\Desktop\Techspot.txt
    2015-12-10 16:02 - 2015-12-11 11:40 - 00043977 _____ C:\Users\laingg\Downloads\FRST.txt
    2015-12-10 16:02 - 2015-12-10 16:02 - 00050725 _____ C:\Users\laingg\Downloads\Addition.txt
    2015-12-10 16:01 - 2015-12-11 11:40 - 00000000 ____D C:\FRST
    2015-12-10 16:01 - 2015-12-10 16:01 - 02369024 _____ (Farbar) C:\Users\laingg\Downloads\FRST64.exe
    2015-12-10 15:32 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe
    2015-12-10 15:32 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe
    2015-12-10 15:32 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2015-12-10 15:32 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2015-12-10 15:32 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2015-12-10 15:32 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe
    2015-12-10 15:32 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe
    2015-12-10 15:32 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe
    2015-12-10 15:16 - 2015-12-11 11:31 - 00000000 ____D C:\Qoobox
    2015-12-10 15:16 - 2015-12-10 15:37 - 00000000 ____D C:\Windows\erdnt
    2015-12-10 13:56 - 2015-12-10 14:22 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
    2015-12-10 13:56 - 2015-12-10 13:56 - 00000000 ____D C:\Users\laingg\AppData\Roaming\SUPERAntiSpyware.com
    2015-12-10 13:56 - 2015-12-10 13:56 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
    2015-12-10 13:56 - 2015-12-10 13:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    2015-12-10 13:49 - 2015-12-10 14:43 - 00000000 ____D C:\SUPERDelete
    2015-12-09 20:08 - 2015-12-09 20:08 - 00000000 ___SD C:\Windows\system32\CompatTel
    2015-12-09 20:08 - 2015-12-09 20:08 - 00000000 ____D C:\Windows\system32\appraiser
    2015-12-09 18:10 - 2015-08-05 12:56 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
    2015-12-09 18:10 - 2015-08-05 12:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
    2015-12-09 18:06 - 2015-06-01 19:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
    2015-12-09 18:06 - 2015-06-01 18:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
    2015-12-09 18:04 - 2015-07-16 14:12 - 06131200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
    2015-12-09 18:04 - 2015-07-16 14:12 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
    2015-12-09 18:04 - 2015-07-16 14:12 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
    2015-12-09 18:04 - 2015-07-16 14:11 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
    2015-12-09 18:04 - 2015-07-16 14:11 - 01057792 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
    2015-12-09 18:04 - 2015-07-16 14:11 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
    2015-12-09 18:04 - 2015-07-11 08:15 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
    2015-12-09 18:03 - 2015-08-05 12:56 - 01110016 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
    2015-12-09 18:03 - 2015-07-30 08:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2015-12-09 18:03 - 2015-07-30 08:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
    2015-12-09 18:01 - 2015-08-06 13:04 - 14176768 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2015-12-09 18:01 - 2015-08-06 13:03 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
    2015-12-09 18:01 - 2015-08-06 12:44 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2015-12-09 18:01 - 2015-08-06 12:44 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
    2015-12-09 18:01 - 2015-07-15 13:15 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
    2015-12-09 18:01 - 2015-07-15 13:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
    2015-12-09 18:01 - 2015-07-15 13:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
    2015-12-09 18:00 - 2015-06-09 13:03 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
    2015-12-09 18:00 - 2015-06-09 13:03 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
    2015-12-09 17:59 - 2015-09-18 14:31 - 00391784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2015-12-09 17:59 - 2015-09-18 13:58 - 00345688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2015-12-09 17:59 - 2015-09-15 23:48 - 25851904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-12-09 17:59 - 2015-09-15 23:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2015-12-09 17:59 - 2015-09-15 23:36 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2015-12-09 17:59 - 2015-09-15 23:22 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2015-12-09 17:59 - 2015-09-15 23:21 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-12-09 17:59 - 2015-09-15 23:21 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-12-09 17:59 - 2015-09-15 23:21 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2015-12-09 17:59 - 2015-09-15 23:21 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2015-12-09 17:59 - 2015-09-15 23:21 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2015-12-09 17:59 - 2015-09-15 23:14 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2015-12-09 17:59 - 2015-09-15 23:13 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2015-12-09 17:59 - 2015-09-15 23:10 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-12-09 17:59 - 2015-09-15 23:09 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-12-09 17:59 - 2015-09-15 23:08 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2015-12-09 17:59 - 2015-09-15 23:08 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2015-12-09 17:59 - 2015-09-15 23:08 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2015-12-09 17:59 - 2015-09-15 23:08 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2015-12-09 17:59 - 2015-09-15 23:01 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2015-12-09 17:59 - 2015-09-15 22:58 - 20357632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2015-12-09 17:59 - 2015-09-15 22:58 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-12-09 17:59 - 2015-09-15 22:50 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2015-12-09 17:59 - 2015-09-15 22:46 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2015-12-09 17:59 - 2015-09-15 22:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2015-12-09 17:59 - 2015-09-15 22:45 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-12-09 17:59 - 2015-09-15 22:43 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-12-09 17:59 - 2015-09-15 22:41 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
