Solved Anne Kofod
- Thread starter Anne Kofod
- Start date
Anne Kofod
Posts: 43 +0
Okay, thanks. I do see some improvement!
Anne Kofod
Posts: 43 +0
This is the scan result log
# AdwCleaner v6.030 - Logfile created 26/10/2016 at 10:03:37
# Updated on 19/10/2016 by Malwarebytes
# Database : 2016-10-25.1 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Annie Lee - ANNIELEE-HP
# Running from : C:\Users\Annie Lee\Downloads\adwcleaner_6.030.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support
***** [ Services ] *****
Service Found: swdumon
***** [ Folders ] *****
Folder Found: C:\Users\Public\Documents\Downloaded Installers
***** [ Files ] *****
File Found: C:\Windows\SysNative\drivers\swdumon.sys
File Found: C:\Users\Public\Desktop\eBay.lnk
File Found: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious keys found.
***** [ Shortcuts ] *****
No infected shortcut found.
***** [ Scheduled Tasks ] *****
No malicious task found.
***** [ Registry ] *****
Key Found: HKLM\SOFTWARE\Classes\driverscanner
Key Found: HKLM\SOFTWARE\Classes\ioloToolService.ToolManager
Key Found: HKLM\SOFTWARE\Classes\LXImageTool.ZIPTool
Key Found: HKLM\SOFTWARE\Classes\LXImageTool.ZIPTool.1
Key Found: HKLM\SOFTWARE\Classes\protector_dll.Protector
Key Found: HKLM\SOFTWARE\Classes\protector_dll.Protector.1
Key Found: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
Key Found: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
Key Found: [x64] HKLM\SOFTWARE\Classes\driverscanner
Key Found: [x64] HKLM\SOFTWARE\Classes\ioloToolService.ToolManager
Key Found: [x64] HKLM\SOFTWARE\Classes\LXImageTool.ZIPTool
Key Found: [x64] HKLM\SOFTWARE\Classes\LXImageTool.ZIPTool.1
Key Found: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector
Key Found: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector.1
Key Found: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
Key Found: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
Key Found: HKU\S-1-5-21-2899254803-3239824921-2955042760-1001\Software\USyndication
Key Found: HKU\S-1-5-21-2899254803-3239824921-2955042760-1001\Software\usyndication.com
Key Found: HKCU\Software\USyndication
Key Found: HKCU\Software\usyndication.com
Key Found: HKLM\SOFTWARE\SlimWare Utilities Inc
Key Found: HKLM\SOFTWARE\Uniblue
Key Found: [x64] HKCU\Software\USyndication
Key Found: [x64] HKCU\Software\usyndication.com
Key Found: HKU\S-1-5-21-2899254803-3239824921-2955042760-1001\Software\Microsoft\Internet Explorer\SearchScopes\{062BA6EE-078E-402D-9ED7-E8017B33E3D5}
Key Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{062BA6EE-078E-402D-9ED7-E8017B33E3D5}
Key Found: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{062BA6EE-078E-402D-9ED7-E8017B33E3D5}
Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{062BA6EE-078E-402D-9ED7-E8017B33E3D5}
Key Found: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{062BA6EE-078E-402D-9ED7-E8017B33E3D5}
***** [ Web browsers ] *****
Firefox pref Found: [C:\Users\Annie Lee\AppData\Roaming\Mozilla\Firefox\Profiles\esyq1ljt.default-1460334229289\prefs.js] - "extensions.{35d6291e-1d4b-f9b4-c52f-77e6410d1326}.account" - "{\"qualifiedReferralCount\":2,\"p
Firefox pref Found: [C:\Users\Annie Lee\AppData\Roaming\Mozilla\Firefox\Profiles\esyq1ljt.default-1460334229289\prefs.js] - "extensions.{35d6291e-1d4b-f9b4-c52f-77e6410d1326}.messages" - "[{\"bonusTypeID\":40,\"bonusActi
Firefox pref Found: [C:\Users\Annie Lee\AppData\Roaming\Mozilla\Firefox\Profiles\esyq1ljt.default-1460334229289\prefs.js] - "extensions.{35d6291e-1d4b-f9b4-c52f-77e6410d1326}.recent" - "[{\"storeId\":9152,\"cashBackAmoun
Chrome pref Found: [C:\Users\Annie Lee\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com
Chrome pref Found: [C:\Users\Annie Lee\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com_
Chrome pref Found: [C:\Users\Annie Lee\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com
*************************
C:\AdwCleaner\AdwCleaner[S0].txt - [4036 Bytes] - [26/10/2016 10:03:37]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4109 Bytes] ##########
This is the Clean result log
# AdwCleaner v6.030 - Logfile created 26/10/2016 at 10:17:03
# Updated on 19/10/2016 by Malwarebytes
# Database : 2016-10-25.1 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Annie Lee - ANNIELEE-HP
# Running from : C:\Users\Annie Lee\Downloads\adwcleaner_6.030.exe
# Mode: Clean
# Support : hxxps://www.malwarebytes.com/support
***** [ Services ] *****
[-] Service deleted: swdumon
***** [ Folders ] *****
[-] Folder deleted: C:\Users\Public\Documents\Downloaded Installers
***** [ Files ] *****
[-] File deleted: C:\Windows\SysNative\drivers\swdumon.sys
[-] File deleted: C:\Users\Public\Desktop\eBay.lnk
[-] File deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Shortcuts ] *****
***** [ Scheduled Tasks ] *****
***** [ Registry ] *****
[-] Key deleted: HKLM\SOFTWARE\Classes\driverscanner
[-] Key deleted: HKLM\SOFTWARE\Classes\ioloToolService.ToolManager
[-] Key deleted: HKLM\SOFTWARE\Classes\LXImageTool.ZIPTool
[-] Key deleted: HKLM\SOFTWARE\Classes\LXImageTool.ZIPTool.1
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\driverscanner
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ioloToolService.ToolManager
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LXImageTool.ZIPTool
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LXImageTool.ZIPTool.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[-] Key deleted: HKU\S-1-5-21-2899254803-3239824921-2955042760-1001\Software\USyndication
[-] Key deleted: HKU\S-1-5-21-2899254803-3239824921-2955042760-1001\Software\usyndication.com
[#] Key deleted on reboot: HKCU\Software\USyndication
[#] Key deleted on reboot: HKCU\Software\usyndication.com
[-] Key deleted: HKLM\SOFTWARE\SlimWare Utilities Inc
[-] Key deleted: HKLM\SOFTWARE\Uniblue
[#] Key deleted on reboot: [x64] HKCU\Software\USyndication
[#] Key deleted on reboot: [x64] HKCU\Software\usyndication.com
[-] Key deleted: HKU\S-1-5-21-2899254803-3239824921-2955042760-1001\Software\Microsoft\Internet Explorer\SearchScopes\{062BA6EE-078E-402D-9ED7-E8017B33E3D5}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{062BA6EE-078E-402D-9ED7-E8017B33E3D5}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{062BA6EE-078E-402D-9ED7-E8017B33E3D5}
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{062BA6EE-078E-402D-9ED7-E8017B33E3D5}
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{062BA6EE-078E-402D-9ED7-E8017B33E3D5}
***** [ Web browsers ] *****
[-] Chrome preferences cleaned: "extensions.{35d6291e-1d4b-f9b4-c52f-77e6410d1326}.account" - "{\"qualifiedReferralCount\":2,\"paidAmount\":1267.43,\"pendingAmount\":4.43,\"totalAmount\":1271.8600000000001}"
[-] Chrome preferences cleaned: "extensions.{35d6291e-1d4b-f9b4-c52f-77e6410d1326}.messages" - "[{\"bonusTypeID\":40,\"bonusActive\":false,\"bonusAmount\":\"5.00\",\"bonusExpiration\":\"2016-09-26T13:18:46.748-0700\",\"bonusDescription\":\"$5 Cash Bonus when you spend $25+ at Jos. A Bank\",\"bonusID\":933,\"bonusRedeemThreshold\":\"25.00\",\"storeIds\":[977],\"text\":\"New Bonus Available: $5 Cash Bonus when you spend $25+ at Jos. A Bank\",\"type\":\"bonus\",\"created\":1473625125089,\"shown\":false},{\"bonusTypeID\":40,\"bonusActive\":false,\"bonusAmount\":\"10.00\",\"bonusExpiration\":\"2016-10-11T13:18:46.748-0700\",\"bonusDescription\":\"$10 Cash Bonus when you spend $100+ at Talbots\",\"bonusID\":953,\"bonusRedeemThreshold\":\"100.00\",\"storeIds\":[12514],\"text\":\"New Bonus Available: $10 Cash Bonus when you spend $100+ at Talbots\",\"type\":\"bonus\",\"created\":1473625125371,\"shown\":false},{\"bonusTypeID\":40,\"bonusActive\":false,\"bonusAmount\":\"5.00\",\"bonusExpiration\":\"2016-09-26T13:18:46.748-0700\",\"bonusDescription\":\"$5 Cash Bonus when you spend $25+ at Belk.com\",\"bonusID\":942,\"bonusRedeemThreshold\":\"25.00\",\"storeIds\":[10764],\"text\":\"New Bonus Available: $5 Cash Bonus when you spend $25+ at Belk.com\",\"type\":\"bonus\",\"created\":1473625125374,\"shown\":false},{\"bonusTypeID\":40,\"bonusActive\":false,\"bonusAmount\":\"5.00\",\"bonusExpiration\":\"2016-09-29T13:08:05.116-0700\",\"bonusDescription\":\"$5 Cash Bonus when you spend $50+ at Ole Henriksen\",\"bonusID\":959,\"bonusRedeemThreshold\":\"50.00\",\"storeIds\":[11951],\"text\":\"New Bonus Available: $5 Cash Bonus when you spend $50+ at Ole Henriksen\",\"type\":\"bonus\",\"created\":1473883682211,\"shown\":false},{\"bonusTypeID\":40,\"bonusActive\":false,\"bonusAmount\":\"5.00\",\"bonusExpiration\":\"2016-09-29T13:08:05.116-0700\",\"bonusDescription\":\"$5 Cash Bonus when you spend $50+ at Kat Von D Beauty\",\"bonusID\":957,\"bonusRedeemThreshold\":\"50.00\",\"storeIds\":[14266],\"text\":\"New Bonus Available: $5 Cash Bonus when you spend $50+ at Kat Von D Beauty\",\"type\":\"bonus\",\"created\":1473883682222,\"shown\":false},{\"bonusTypeID\":40,\"bonusActive\":false,\"bonusAmount\":\"10.00\",\"bonusExpiration\":\"2016-09-29T13:08:05.116-0700\",\"bonusDescription\":\"$10 Cash Bonus when you spend $100+ at Marc Jacobs Beauty\",\"bonusID\":960,\"bonusRedeemThreshold\":\"100.00\",\"storeIds\":[13207],\"text\":\"New Bonus Available: $10 Cash Bonus when you spend $100+ at Marc Jacobs Beauty\",\"type\":\"bonus\",\"created\":1473883682229,\"shown\":false},{\"storeId\":2946,\"memberReward\":{\"amount\":\"0.12\"},\"text\":\"You just earned $0.12 Cash Back from your purchase at Walmart! \",\"type\":\"cashback\",\"created\":1474310819899,\"shown\":true},{\"storeId\":3993,\"memberReward\":{\"amount\":\"0.10\"},\"text\":\"You just earned $0.10 Cash Back from your purchase at eBay! \",\"type\":\"cashback\",\"created\":1475707613277,\"shown\":true},{\"storeId\":4646,\"memberReward\":{\"amount\":\"1.40\"},\"text\":\"You just earned $1.40 Cash Back from your purchase at HSN! \",\"type\":\"cashback\",\"created\":1477233809174,\"shown\":true}]"
[-] Chrome preferences cleaned: "extensions.{35d6291e-1d4b-f9b4-c52f-77e6410d1326}.recent" - "[{\"storeId\":9152,\"cashBackAmount\":\"$110\",\"cashBackAmountWas\":\"$55\",\"lastVisit\":1476964140383,\"cashBackDifference\":55},{\"storeId\":2946,\"cashBackAmount\":\"3%\",\"cashBackAmountWas\":\"1%\",\"lastVisit\":1477239687820,\"cashBackDifference\":2},{\"storeId\":9102,\"cashBackAmount\":\"2.5%\",\"cashBackAmountWas\":\"2.5%\",\"lastVisit\":1477437363437,\"cashBackDifference\":0},{\"storeId\":3993,\"cashBackAmount\":\"Up to 5%\",\"cashBackAmountWas\":\"Up to 5%\",\"lastVisit\":1477333726092,\"cashBackDifference\":0},{\"storeId\":8378,\"cashBackAmount\":\"1%\",\"cashBackAmountWas\":\"1%\",\"lastVisit\":1477270429952,\"cashBackDifference\":0},{\"storeId\":10711,\"cashBackAmount\":\"2%\",\"cashBackAmountWas\":\"2%\",\"lastVisit\":1477267493098,\"cashBackDifference\":0},{\"storeId\":69,\"cashBackAmount\":\"12%\",\"cashBackAmountWas\":\"12%\",\"lastVisit\":1477267396639,\"cashBackDifference\":0},{\"storeId\":10461,\"cashBackAmount\":\"Up to $75\",\"cashBackAmountWas\":\"Up to $75\",\"lastVisit\":1477259037101,\"cashBackDifference\":0},{\"storeId\":4027,\"cashBackAmount\":\"Up to $150\",\"cashBackAmountWas\":\"Up to $150\",\"lastVisit\":1477258927007,\"cashBackDifference\":0},{\"storeId\":14455,\"cashBackAmount\":\"2.5%\",\"cashBackAmountWas\":\"2.5%\",\"lastVisit\":1477256548019,\"cashBackDifference\":0},{\"storeId\":10794,\"cashBackAmount\":\"Up to $75\",\"cashBackAmountWas\":\"Up to $75\",\"lastVisit\":1477050452658,\"cashBackDifference\":0},{\"storeId\":14622,\"cashBackAmount\":\"5%\",\"cashBackAmountWas\":\"5%\",\"lastVisit\":1477011790331,\"cashBackDifference\":0},{\"storeId\":14444,\"cashBackAmount\":\"2.5%\",\"cashBackAmountWas\":\"2.5%\",\"lastVisit\":1476998792307,\"cashBackDifference\":0},{\"storeId\":4646,\"cashBackAmount\":\"2%\",\"cashBackAmountWas\":\"2%\",\"lastVisit\":1476996162783,\"cashBackDifference\":0},{\"storeId\":896,\"cashBackAmount\":\"4%\",\"cashBackAmountWas\":\"4%\",\"lastVisit\":1476895805112,\"cashBackDifference\":0},{\"storeId\":10231,\"cashBackAmount\":\"2%\",\"cashBackAmountWas\":\"2%\",\"lastVisit\":1476894614258,\"cashBackDifference\":0},{\"storeId\":11477,\"cashBackAmount\":\"2%\",\"cashBackAmountWas\":\"2%\",\"lastVisit\":1476816974477,\"cashBackDifference\":0},{\"storeId\":9899,\"cashBackAmount\":\"1.5%\",\"cashBackAmountWas\":\"1.5%\",\"lastVisit\":1476816673933,\"cashBackDifference\":0},{\"storeId\":14907,\"cashBackAmount\":\"5%\",\"cashBackAmountWas\":\"5%\",\"lastVisit\":1476796093595,\"cashBackDifference\":0},{\"storeId\":14327,\"cashBackAmount\":\"3%\",\"cashBackAmountWas\":\"3%\",\"lastVisit\":1476719646015,\"cashBackDifference\":0},{\"storeId\":8032,\"cashBackAmount\":\"$10\",\"cashBackAmountWas\":\"$10\",\"lastVisit\":1476706583169,\"cashBackDifference\":0},{\"storeId\":7086,\"cashBackAmount\":\"3%\",\"cashBackAmountWas\":\"3%\",\"lastVisit\":1476668140501,\"cashBackDifference\":0},{\"storeId\":8318,\"cashBackAmount\":\"Up to 8.1%\",\"cashBackAmountWas\":\"Up to 8.1%\",\"lastVisit\":1474426616626,\"cashBackDifference\":0},{\"storeId\":12003,\"cashBackAmount\":\"1.5%\",\"cashBackAmountWas\":\"3%\",\"lastVisit\":1476980629160,\"cashBackDifference\":-1.5}]"
[-] [C:\Users\Annie Lee\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Annie Lee\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com_
[-] [C:\Users\Annie Lee\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
*************************
:: "Tracing" keys deleted
:: Winsock settings cleared
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [10328 Bytes] - [26/10/2016 10:17:03]
C:\AdwCleaner\AdwCleaner[S0].txt - [4236 Bytes] - [26/10/2016 10:03:37]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [10475 Bytes] ##########
# AdwCleaner v6.030 - Logfile created 26/10/2016 at 10:03:37
# Updated on 19/10/2016 by Malwarebytes
# Database : 2016-10-25.1 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Annie Lee - ANNIELEE-HP
# Running from : C:\Users\Annie Lee\Downloads\adwcleaner_6.030.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support
***** [ Services ] *****
Service Found: swdumon
***** [ Folders ] *****
Folder Found: C:\Users\Public\Documents\Downloaded Installers
***** [ Files ] *****
File Found: C:\Windows\SysNative\drivers\swdumon.sys
File Found: C:\Users\Public\Desktop\eBay.lnk
File Found: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious keys found.
***** [ Shortcuts ] *****
No infected shortcut found.
***** [ Scheduled Tasks ] *****
No malicious task found.
***** [ Registry ] *****
Key Found: HKLM\SOFTWARE\Classes\driverscanner
Key Found: HKLM\SOFTWARE\Classes\ioloToolService.ToolManager
Key Found: HKLM\SOFTWARE\Classes\LXImageTool.ZIPTool
Key Found: HKLM\SOFTWARE\Classes\LXImageTool.ZIPTool.1
Key Found: HKLM\SOFTWARE\Classes\protector_dll.Protector
Key Found: HKLM\SOFTWARE\Classes\protector_dll.Protector.1
Key Found: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
Key Found: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
Key Found: [x64] HKLM\SOFTWARE\Classes\driverscanner
Key Found: [x64] HKLM\SOFTWARE\Classes\ioloToolService.ToolManager
Key Found: [x64] HKLM\SOFTWARE\Classes\LXImageTool.ZIPTool
Key Found: [x64] HKLM\SOFTWARE\Classes\LXImageTool.ZIPTool.1
Key Found: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector
Key Found: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector.1
Key Found: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
Key Found: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
Key Found: HKU\S-1-5-21-2899254803-3239824921-2955042760-1001\Software\USyndication
Key Found: HKU\S-1-5-21-2899254803-3239824921-2955042760-1001\Software\usyndication.com
Key Found: HKCU\Software\USyndication
Key Found: HKCU\Software\usyndication.com
Key Found: HKLM\SOFTWARE\SlimWare Utilities Inc
Key Found: HKLM\SOFTWARE\Uniblue
Key Found: [x64] HKCU\Software\USyndication
Key Found: [x64] HKCU\Software\usyndication.com
Key Found: HKU\S-1-5-21-2899254803-3239824921-2955042760-1001\Software\Microsoft\Internet Explorer\SearchScopes\{062BA6EE-078E-402D-9ED7-E8017B33E3D5}
Key Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{062BA6EE-078E-402D-9ED7-E8017B33E3D5}
Key Found: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{062BA6EE-078E-402D-9ED7-E8017B33E3D5}
Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{062BA6EE-078E-402D-9ED7-E8017B33E3D5}
Key Found: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{062BA6EE-078E-402D-9ED7-E8017B33E3D5}
***** [ Web browsers ] *****
Firefox pref Found: [C:\Users\Annie Lee\AppData\Roaming\Mozilla\Firefox\Profiles\esyq1ljt.default-1460334229289\prefs.js] - "extensions.{35d6291e-1d4b-f9b4-c52f-77e6410d1326}.account" - "{\"qualifiedReferralCount\":2,\"p
Firefox pref Found: [C:\Users\Annie Lee\AppData\Roaming\Mozilla\Firefox\Profiles\esyq1ljt.default-1460334229289\prefs.js] - "extensions.{35d6291e-1d4b-f9b4-c52f-77e6410d1326}.messages" - "[{\"bonusTypeID\":40,\"bonusActi
Firefox pref Found: [C:\Users\Annie Lee\AppData\Roaming\Mozilla\Firefox\Profiles\esyq1ljt.default-1460334229289\prefs.js] - "extensions.{35d6291e-1d4b-f9b4-c52f-77e6410d1326}.recent" - "[{\"storeId\":9152,\"cashBackAmoun
Chrome pref Found: [C:\Users\Annie Lee\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com
Chrome pref Found: [C:\Users\Annie Lee\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com_
Chrome pref Found: [C:\Users\Annie Lee\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com
*************************
C:\AdwCleaner\AdwCleaner[S0].txt - [4036 Bytes] - [26/10/2016 10:03:37]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4109 Bytes] ##########
This is the Clean result log
# AdwCleaner v6.030 - Logfile created 26/10/2016 at 10:17:03
# Updated on 19/10/2016 by Malwarebytes
# Database : 2016-10-25.1 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Annie Lee - ANNIELEE-HP
# Running from : C:\Users\Annie Lee\Downloads\adwcleaner_6.030.exe
# Mode: Clean
# Support : hxxps://www.malwarebytes.com/support
***** [ Services ] *****
[-] Service deleted: swdumon
***** [ Folders ] *****
[-] Folder deleted: C:\Users\Public\Documents\Downloaded Installers
***** [ Files ] *****
[-] File deleted: C:\Windows\SysNative\drivers\swdumon.sys
[-] File deleted: C:\Users\Public\Desktop\eBay.lnk
[-] File deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Shortcuts ] *****
***** [ Scheduled Tasks ] *****
***** [ Registry ] *****
[-] Key deleted: HKLM\SOFTWARE\Classes\driverscanner
[-] Key deleted: HKLM\SOFTWARE\Classes\ioloToolService.ToolManager
[-] Key deleted: HKLM\SOFTWARE\Classes\LXImageTool.ZIPTool
[-] Key deleted: HKLM\SOFTWARE\Classes\LXImageTool.ZIPTool.1
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\driverscanner
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\ioloToolService.ToolManager
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LXImageTool.ZIPTool
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LXImageTool.ZIPTool.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[-] Key deleted: HKU\S-1-5-21-2899254803-3239824921-2955042760-1001\Software\USyndication
[-] Key deleted: HKU\S-1-5-21-2899254803-3239824921-2955042760-1001\Software\usyndication.com
[#] Key deleted on reboot: HKCU\Software\USyndication
[#] Key deleted on reboot: HKCU\Software\usyndication.com
[-] Key deleted: HKLM\SOFTWARE\SlimWare Utilities Inc
[-] Key deleted: HKLM\SOFTWARE\Uniblue
[#] Key deleted on reboot: [x64] HKCU\Software\USyndication
[#] Key deleted on reboot: [x64] HKCU\Software\usyndication.com
[-] Key deleted: HKU\S-1-5-21-2899254803-3239824921-2955042760-1001\Software\Microsoft\Internet Explorer\SearchScopes\{062BA6EE-078E-402D-9ED7-E8017B33E3D5}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{062BA6EE-078E-402D-9ED7-E8017B33E3D5}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{062BA6EE-078E-402D-9ED7-E8017B33E3D5}
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{062BA6EE-078E-402D-9ED7-E8017B33E3D5}
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{062BA6EE-078E-402D-9ED7-E8017B33E3D5}
***** [ Web browsers ] *****
[-] Chrome preferences cleaned: "extensions.{35d6291e-1d4b-f9b4-c52f-77e6410d1326}.account" - "{\"qualifiedReferralCount\":2,\"paidAmount\":1267.43,\"pendingAmount\":4.43,\"totalAmount\":1271.8600000000001}"
[-] Chrome preferences cleaned: "extensions.{35d6291e-1d4b-f9b4-c52f-77e6410d1326}.messages" - "[{\"bonusTypeID\":40,\"bonusActive\":false,\"bonusAmount\":\"5.00\",\"bonusExpiration\":\"2016-09-26T13:18:46.748-0700\",\"bonusDescription\":\"$5 Cash Bonus when you spend $25+ at Jos. A Bank\",\"bonusID\":933,\"bonusRedeemThreshold\":\"25.00\",\"storeIds\":[977],\"text\":\"New Bonus Available: $5 Cash Bonus when you spend $25+ at Jos. A Bank\",\"type\":\"bonus\",\"created\":1473625125089,\"shown\":false},{\"bonusTypeID\":40,\"bonusActive\":false,\"bonusAmount\":\"10.00\",\"bonusExpiration\":\"2016-10-11T13:18:46.748-0700\",\"bonusDescription\":\"$10 Cash Bonus when you spend $100+ at Talbots\",\"bonusID\":953,\"bonusRedeemThreshold\":\"100.00\",\"storeIds\":[12514],\"text\":\"New Bonus Available: $10 Cash Bonus when you spend $100+ at Talbots\",\"type\":\"bonus\",\"created\":1473625125371,\"shown\":false},{\"bonusTypeID\":40,\"bonusActive\":false,\"bonusAmount\":\"5.00\",\"bonusExpiration\":\"2016-09-26T13:18:46.748-0700\",\"bonusDescription\":\"$5 Cash Bonus when you spend $25+ at Belk.com\",\"bonusID\":942,\"bonusRedeemThreshold\":\"25.00\",\"storeIds\":[10764],\"text\":\"New Bonus Available: $5 Cash Bonus when you spend $25+ at Belk.com\",\"type\":\"bonus\",\"created\":1473625125374,\"shown\":false},{\"bonusTypeID\":40,\"bonusActive\":false,\"bonusAmount\":\"5.00\",\"bonusExpiration\":\"2016-09-29T13:08:05.116-0700\",\"bonusDescription\":\"$5 Cash Bonus when you spend $50+ at Ole Henriksen\",\"bonusID\":959,\"bonusRedeemThreshold\":\"50.00\",\"storeIds\":[11951],\"text\":\"New Bonus Available: $5 Cash Bonus when you spend $50+ at Ole Henriksen\",\"type\":\"bonus\",\"created\":1473883682211,\"shown\":false},{\"bonusTypeID\":40,\"bonusActive\":false,\"bonusAmount\":\"5.00\",\"bonusExpiration\":\"2016-09-29T13:08:05.116-0700\",\"bonusDescription\":\"$5 Cash Bonus when you spend $50+ at Kat Von D Beauty\",\"bonusID\":957,\"bonusRedeemThreshold\":\"50.00\",\"storeIds\":[14266],\"text\":\"New Bonus Available: $5 Cash Bonus when you spend $50+ at Kat Von D Beauty\",\"type\":\"bonus\",\"created\":1473883682222,\"shown\":false},{\"bonusTypeID\":40,\"bonusActive\":false,\"bonusAmount\":\"10.00\",\"bonusExpiration\":\"2016-09-29T13:08:05.116-0700\",\"bonusDescription\":\"$10 Cash Bonus when you spend $100+ at Marc Jacobs Beauty\",\"bonusID\":960,\"bonusRedeemThreshold\":\"100.00\",\"storeIds\":[13207],\"text\":\"New Bonus Available: $10 Cash Bonus when you spend $100+ at Marc Jacobs Beauty\",\"type\":\"bonus\",\"created\":1473883682229,\"shown\":false},{\"storeId\":2946,\"memberReward\":{\"amount\":\"0.12\"},\"text\":\"You just earned $0.12 Cash Back from your purchase at Walmart! \",\"type\":\"cashback\",\"created\":1474310819899,\"shown\":true},{\"storeId\":3993,\"memberReward\":{\"amount\":\"0.10\"},\"text\":\"You just earned $0.10 Cash Back from your purchase at eBay! \",\"type\":\"cashback\",\"created\":1475707613277,\"shown\":true},{\"storeId\":4646,\"memberReward\":{\"amount\":\"1.40\"},\"text\":\"You just earned $1.40 Cash Back from your purchase at HSN! \",\"type\":\"cashback\",\"created\":1477233809174,\"shown\":true}]"
[-] Chrome preferences cleaned: "extensions.{35d6291e-1d4b-f9b4-c52f-77e6410d1326}.recent" - "[{\"storeId\":9152,\"cashBackAmount\":\"$110\",\"cashBackAmountWas\":\"$55\",\"lastVisit\":1476964140383,\"cashBackDifference\":55},{\"storeId\":2946,\"cashBackAmount\":\"3%\",\"cashBackAmountWas\":\"1%\",\"lastVisit\":1477239687820,\"cashBackDifference\":2},{\"storeId\":9102,\"cashBackAmount\":\"2.5%\",\"cashBackAmountWas\":\"2.5%\",\"lastVisit\":1477437363437,\"cashBackDifference\":0},{\"storeId\":3993,\"cashBackAmount\":\"Up to 5%\",\"cashBackAmountWas\":\"Up to 5%\",\"lastVisit\":1477333726092,\"cashBackDifference\":0},{\"storeId\":8378,\"cashBackAmount\":\"1%\",\"cashBackAmountWas\":\"1%\",\"lastVisit\":1477270429952,\"cashBackDifference\":0},{\"storeId\":10711,\"cashBackAmount\":\"2%\",\"cashBackAmountWas\":\"2%\",\"lastVisit\":1477267493098,\"cashBackDifference\":0},{\"storeId\":69,\"cashBackAmount\":\"12%\",\"cashBackAmountWas\":\"12%\",\"lastVisit\":1477267396639,\"cashBackDifference\":0},{\"storeId\":10461,\"cashBackAmount\":\"Up to $75\",\"cashBackAmountWas\":\"Up to $75\",\"lastVisit\":1477259037101,\"cashBackDifference\":0},{\"storeId\":4027,\"cashBackAmount\":\"Up to $150\",\"cashBackAmountWas\":\"Up to $150\",\"lastVisit\":1477258927007,\"cashBackDifference\":0},{\"storeId\":14455,\"cashBackAmount\":\"2.5%\",\"cashBackAmountWas\":\"2.5%\",\"lastVisit\":1477256548019,\"cashBackDifference\":0},{\"storeId\":10794,\"cashBackAmount\":\"Up to $75\",\"cashBackAmountWas\":\"Up to $75\",\"lastVisit\":1477050452658,\"cashBackDifference\":0},{\"storeId\":14622,\"cashBackAmount\":\"5%\",\"cashBackAmountWas\":\"5%\",\"lastVisit\":1477011790331,\"cashBackDifference\":0},{\"storeId\":14444,\"cashBackAmount\":\"2.5%\",\"cashBackAmountWas\":\"2.5%\",\"lastVisit\":1476998792307,\"cashBackDifference\":0},{\"storeId\":4646,\"cashBackAmount\":\"2%\",\"cashBackAmountWas\":\"2%\",\"lastVisit\":1476996162783,\"cashBackDifference\":0},{\"storeId\":896,\"cashBackAmount\":\"4%\",\"cashBackAmountWas\":\"4%\",\"lastVisit\":1476895805112,\"cashBackDifference\":0},{\"storeId\":10231,\"cashBackAmount\":\"2%\",\"cashBackAmountWas\":\"2%\",\"lastVisit\":1476894614258,\"cashBackDifference\":0},{\"storeId\":11477,\"cashBackAmount\":\"2%\",\"cashBackAmountWas\":\"2%\",\"lastVisit\":1476816974477,\"cashBackDifference\":0},{\"storeId\":9899,\"cashBackAmount\":\"1.5%\",\"cashBackAmountWas\":\"1.5%\",\"lastVisit\":1476816673933,\"cashBackDifference\":0},{\"storeId\":14907,\"cashBackAmount\":\"5%\",\"cashBackAmountWas\":\"5%\",\"lastVisit\":1476796093595,\"cashBackDifference\":0},{\"storeId\":14327,\"cashBackAmount\":\"3%\",\"cashBackAmountWas\":\"3%\",\"lastVisit\":1476719646015,\"cashBackDifference\":0},{\"storeId\":8032,\"cashBackAmount\":\"$10\",\"cashBackAmountWas\":\"$10\",\"lastVisit\":1476706583169,\"cashBackDifference\":0},{\"storeId\":7086,\"cashBackAmount\":\"3%\",\"cashBackAmountWas\":\"3%\",\"lastVisit\":1476668140501,\"cashBackDifference\":0},{\"storeId\":8318,\"cashBackAmount\":\"Up to 8.1%\",\"cashBackAmountWas\":\"Up to 8.1%\",\"lastVisit\":1474426616626,\"cashBackDifference\":0},{\"storeId\":12003,\"cashBackAmount\":\"1.5%\",\"cashBackAmountWas\":\"3%\",\"lastVisit\":1476980629160,\"cashBackDifference\":-1.5}]"
[-] [C:\Users\Annie Lee\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Annie Lee\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com_
[-] [C:\Users\Annie Lee\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
*************************
:: "Tracing" keys deleted
:: Winsock settings cleared
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [10328 Bytes] - [26/10/2016 10:17:03]
C:\AdwCleaner\AdwCleaner[S0].txt - [4236 Bytes] - [26/10/2016 10:03:37]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [10475 Bytes] ##########
Anne Kofod
Posts: 43 +0
I ran Junkware Removal Tool and here are the results
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows 7 Home Premium x64
Ran by Annie Lee (Administrator) on Wed 10/26/2016 at 13:52:22.90
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 17
Successfully deleted: C:\Users\Annie Lee\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Annie Lee\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1YC8VWHD (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Annie Lee\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Annie Lee\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9LZXCVC3 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Annie Lee\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EOTDUUKZ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Annie Lee\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Annie Lee\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J7ZH0DXR (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Annie Lee\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1YC8VWHD (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9LZXCVC3 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EOTDUUKZ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J7ZH0DXR (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\SysWOW64\sho765C.tmp (File)
Registry: 2
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Thanks for your help!
Also wondering why I received this info when I search Techspot
This site might download malicious software that can harm your computer. Learn More
We recommend you choose another result or you can go to this site anyway.
To learn more about why this URL was marked as malicious, please visit the Bing Site Safety page.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows 7 Home Premium x64
Ran by Annie Lee (Administrator) on Wed 10/26/2016 at 13:52:22.90
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 17
Successfully deleted: C:\Users\Annie Lee\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Annie Lee\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1YC8VWHD (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Annie Lee\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Annie Lee\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9LZXCVC3 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Annie Lee\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EOTDUUKZ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Annie Lee\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Annie Lee\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J7ZH0DXR (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Annie Lee\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1YC8VWHD (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9LZXCVC3 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EOTDUUKZ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J7ZH0DXR (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\SysWOW64\sho765C.tmp (File)
Registry: 2
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Thanks for your help!
Also wondering why I received this info when I search Techspot
This site might download malicious software that can harm your computer. Learn More
We recommend you choose another result or you can go to this site anyway.
To learn more about why this URL was marked as malicious, please visit the Bing Site Safety page.
Broni
Posts: 56,041 +516
I suggest you report the above to this site Staff.
Please download ComboFix from Here, Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.
Make sure, you re-enable your security programs, when you're done with Combofix.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
NOTE.
If, for some reason, Combofix refuses to run, try the following...
Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/
Restart computer in safe mode
When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.
IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
Please download ComboFix from Here, Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
- Never rename Combofix unless instructed.
- Close any open browsers.
- Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
If the connection is not there use restore point you created prior to running Combofix. - Double click on combofix.exe & follow the prompts.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- When finished, it will produce a report for you.
- Please post the "C:\ComboFix.txt"
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.
Make sure, you re-enable your security programs, when you're done with Combofix.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
NOTE.
If, for some reason, Combofix refuses to run, try the following...
Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/
Restart computer in safe mode
- Double-click on the Rkill desktop icon to run the tool.
- If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
- A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
- If not, delete the file, then download and use the one provided in Link 2.
- Do not reboot until instructed.
- If the tool does not run from any of the links provided, please let me know.
When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.
IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
Anne Kofod
Posts: 43 +0
Results from Combofix, Thanks again for your help!
ComboFix 16-10-23.01 - Annie Lee 10/27/2016 13:09:23.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5883.3516 [GMT -4:00]
Running from: c:\users\Annie Lee\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {71A27EC9-3DA6-45FC-60A7-004F623C6189}
SP: Microsoft Security Essentials *Disabled/Updated* {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\windows\msdownld.tmp
c:\windows\TEMP\HP Support Framework\HPSF_Config1.dll
.
.
((((((((((((((((((((((((( Files Created from 2016-09-27 to 2016-10-27 )))))))))))))))))))))))))))))))
.
.