    2015-12-09 17:59 - 2015-09-15 22:33 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2015-12-09 17:59 - 2015-09-15 22:33 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2015-12-09 17:59 - 2015-09-15 22:32 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2015-12-09 17:59 - 2015-09-15 22:32 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2015-12-09 17:59 - 2015-09-15 22:31 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2015-12-09 17:59 - 2015-09-15 22:31 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2015-12-09 17:59 - 2015-09-15 22:29 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-12-09 17:59 - 2015-09-15 22:29 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2015-12-09 17:59 - 2015-09-15 22:28 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2015-12-09 17:59 - 2015-09-15 22:28 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2015-12-09 17:59 - 2015-09-15 22:26 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-12-09 17:59 - 2015-09-15 22:26 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2015-12-09 17:59 - 2015-09-15 22:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2015-12-09 17:59 - 2015-09-15 22:24 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2015-12-09 17:59 - 2015-09-15 22:23 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2015-12-09 17:59 - 2015-09-15 22:22 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-12-09 17:59 - 2015-09-15 22:22 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2015-12-09 17:59 - 2015-09-15 22:22 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2015-12-09 17:59 - 2015-09-15 22:15 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2015-12-09 17:59 - 2015-09-15 22:11 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-12-09 17:59 - 2015-09-15 22:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2015-12-09 17:59 - 2015-09-15 22:07 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2015-12-09 17:59 - 2015-09-15 22:06 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2015-12-09 17:59 - 2015-09-15 22:05 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2015-12-09 17:59 - 2015-09-15 22:05 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2015-12-09 17:59 - 2015-09-15 22:04 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2015-12-09 17:59 - 2015-09-15 21:59 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-12-09 17:59 - 2015-09-15 21:58 - 12853760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2015-12-09 17:59 - 2015-09-15 21:58 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2015-12-09 17:59 - 2015-09-15 21:56 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2015-12-09 17:59 - 2015-09-15 21:55 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2015-12-09 17:59 - 2015-09-15 21:55 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2015-12-09 17:59 - 2015-09-15 21:48 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2015-12-09 17:59 - 2015-09-15 21:37 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2015-12-09 17:59 - 2015-09-15 21:34 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2015-12-09 17:59 - 2015-09-15 21:32 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2015-12-09 17:58 - 2015-08-05 12:56 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
    2015-12-09 17:58 - 2015-08-05 12:06 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
    2015-12-09 17:58 - 2015-07-14 22:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2015-12-09 17:58 - 2015-07-14 21:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2015-12-09 17:57 - 2015-07-14 22:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
    2015-12-09 17:57 - 2015-07-09 12:58 - 01632256 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
    2015-12-09 17:57 - 2015-07-09 12:58 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
    2015-12-09 17:57 - 2015-07-09 12:42 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
    2015-12-09 17:57 - 2015-07-09 12:42 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
    2015-12-09 17:56 - 2015-09-25 13:07 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
    2015-12-09 17:56 - 2015-09-25 13:07 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
    2015-12-09 17:56 - 2015-09-25 13:07 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
    2015-12-09 17:56 - 2015-09-25 13:07 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
    2015-12-09 17:56 - 2015-09-25 13:07 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
    2015-12-09 17:56 - 2015-09-25 13:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
    2015-12-09 17:56 - 2015-09-25 13:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
    2015-12-09 17:56 - 2015-09-25 13:06 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    2015-12-09 17:56 - 2015-09-25 13:06 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
    2015-12-09 17:56 - 2015-09-25 13:06 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
    2015-12-09 17:56 - 2015-09-25 13:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
    2015-12-09 17:56 - 2015-09-25 12:59 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
    2015-12-09 17:56 - 2015-09-25 12:59 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
    2015-12-09 17:56 - 2015-09-25 12:59 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
    2015-12-09 17:56 - 2015-09-25 12:59 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
    2015-12-09 17:56 - 2015-09-25 12:58 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
    2015-12-09 17:55 - 2015-09-28 22:16 - 05569472 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-12-09 17:55 - 2015-09-28 22:13 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2015-12-09 17:55 - 2015-09-28 22:11 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2015-12-09 17:55 - 2015-09-28 22:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
    2015-12-09 17:55 - 2015-09-28 22:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2015-12-09 17:55 - 2015-09-28 22:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
    2015-12-09 17:55 - 2015-09-28 22:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2015-12-09 17:55 - 2015-09-28 22:11 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2015-12-09 17:55 - 2015-09-28 22:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2015-12-09 17:55 - 2015-09-28 22:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