2016-10-27 17:24 . 2016-10-27 17:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-10-27 14:04 . 2016-10-27 14:04 9310 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2016-10-27 14:04 . 2016-10-27 14:04 8646 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2016-10-27 14:04 . 2016-10-27 14:04 6429 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2016-10-27 14:04 . 2016-10-27 14:04 63115 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2016-10-27 14:04 . 2016-10-27 14:04 5927 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2016-10-27 14:04 . 2016-10-27 14:04 4599 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2016-10-27 14:03 . 2016-10-27 14:03 8613 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2016-10-27 14:03 . 2016-10-27 14:03 8288 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2016-10-27 14:03 . 2016-10-27 14:03 6910 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2016-10-27 14:03 . 2016-10-27 14:03 6208 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
2016-10-27 14:03 . 2016-10-27 14:03 18541 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
2016-10-27 14:03 . 2016-10-27 14:03 1651 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
2016-10-27 14:03 . 2016-10-27 14:03 51852 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2016-10-27 14:03 . 2016-10-27 14:03 23327 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2016-10-27 14:03 . 2016-10-27 14:03 20719 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2016-10-27 14:03 . 2016-10-27 14:03 8782 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2016-10-27 14:03 . 2016-10-27 14:03 7271 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2016-10-27 13:10 . 2016-10-06 21:42 12033040 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{010BFDF5-B5FB-4749-8BC2-8A429EC1CF04}\mpengine.dll
2016-10-27 11:18 . 2016-10-06 21:42 12033040 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2016-10-27 02:17 . 2016-10-27 02:17 -------- d-----w- c:\users\Annie Lee\AppData\Local\CrashDumps
2016-10-26 13:57 . 2016-10-26 14:17 -------- d-----w- C:\AdwCleaner
2016-10-25 02:35 . 2016-10-25 02:35 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-10-25 02:34 . 2016-10-26 17:59 -------- d-----w- c:\program files\RogueKiller
2016-10-25 02:34 . 2016-10-25 12:41 -------- d-----w- c:\programdata\RogueKiller
2016-10-24 02:09 . 2016-10-25 02:01 -------- d-----w- C:\FRST
2016-10-20 22:01 . 2016-07-22 14:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2016-10-20 22:01 . 2016-07-22 14:51 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2016-10-16 19:16 . 2016-10-16 19:16 326880 ----a-r- c:\users\Annie Lee\AppData\Roaming\Microsoft\Installer\{28145961-299d-4f61-88d6-ff9ea46bd919}\ARPPRODUCTICON.exe
2016-10-16 19:16 . 2016-10-16 19:16 -------- d-----w- c:\users\Annie Lee\AppData\Local\Cisco
2016-10-06 12:56 . 2016-08-22 11:57 1167568 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6786B300-1321-4AA2-8B82-10E785C05F6B}\gapaengine.dll
2016-09-28 03:01 . 2016-10-27 16:08 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-09-28 03:00 . 2016-03-10 18:08 140672 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-09-28 03:00 . 2016-10-25 12:58 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2016-09-28 03:00 . 2016-09-28 03:00 -------- d-----w- c:\programdata\Malwarebytes
2016-09-28 03:00 . 2016-03-10 18:09 64896 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-09-28 03:00 . 2016-03-10 18:08 27008 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-10-27 02:18 . 2013-09-17 02:40 796352 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-10-27 02:18 . 2013-09-17 02:40 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-10-25 19:37 . 2013-09-16 20:50 485032 ------w- c:\windows\system32\MpSigStub.exe
2016-10-21 02:21 . 2013-09-17 00:20 143495576 -c--a-w- c:\windows\system32\MRT.exe
2016-09-09 17:59 . 2016-10-20 22:13 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2016-08-25 14:46 . 2016-08-25 14:46 295000 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2016-08-25 14:46 . 2015-11-13 12:50 135928 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2016-08-22 11:57 . 2016-08-24 15:06 1167568 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2016-08-16 17:36 . 2016-09-15 17:43 1009152 ----a-w- c:\windows\system32\user32.dll
2016-08-16 02:48 . 2016-09-15 17:43 833024 ----a-w- c:\windows\SysWow64\user32.dll
2016-08-12 16:46 . 2016-10-20 22:13 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2016-08-12 16:26 . 2016-09-15 17:42 464896 ----a-w- c:\windows\system32\drivers\srv.sys
2016-08-12 16:26 . 2016-09-15 17:42 405504 ----a-w- c:\windows\system32\drivers\srv2.sys
2016-08-12 16:26 . 2016-09-15 17:42 168960 ----a-w- c:\windows\system32\drivers\srvnet.sys
2016-08-06 15:31 . 2016-09-15 17:42 877056 ----a-w- c:\windows\system32\oleaut32.dll
2016-08-06 15:15 . 2016-09-15 17:42 581632 ----a-w- c:\windows\SysWow64\oleaut32.dll
2016-08-05 17:25 . 2016-08-05 17:25 74703 ----a-w- c:\windows\SysWow64\mfc45.dat
2016-08-05 15:30 . 2016-09-20 17:48 2048 ----a-w- c:\windows\system32\tzres.dll
2016-08-05 15:13 . 2016-09-20 17:48 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Annie Lee\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Annie Lee\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Annie Lee\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VideoGuardMonitor"="c:\users\Annie Lee\AppData\Local\Cisco\VideoGuardPlayer\VideoGuardMonitor\CiscoVideoGuardMonitor.exe" [2016-06-30 4155656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2011-06-14 587320]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2008-10-20 210208]
"GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2016-08-31 1402792]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
System Mechanic.lnk - c:\program files (x86)\iolo\System Mechanic\SystemMechanic.exe [2016-9-16 410880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 CLKMSVC10_C6F09094;CyberLink Product - 2013/09/15 22:19;c:\program files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe;c:\program files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 Garmin Device Interaction Service;Garmin Device Interaction Service;c:\program files (x86)\Garmin\Device Interaction Service\GarminService.exe;c:\program files (x86)\Garmin\Device Interaction Service\GarminService.exe [x]
R3 libusb0;libusb-win32 - Kernel Driver 04/08/2011 1.2.4.0;c:\windows\system32\DRIVERS\libusb0.sys;c:\windows\SYSNATIVE\DRIVERS\libusb0.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 SkyhawkeUSBLan;SkyhawkeUSBLan;c:\windows\system32\DRIVERS\btblan.sys;c:\windows\SYSNATIVE\DRIVERS\btblan.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 vzandnetdiag;LGE AndroidNet for VZW USB Serial Port;c:\windows\system32\DRIVERS\lgvzandnetdiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lgvzandnetdiag64.sys [x]
R3 vzandnetmodem;LGE AndroidNet for VZW USB Modem;c:\windows\system32\DRIVERS\lgvzandnetmdm64.sys;c:\windows\SYSNATIVE\DRIVERS\lgvzandnetmdm64.sys [x]
R3 vzandnetndis;LGE AndroidNet for VZW NDIS Ethernet Adapter;c:\windows\system32\DRIVERS\lgvzandnetndis64.sys;c:\windows\SYSNATIVE\DRIVERS\lgvzandnetndis64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
R4 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [x]
R4 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x]
R4 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys;c:\windows\SYSNATIVE\drivers\ElRawDsk.sys [x]
S1 RawDisk3;RawDisk3;c:\windows\system32\drivers\rawdsk3.sys;c:\windows\SYSNATIVE\drivers\rawdsk3.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 BcmBtRSupport;Bluetooth Driver Management Service;c:\windows\system32\BtwRSupportService.exe;c:\windows\SYSNATIVE\BtwRSupportService.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe;c:\program files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 Seagate Dashboard Services;Seagate Dashboard Services;c:\program files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe;c:\program files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [x]
S2 Seagate MobileBackup Service;Seagate MobileBackup Service;c:\program files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe;c:\program files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe;c:\windows\SYSNATIVE\vcsFPService.exe [x]
S3 bcbtums;Bluetooth USB LD Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
S3 btwampfl;btwampfl;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 clwvd;HP Webcam Splitter;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
*Deregistered* - CLKMDRV10_C6F09094
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-05-19 17:36 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-10-24 21:23 1363560 ----a-w- c:\program files (x86)\Google\Chrome\Application\54.0.2840.71\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2016-10-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-17 02:18]
.
2016-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-15 13:30]
.
2016-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-15 13:30]
.
2016-10-27 c:\windows\Tasks\HPCeeScheduleForAnnie Lee.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16 14:51]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SncrOverlays (Blocked)]
@="{C418E880-6280-4010-A888-FD76028E5511}"
[HKEY_CLASSES_ROOT\CLSID\{C418E880-6280-4010-A888-FD76028E5511}]
2015-11-24 12:30 1092856 ----a-w- c:\program files\Verizon\Verizon Cloud\x64\Sncr.Overlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SncrOverlays (InSync)]
@="{5F4A6070-DB92-4C56-A487-F3850430608F}"
[HKEY_CLASSES_ROOT\CLSID\{5F4A6070-DB92-4C56-A487-F3850430608F}]
2015-11-24 12:30 1092856 ----a-w- c:\program files\Verizon\Verizon Cloud\x64\Sncr.Overlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SncrOverlays (Pending)]
@="{EE73A341-C788-4A6B-B1EF-DDBFC0F190B6}"
[HKEY_CLASSES_ROOT\CLSID\{EE73A341-C788-4A6B-B1EF-DDBFC0F190B6}]
2015-11-24 12:30 1092856 ----a-w- c:\program files\Verizon\Verizon Cloud\x64\Sncr.Overlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SncrOverlays (Syncing)]
@="{28CDCD88-B179-49D6-8B21-1A9AF9C0AE13}"
[HKEY_CLASSES_ROOT\CLSID\{28CDCD88-B179-49D6-8B21-1A9AF9C0AE13}]
2015-11-24 12:30 1092856 ----a-w- c:\program files\Verizon\Verizon Cloud\x64\Sncr.Overlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Annie Lee\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Annie Lee\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Annie Lee\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Annie Lee\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-20 611896]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-07-22 487424]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2016-08-30 1354712]
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.254.254
TCP: Interfaces\{92CA435D-5C36-475A-BAF7-283E4B648D18}\132364850323033303236323: NameServer = 208.69.150.252,208.69.150.250
TCP: Interfaces\{92CA435D-5C36-475A-BAF7-283E4B648D18}\2456C6B696E6E243343353: NameServer = 208.69.150.252,208.69.150.250
TCP: Interfaces\{92CA435D-5C36-475A-BAF7-283E4B648D18}\E45445745414256313: NameServer = 208.69.150.252,208.69.150.250
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.2.0.0/GarminAxControl_32.CAB
FF - ProfilePath - c:\users\Annie Lee\AppData\Roaming\Mozilla\Firefox\Profiles\esyq1ljt.default-1460334229289\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/en-us/?pc=U227&ocid=U227DHP&DT=111514
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-SLABCOMM&10C4&EA60 - c:\program files (x86)\Silabs\MCU\DriverUninstall\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_23_0_0_205_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_23_0_0_205_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_23_0_0_205_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_23_0_0_205_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_23_0_0_205.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.23"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_23_0_0_205.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_23_0_0_205.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_23_0_0_205.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2016-10-27 13:30:58
ComboFix-quarantined-files.txt 2016-10-27 17:30
.
Pre-Run: 618,078,150,656 bytes free
Post-Run: 617,698,217,984 bytes free
.
- - End Of File - - 4B6BCF4E6C2A7607F2DDBF58F9BA703F
8C437244E00495B929B338B5A0E306BC
ComboFix 16-10-23.01 - Annie Lee 10/27/2016 13:09:23.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5883.3516 [GMT -4:00]
Running from: c:\users\Annie Lee\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {71A27EC9-3DA6-45FC-60A7-004F623C6189}
SP: Microsoft Security Essentials *Disabled/Updated* {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\windows\msdownld.tmp
c:\windows\TEMP\HP Support Framework\HPSF_Config1.dll
.
.
((((((((((((((((((((((((( Files Created from 2016-09-27 to 2016-10-27 )))))))))))))))))))))))))))))))
.
.
2016-10-27 17:24 . 2016-10-27 17:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-10-27 14:04 . 2016-10-27 14:04 9310 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2016-10-27 14:04 . 2016-10-27 14:04 8646 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2016-10-27 14:04 . 2016-10-27 14:04 6429 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2016-10-27 14:04 . 2016-10-27 14:04 63115 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2016-10-27 14:04 . 2016-10-27 14:04 5927 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2016-10-27 14:04 . 2016-10-27 14:04 4599 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2016-10-27 14:03 . 2016-10-27 14:03 8613 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2016-10-27 14:03 . 2016-10-27 14:03 8288 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2016-10-27 14:03 . 2016-10-27 14:03 6910 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2016-10-27 14:03 . 2016-10-27 14:03 6208 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
2016-10-27 14:03 . 2016-10-27 14:03 18541 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
2016-10-27 14:03 . 2016-10-27 14:03 1651 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
2016-10-27 14:03 . 2016-10-27 14:03 51852 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2016-10-27 14:03 . 2016-10-27 14:03 23327 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2016-10-27 14:03 . 2016-10-27 14:03 20719 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2016-10-27 14:03 . 2016-10-27 14:03 8782 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2016-10-27 14:03 . 2016-10-27 14:03 7271 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2016-10-27 13:10 . 2016-10-06 21:42 12033040 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{010BFDF5-B5FB-4749-8BC2-8A429EC1CF04}\mpengine.dll
2016-10-27 11:18 . 2016-10-06 21:42 12033040 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2016-10-27 02:17 . 2016-10-27 02:17 -------- d-----w- c:\users\Annie Lee\AppData\Local\CrashDumps
2016-10-26 13:57 . 2016-10-26 14:17 -------- d-----w- C:\AdwCleaner
2016-10-25 02:35 . 2016-10-25 02:35 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-10-25 02:34 . 2016-10-26 17:59 -------- d-----w- c:\program files\RogueKiller
2016-10-25 02:34 . 2016-10-25 12:41 -------- d-----w- c:\programdata\RogueKiller
2016-10-24 02:09 . 2016-10-25 02:01 -------- d-----w- C:\FRST
2016-10-20 22:01 . 2016-07-22 14:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2016-10-20 22:01 . 2016-07-22 14:51 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2016-10-16 19:16 . 2016-10-16 19:16 326880 ----a-r- c:\users\Annie Lee\AppData\Roaming\Microsoft\Installer\{28145961-299d-4f61-88d6-ff9ea46bd919}\ARPPRODUCTICON.exe
2016-10-16 19:16 . 2016-10-16 19:16 -------- d-----w- c:\users\Annie Lee\AppData\Local\Cisco
2016-10-06 12:56 . 2016-08-22 11:57 1167568 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6786B300-1321-4AA2-8B82-10E785C05F6B}\gapaengine.dll
2016-09-28 03:01 . 2016-10-27 16:08 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-09-28 03:00 . 2016-03-10 18:08 140672 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-09-28 03:00 . 2016-10-25 12:58 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2016-09-28 03:00 . 2016-09-28 03:00 -------- d-----w- c:\programdata\Malwarebytes
2016-09-28 03:00 . 2016-03-10 18:09 64896 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-09-28 03:00 . 2016-03-10 18:08 27008 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-10-27 02:18 . 2013-09-17 02:40 796352 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-10-27 02:18 . 2013-09-17 02:40 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-10-25 19:37 . 2013-09-16 20:50 485032 ------w- c:\windows\system32\MpSigStub.exe
2016-10-21 02:21 . 2013-09-17 00:20 143495576 -c--a-w- c:\windows\system32\MRT.exe
2016-09-09 17:59 . 2016-10-20 22:13 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2016-08-25 14:46 . 2016-08-25 14:46 295000 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2016-08-25 14:46 . 2015-11-13 12:50 135928 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2016-08-22 11:57 . 2016-08-24 15:06 1167568 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2016-08-16 17:36 . 2016-09-15 17:43 1009152 ----a-w- c:\windows\system32\user32.dll
2016-08-16 02:48 . 2016-09-15 17:43 833024 ----a-w- c:\windows\SysWow64\user32.dll
2016-08-12 16:46 . 2016-10-20 22:13 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2016-08-12 16:26 . 2016-09-15 17:42 464896 ----a-w- c:\windows\system32\drivers\srv.sys
2016-08-12 16:26 . 2016-09-15 17:42 405504 ----a-w- c:\windows\system32\drivers\srv2.sys
2016-08-12 16:26 . 2016-09-15 17:42 168960 ----a-w- c:\windows\system32\drivers\srvnet.sys
2016-08-06 15:31 . 2016-09-15 17:42 877056 ----a-w- c:\windows\system32\oleaut32.dll
2016-08-06 15:15 . 2016-09-15 17:42 581632 ----a-w- c:\windows\SysWow64\oleaut32.dll
2016-08-05 17:25 . 2016-08-05 17:25 74703 ----a-w- c:\windows\SysWow64\mfc45.dat
2016-08-05 15:30 . 2016-09-20 17:48 2048 ----a-w- c:\windows\system32\tzres.dll
2016-08-05 15:13 . 2016-09-20 17:48 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Annie Lee\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Annie Lee\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Annie Lee\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VideoGuardMonitor"="c:\users\Annie Lee\AppData\Local\Cisco\VideoGuardPlayer\VideoGuardMonitor\CiscoVideoGuardMonitor.exe" [2016-06-30 4155656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2011-06-14 587320]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2008-10-20 210208]
"GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2016-08-31 1402792]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
System Mechanic.lnk - c:\program files (x86)\iolo\System Mechanic\SystemMechanic.exe [2016-9-16 410880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 CLKMSVC10_C6F09094;CyberLink Product - 2013/09/15 22:19;c:\program files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe;c:\program files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 Garmin Device Interaction Service;Garmin Device Interaction Service;c:\program files (x86)\Garmin\Device Interaction Service\GarminService.exe;c:\program files (x86)\Garmin\Device Interaction Service\GarminService.exe [x]
R3 libusb0;libusb-win32 - Kernel Driver 04/08/2011 1.2.4.0;c:\windows\system32\DRIVERS\libusb0.sys;c:\windows\SYSNATIVE\DRIVERS\libusb0.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 SkyhawkeUSBLan;SkyhawkeUSBLan;c:\windows\system32\DRIVERS\btblan.sys;c:\windows\SYSNATIVE\DRIVERS\btblan.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 vzandnetdiag;LGE AndroidNet for VZW USB Serial Port;c:\windows\system32\DRIVERS\lgvzandnetdiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lgvzandnetdiag64.sys [x]
R3 vzandnetmodem;LGE AndroidNet for VZW USB Modem;c:\windows\system32\DRIVERS\lgvzandnetmdm64.sys;c:\windows\SYSNATIVE\DRIVERS\lgvzandnetmdm64.sys [x]
R3 vzandnetndis;LGE AndroidNet for VZW NDIS Ethernet Adapter;c:\windows\system32\DRIVERS\lgvzandnetndis64.sys;c:\windows\SYSNATIVE\DRIVERS\lgvzandnetndis64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
R4 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [x]
R4 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x]
R4 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys;c:\windows\SYSNATIVE\drivers\ElRawDsk.sys [x]
S1 RawDisk3;RawDisk3;c:\windows\system32\drivers\rawdsk3.sys;c:\windows\SYSNATIVE\drivers\rawdsk3.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 BcmBtRSupport;Bluetooth Driver Management Service;c:\windows\system32\BtwRSupportService.exe;c:\windows\SYSNATIVE\BtwRSupportService.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe;c:\program files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 Seagate Dashboard Services;Seagate Dashboard Services;c:\program files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe;c:\program files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [x]
S2 Seagate MobileBackup Service;Seagate MobileBackup Service;c:\program files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe;c:\program files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe;c:\windows\SYSNATIVE\vcsFPService.exe [x]
S3 bcbtums;Bluetooth USB LD Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
S3 btwampfl;btwampfl;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 clwvd;HP Webcam Splitter;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
*Deregistered* - CLKMDRV10_C6F09094
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-05-19 17:36 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-10-24 21:23 1363560 ----a-w- c:\program files (x86)\Google\Chrome\Application\54.0.2840.71\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2016-10-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-17 02:18]
.
2016-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-15 13:30]
.
2016-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-15 13:30]
.
2016-10-27 c:\windows\Tasks\HPCeeScheduleForAnnie Lee.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16 14:51]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SncrOverlays (Blocked)]
@="{C418E880-6280-4010-A888-FD76028E5511}"
[HKEY_CLASSES_ROOT\CLSID\{C418E880-6280-4010-A888-FD76028E5511}]
2015-11-24 12:30 1092856 ----a-w- c:\program files\Verizon\Verizon Cloud\x64\Sncr.Overlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SncrOverlays (InSync)]
@="{5F4A6070-DB92-4C56-A487-F3850430608F}"
[HKEY_CLASSES_ROOT\CLSID\{5F4A6070-DB92-4C56-A487-F3850430608F}]
2015-11-24 12:30 1092856 ----a-w- c:\program files\Verizon\Verizon Cloud\x64\Sncr.Overlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SncrOverlays (Pending)]
@="{EE73A341-C788-4A6B-B1EF-DDBFC0F190B6}"
[HKEY_CLASSES_ROOT\CLSID\{EE73A341-C788-4A6B-B1EF-DDBFC0F190B6}]
2015-11-24 12:30 1092856 ----a-w- c:\program files\Verizon\Verizon Cloud\x64\Sncr.Overlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SncrOverlays (Syncing)]
@="{28CDCD88-B179-49D6-8B21-1A9AF9C0AE13}"
[HKEY_CLASSES_ROOT\CLSID\{28CDCD88-B179-49D6-8B21-1A9AF9C0AE13}]
2015-11-24 12:30 1092856 ----a-w- c:\program files\Verizon\Verizon Cloud\x64\Sncr.Overlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Annie Lee\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Annie Lee\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Annie Lee\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Annie Lee\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-20 611896]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-07-22 487424]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2016-08-30 1354712]
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.254.254
TCP: Interfaces\{92CA435D-5C36-475A-BAF7-283E4B648D18}\132364850323033303236323: NameServer = 208.69.150.252,208.69.150.250
TCP: Interfaces\{92CA435D-5C36-475A-BAF7-283E4B648D18}\2456C6B696E6E243343353: NameServer = 208.69.150.252,208.69.150.250
TCP: Interfaces\{92CA435D-5C36-475A-BAF7-283E4B648D18}\E45445745414256313: NameServer = 208.69.150.252,208.69.150.250
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.2.0.0/GarminAxControl_32.CAB
FF - ProfilePath - c:\users\Annie Lee\AppData\Roaming\Mozilla\Firefox\Profiles\esyq1ljt.default-1460334229289\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/en-us/?pc=U227&ocid=U227DHP&DT=111514
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-SLABCOMM&10C4&EA60 - c:\program files (x86)\Silabs\MCU\DriverUninstall\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_23_0_0_205_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_23_0_0_205_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_23_0_0_205_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_23_0_0_205_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_23_0_0_205.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.23"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_23_0_0_205.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_23_0_0_205.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_23_0_0_205.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2016-10-27 13:30:58
ComboFix-quarantined-files.txt 2016-10-27 17:30
.
Pre-Run: 618,078,150,656 bytes free
Post-Run: 617,698,217,984 bytes free
.
- - End Of File - - 4B6BCF4E6C2A7607F2DDBF58F9BA703F
8C437244E00495B929B338B5A0E306BC
Broni
Posts: 56,041 +516
Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.
- Double click to run it.
- Make sure you checkmark Addition.txt box.
- Press Scan button.
- Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
Anne Kofod
Posts: 43 +0
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-10-2015
Ran by Annie Lee (administrator) on ANNIELEE-HP (27-10-2016 20:49:08)
Running from C:\Users\Annie Lee\Desktop
Loaded Profiles: Annie Lee (Available Profiles: Annie Lee)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpHostW.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic\ioloGovernor64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpAgent.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
() C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_23_0_0_205.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_23_0_0_205.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [611896 2010-01-20] ()
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-06-18] (Hewlett-Packard Company)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-07-22] (IDT, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1354712 2016-08-30] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [587320 2011-06-14] (Hewlett-Packard Development Company, L.P.)
HKU\S-1-5-21-2899254803-3239824921-2955042760-1001\...\Run: [VideoGuardMonitor] => C:\Users\Annie Lee\AppData\Local\Cisco\VideoGuardPlayer\VideoGuardMonitor\CiscoVideoGuardMonitor.exe [4155656 2016-06-29] (Cisco)
HKU\S-1-5-18\...\Run: [ISUSPM] => C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe [210208 2008-10-20] (Acresso Corporation)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1402792 2016-08-31] (Garmin Ltd. or its subsidiaries)
Lsa: [Notification Packages] DPPassFilter scecli
ShellIconOverlayIdentifiers: [ SncrOverlays (Blocked)] -> {C418E880-6280-4010-A888-FD76028E5511} => C:\Program Files\Verizon\Verizon Cloud\x64\Sncr.Overlays.dll [2015-11-24] (Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers: [ SncrOverlays (InSync)] -> {5F4A6070-DB92-4C56-A487-F3850430608F} => C:\Program Files\Verizon\Verizon Cloud\x64\Sncr.Overlays.dll [2015-11-24] (Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers: [ SncrOverlays (Pending)] -> {EE73A341-C788-4A6B-B1EF-DDBFC0F190B6} => C:\Program Files\Verizon\Verizon Cloud\x64\Sncr.Overlays.dll [2015-11-24] (Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers: [ SncrOverlays (Syncing)] -> {28CDCD88-B179-49D6-8B21-1A9AF9C0AE13} => C:\Program Files\Verizon\Verizon Cloud\x64\Sncr.Overlays.dll [2015-11-24] (Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Annie Lee\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Annie Lee\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Annie Lee\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Annie Lee\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Annie Lee\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Annie Lee\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Annie Lee\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\System Mechanic.lnk [2016-08-05]
ShortcutTarget: System Mechanic.lnk -> C:\Program Files (x86)\iolo\System Mechanic\SystemMechanic.exe (iolo technologies, LLC)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{2330AF55-1D6D-4902-A5B2-EBEAC223EC3E}: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{92CA435D-5C36-475A-BAF7-283E4B648D18}: [DhcpNameServer] 192.168.254.254
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2899254803-3239824921-2955042760-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2899254803-3239824921-2955042760-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2899254803-3239824921-2955042760-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {35E12DC9-65B9-4F4E-9146-B9B7A159A684} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {35E12DC9-65B9-4F4E-9146-B9B7A159A684} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {A2C5ED8C-ABC4-414E-9FBE-0965D72F9886} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {D7296C09-54BF-4E20-A2CA-A98F7422DB95} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {35E12DC9-65B9-4F4E-9146-B9B7A159A684} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {35E12DC9-65B9-4F4E-9146-B9B7A159A684} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {A2C5ED8C-ABC4-414E-9FBE-0965D72F9886} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {D7296C09-54BF-4E20-A2CA-A98F7422DB95} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-2899254803-3239824921-2955042760-1001 -> DefaultScope {35E12DC9-65B9-4F4E-9146-B9B7A159A684} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2899254803-3239824921-2955042760-1001 -> {35E12DC9-65B9-4F4E-9146-B9B7A159A684} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2899254803-3239824921-2955042760-1001 -> {A2C5ED8C-ABC4-414E-9FBE-0965D72F9886} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-2899254803-3239824921-2955042760-1001 -> {D7296C09-54BF-4E20-A2CA-A98F7422DB95} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-29] (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-09-03] (Sun Microsystems, Inc.)
BHO: No Name -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-11-21] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-29] (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-11-21] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-29] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-29] (Google Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-17] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-17] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Annie Lee\AppData\Roaming\Mozilla\Firefox\Profiles\esyq1ljt.default-1460334229289
FF DefaultSearchEngine.US: Bing
FF Homepage: hxxp://www.msn.com/en-us/?pc=U227&ocid=U227DHP&DT=111514
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_205.dll [2016-10-26] ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_205.dll [2016-10-26] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2010-05-05] (Adobe Systems, Inc.)
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-17] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2899254803-3239824921-2955042760-1001: @addlive.com/AddLive(v3),version=3.0.16.5 -> C:\Users\Annie Lee\AppData\LocalLow\AddLive_v3\3.0.16.5\npAddLive.dll [2016-06-22] (LiveFoundry Inc.)
FF Plugin HKU\S-1-5-21-2899254803-3239824921-2955042760-1001: @hulu.com/Hulu Desktop -> C:\Users\Annie Lee\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll [2010-08-12] (Hulu LLC)
FF Extension: Ebates Cash Back - C:\Users\Annie Lee\AppData\Roaming\Mozilla\Firefox\Profiles\esyq1ljt.default-1460334229289\Extensions\{35d6291e-1d4b-f9b4-c52f-77e6410d1326}.xpi [2016-05-12]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-10-20]
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt [2016-04-06]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Annie Lee\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Annie Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-15]
CHR Extension: (Google Drive) - C:\Users\Annie Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-15]
CHR Extension: (YouTube) - C:\Users\Annie Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-15]
CHR Extension: (Google Search) - C:\Users\Annie Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-15]
CHR Extension: (Google Calendar) - C:\Users\Annie Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2016-01-24]
CHR Extension: (Google Docs Offline) - C:\Users\Annie Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Annie Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-15]
CHR Extension: (Gmail) - C:\Users\Annie Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-15]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-08-09] (Broadcom Corporation.)
S2 CLKMSVC10_C6F09094; C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [245232 2010-06-29] (CyberLink)
S3 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [928272 2016-08-31] (Garmin Ltd. or its subsidiaries)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29728 2016-08-15] (HP Inc.)
S4 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-05-19] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [120888 2016-08-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-08-30] (Microsoft Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16000 2014-09-17] (Seagate Technology LLC)
R2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [157776 2014-09-17] (Seagate Technology LLC)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170712 2013-08-09] (Broadcom Corporation.)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [30752 2012-07-26] (EldoS Corporation)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [44480 2013-09-23] (http://libusb-win32.sourceforge.net)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-10-27] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
R1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [32568 2015-07-24] (EldoS Corporation)
S3 SkyhawkeUSBLan; C:\Windows\System32\DRIVERS\btblan.sys [47600 2010-04-15] (Belcarra Technologies)
S3 vzandnetdiag; C:\Windows\System32\DRIVERS\lgvzandnetdiag64.sys [29696 2013-05-06] (LG Electronics Inc.)
S3 vzandnetmodem; C:\Windows\System32\DRIVERS\lgvzandnetmdm64.sys [36864 2013-05-06] (LG Electronics Inc.)
S3 vzandnetndis; C:\Windows\System32\DRIVERS\lgvzandnetndis64.sys [94208 2013-10-14] (LG Electronics Inc.)
U3 catchme; \??\C:\ComboFix\catchme.sys [X]
U2 TMAgent; no ImagePath
Ran by Annie Lee (administrator) on ANNIELEE-HP (27-10-2016 20:49:08)
Running from C:\Users\Annie Lee\Desktop
Loaded Profiles: Annie Lee (Available Profiles: Annie Lee)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpHostW.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic\ioloGovernor64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpAgent.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
() C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_23_0_0_205.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_23_0_0_205.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [611896 2010-01-20] ()
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-06-18] (Hewlett-Packard Company)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-07-22] (IDT, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1354712 2016-08-30] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [587320 2011-06-14] (Hewlett-Packard Development Company, L.P.)
HKU\S-1-5-21-2899254803-3239824921-2955042760-1001\...\Run: [VideoGuardMonitor] => C:\Users\Annie Lee\AppData\Local\Cisco\VideoGuardPlayer\VideoGuardMonitor\CiscoVideoGuardMonitor.exe [4155656 2016-06-29] (Cisco)
HKU\S-1-5-18\...\Run: [ISUSPM] => C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe [210208 2008-10-20] (Acresso Corporation)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1402792 2016-08-31] (Garmin Ltd. or its subsidiaries)
Lsa: [Notification Packages] DPPassFilter scecli
ShellIconOverlayIdentifiers: [ SncrOverlays (Blocked)] -> {C418E880-6280-4010-A888-FD76028E5511} => C:\Program Files\Verizon\Verizon Cloud\x64\Sncr.Overlays.dll [2015-11-24] (Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers: [ SncrOverlays (InSync)] -> {5F4A6070-DB92-4C56-A487-F3850430608F} => C:\Program Files\Verizon\Verizon Cloud\x64\Sncr.Overlays.dll [2015-11-24] (Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers: [ SncrOverlays (Pending)] -> {EE73A341-C788-4A6B-B1EF-DDBFC0F190B6} => C:\Program Files\Verizon\Verizon Cloud\x64\Sncr.Overlays.dll [2015-11-24] (Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers: [ SncrOverlays (Syncing)] -> {28CDCD88-B179-49D6-8B21-1A9AF9C0AE13} => C:\Program Files\Verizon\Verizon Cloud\x64\Sncr.Overlays.dll [2015-11-24] (Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Annie Lee\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Annie Lee\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Annie Lee\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Annie Lee\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Annie Lee\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Annie Lee\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Annie Lee\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll [2013-09-10] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\System Mechanic.lnk [2016-08-05]
ShortcutTarget: System Mechanic.lnk -> C:\Program Files (x86)\iolo\System Mechanic\SystemMechanic.exe (iolo technologies, LLC)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{2330AF55-1D6D-4902-A5B2-EBEAC223EC3E}: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{92CA435D-5C36-475A-BAF7-283E4B648D18}: [DhcpNameServer] 192.168.254.254
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2899254803-3239824921-2955042760-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2899254803-3239824921-2955042760-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2899254803-3239824921-2955042760-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {35E12DC9-65B9-4F4E-9146-B9B7A159A684} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {35E12DC9-65B9-4F4E-9146-B9B7A159A684} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {A2C5ED8C-ABC4-414E-9FBE-0965D72F9886} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {D7296C09-54BF-4E20-A2CA-A98F7422DB95} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {35E12DC9-65B9-4F4E-9146-B9B7A159A684} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {35E12DC9-65B9-4F4E-9146-B9B7A159A684} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {A2C5ED8C-ABC4-414E-9FBE-0965D72F9886} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {D7296C09-54BF-4E20-A2CA-A98F7422DB95} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-2899254803-3239824921-2955042760-1001 -> DefaultScope {35E12DC9-65B9-4F4E-9146-B9B7A159A684} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2899254803-3239824921-2955042760-1001 -> {35E12DC9-65B9-4F4E-9146-B9B7A159A684} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2899254803-3239824921-2955042760-1001 -> {A2C5ED8C-ABC4-414E-9FBE-0965D72F9886} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-2899254803-3239824921-2955042760-1001 -> {D7296C09-54BF-4E20-A2CA-A98F7422DB95} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-29] (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-09-03] (Sun Microsystems, Inc.)
BHO: No Name -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-11-21] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-29] (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-11-21] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-29] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-29] (Google Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-17] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-17] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Annie Lee\AppData\Roaming\Mozilla\Firefox\Profiles\esyq1ljt.default-1460334229289
FF DefaultSearchEngine.US: Bing
FF Homepage: hxxp://www.msn.com/en-us/?pc=U227&ocid=U227DHP&DT=111514
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_205.dll [2016-10-26] ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_205.dll [2016-10-26] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2010-05-05] (Adobe Systems, Inc.)
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-17] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2899254803-3239824921-2955042760-1001: @addlive.com/AddLive(v3),version=3.0.16.5 -> C:\Users\Annie Lee\AppData\LocalLow\AddLive_v3\3.0.16.5\npAddLive.dll [2016-06-22] (LiveFoundry Inc.)
FF Plugin HKU\S-1-5-21-2899254803-3239824921-2955042760-1001: @hulu.com/Hulu Desktop -> C:\Users\Annie Lee\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll [2010-08-12] (Hulu LLC)
FF Extension: Ebates Cash Back - C:\Users\Annie Lee\AppData\Roaming\Mozilla\Firefox\Profiles\esyq1ljt.default-1460334229289\Extensions\{35d6291e-1d4b-f9b4-c52f-77e6410d1326}.xpi [2016-05-12]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-10-20]
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt [2016-04-06]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Annie Lee\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Annie Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-15]
CHR Extension: (Google Drive) - C:\Users\Annie Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-15]
CHR Extension: (YouTube) - C:\Users\Annie Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-15]
CHR Extension: (Google Search) - C:\Users\Annie Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-15]
CHR Extension: (Google Calendar) - C:\Users\Annie Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2016-01-24]
CHR Extension: (Google Docs Offline) - C:\Users\Annie Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Annie Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-15]
CHR Extension: (Gmail) - C:\Users\Annie Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-15]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-08-09] (Broadcom Corporation.)
S2 CLKMSVC10_C6F09094; C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [245232 2010-06-29] (CyberLink)
S3 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [928272 2016-08-31] (Garmin Ltd. or its subsidiaries)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29728 2016-08-15] (HP Inc.)
S4 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-05-19] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [120888 2016-08-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-08-30] (Microsoft Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16000 2014-09-17] (Seagate Technology LLC)
R2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [157776 2014-09-17] (Seagate Technology LLC)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170712 2013-08-09] (Broadcom Corporation.)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [30752 2012-07-26] (EldoS Corporation)
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [44480 2013-09-23] (http://libusb-win32.sourceforge.net)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-10-27] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
R1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [32568 2015-07-24] (EldoS Corporation)
S3 SkyhawkeUSBLan; C:\Windows\System32\DRIVERS\btblan.sys [47600 2010-04-15] (Belcarra Technologies)
S3 vzandnetdiag; C:\Windows\System32\DRIVERS\lgvzandnetdiag64.sys [29696 2013-05-06] (LG Electronics Inc.)
S3 vzandnetmodem; C:\Windows\System32\DRIVERS\lgvzandnetmdm64.sys [36864 2013-05-06] (LG Electronics Inc.)
S3 vzandnetndis; C:\Windows\System32\DRIVERS\lgvzandnetndis64.sys [94208 2013-10-14] (LG Electronics Inc.)