    2015-12-09 17:55 - 2015-09-28 22:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2015-12-09 17:55 - 2015-09-28 22:10 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2015-12-09 17:55 - 2015-09-28 22:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2015-12-09 17:55 - 2015-09-28 22:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2015-12-09 17:55 - 2015-09-28 22:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2015-12-09 17:55 - 2015-09-28 22:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2015-12-09 17:55 - 2015-09-28 22:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2015-12-09 17:55 - 2015-09-28 22:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
    2015-12-09 17:55 - 2015-09-28 22:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2015-12-09 17:55 - 2015-09-28 22:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2015-12-09 17:55 - 2015-09-28 22:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
    2015-12-09 17:55 - 2015-09-28 22:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
    2015-12-09 17:55 - 2015-09-28 22:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2015-12-09 17:55 - 2015-09-28 22:05 - 03990976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2015-12-09 17:55 - 2015-09-28 22:05 - 03936192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2015-12-09 17:55 - 2015-09-28 22:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2015-12-09 17:55 - 2015-09-28 22:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2015-12-09 17:55 - 2015-09-28 22:02 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2015-12-09 17:55 - 2015-09-28 22:01 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2015-12-09 17:55 - 2015-09-28 22:01 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2015-12-09 17:55 - 2015-09-28 22:01 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
    2015-12-09 17:55 - 2015-09-28 22:01 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
    2015-12-09 17:55 - 2015-09-28 22:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2015-12-09 17:55 - 2015-09-28 22:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2015-12-09 17:55 - 2015-09-28 22:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2015-12-09 17:55 - 2015-09-28 22:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2015-12-09 17:55 - 2015-09-28 22:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2015-12-09 17:55 - 2015-09-28 22:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2015-12-09 17:55 - 2015-09-28 22:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2015-12-09 17:55 - 2015-09-28 22:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2015-12-09 17:55 - 2015-09-28 22:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2015-12-09 17:55 - 2015-09-28 22:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2015-12-09 17:55 - 2015-09-28 22:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2015-12-09 17:55 - 2015-09-28 22:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2015-12-09 17:55 - 2015-09-28 22:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2015-12-09 17:55 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2015-12-09 17:55 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
    2015-12-09 17:55 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
    2015-12-09 17:55 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2015-12-09 17:55 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
    2015-12-09 17:55 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2015-12-09 17:55 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2015-12-09 17:55 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2015-12-09 17:55 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2015-12-09 17:55 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2015-12-09 17:55 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2015-12-09 17:55 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2015-12-09 17:55 - 2015-09-28 22:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
    2015-12-09 17:55 - 2015-09-28 21:59 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2015-12-09 17:55 - 2015-09-28 21:59 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2015-12-09 17:55 - 2015-09-28 21:59 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2015-12-09 17:55 - 2015-09-28 21:59 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2015-12-09 17:55 - 2015-09-28 21:59 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2015-12-09 17:55 - 2015-09-28 21:59 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2015-12-09 17:55 - 2015-09-28 21:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2015-12-09 17:55 - 2015-09-28 21:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
    2015-12-09 17:55 - 2015-09-28 21:58 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2015-12-09 17:55 - 2015-09-28 21:58 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2015-12-09 17:55 - 2015-09-28 21:57 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2015-12-09 17:55 - 2015-09-28 21:57 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
    2015-12-09 17:55 - 2015-09-28 21:57 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2015-12-09 17:55 - 2015-09-28 21:57 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2015-12-09 17:55 - 2015-09-28 21:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2015-12-09 17:55 - 2015-09-28 21:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2015-12-09 17:55 - 2015-09-28 21:49 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2015-12-09 17:55 - 2015-09-28 21:49 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2015-12-09 17:55 - 2015-09-28 21:49 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2015-12-09 17:55 - 2015-09-28 21:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2015-12-09 17:55 - 2015-09-28 21:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2015-12-09 17:55 - 2015-09-28 21:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2015-12-09 17:55 - 2015-09-28 21:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2015-12-09 17:55 - 2015-09-28 21:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2015-12-09 17:55 - 2015-09-28 21:49 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...