U3 catchme; \??\C:\ComboFix\catchme.sys [X]
U2 TMAgent; no ImagePath
Anne Kofod
Posts: 43 +0
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-10-27 20:49 - 2016-10-27 20:50 - 00023488 _____ C:\Users\Annie Lee\Desktop\FRST.txt
2016-10-27 13:41 - 2016-10-27 13:41 - 00024595 _____ C:\Users\Annie Lee\Documents\Combofix scan result.txt
2016-10-27 13:30 - 2016-10-27 13:30 - 00029671 _____ C:\ComboFix.txt
2016-10-27 13:06 - 2016-10-27 13:31 - 00000000 ____D C:\ComboFix
2016-10-27 13:06 - 2011-06-26 02:45 - 00256000 _____ C:\Windows\PEV.exe
2016-10-27 13:06 - 2010-11-07 13:20 - 00208896 _____ C:\Windows\MBR.exe
2016-10-27 13:06 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-10-27 13:06 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-10-27 13:06 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-10-27 13:06 - 2000-08-30 20:00 - 00098816 _____ C:\Windows\sed.exe
2016-10-27 13:06 - 2000-08-30 20:00 - 00080412 _____ C:\Windows\grep.exe
2016-10-27 13:06 - 2000-08-30 20:00 - 00068096 _____ C:\Windows\zip.exe
2016-10-27 13:03 - 2016-10-27 13:31 - 00000000 ____D C:\Qoobox
2016-10-27 13:03 - 2016-10-27 13:26 - 00000000 ____D C:\Windows\erdnt
2016-10-27 13:01 - 2016-10-27 13:01 - 05658651 ____R (Swearware) C:\Users\Annie Lee\Downloads\ComboFix.exe
2016-10-27 11:06 - 2016-10-27 11:06 - 00007597 _____ C:\Users\Annie Lee\AppData\Local\Resmon.ResmonCfg
2016-10-26 22:17 - 2016-10-26 22:17 - 00000000 ____D C:\Users\Annie Lee\AppData\Local\CrashDumps
2016-10-26 13:57 - 2016-10-26 13:57 - 00003562 _____ C:\Users\Annie Lee\Desktop\JRT.txt
2016-10-26 13:50 - 2016-10-26 13:50 - 01631928 _____ (Malwarebytes) C:\Users\Annie Lee\Downloads\JRT.exe
2016-10-26 09:57 - 2016-10-26 10:17 - 00000000 ____D C:\AdwCleaner
2016-10-26 09:57 - 2016-10-26 09:57 - 03910208 _____ C:\Users\Annie Lee\Downloads\adwcleaner_6.030.exe
2016-10-25 13:52 - 2016-10-25 13:52 - 00001069 _____ C:\Malwarebytes 2nd.txt
2016-10-25 10:37 - 2016-10-25 10:37 - 00001074 _____ C:\Malwarebytes 10252016.txt
2016-10-25 09:34 - 2016-10-27 10:02 - 00001716 _____ C:\Windows\PFRO.log
2016-10-25 08:54 - 2016-10-25 08:55 - 22851472 _____ (Malwarebytes ) C:\Users\Annie Lee\Downloads\mbam-setup-2.2.1.1043.exe
2016-10-25 08:47 - 2016-10-25 08:47 - 00802870 _____ C:\Users\Annie Lee\Downloads\RogueKiller V12.7.4.0 (x64) [Oct 24 2016] (Free) by Adlice Software Disks.htm
2016-10-25 08:46 - 2016-10-25 08:46 - 00802870 _____ C:\Users\Annie Lee\Downloads\RogueKiller V12.7.4.0 (x64) [Oct 24 2016] (Free) by Adlice Software Filesystem.htm
2016-10-25 08:45 - 2016-10-25 08:45 - 00802870 _____ C:\Users\Annie Lee\Downloads\RogueKiller V12.7.4.0 (x64) [Oct 24 2016] (Free) by Adlice Software Tasks.htm
2016-10-25 08:45 - 2016-10-25 08:45 - 00802870 _____ C:\Users\Annie Lee\Downloads\RogueKiller V12.7.4.0 (x64) [Oct 24 2016] (Free) by Adlice Software Registry.htm
2016-10-25 08:45 - 2016-10-25 08:45 - 00802870 _____ C:\Users\Annie Lee\Downloads\RogueKiller V12.7.4.0 (x64) [Oct 24 2016] (Free) by Adlice Software Memory.htm
2016-10-24 22:35 - 2016-10-24 22:35 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-10-24 22:34 - 2016-10-26 13:59 - 00000000 ____D C:\Program Files\RogueKiller
2016-10-24 22:34 - 2016-10-25 08:41 - 00000000 ____D C:\ProgramData\RogueKiller
2016-10-24 22:34 - 2016-10-24 22:34 - 00000818 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2016-10-24 22:34 - 2016-10-24 22:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-10-24 22:32 - 2016-10-24 22:32 - 33630368 _____ (Adlice Software ) C:\Users\Annie Lee\Downloads\setup.exe
2016-10-23 22:16 - 2016-10-23 22:20 - 00000394 _____ C:\Users\Annie Lee\Downloads\Search.txt
2016-10-23 22:11 - 2016-10-24 22:26 - 00031627 _____ C:\Users\Annie Lee\Downloads\Addition.txt
2016-10-23 22:10 - 2016-10-24 22:01 - 00031999 _____ C:\Users\Annie Lee\Downloads\FRST.txt
2016-10-23 22:09 - 2016-10-27 20:49 - 00000000 ____D C:\FRST
2016-10-23 22:08 - 2016-10-23 22:09 - 02193920 _____ (Farbar) C:\Users\Annie Lee\Desktop\FRST64.exe
2016-10-23 19:54 - 2016-10-27 10:03 - 00001176 _____ C:\Windows\setupact.log
2016-10-23 19:54 - 2016-10-23 19:54 - 00000000 _____ C:\Windows\setuperr.log
2016-10-20 20:49 - 2016-10-23 10:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-10-20 18:59 - 2016-10-20 18:59 - 00000000 ____D C:\Users\Annie Lee\Documents\Avatar
2016-10-20 18:13 - 2016-09-30 11:37 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-10-20 18:13 - 2016-09-30 11:20 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-10-20 18:13 - 2016-09-30 11:20 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-10-20 18:13 - 2016-09-15 11:30 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-10-20 18:13 - 2016-09-15 11:30 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-10-20 18:13 - 2016-09-15 11:15 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-10-20 18:13 - 2016-09-15 11:15 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2016-10-20 18:13 - 2016-09-12 17:13 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-10-20 18:13 - 2016-09-12 17:13 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-10-20 18:13 - 2016-09-12 17:08 - 01465344 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-10-20 18:13 - 2016-09-12 17:08 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-10-20 18:13 - 2016-09-12 17:08 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-10-20 18:13 - 2016-09-12 17:08 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-10-20 18:13 - 2016-09-12 17:08 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-10-20 18:13 - 2016-09-12 17:08 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-10-20 18:13 - 2016-09-12 17:08 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-10-20 18:13 - 2016-09-12 17:08 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-10-20 18:13 - 2016-09-12 17:08 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-10-20 18:13 - 2016-09-12 17:08 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-10-20 18:13 - 2016-09-12 17:08 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-10-20 18:13 - 2016-09-12 17:08 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-10-20 18:13 - 2016-09-12 17:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll
2016-10-20 18:13 - 2016-09-12 17:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-10-20 18:13 - 2016-09-12 17:08 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-10-20 18:13 - 2016-09-12 17:08 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-10-20 18:13 - 2016-09-12 17:08 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-10-20 18:13 - 2016-09-12 17:08 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-10-20 18:13 - 2016-09-12 17:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-10-20 18:13 - 2016-09-12 16:49 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-10-20 18:13 - 2016-09-12 16:49 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-10-20 18:13 - 2016-09-12 16:49 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-10-20 18:13 - 2016-09-12 16:49 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-10-20 18:13 - 2016-09-12 16:49 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-10-20 18:13 - 2016-09-12 16:49 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-10-20 18:13 - 2016-09-12 16:49 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-10-20 18:13 - 2016-09-12 16:49 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-10-20 18:13 - 2016-09-12 16:49 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-10-20 18:13 - 2016-09-12 16:49 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-10-20 18:13 - 2016-09-12 16:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-10-20 18:13 - 2016-09-12 16:49 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsmsext.dll
2016-10-20 18:13 - 2016-09-12 16:49 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-10-20 18:13 - 2016-09-12 16:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-10-20 18:13 - 2016-09-12 16:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-10-20 18:13 - 2016-09-12 16:49 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-10-20 18:13 - 2016-09-12 16:39 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-10-20 18:13 - 2016-09-12 16:37 - 03218944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-10-20 18:13 - 2016-09-12 16:32 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-10-20 18:13 - 2016-09-12 16:32 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-10-20 18:13 - 2016-09-12 16:32 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-10-20 18:13 - 2016-09-12 16:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-10-20 18:13 - 2016-09-12 16:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-10-20 18:13 - 2016-09-12 16:25 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-10-20 18:13 - 2016-09-12 15:08 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2016-10-20 18:13 - 2016-09-12 14:43 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2016-10-20 18:13 - 2016-09-12 14:43 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2016-10-20 18:13 - 2016-09-10 12:19 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2016-10-20 18:13 - 2016-09-10 11:53 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2016-10-20 18:13 - 2016-09-09 14:29 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-10-20 18:13 - 2016-09-09 14:26 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-10-20 18:13 - 2016-09-09 14:23 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-10-20 18:13 - 2016-09-09 14:20 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-10-20 18:13 - 2016-09-09 14:20 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-10-20 18:13 - 2016-09-09 14:20 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-10-20 18:13 - 2016-09-09 14:20 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-10-20 18:13 - 2016-09-09 14:20 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-10-20 18:13 - 2016-09-09 14:20 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-10-20 18:13 - 2016-09-09 14:20 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-10-20 18:13 - 2016-09-09 14:20 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-10-20 18:13 - 2016-09-09 14:20 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-10-20 18:13 - 2016-09-09 14:20 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-10-20 18:13 - 2016-09-09 14:20 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-10-20 18:13 - 2016-09-09 14:20 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-10-20 18:13 - 2016-09-09 14:20 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-10-20 18:13 - 2016-09-09 14:20 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-10-20 18:13 - 2016-09-09 14:20 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-10-20 18:13 - 2016-09-09 14:20 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 14:20 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 14:20 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 14:20 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 14:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 14:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 14:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 14:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 14:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 14:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 14:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 14:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 14:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 14:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 14:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 14:01 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-10-20 18:13 - 2016-09-09 14:00 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-10-20 18:13 - 2016-09-09 14:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-10-20 18:13 - 2016-09-09 14:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-10-20 18:13 - 2016-09-09 14:00 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-10-20 18:13 - 2016-09-09 13:59 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-10-20 18:13 - 2016-09-09 13:59 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-10-20 18:13 - 2016-09-09 13:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-10-20 18:13 - 2016-09-09 13:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 13:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 13:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 13:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 13:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 13:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 13:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 13:51 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-10-20 18:13 - 2016-09-09 13:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-10-20 18:13 - 2016-09-09 13:51 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-10-20 18:13 - 2016-09-09 13:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-10-20 18:13 - 2016-09-09 13:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-10-20 18:13 - 2016-09-09 13:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-10-20 18:13 - 2016-09-09 13:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-10-20 18:13 - 2016-09-09 13:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-10-20 18:13 - 2016-09-09 13:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-10-20 18:13 - 2016-09-09 13:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-10-20 18:13 - 2016-09-09 13:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 13:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 13:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-10-20 18:13 - 2016-09-08 16:34 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2016-10-20 18:13 - 2016-09-08 16:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2016-10-20 18:13 - 2016-09-08 16:34 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2016-10-20 18:13 - 2016-09-08 16:34 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2016-10-20 18:13 - 2016-09-08 10:55 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-10-20 18:13 - 2016-09-08 10:55 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2016-10-20 18:13 - 2016-08-12 13:02 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-10-20 18:13 - 2016-08-12 13:02 - 12574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-10-20 18:13 - 2016-08-12 13:02 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2016-10-20 18:13 - 2016-08-12 13:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2016-10-20 18:13 - 2016-08-12 13:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2016-10-20 18:13 - 2016-08-12 12:47 - 12574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2016-10-20 18:13 - 2016-08-12 12:47 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-10-20 18:13 - 2016-08-12 12:31 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2016-10-20 18:13 - 2016-08-12 12:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2016-10-20 18:13 - 2016-08-12 12:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2016-10-20 18:13 - 2016-08-12 12:26 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2016-10-20 18:13 - 2016-08-06 11:31 - 02023424 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2016-10-20 18:13 - 2016-08-06 11:31 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2016-10-20 18:13 - 2016-08-06 11:31 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2016-10-20 18:13 - 2016-08-06 11:31 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2016-10-20 18:13 - 2016-08-06 11:31 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll
2016-10-20 18:13 - 2016-08-06 11:31 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll
2016-10-20 18:13 - 2016-08-06 11:15 - 01178112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2016-10-20 18:13 - 2016-08-06 11:15 - 00249344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2016-10-20 18:13 - 2016-08-06 11:15 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2016-10-20 18:13 - 2016-08-06 11:15 - 00146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2016-10-20 18:13 - 2016-08-06 11:15 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmRes.dll
2016-10-20 18:13 - 2016-08-06 11:01 - 00266752 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2016-10-20 18:13 - 2016-08-06 11:01 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe
2016-10-20 18:13 - 2016-08-06 10:53 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2016-10-20 18:13 - 2016-08-06 10:53 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmprovhost.exe
2016-10-20 18:13 - 2016-08-06 10:53 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmplpxy.dll
2016-10-20 18:13 - 2016-06-14 13:21 - 00094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2016-10-20 18:13 - 2016-06-14 13:16 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-10-20 18:13 - 2016-06-14 13:16 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-10-20 18:13 - 2016-06-14 13:16 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-10-20 18:13 - 2016-06-14 13:16 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2016-10-20 18:13 - 2016-06-14 13:16 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2016-10-20 18:13 - 2016-06-14 13:16 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2016-10-20 18:13 - 2016-06-14 13:16 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2016-10-20 18:13 - 2016-06-14 13:16 - 00680448 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2016-10-20 18:13 - 2016-06-14 13:16 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2016-10-20 18:13 - 2016-06-14 13:16 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-10-20 18:13 - 2016-06-14 13:16 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2016-10-20 18:13 - 2016-06-14 13:16 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2016-10-20 18:13 - 2016-06-14 13:16 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2016-10-20 18:13 - 2016-06-14 13:16 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-10-20 18:13 - 2016-06-14 13:16 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-10-20 18:13 - 2016-06-14 13:16 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2016-10-20 18:13 - 2016-06-14 13:16 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2016-10-20 18:13 - 2016-06-14 13:16 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2016-10-20 18:13 - 2016-06-14 13:16 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-10-20 18:13 - 2016-06-14 13:16 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-10-20 18:13 - 2016-06-14 13:16 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-10-20 18:13 - 2016-06-14 13:16 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2016-10-20 18:13 - 2016-06-14 13:16 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2016-10-20 18:13 - 2016-06-14 13:16 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2016-10-20 18:13 - 2016-06-14 13:16 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2016-10-20 18:13 - 2016-06-14 13:16 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2016-10-20 18:13 - 2016-06-14 13:16 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2016-10-20 18:13 - 2016-06-14 13:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-10-20 18:13 - 2016-06-14 13:11 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2016-10-20 18:13 - 2016-06-14 11:21 - 03209216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-10-20 18:13 - 2016-06-14 11:21 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-10-20 18:13 - 2016-06-14 11:21 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2016-10-20 18:13 - 2016-06-14 11:21 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2016-10-20 18:13 - 2016-06-14 11:21 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2016-10-20 18:13 - 2016-06-14 11:21 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2016-10-20 18:13 - 2016-06-14 11:21 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2016-10-20 18:13 - 2016-06-14 11:21 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-10-20 18:13 - 2016-06-14 11:21 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2016-10-20 18:13 - 2016-06-14 11:21 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-10-20 18:13 - 2016-06-14 11:21 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2016-10-20 18:13 - 2016-06-14 11:21 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2016-10-20 18:13 - 2016-06-14 11:21 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2016-10-20 18:13 - 2016-06-14 11:21 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-10-20 18:13 - 2016-06-14 11:21 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2016-10-20 18:13 - 2016-06-14 11:21 - 00195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2016-10-20 18:13 - 2016-06-14 11:21 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2016-10-20 18:13 - 2016-06-14 11:21 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2016-10-20 18:13 - 2016-06-14 11:21 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2016-10-20 18:13 - 2016-06-14 11:21 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-10-20 18:13 - 2016-06-14 11:21 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2016-10-20 18:13 - 2016-06-14 11:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-10-20 18:13 - 2016-06-14 11:15 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2016-10-20 18:13 - 2016-06-14 11:15 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-10-20 18:13 - 2016-06-14 11:15 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-10-20 18:13 - 2016-06-14 11:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-10-20 18:13 - 2016-06-14 11:05 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-10-20 18:13 - 2016-06-14 11:00 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2016-10-20 18:13 - 2016-06-14 11:00 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2016-10-20 18:01 - 2016-07-22 10:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2016-10-20 18:01 - 2016-07-22 10:51 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2016-10-16 15:16 - 2016-10-16 15:16 - 00000000 ____D C:\Users\Annie Lee\AppData\LocalLow\Cisco
2016-10-16 15:16 - 2016-10-16 15:16 - 00000000 ____D C:\Users\Annie Lee\AppData\Local\Cisco
2016-10-16 15:14 - 2016-10-16 15:15 - 48275464 _____ (Cisco Systems, Inc) C:\Users\Annie Lee\Downloads\CiscoVideoGuard.6.7.exe
2016-10-16 12:07 - 2016-10-27 17:19 - 00000348 _____ C:\Windows\Tasks\HPCeeScheduleForAnnie Lee.job
2016-10-16 12:07 - 2016-10-23 11:19 - 00003210 _____ C:\Windows\System32\Tasks\HPCeeScheduleForAnnie Lee
2016-09-28 09:20 - 2016-09-28 09:20 - 00013031 _____ C:\Users\Annie Lee\Downloads\Astro Chart.htm
2016-09-28 09:20 - 2016-09-28 09:20 - 00000000 ____D C:\Users\Annie Lee\Downloads\Astro Chart_files
2016-09-27 23:01 - 2016-10-27 20:12 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-09-27 23:01 - 2016-10-25 08:58 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-09-27 23:01 - 2016-10-25 08:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-09-27 23:00 - 2016-10-25 08:58 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-09-27 23:00 - 2016-09-27 23:00 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-09-27 23:00 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-09-27 23:00 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-09-27 23:00 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-09-27 22:31 - 2016-09-27 22:32 - 22851472 _____ (Malwarebytes ) C:\Users\Annie Lee\Downloads\mbam-setup-cnet.35891-2.2.1.1043.exe
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-10-27 20:49 - 2016-10-27 20:50 - 00023488 _____ C:\Users\Annie Lee\Desktop\FRST.txt
2016-10-27 13:41 - 2016-10-27 13:41 - 00024595 _____ C:\Users\Annie Lee\Documents\Combofix scan result.txt
2016-10-27 13:30 - 2016-10-27 13:30 - 00029671 _____ C:\ComboFix.txt
2016-10-27 13:06 - 2016-10-27 13:31 - 00000000 ____D C:\ComboFix
2016-10-27 13:06 - 2011-06-26 02:45 - 00256000 _____ C:\Windows\PEV.exe
2016-10-27 13:06 - 2010-11-07 13:20 - 00208896 _____ C:\Windows\MBR.exe
2016-10-27 13:06 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-10-27 13:06 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-10-27 13:06 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-10-27 13:06 - 2000-08-30 20:00 - 00098816 _____ C:\Windows\sed.exe
2016-10-27 13:06 - 2000-08-30 20:00 - 00080412 _____ C:\Windows\grep.exe
2016-10-27 13:06 - 2000-08-30 20:00 - 00068096 _____ C:\Windows\zip.exe
2016-10-27 13:03 - 2016-10-27 13:31 - 00000000 ____D C:\Qoobox
2016-10-27 13:03 - 2016-10-27 13:26 - 00000000 ____D C:\Windows\erdnt
2016-10-27 13:01 - 2016-10-27 13:01 - 05658651 ____R (Swearware) C:\Users\Annie Lee\Downloads\ComboFix.exe
2016-10-27 11:06 - 2016-10-27 11:06 - 00007597 _____ C:\Users\Annie Lee\AppData\Local\Resmon.ResmonCfg
2016-10-26 22:17 - 2016-10-26 22:17 - 00000000 ____D C:\Users\Annie Lee\AppData\Local\CrashDumps
2016-10-26 13:57 - 2016-10-26 13:57 - 00003562 _____ C:\Users\Annie Lee\Desktop\JRT.txt
2016-10-26 13:50 - 2016-10-26 13:50 - 01631928 _____ (Malwarebytes) C:\Users\Annie Lee\Downloads\JRT.exe
2016-10-26 09:57 - 2016-10-26 10:17 - 00000000 ____D C:\AdwCleaner
2016-10-26 09:57 - 2016-10-26 09:57 - 03910208 _____ C:\Users\Annie Lee\Downloads\adwcleaner_6.030.exe
2016-10-25 13:52 - 2016-10-25 13:52 - 00001069 _____ C:\Malwarebytes 2nd.txt
2016-10-25 10:37 - 2016-10-25 10:37 - 00001074 _____ C:\Malwarebytes 10252016.txt
2016-10-25 09:34 - 2016-10-27 10:02 - 00001716 _____ C:\Windows\PFRO.log
2016-10-25 08:54 - 2016-10-25 08:55 - 22851472 _____ (Malwarebytes ) C:\Users\Annie Lee\Downloads\mbam-setup-2.2.1.1043.exe
2016-10-25 08:47 - 2016-10-25 08:47 - 00802870 _____ C:\Users\Annie Lee\Downloads\RogueKiller V12.7.4.0 (x64) [Oct 24 2016] (Free) by Adlice Software Disks.htm
2016-10-25 08:46 - 2016-10-25 08:46 - 00802870 _____ C:\Users\Annie Lee\Downloads\RogueKiller V12.7.4.0 (x64) [Oct 24 2016] (Free) by Adlice Software Filesystem.htm
2016-10-25 08:45 - 2016-10-25 08:45 - 00802870 _____ C:\Users\Annie Lee\Downloads\RogueKiller V12.7.4.0 (x64) [Oct 24 2016] (Free) by Adlice Software Tasks.htm
2016-10-25 08:45 - 2016-10-25 08:45 - 00802870 _____ C:\Users\Annie Lee\Downloads\RogueKiller V12.7.4.0 (x64) [Oct 24 2016] (Free) by Adlice Software Registry.htm
2016-10-25 08:45 - 2016-10-25 08:45 - 00802870 _____ C:\Users\Annie Lee\Downloads\RogueKiller V12.7.4.0 (x64) [Oct 24 2016] (Free) by Adlice Software Memory.htm
2016-10-24 22:35 - 2016-10-24 22:35 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-10-24 22:34 - 2016-10-26 13:59 - 00000000 ____D C:\Program Files\RogueKiller
2016-10-24 22:34 - 2016-10-25 08:41 - 00000000 ____D C:\ProgramData\RogueKiller
2016-10-24 22:34 - 2016-10-24 22:34 - 00000818 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2016-10-24 22:34 - 2016-10-24 22:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-10-24 22:32 - 2016-10-24 22:32 - 33630368 _____ (Adlice Software ) C:\Users\Annie Lee\Downloads\setup.exe
2016-10-23 22:16 - 2016-10-23 22:20 - 00000394 _____ C:\Users\Annie Lee\Downloads\Search.txt
2016-10-23 22:11 - 2016-10-24 22:26 - 00031627 _____ C:\Users\Annie Lee\Downloads\Addition.txt
2016-10-23 22:10 - 2016-10-24 22:01 - 00031999 _____ C:\Users\Annie Lee\Downloads\FRST.txt
2016-10-23 22:09 - 2016-10-27 20:49 - 00000000 ____D C:\FRST
2016-10-23 22:08 - 2016-10-23 22:09 - 02193920 _____ (Farbar) C:\Users\Annie Lee\Desktop\FRST64.exe
2016-10-23 19:54 - 2016-10-27 10:03 - 00001176 _____ C:\Windows\setupact.log
2016-10-23 19:54 - 2016-10-23 19:54 - 00000000 _____ C:\Windows\setuperr.log
2016-10-20 20:49 - 2016-10-23 10:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-10-20 18:59 - 2016-10-20 18:59 - 00000000 ____D C:\Users\Annie Lee\Documents\Avatar
2016-10-20 18:13 - 2016-09-30 11:37 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-10-20 18:13 - 2016-09-30 11:20 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-10-20 18:13 - 2016-09-30 11:20 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-10-20 18:13 - 2016-09-15 11:30 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-10-20 18:13 - 2016-09-15 11:30 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-10-20 18:13 - 2016-09-15 11:15 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-10-20 18:13 - 2016-09-15 11:15 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2016-10-20 18:13 - 2016-09-12 17:13 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-10-20 18:13 - 2016-09-12 17:13 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-10-20 18:13 - 2016-09-12 17:08 - 01465344 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-10-20 18:13 - 2016-09-12 17:08 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-10-20 18:13 - 2016-09-12 17:08 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-10-20 18:13 - 2016-09-12 17:08 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-10-20 18:13 - 2016-09-12 17:08 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-10-20 18:13 - 2016-09-12 17:08 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-10-20 18:13 - 2016-09-12 17:08 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-10-20 18:13 - 2016-09-12 17:08 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-10-20 18:13 - 2016-09-12 17:08 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-10-20 18:13 - 2016-09-12 17:08 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-10-20 18:13 - 2016-09-12 17:08 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-10-20 18:13 - 2016-09-12 17:08 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-10-20 18:13 - 2016-09-12 17:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll
2016-10-20 18:13 - 2016-09-12 17:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-10-20 18:13 - 2016-09-12 17:08 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-10-20 18:13 - 2016-09-12 17:08 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-10-20 18:13 - 2016-09-12 17:08 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-10-20 18:13 - 2016-09-12 17:08 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-10-20 18:13 - 2016-09-12 17:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-10-20 18:13 - 2016-09-12 16:49 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-10-20 18:13 - 2016-09-12 16:49 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-10-20 18:13 - 2016-09-12 16:49 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-10-20 18:13 - 2016-09-12 16:49 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-10-20 18:13 - 2016-09-12 16:49 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-10-20 18:13 - 2016-09-12 16:49 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-10-20 18:13 - 2016-09-12 16:49 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-10-20 18:13 - 2016-09-12 16:49 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-10-20 18:13 - 2016-09-12 16:49 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-10-20 18:13 - 2016-09-12 16:49 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-10-20 18:13 - 2016-09-12 16:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-10-20 18:13 - 2016-09-12 16:49 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsmsext.dll
2016-10-20 18:13 - 2016-09-12 16:49 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-10-20 18:13 - 2016-09-12 16:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-10-20 18:13 - 2016-09-12 16:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-10-20 18:13 - 2016-09-12 16:49 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-10-20 18:13 - 2016-09-12 16:39 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-10-20 18:13 - 2016-09-12 16:37 - 03218944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-10-20 18:13 - 2016-09-12 16:32 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-10-20 18:13 - 2016-09-12 16:32 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-10-20 18:13 - 2016-09-12 16:32 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-10-20 18:13 - 2016-09-12 16:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-10-20 18:13 - 2016-09-12 16:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-10-20 18:13 - 2016-09-12 16:25 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-10-20 18:13 - 2016-09-12 15:08 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2016-10-20 18:13 - 2016-09-12 14:43 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2016-10-20 18:13 - 2016-09-12 14:43 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2016-10-20 18:13 - 2016-09-10 12:19 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2016-10-20 18:13 - 2016-09-10 11:53 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2016-10-20 18:13 - 2016-09-09 14:29 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-10-20 18:13 - 2016-09-09 14:26 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-10-20 18:13 - 2016-09-09 14:23 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-10-20 18:13 - 2016-09-09 14:20 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-10-20 18:13 - 2016-09-09 14:20 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-10-20 18:13 - 2016-09-09 14:20 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-10-20 18:13 - 2016-09-09 14:20 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-10-20 18:13 - 2016-09-09 14:20 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-10-20 18:13 - 2016-09-09 14:20 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-10-20 18:13 - 2016-09-09 14:20 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-10-20 18:13 - 2016-09-09 14:20 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-10-20 18:13 - 2016-09-09 14:20 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-10-20 18:13 - 2016-09-09 14:20 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-10-20 18:13 - 2016-09-09 14:20 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-10-20 18:13 - 2016-09-09 14:20 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-10-20 18:13 - 2016-09-09 14:20 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-10-20 18:13 - 2016-09-09 14:20 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-10-20 18:13 - 2016-09-09 14:20 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-10-20 18:13 - 2016-09-09 14:20 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 14:20 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 14:20 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 14:20 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 14:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 14:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 14:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 14:20 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 14:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 14:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 14:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 14:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 14:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 14:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 14:20 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 14:20 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 14:01 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-10-20 18:13 - 2016-09-09 14:00 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-10-20 18:13 - 2016-09-09 14:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-10-20 18:13 - 2016-09-09 14:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-10-20 18:13 - 2016-09-09 14:00 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-10-20 18:13 - 2016-09-09 13:59 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-10-20 18:13 - 2016-09-09 13:59 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-10-20 18:13 - 2016-09-09 13:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-10-20 18:13 - 2016-09-09 13:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 13:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 13:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 13:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 13:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 13:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 13:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 13:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 13:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 13:51 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-10-20 18:13 - 2016-09-09 13:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-10-20 18:13 - 2016-09-09 13:51 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-10-20 18:13 - 2016-09-09 13:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-10-20 18:13 - 2016-09-09 13:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-10-20 18:13 - 2016-09-09 13:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-10-20 18:13 - 2016-09-09 13:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-10-20 18:13 - 2016-09-09 13:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-10-20 18:13 - 2016-09-09 13:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-10-20 18:13 - 2016-09-09 13:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-10-20 18:13 - 2016-09-09 13:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 13:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 13:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-10-20 18:13 - 2016-09-09 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-10-20 18:13 - 2016-09-08 16:34 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2016-10-20 18:13 - 2016-09-08 16:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2016-10-20 18:13 - 2016-09-08 16:34 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2016-10-20 18:13 - 2016-09-08 16:34 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2016-10-20 18:13 - 2016-09-08 10:55 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-10-20 18:13 - 2016-09-08 10:55 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2016-10-20 18:13 - 2016-08-12 13:02 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-10-20 18:13 - 2016-08-12 13:02 - 12574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-10-20 18:13 - 2016-08-12 13:02 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2016-10-20 18:13 - 2016-08-12 13:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2016-10-20 18:13 - 2016-08-12 13:02 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2016-10-20 18:13 - 2016-08-12 12:47 - 12574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2016-10-20 18:13 - 2016-08-12 12:47 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-10-20 18:13 - 2016-08-12 12:31 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2016-10-20 18:13 - 2016-08-12 12:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2016-10-20 18:13 - 2016-08-12 12:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2016-10-20 18:13 - 2016-08-12 12:26 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2016-10-20 18:13 - 2016-08-06 11:31 - 02023424 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2016-10-20 18:13 - 2016-08-06 11:31 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2016-10-20 18:13 - 2016-08-06 11:31 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2016-10-20 18:13 - 2016-08-06 11:31 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2016-10-20 18:13 - 2016-08-06 11:31 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll
2016-10-20 18:13 - 2016-08-06 11:31 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll
2016-10-20 18:13 - 2016-08-06 11:15 - 01178112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2016-10-20 18:13 - 2016-08-06 11:15 - 00249344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2016-10-20 18:13 - 2016-08-06 11:15 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2016-10-20 18:13 - 2016-08-06 11:15 - 00146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2016-10-20 18:13 - 2016-08-06 11:15 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmRes.dll
2016-10-20 18:13 - 2016-08-06 11:01 - 00266752 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2016-10-20 18:13 - 2016-08-06 11:01 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe
2016-10-20 18:13 - 2016-08-06 10:53 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2016-10-20 18:13 - 2016-08-06 10:53 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmprovhost.exe
2016-10-20 18:13 - 2016-08-06 10:53 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmplpxy.dll
2016-10-20 18:13 - 2016-06-14 13:21 - 00094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2016-10-20 18:13 - 2016-06-14 13:16 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-10-20 18:13 - 2016-06-14 13:16 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-10-20 18:13 - 2016-06-14 13:16 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-10-20 18:13 - 2016-06-14 13:16 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2016-10-20 18:13 - 2016-06-14 13:16 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2016-10-20 18:13 - 2016-06-14 13:16 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2016-10-20 18:13 - 2016-06-14 13:16 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2016-10-20 18:13 - 2016-06-14 13:16 - 00680448 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2016-10-20 18:13 - 2016-06-14 13:16 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2016-10-20 18:13 - 2016-06-14 13:16 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-10-20 18:13 - 2016-06-14 13:16 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2016-10-20 18:13 - 2016-06-14 13:16 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2016-10-20 18:13 - 2016-06-14 13:16 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2016-10-20 18:13 - 2016-06-14 13:16 - 00433152 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-10-20 18:13 - 2016-06-14 13:16 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-10-20 18:13 - 2016-06-14 13:16 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2016-10-20 18:13 - 2016-06-14 13:16 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2016-10-20 18:13 - 2016-06-14 13:16 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2016-10-20 18:13 - 2016-06-14 13:16 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-10-20 18:13 - 2016-06-14 13:16 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-10-20 18:13 - 2016-06-14 13:16 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-10-20 18:13 - 2016-06-14 13:16 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2016-10-20 18:13 - 2016-06-14 13:16 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2016-10-20 18:13 - 2016-06-14 13:16 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2016-10-20 18:13 - 2016-06-14 13:16 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2016-10-20 18:13 - 2016-06-14 13:16 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2016-10-20 18:13 - 2016-06-14 13:16 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2016-10-20 18:13 - 2016-06-14 13:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-10-20 18:13 - 2016-06-14 13:11 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2016-10-20 18:13 - 2016-06-14 11:21 - 03209216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-10-20 18:13 - 2016-06-14 11:21 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-10-20 18:13 - 2016-06-14 11:21 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2016-10-20 18:13 - 2016-06-14 11:21 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2016-10-20 18:13 - 2016-06-14 11:21 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2016-10-20 18:13 - 2016-06-14 11:21 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2016-10-20 18:13 - 2016-06-14 11:21 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2016-10-20 18:13 - 2016-06-14 11:21 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-10-20 18:13 - 2016-06-14 11:21 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2016-10-20 18:13 - 2016-06-14 11:21 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-10-20 18:13 - 2016-06-14 11:21 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2016-10-20 18:13 - 2016-06-14 11:21 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2016-10-20 18:13 - 2016-06-14 11:21 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2016-10-20 18:13 - 2016-06-14 11:21 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-10-20 18:13 - 2016-06-14 11:21 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2016-10-20 18:13 - 2016-06-14 11:21 - 00195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2016-10-20 18:13 - 2016-06-14 11:21 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2016-10-20 18:13 - 2016-06-14 11:21 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2016-10-20 18:13 - 2016-06-14 11:21 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2016-10-20 18:13 - 2016-06-14 11:21 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-10-20 18:13 - 2016-06-14 11:21 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2016-10-20 18:13 - 2016-06-14 11:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-10-20 18:13 - 2016-06-14 11:15 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2016-10-20 18:13 - 2016-06-14 11:15 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-10-20 18:13 - 2016-06-14 11:15 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-10-20 18:13 - 2016-06-14 11:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-10-20 18:13 - 2016-06-14 11:05 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-10-20 18:13 - 2016-06-14 11:00 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2016-10-20 18:13 - 2016-06-14 11:00 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2016-10-20 18:01 - 2016-07-22 10:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2016-10-20 18:01 - 2016-07-22 10:51 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2016-10-16 15:16 - 2016-10-16 15:16 - 00000000 ____D C:\Users\Annie Lee\AppData\LocalLow\Cisco
2016-10-16 15:16 - 2016-10-16 15:16 - 00000000 ____D C:\Users\Annie Lee\AppData\Local\Cisco
2016-10-16 15:14 - 2016-10-16 15:15 - 48275464 _____ (Cisco Systems, Inc) C:\Users\Annie Lee\Downloads\CiscoVideoGuard.6.7.exe
2016-10-16 12:07 - 2016-10-27 17:19 - 00000348 _____ C:\Windows\Tasks\HPCeeScheduleForAnnie Lee.job
2016-10-16 12:07 - 2016-10-23 11:19 - 00003210 _____ C:\Windows\System32\Tasks\HPCeeScheduleForAnnie Lee
2016-09-28 09:20 - 2016-09-28 09:20 - 00013031 _____ C:\Users\Annie Lee\Downloads\Astro Chart.htm
2016-09-28 09:20 - 2016-09-28 09:20 - 00000000 ____D C:\Users\Annie Lee\Downloads\Astro Chart_files
2016-09-27 23:01 - 2016-10-27 20:12 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-09-27 23:01 - 2016-10-25 08:58 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-09-27 23:01 - 2016-10-25 08:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-09-27 23:00 - 2016-10-25 08:58 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-09-27 23:00 - 2016-09-27 23:00 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-09-27 23:00 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-09-27 23:00 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-09-27 23:00 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-09-27 22:31 - 2016-09-27 22:32 - 22851472 _____ (Malwarebytes ) C:\Users\Annie Lee\Downloads\mbam-setup-cnet.35891-2.2.1.1043.exe
Anne Kofod
Posts: 43 +0
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-10-27 20:21 - 2013-11-15 18:25 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-10-27 20:03 - 2013-12-11 17:40 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-10-27 17:28 - 2013-11-15 18:25 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-10-27 13:31 - 2009-07-14 01:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2016-10-27 13:31 - 2009-07-13 23:20 - 00000000 __RHD C:\Users\Default
2016-10-27 13:24 - 2009-07-13 22:34 - 00000215 _____ C:\Windows\system.ini
2016-10-27 13:00 - 2016-08-05 13:25 - 00003118 _____ C:\Windows\System32\Tasks\iolo Process Governor
2016-10-27 12:44 - 2013-09-16 01:02 - 01676909 _____ C:\Windows\WindowsUpdate.log
2016-10-27 11:10 - 2009-07-14 01:13 - 00782744 _____ C:\Windows\system32\PerfStringBackup.INI
2016-10-27 10:15 - 2009-07-14 00:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-10-27 10:15 - 2009-07-14 00:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-10-27 10:03 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-10-27 10:01 - 2013-09-19 20:56 - 00000000 ____D C:\Users\Annie Lee\AppData\Roaming\SoftGrid Client
2016-10-26 22:18 - 2014-08-19 13:40 - 00000000 ____D C:\Users\Annie Lee\AppData\Local\Adobe
2016-10-26 22:18 - 2013-12-11 17:40 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-10-26 22:18 - 2013-09-16 22:40 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-10-26 22:18 - 2013-09-16 22:40 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-10-26 22:17 - 2013-09-16 22:40 - 00000000 ____D C:\Windows\system32\Macromed
2016-10-26 22:17 - 2010-09-03 00:39 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-10-25 15:37 - 2013-09-16 16:50 - 00485032 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-10-25 09:35 - 2009-07-14 00:45 - 00448816 _____ C:\Windows\system32\FNTCACHE.DAT
2016-10-25 09:32 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\IME
2016-10-25 09:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-10-25 09:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\Dism
2016-10-24 17:24 - 2013-11-15 18:26 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-10-24 17:24 - 2013-11-15 18:26 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-10-23 12:45 - 2013-09-17 19:53 - 00000000 ____D C:\Users\Annie Lee\AppData\Roaming\HpUpdate
2016-10-23 10:38 - 2014-01-17 18:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-10-21 06:40 - 2013-09-19 22:51 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-10-21 06:40 - 2013-09-19 22:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-10-20 22:28 - 2013-09-16 20:20 - 00000000 ____D C:\Windows\system32\MRT
2016-10-20 22:21 - 2013-09-16 20:20 - 143495576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-10-20 22:20 - 2013-09-19 22:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-10-04 13:49 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2016-09-28 11:07 - 2016-08-22 07:54 - 00002077 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-09-28 11:07 - 2016-08-22 07:54 - 00000000 ____D C:\Program Files\Microsoft Security Client
2016-09-28 11:07 - 2013-11-08 23:25 - 00001945 _____ C:\Windows\epplauncher.mif
2016-09-28 11:06 - 2016-08-22 07:54 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
==================== Files in the root of some directories =======
2014-07-10 17:57 - 2014-07-10 17:57 - 0003584 _____ () C:\Users\Annie Lee\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-08-22 07:26 - 2016-08-22 07:26 - 0000036 _____ () C:\Users\Annie Lee\AppData\Local\housecall.guid.cache
2016-10-27 11:06 - 2016-10-27 11:06 - 0007597 _____ () C:\Users\Annie Lee\AppData\Local\Resmon.ResmonCfg
2013-09-17 19:49 - 2013-09-17 19:49 - 0000057 _____ () C:\ProgramData\Ament.ini
2016-05-03 10:47 - 2016-05-03 10:53 - 0000304 _____ () C:\ProgramData\hpzinstall.log
2013-09-16 01:30 - 2013-09-16 01:30 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
2010-09-03 02:23 - 2010-09-03 02:23 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2013-09-16 01:30 - 2013-09-16 01:30 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
2010-09-03 02:18 - 2010-09-03 02:19 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2013-09-16 01:29 - 2013-09-16 01:29 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
2013-09-16 01:30 - 2013-09-16 01:30 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
2010-09-03 02:17 - 2010-09-03 02:18 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2010-09-03 02:19 - 2010-09-03 02:23 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2013-09-16 01:30 - 2013-09-16 01:31 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-08-15 10:52
==================== End of FRST.txt ============================
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-10-27 20:21 - 2013-11-15 18:25 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-10-27 20:03 - 2013-12-11 17:40 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-10-27 17:28 - 2013-11-15 18:25 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-10-27 13:31 - 2009-07-14 01:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2016-10-27 13:31 - 2009-07-13 23:20 - 00000000 __RHD C:\Users\Default
2016-10-27 13:24 - 2009-07-13 22:34 - 00000215 _____ C:\Windows\system.ini
2016-10-27 13:00 - 2016-08-05 13:25 - 00003118 _____ C:\Windows\System32\Tasks\iolo Process Governor
2016-10-27 12:44 - 2013-09-16 01:02 - 01676909 _____ C:\Windows\WindowsUpdate.log
2016-10-27 11:10 - 2009-07-14 01:13 - 00782744 _____ C:\Windows\system32\PerfStringBackup.INI
2016-10-27 10:15 - 2009-07-14 00:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-10-27 10:15 - 2009-07-14 00:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-10-27 10:03 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-10-27 10:01 - 2013-09-19 20:56 - 00000000 ____D C:\Users\Annie Lee\AppData\Roaming\SoftGrid Client
2016-10-26 22:18 - 2014-08-19 13:40 - 00000000 ____D C:\Users\Annie Lee\AppData\Local\Adobe
2016-10-26 22:18 - 2013-12-11 17:40 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-10-26 22:18 - 2013-09-16 22:40 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-10-26 22:18 - 2013-09-16 22:40 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-10-26 22:17 - 2013-09-16 22:40 - 00000000 ____D C:\Windows\system32\Macromed
2016-10-26 22:17 - 2010-09-03 00:39 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-10-25 15:37 - 2013-09-16 16:50 - 00485032 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-10-25 09:35 - 2009-07-14 00:45 - 00448816 _____ C:\Windows\system32\FNTCACHE.DAT
2016-10-25 09:32 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\IME
2016-10-25 09:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-10-25 09:31 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\Dism
2016-10-24 17:24 - 2013-11-15 18:26 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-10-24 17:24 - 2013-11-15 18:26 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-10-23 12:45 - 2013-09-17 19:53 - 00000000 ____D C:\Users\Annie Lee\AppData\Roaming\HpUpdate
2016-10-23 10:38 - 2014-01-17 18:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-10-21 06:40 - 2013-09-19 22:51 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-10-21 06:40 - 2013-09-19 22:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-10-20 22:28 - 2013-09-16 20:20 - 00000000 ____D C:\Windows\system32\MRT
2016-10-20 22:21 - 2013-09-16 20:20 - 143495576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-10-20 22:20 - 2013-09-19 22:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-10-04 13:49 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2016-09-28 11:07 - 2016-08-22 07:54 - 00002077 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-09-28 11:07 - 2016-08-22 07:54 - 00000000 ____D C:\Program Files\Microsoft Security Client
2016-09-28 11:07 - 2013-11-08 23:25 - 00001945 _____ C:\Windows\epplauncher.mif
2016-09-28 11:06 - 2016-08-22 07:54 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
==================== Files in the root of some directories =======
2014-07-10 17:57 - 2014-07-10 17:57 - 0003584 _____ () C:\Users\Annie Lee\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-08-22 07:26 - 2016-08-22 07:26 - 0000036 _____ () C:\Users\Annie Lee\AppData\Local\housecall.guid.cache
2016-10-27 11:06 - 2016-10-27 11:06 - 0007597 _____ () C:\Users\Annie Lee\AppData\Local\Resmon.ResmonCfg
2013-09-17 19:49 - 2013-09-17 19:49 - 0000057 _____ () C:\ProgramData\Ament.ini
2016-05-03 10:47 - 2016-05-03 10:53 - 0000304 _____ () C:\ProgramData\hpzinstall.log
2013-09-16 01:30 - 2013-09-16 01:30 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
2010-09-03 02:23 - 2010-09-03 02:23 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2013-09-16 01:30 - 2013-09-16 01:30 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
2010-09-03 02:18 - 2010-09-03 02:19 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2013-09-16 01:29 - 2013-09-16 01:29 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
2013-09-16 01:30 - 2013-09-16 01:30 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
2010-09-03 02:17 - 2010-09-03 02:18 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2010-09-03 02:19 - 2010-09-03 02:23 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2013-09-16 01:30 - 2013-09-16 01:31 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-08-15 10:52
==================== End of FRST.txt ============================
Anne Kofod
Posts: 43 +0
Additional scan result of Farbar Recovery Scan Tool (x64) Version:04-10-2015
Ran by Annie Lee (2016-10-27 20:51:23)
Running from C:\Users\Annie Lee\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2013-09-16 03:23:25)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2899254803-3239824921-2955042760-500 - Administrator - Disabled)
Annie Lee (S-1-5-21-2899254803-3239824921-2955042760-1001 - Administrator - Enabled) => C:\Users\Annie Lee
Guest (S-1-5-21-2899254803-3239824921-2955042760-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2899254803-3239824921-2955042760-1002 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
AddLive(v3) Browser Plugin (HKU\S-1-5-21-2899254803-3239824921-2955042760-1001\...\AddLive(v3)) (Version: 3.0.16.5 - LiveFoundry Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.144 - Adobe Systems Incorporated)
Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.205 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.205 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\{9ECF7817-DB11-4FBA-9DF1-296A578D513A}) (Version: 11.5.7.609 - Adobe Systems, Inc)
American Greetings CreataCard Select 6 (HKLM-x32\...\{9770A25C-45A7-478E-AF50-4FDE53EED270}) (Version: - )
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
ATI Catalyst Install Manager (HKLM\...\{11A4D79B-672C-7FFF-B5F7-B4409B1194EF}) (Version: 3.0.765.0 - ATI Technologies, Inc.)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 2070 Bluetooth 3.0 (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.5600 - Broadcom Corporation)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.350.6 - Broadcom Corporation)
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
CaddieSync Express 1.5.14 (HKLM-x32\...\CaddieSync Express) (Version: 1.5.14 - SkyHawke Technologies)
ccc-core-static (x32 Version: 2010.0416.541.8279 - ATI) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
CinemaNow Media Manager (HKLM-x32\...\{6C122441-1861-4CD7-B1C5-A163A6984E12}) (Version: 1.9.1.105 - CinemaNow, Inc.)
Cisco VideoGuard Player (HKLM-x32\...\{28145961-299d-4f61-88d6-ff9ea46bd919}) (Version: 6.7 - Cisco Systems, Inc)
Contents (x32 Version: 1.6.0.286 - Corel Corporation) Hidden
Corel PaintShop Photo Pro X3 (HKLM-x32\...\_{D1AEB5DB-04FA-489D-94EF-8600898B93EE}) (Version: 1.6.1.116 - Corel Corporation)
Corel PaintShop Photo Pro X3 (x32 Version: 1.00.0000 - Corel Corporation) Hidden
Corel VideoStudio Pro X3 (HKLM-x32\...\_{F072CA07-A781-45E4-9975-C033A73019CF}) (Version: 1.6.0.286 - Corel Corporation)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3003 - CyberLink Corp.)
DeviceIO (x32 Version: 1.6.0.286 - Corel Corporation) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's Carnival Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dropbox (HKU\S-1-5-21-2899254803-3239824921-2955042760-1001\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.1.4121 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.1.4121 - Hewlett-Packard) Hidden
Elevated Installer (x32 Version: 4.1.27.0 - Garmin Ltd or its subsidiaries) Hidden
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) Hidden
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
ffdshow [rev 2527] [2008-12-19] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Garmin Communicator Plugin (HKLM-x32\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{70A381F1-C161-4D61-A20C-BE12FC6777DF}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{5b45c228-dcb1-4a0b-a9de-3b4b683ef15d}) (Version: 4.1.27.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.1.27.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.1.27.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM-x32\...\{AE1EC58E-B2AC-4959-A4C2-C38202A25239}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.71 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Hallmark Card Studio 2012 Deluxe (HKLM-x32\...\{8777089A-4CF4-44BA-910B-9A4580669DED}) (Version: 13.0.4.3 - Creative Home)
Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{299625B9-6C69-462C-9CEA-8E06D878B1C5}) (Version: 4.0.5.1 - Hewlett-Packard Company)
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.10262.3295 - Hewlett-Packard)
HP Documentation (HKLM-x32\...\{7D4318AC-9560-46F0-910F-0B38D6CDC009}) (Version: 1.1.2.0 - Hewlett-Packard)
HP DVB-T TV Tuner 8.0.64.43 (HKLM-x32\...\HP DVB-T TV Tuner) (Version: 8.0.64.43 - )
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.3 - WildTangent)
HP MediaSmart CinemaNow 2.0 (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.1.4229 - Hewlett-Packard)
HP MediaSmart Movies and TV (HKLM\...\{4B4E2FA2-3B1E-4147-99DB-5033981D8C2F}) (Version: 1.0.0.10 - Hewlett-Packard)
HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.1.4215 - Hewlett-Packard)
HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.1.4211 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{731A1D36-BF17-4C76-B7E7-CC055AF8C54E}) (Version: 3.1.1.12 - Hewlett-Packard)
HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.1.4214 - Hewlett-Packard)
HP MediaSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3024 - Hewlett-Packard)
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{78F1A88C-5322-4DF7-BDCF-9AB8F5F4041C}) (Version: 1.0.9.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3611 - HP Photo Creations Powered by RocketLife)
HP Photosmart 5520 series Basic Device Software (HKLM\...\{68C0736C-3E47-43A6-B14D-236BEF198A5F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart 5520 series Help (HKLM-x32\...\{7137E26A-10F7-4B1C-9980-0893579E92DA}) (Version: 27.0.0 - Hewlett Packard)
HP Photosmart 5520 series Product Improvement Study (HKLM\...\{DCC176F0-3CE3-4DA9-8FF9-3809C1B48C47}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Power Manager (HKLM-x32\...\{4B156358-CE9C-4E9F-8CAD-79AE86A68C60}) (Version: 1.0.3 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{BB1C717E-376C-4AA1-8940-81BFC38D9778}) (Version: 2.4.4 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{72D90DB3-A16A-4545-B555-868471101833}) (Version: 8.1.4186.3400 - Hewlett-Packard)
HP SimplePass Identity Protection (HKLM\...\{5BF97E02-2F6A-412A-BB4D-B6E2DC65FCA7}) (Version: 5.20.233 - DigitalPersona, Inc.)
HP Software Framework (HKLM-x32\...\{6C302296-6129-4125-9FD6-2188ECD8814E}) (Version: 4.1.6.1 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.5.32.37 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{B5FC1E1B-E70D-45F1-8E40-A3C30698B323}) (Version: 4.0.9.0 - Hewlett-Packard Company)
Hulu Desktop (HKU\S-1-5-21-2899254803-3239824921-2955042760-1001\...\HuluDesktop) (Version: 0.9.14 - Hulu LLC)
ICA (x32 Version: 1.6.0.286 - Corel Corporation) Hidden
ICA (x32 Version: 1.6.1.116 - Corel Corporation) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6292.0 - IDT)
IPM_PSP_Pro (x32 Version: 1.00.0000 - Corel Corporation) Hidden
IPM_VS_Pro (x32 Version: 13.0 - Corel Corporation) Hidden
ISCOM (x32 Version: 1.6.0.286 - Corel Corporation) Hidden
ISCOM (x32 Version: 1.6.1.116 - Corel Corporation) Hidden
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java(TM) 6 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Jewel Quest 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2907 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2907 - CyberLink Corp.) Hidden
LG VZW United Drivers (HKLM-x32\...\{E86DE69E-A94E-41B6-8661-7372FCA1A83C}) (Version: 2.13.0 - LG Electronics)
LightScribe System Software (HKLM-x32\...\{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}) (Version: 1.18.15.1 - LightScribe)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Web Publishing Wizard 1.52 (HKLM-x32\...\WebPost) (Version: - )
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.1.4030 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.1.4030 - Hewlett-Packard) Hidden
Mozilla Firefox 49.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 49.0.2 (x86 en-US)) (Version: 49.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.2.6136 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
PaintShop Photo Pro X3 Registration Incentive (x32 Version: 1.00.0000 - Corel Corporation) Hidden
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.6904 - CyberLink Corp.) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4204 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4204 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3003 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.3003 - CyberLink Corp.) Hidden
PSPPContent (x32 Version: 1.00.0000 - Corel Corporation) Hidden
PSPPRO_DCRAW (x32 Version: 13.0.0 - Corel Corporation) Hidden
PureHD (x32 Version: 1.6.0.286 - Corel Corporation) Hidden
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.23.623.2010 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30113 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.3023 - CyberLink Corp.) Hidden
RogueKiller version 12.7.4.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.7.4.0 - Adlice Software)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.24.999 - SAMSUNG Electronics Co., Ltd.)
Seagate Dashboard (HKLM-x32\...\{F1D8690F-06B3-4100-9949-398EA253AC61}) (Version: 3.2.1802.2 - Seagate)
Setup (x32 Version: 1.6.0.286 - Corel Corporation) Hidden
Setup (x32 Version: 1.6.1.116 - Corel Corporation) Hidden
Share (x32 Version: 1.6.0.286 - Corel Corporation) Hidden
Share64 (Version: 1.6.0.286 - Corel Corporation) Hidden
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) (HKLM-x32\...\SLABCOMM&10C4&EA60) (Version: - Silicon Laboratories)
SUABnR (HKLM-x32\...\InstallShield_{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.)
SUABnR (x32 Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
System Mechanic (HKLM-x32\...\InstallShield_{49DCB5CB-235B-4A14-BD8E-1E9FC1B0311C}) (Version: 16.1.0.42 - iolo technologies, LLC)
System Mechanic (x32 Version: 16.1.0.42 - iolo technologies, LLC) Hidden
Times Reader (HKLM-x32\...\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1) (Version: 2.061 - The New York Times Company)
Times Reader (x32 Version: 2.061 - The New York Times Company) Hidden
UltraISO Premium V9.52 (HKLM-x32\...\UltraISO_is1) (Version: - )
Validity Sensors DDK (HKLM\...\{426FAE9F-7373-496E-A215-9DB7EF4398CF}) (Version: 4.1.139.0 - Validity Sensors, Inc.)
Verizon Cloud (HKLM\...\Verizon Cloud) (Version: 15.3.7.8 - Verizon)
Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM-x32\...\{EE296443-E401-43D2-9864-1C63AD8D376E}) (Version: 2.14.0410 - Samsung Electronics Co., Ltd.)
Verizon Wireless Software Utility Application for Android - Samsung (HKLM-x32\...\{69258FD1-F4EE-475A-83D1-BF68C8029592}) (Version: 2.14.0402 - Samsung Electronics Co., Ltd.)
VIO (x32 Version: 1.6.0.286 - Corel Corporation) Hidden
Virtual Families (x32 Version: 2.2.0.95 - WildTangent) Hidden
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden
VSClassic (x32 Version: 1.6.0.286 - Corel Corporation) Hidden
VSPro (x32 Version: 1.6.0.286 - Corel Corporation) Hidden
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version: - )
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2899254803-3239824921-2955042760-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Annie Lee\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2899254803-3239824921-2955042760-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Annie Lee\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2899254803-3239824921-2955042760-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Annie Lee\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2899254803-3239824921-2955042760-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Annie Lee\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2899254803-3239824921-2955042760-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Annie Lee\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
==================== Restore Points =========================
25-09-2016 12:11:40 Windows Update
28-09-2016 11:05:23 Windows Update
03-10-2016 20:52:05 Windows Update
07-10-2016 09:12:28 Windows Update
20-10-2016 22:18:13 Windows Update
21-10-2016 06:45:34 Windows Update
25-10-2016 07:45:21 Windows Modules Installer
25-10-2016 09:52:45 Windows Update
26-10-2016 13:52:31 JRT Pre-Junkware Removal
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 22:34 - 2016-10-27 13:24 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {00B649DC-7B88-49EC-872A-0413CF289B86} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.)
Task: {02B2C604-7729-496C-B060-7ECE19F253D7} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-08-18] (HP Inc.)
Task: {045A0317-4BB2-4A7F-87E1-C9B027E7CD30} - System32\Tasks\ioloSmartUpdater => C:\Program Files (x86)\iolo\System Mechanic\ioloSmartUpdater.exe [2016-09-16] (iolo technologies, LLC)
Task: {0CA0BFBC-5C97-4D16-A7BA-20EFAB618546} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {1A88C284-4C4C-41D4-A590-D08F5E41A940} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2016-08-31] ()
Task: {1C9F8177-E031-40FB-9880-24AF33874C14} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {1E8D5CDA-A73B-4199-92EF-85FDD8DE9638} - System32\Tasks\{EFE2E0DF-B8C1-4DB2-A853-0F63F1F15731} => pcalua.exe -a G:\InstallSeagateManager.exe -d G:\
Task: {2576F414-AAEE-4F93-AE94-9F988D810973} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {25C0417A-4F1A-461C-9425-ACE98ADF33B4} - System32\Tasks\HP AR Program Upload - a6e1f55f372343868e5b3e46b6bfe10cabb36aa454cc4005a5745b6869086c38 => C:\Program Files\HP\HP Photosmart 5520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {31386B15-D0D9-4DBA-884C-B8C472891040} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {36A84976-0E16-416E-A5DD-C9D967E03BE2} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2013-02-20] ()
Task: {3DF3D69C-DE41-4093-9BB6-5FBBC28CC17B} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-08-30] (Microsoft Corporation)
Task: {44051B2C-931B-4FD8-80C7-62FA73792788} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {475A4A2E-9852-4BF1-AD1D-B918258EC01F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {4C9B2CD6-D87B-43A7-8ADD-5E5C3DB62E84} - System32\Tasks\Annie Lee DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2014-09-17] (Seagate Technology LLC)
Task: {55C38A09-D05B-4C43-B1E1-B23C1D655612} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2014-09-17] (Seagate Technology LLC)
Task: {57FC4C23-B03C-454B-9A27-A9961AC89A70} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.)
Task: {585AEB12-A6CA-45E1-8488-9A818538C4C8} - System32\Tasks\Annie Lee1 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2014-09-17] (Seagate Technology LLC)
Task: {5CF0DD47-26AA-44BF-8EED-337747F1523D} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2016-03-20] (Microsoft Corporation)
Task: {80BC29CC-E004-402A-BD3F-FD124C9C50E1} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-08-30] (Microsoft Corporation)
Task: {83EDC170-6349-463A-B74A-92082EA68C81} - System32\Tasks\HPCeeScheduleForAnnie Lee => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {89625C36-3820-4B82-B5D8-6696372671A7} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2016-03-20] (Microsoft Corporation)
Task: {8A2A321C-FD0A-4353-B451-E8EBEF8CE19F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.)
Task: {925A2AA8-6966-4575-BCAA-62CFA681941C} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => C:\Windows\system32\compattelrunner.exe [2016-03-25] (Microsoft Corporation)
Task: {93AF3862-BE7D-44FD-BEBF-4597D181E8BA} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {95BF789A-E1C8-4179-8F5D-0478CB2FB3E3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.)
Task: {9CE4D57D-87CE-4ED5-8AC3-F536AB876683} - System32\Tasks\ioloActiveCare => C:\Program Files (x86)\iolo\System Mechanic\SystemMechanic.exe [2016-09-16] (iolo technologies, LLC)
Task: {B11B9267-A275-4FC5-9A3B-ACF871D87EFB} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe [2010-06-25] (CyberLink)
Task: {B51C98DF-DCFA-41B9-B83A-57352DC7AFBE} - System32\Tasks\{D21898AE-FD32-4D29-9083-EB0F20E18FAA} => pcalua.exe -a "C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe" -d C:\Windows\system32
Task: {B63F8206-279F-4A10-A252-E90CF30D4722} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)
Task: {B6CF989A-78CF-4037-8754-2B59334C2BE8} - System32\Tasks\HPCustParticipation HP Photosmart 5520 series => C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {B71C92F0-534A-4637-96D7-D41176AB48FE} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-03] (AVAST Software)
Task: {C640475A-4E68-4B64-8771-28491728D962} - System32\Tasks\ioloToaster => C:\Program Files (x86)\iolo\System Mechanic\ioloToaster.exe [2016-09-16] (iolo technologies, LLC)
Task: {E873A0FA-D091-4459-BD30-65A9D12EE6F9} - System32\Tasks\Annie Lee1 Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2014-09-17] (Seagate Technology LLC)
Task: {FBEF9766-C02E-4365-8F27-0247ABCC38C2} - System32\Tasks\iolo Process Governor => C:\Program Files (x86)\iolo\System Mechanic\iologovernor64.exe [2016-09-16] (iolo technologies, LLC)
Task: {FF74CAD9-4864-49AC-A486-CB2E11B8813E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-26] (Adobe Systems Incorporated)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForAnnie Lee.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Ran by Annie Lee (2016-10-27 20:51:23)
Running from C:\Users\Annie Lee\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2013-09-16 03:23:25)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2899254803-3239824921-2955042760-500 - Administrator - Disabled)
Annie Lee (S-1-5-21-2899254803-3239824921-2955042760-1001 - Administrator - Enabled) => C:\Users\Annie Lee
Guest (S-1-5-21-2899254803-3239824921-2955042760-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2899254803-3239824921-2955042760-1002 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
AddLive(v3) Browser Plugin (HKU\S-1-5-21-2899254803-3239824921-2955042760-1001\...\AddLive(v3)) (Version: 3.0.16.5 - LiveFoundry Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.144 - Adobe Systems Incorporated)
Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.205 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.205 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\{9ECF7817-DB11-4FBA-9DF1-296A578D513A}) (Version: 11.5.7.609 - Adobe Systems, Inc)
American Greetings CreataCard Select 6 (HKLM-x32\...\{9770A25C-45A7-478E-AF50-4FDE53EED270}) (Version: - )
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
ATI Catalyst Install Manager (HKLM\...\{11A4D79B-672C-7FFF-B5F7-B4409B1194EF}) (Version: 3.0.765.0 - ATI Technologies, Inc.)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 2070 Bluetooth 3.0 (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.5600 - Broadcom Corporation)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.350.6 - Broadcom Corporation)
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
CaddieSync Express 1.5.14 (HKLM-x32\...\CaddieSync Express) (Version: 1.5.14 - SkyHawke Technologies)
ccc-core-static (x32 Version: 2010.0416.541.8279 - ATI) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
CinemaNow Media Manager (HKLM-x32\...\{6C122441-1861-4CD7-B1C5-A163A6984E12}) (Version: 1.9.1.105 - CinemaNow, Inc.)
Cisco VideoGuard Player (HKLM-x32\...\{28145961-299d-4f61-88d6-ff9ea46bd919}) (Version: 6.7 - Cisco Systems, Inc)
Contents (x32 Version: 1.6.0.286 - Corel Corporation) Hidden
Corel PaintShop Photo Pro X3 (HKLM-x32\...\_{D1AEB5DB-04FA-489D-94EF-8600898B93EE}) (Version: 1.6.1.116 - Corel Corporation)
Corel PaintShop Photo Pro X3 (x32 Version: 1.00.0000 - Corel Corporation) Hidden
Corel VideoStudio Pro X3 (HKLM-x32\...\_{F072CA07-A781-45E4-9975-C033A73019CF}) (Version: 1.6.0.286 - Corel Corporation)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3003 - CyberLink Corp.)
DeviceIO (x32 Version: 1.6.0.286 - Corel Corporation) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's Carnival Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dropbox (HKU\S-1-5-21-2899254803-3239824921-2955042760-1001\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.1.4121 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.1.4121 - Hewlett-Packard) Hidden
Elevated Installer (x32 Version: 4.1.27.0 - Garmin Ltd or its subsidiaries) Hidden
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) Hidden
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
ffdshow [rev 2527] [2008-12-19] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Garmin Communicator Plugin (HKLM-x32\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{70A381F1-C161-4D61-A20C-BE12FC6777DF}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{5b45c228-dcb1-4a0b-a9de-3b4b683ef15d}) (Version: 4.1.27.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.1.27.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.1.27.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM-x32\...\{AE1EC58E-B2AC-4959-A4C2-C38202A25239}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.71 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Hallmark Card Studio 2012 Deluxe (HKLM-x32\...\{8777089A-4CF4-44BA-910B-9A4580669DED}) (Version: 13.0.4.3 - Creative Home)
Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{299625B9-6C69-462C-9CEA-8E06D878B1C5}) (Version: 4.0.5.1 - Hewlett-Packard Company)
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.4.10262.3295 - Hewlett-Packard)
HP Documentation (HKLM-x32\...\{7D4318AC-9560-46F0-910F-0B38D6CDC009}) (Version: 1.1.2.0 - Hewlett-Packard)
HP DVB-T TV Tuner 8.0.64.43 (HKLM-x32\...\HP DVB-T TV Tuner) (Version: 8.0.64.43 - )
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.3 - WildTangent)
HP MediaSmart CinemaNow 2.0 (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.1.4229 - Hewlett-Packard)
HP MediaSmart Movies and TV (HKLM\...\{4B4E2FA2-3B1E-4147-99DB-5033981D8C2F}) (Version: 1.0.0.10 - Hewlett-Packard)
HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.1.4215 - Hewlett-Packard)
HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.1.4211 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{731A1D36-BF17-4C76-B7E7-CC055AF8C54E}) (Version: 3.1.1.12 - Hewlett-Packard)
HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.1.4214 - Hewlett-Packard)
HP MediaSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3024 - Hewlett-Packard)
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{78F1A88C-5322-4DF7-BDCF-9AB8F5F4041C}) (Version: 1.0.9.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3611 - HP Photo Creations Powered by RocketLife)
HP Photosmart 5520 series Basic Device Software (HKLM\...\{68C0736C-3E47-43A6-B14D-236BEF198A5F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart 5520 series Help (HKLM-x32\...\{7137E26A-10F7-4B1C-9980-0893579E92DA}) (Version: 27.0.0 - Hewlett Packard)
HP Photosmart 5520 series Product Improvement Study (HKLM\...\{DCC176F0-3CE3-4DA9-8FF9-3809C1B48C47}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Power Manager (HKLM-x32\...\{4B156358-CE9C-4E9F-8CAD-79AE86A68C60}) (Version: 1.0.3 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{BB1C717E-376C-4AA1-8940-81BFC38D9778}) (Version: 2.4.4 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{72D90DB3-A16A-4545-B555-868471101833}) (Version: 8.1.4186.3400 - Hewlett-Packard)
HP SimplePass Identity Protection (HKLM\...\{5BF97E02-2F6A-412A-BB4D-B6E2DC65FCA7}) (Version: 5.20.233 - DigitalPersona, Inc.)
HP Software Framework (HKLM-x32\...\{6C302296-6129-4125-9FD6-2188ECD8814E}) (Version: 4.1.6.1 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.5.32.37 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{B5FC1E1B-E70D-45F1-8E40-A3C30698B323}) (Version: 4.0.9.0 - Hewlett-Packard Company)
Hulu Desktop (HKU\S-1-5-21-2899254803-3239824921-2955042760-1001\...\HuluDesktop) (Version: 0.9.14 - Hulu LLC)
ICA (x32 Version: 1.6.0.286 - Corel Corporation) Hidden
ICA (x32 Version: 1.6.1.116 - Corel Corporation) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6292.0 - IDT)
IPM_PSP_Pro (x32 Version: 1.00.0000 - Corel Corporation) Hidden
IPM_VS_Pro (x32 Version: 13.0 - Corel Corporation) Hidden
ISCOM (x32 Version: 1.6.0.286 - Corel Corporation) Hidden
ISCOM (x32 Version: 1.6.1.116 - Corel Corporation) Hidden
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java(TM) 6 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Jewel Quest 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2907 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2907 - CyberLink Corp.) Hidden
LG VZW United Drivers (HKLM-x32\...\{E86DE69E-A94E-41B6-8661-7372FCA1A83C}) (Version: 2.13.0 - LG Electronics)
LightScribe System Software (HKLM-x32\...\{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}) (Version: 1.18.15.1 - LightScribe)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Web Publishing Wizard 1.52 (HKLM-x32\...\WebPost) (Version: - )
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.1.4030 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.1.4030 - Hewlett-Packard) Hidden
Mozilla Firefox 49.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 49.0.2 (x86 en-US)) (Version: 49.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.2.6136 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
PaintShop Photo Pro X3 Registration Incentive (x32 Version: 1.00.0000 - Corel Corporation) Hidden
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.6904 - CyberLink Corp.) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4204 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4204 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3003 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.3003 - CyberLink Corp.) Hidden
PSPPContent (x32 Version: 1.00.0000 - Corel Corporation) Hidden
PSPPRO_DCRAW (x32 Version: 13.0.0 - Corel Corporation) Hidden
PureHD (x32 Version: 1.6.0.286 - Corel Corporation) Hidden
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.23.623.2010 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30113 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.3023 - CyberLink Corp.) Hidden
RogueKiller version 12.7.4.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.7.4.0 - Adlice Software)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.24.999 - SAMSUNG Electronics Co., Ltd.)
Seagate Dashboard (HKLM-x32\...\{F1D8690F-06B3-4100-9949-398EA253AC61}) (Version: 3.2.1802.2 - Seagate)
Setup (x32 Version: 1.6.0.286 - Corel Corporation) Hidden
Setup (x32 Version: 1.6.1.116 - Corel Corporation) Hidden
Share (x32 Version: 1.6.0.286 - Corel Corporation) Hidden
Share64 (Version: 1.6.0.286 - Corel Corporation) Hidden
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) (HKLM-x32\...\SLABCOMM&10C4&EA60) (Version: - Silicon Laboratories)
SUABnR (HKLM-x32\...\InstallShield_{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.)
SUABnR (x32 Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
System Mechanic (HKLM-x32\...\InstallShield_{49DCB5CB-235B-4A14-BD8E-1E9FC1B0311C}) (Version: 16.1.0.42 - iolo technologies, LLC)
System Mechanic (x32 Version: 16.1.0.42 - iolo technologies, LLC) Hidden
Times Reader (HKLM-x32\...\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1) (Version: 2.061 - The New York Times Company)
Times Reader (x32 Version: 2.061 - The New York Times Company) Hidden
UltraISO Premium V9.52 (HKLM-x32\...\UltraISO_is1) (Version: - )
Validity Sensors DDK (HKLM\...\{426FAE9F-7373-496E-A215-9DB7EF4398CF}) (Version: 4.1.139.0 - Validity Sensors, Inc.)
Verizon Cloud (HKLM\...\Verizon Cloud) (Version: 15.3.7.8 - Verizon)
Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM-x32\...\{EE296443-E401-43D2-9864-1C63AD8D376E}) (Version: 2.14.0410 - Samsung Electronics Co., Ltd.)
Verizon Wireless Software Utility Application for Android - Samsung (HKLM-x32\...\{69258FD1-F4EE-475A-83D1-BF68C8029592}) (Version: 2.14.0402 - Samsung Electronics Co., Ltd.)
VIO (x32 Version: 1.6.0.286 - Corel Corporation) Hidden
Virtual Families (x32 Version: 2.2.0.95 - WildTangent) Hidden
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden
VSClassic (x32 Version: 1.6.0.286 - Corel Corporation) Hidden
VSPro (x32 Version: 1.6.0.286 - Corel Corporation) Hidden
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version: - )
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2899254803-3239824921-2955042760-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Annie Lee\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2899254803-3239824921-2955042760-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Annie Lee\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2899254803-3239824921-2955042760-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Annie Lee\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2899254803-3239824921-2955042760-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Annie Lee\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2899254803-3239824921-2955042760-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Annie Lee\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
==================== Restore Points =========================
25-09-2016 12:11:40 Windows Update
28-09-2016 11:05:23 Windows Update
03-10-2016 20:52:05 Windows Update
07-10-2016 09:12:28 Windows Update
20-10-2016 22:18:13 Windows Update
21-10-2016 06:45:34 Windows Update
25-10-2016 07:45:21 Windows Modules Installer
25-10-2016 09:52:45 Windows Update
26-10-2016 13:52:31 JRT Pre-Junkware Removal
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 22:34 - 2016-10-27 13:24 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {00B649DC-7B88-49EC-872A-0413CF289B86} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.)
Task: {02B2C604-7729-496C-B060-7ECE19F253D7} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-08-18] (HP Inc.)
Task: {045A0317-4BB2-4A7F-87E1-C9B027E7CD30} - System32\Tasks\ioloSmartUpdater => C:\Program Files (x86)\iolo\System Mechanic\ioloSmartUpdater.exe [2016-09-16] (iolo technologies, LLC)
Task: {0CA0BFBC-5C97-4D16-A7BA-20EFAB618546} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {1A88C284-4C4C-41D4-A590-D08F5E41A940} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2016-08-31] ()
Task: {1C9F8177-E031-40FB-9880-24AF33874C14} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {1E8D5CDA-A73B-4199-92EF-85FDD8DE9638} - System32\Tasks\{EFE2E0DF-B8C1-4DB2-A853-0F63F1F15731} => pcalua.exe -a G:\InstallSeagateManager.exe -d G:\
Task: {2576F414-AAEE-4F93-AE94-9F988D810973} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {25C0417A-4F1A-461C-9425-ACE98ADF33B4} - System32\Tasks\HP AR Program Upload - a6e1f55f372343868e5b3e46b6bfe10cabb36aa454cc4005a5745b6869086c38 => C:\Program Files\HP\HP Photosmart 5520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {31386B15-D0D9-4DBA-884C-B8C472891040} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {36A84976-0E16-416E-A5DD-C9D967E03BE2} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2013-02-20] ()
Task: {3DF3D69C-DE41-4093-9BB6-5FBBC28CC17B} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-08-30] (Microsoft Corporation)
Task: {44051B2C-931B-4FD8-80C7-62FA73792788} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {475A4A2E-9852-4BF1-AD1D-B918258EC01F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {4C9B2CD6-D87B-43A7-8ADD-5E5C3DB62E84} - System32\Tasks\Annie Lee DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2014-09-17] (Seagate Technology LLC)
Task: {55C38A09-D05B-4C43-B1E1-B23C1D655612} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2014-09-17] (Seagate Technology LLC)
Task: {57FC4C23-B03C-454B-9A27-A9961AC89A70} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.)
Task: {585AEB12-A6CA-45E1-8488-9A818538C4C8} - System32\Tasks\Annie Lee1 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2014-09-17] (Seagate Technology LLC)
Task: {5CF0DD47-26AA-44BF-8EED-337747F1523D} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2016-03-20] (Microsoft Corporation)
Task: {80BC29CC-E004-402A-BD3F-FD124C9C50E1} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [2016-08-30] (Microsoft Corporation)
Task: {83EDC170-6349-463A-B74A-92082EA68C81} - System32\Tasks\HPCeeScheduleForAnnie Lee => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {89625C36-3820-4B82-B5D8-6696372671A7} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2016-03-20] (Microsoft Corporation)
Task: {8A2A321C-FD0A-4353-B451-E8EBEF8CE19F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.)
Task: {925A2AA8-6966-4575-BCAA-62CFA681941C} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => C:\Windows\system32\compattelrunner.exe [2016-03-25] (Microsoft Corporation)
Task: {93AF3862-BE7D-44FD-BEBF-4597D181E8BA} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {95BF789A-E1C8-4179-8F5D-0478CB2FB3E3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.)
Task: {9CE4D57D-87CE-4ED5-8AC3-F536AB876683} - System32\Tasks\ioloActiveCare => C:\Program Files (x86)\iolo\System Mechanic\SystemMechanic.exe [2016-09-16] (iolo technologies, LLC)
Task: {B11B9267-A275-4FC5-9A3B-ACF871D87EFB} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe [2010-06-25] (CyberLink)
Task: {B51C98DF-DCFA-41B9-B83A-57352DC7AFBE} - System32\Tasks\{D21898AE-FD32-4D29-9083-EB0F20E18FAA} => pcalua.exe -a "C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe" -d C:\Windows\system32
Task: {B63F8206-279F-4A10-A252-E90CF30D4722} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)
Task: {B6CF989A-78CF-4037-8754-2B59334C2BE8} - System32\Tasks\HPCustParticipation HP Photosmart 5520 series => C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {B71C92F0-534A-4637-96D7-D41176AB48FE} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-03] (AVAST Software)
Task: {C640475A-4E68-4B64-8771-28491728D962} - System32\Tasks\ioloToaster => C:\Program Files (x86)\iolo\System Mechanic\ioloToaster.exe [2016-09-16] (iolo technologies, LLC)
Task: {E873A0FA-D091-4459-BD30-65A9D12EE6F9} - System32\Tasks\Annie Lee1 Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2014-09-17] (Seagate Technology LLC)
Task: {FBEF9766-C02E-4365-8F27-0247ABCC38C2} - System32\Tasks\iolo Process Governor => C:\Program Files (x86)\iolo\System Mechanic\iologovernor64.exe [2016-09-16] (iolo technologies, LLC)
Task: {FF74CAD9-4864-49AC-A486-CB2E11B8813E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-26] (Adobe Systems Incorporated)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForAnnie Lee.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Anne Kofod
Posts: 43 +0
==================== Loaded Modules (Whitelisted) ==============
2010-01-20 19:20 - 2010-01-20 19:20 - 00611896 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2010-02-28 02:33 - 2010-02-28 02:33 - 00077664 _____ () C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
2010-01-19 02:53 - 2010-01-19 02:53 - 00124560 _____ () c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\PSPContextMenu64.dll
2016-10-26 15:03 - 2016-10-26 22:18 - 19637440 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_205.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Annie Lee\Documents\Annie Walker.avi:TOC.WMV
AlternateDataStreams: C:\Users\Annie Lee\Documents\E-card 1.avi:TOC.WMV
AlternateDataStreams: C:\Users\Annie Lee\Documents\E-card 10.avi:TOC.WMV
AlternateDataStreams: C:\Users\Annie Lee\Documents\E-card 11.avi:TOC.WMV
AlternateDataStreams: C:\Users\Annie Lee\Documents\E-card 12.avi:TOC.WMV
AlternateDataStreams: C:\Users\Annie Lee\Documents\E-card 13.avi:TOC.WMV
AlternateDataStreams: C:\Users\Annie Lee\Documents\E-card 14.avi:TOC.WMV
AlternateDataStreams: C:\Users\Annie Lee\Documents\E-card 15.avi:TOC.WMV
AlternateDataStreams: C:\Users\Annie Lee\Documents\E-card 2.avi:TOC.WMV
AlternateDataStreams: C:\Users\Annie Lee\Documents\E-card 3.avi:TOC.WMV
AlternateDataStreams: C:\Users\Annie Lee\Documents\E-card 4.avi:TOC.WMV
AlternateDataStreams: C:\Users\Annie Lee\Documents\E-card 5.avi:TOC.WMV
AlternateDataStreams: C:\Users\Annie Lee\Documents\E-card 6.avi:TOC.WMV
AlternateDataStreams: C:\Users\Annie Lee\Documents\E-card 7.avi:TOC.WMV
AlternateDataStreams: C:\Users\Annie Lee\Documents\E-card 8.avi:TOC.WMV
AlternateDataStreams: C:\Users\Annie Lee\Documents\E-card 9.avi:TOC.WMV
AlternateDataStreams: C:\Users\Annie Lee\Documents\E-card.avi:TOC.WMV
AlternateDataStreams: C:\Users\Annie Lee\Documents\Tanya Thanks.avi:TOC.WMV
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DpHost => ""="Service"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2899254803-3239824921-2955042760-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Annie Lee\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.254.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Forget Me Not.lnk => C:\Windows\pss\Forget Me Not.lnk.CommonStartup
MSCONFIG\startupreg: DBAgent => "C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe" /WinStart
MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
MSCONFIG\startupreg: VerizonCloud => C:\Program Files\Verizon\Verizon Cloud\VerizonCloud.exe
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{C70A8F1B-6255-436F-A34D-386D68C70B1E}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{956D37A3-C816-4092-B512-5EAC6787657C}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{C492717A-5C9A-4D2C-A4A3-BA8684AB2CB1}] => (Allow) svchost.exe
FirewallRules: [{BA868B56-6F8B-4C06-8C7A-D364E688304A}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{E9406A49-894F-4548-B161-BD58D5CD3EF6}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR8.EXE
FirewallRules: [{D10D95B4-2608-4E26-955D-943E9567994D}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe
FirewallRules: [{DBCE8E7A-EFF1-4707-AB76-7F46BFA79EB5}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe
FirewallRules: [{ABBE0784-97D8-4930-AD37-BCA1EB277FDE}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe
FirewallRules: [{9A1FBB7D-F554-49ED-8BDF-9F2B89B3E79B}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe
FirewallRules: [{24AA8D61-A521-4A30-B884-656D0005B405}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{38D35CBB-A72E-4079-A69C-819F16E6B648}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
FirewallRules: [{01F902E4-13C6-48B8-AD25-13B48771CC1A}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Video\HPMediaSmartVideo.exe
FirewallRules: [{05C36025-79B5-42D3-8136-BE3A8F71463F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Photo\HPMediaSmartPhoto.exe
FirewallRules: [{1A115508-7489-4EA2-894C-D89778F66BB0}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Music\HPTouchSmartMusic.exe
FirewallRules: [{43FB7325-4D71-4181-BEA7-24717D3F6E83}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\CinemaNow\CinemaNow.exe
FirewallRules: [{1339D4B3-C814-4A90-99A5-07DF8D307067}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\CinemaNow\CinemaNow.exe
FirewallRules: [{BF11FB17-9348-4196-BABB-EC579A1249F2}] => (Allow) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe
FirewallRules: [{FBDB488B-EA21-45EC-AEB8-E11B7142B351}] => (Allow) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe
FirewallRules: [{0FFA21BB-8412-4766-8D10-C27196C02B98}] => (Allow) C:\Program Files\HP\HP Photosmart 5520 series\Bin\DeviceSetup.exe
FirewallRules: [{94C21FB3-57B2-4BCB-B5CA-14EFBD5CF639}] => (Allow) C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{52EC9F2E-E9AA-4101-8FB5-C042EE591AC6}] => (Allow) C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [TCP Query User{7C03FDDB-1CD4-40AB-AB72-998B12A668AC}C:\program files\verizon cloud\verizon.exe] => (Allow) C:\program files\verizon cloud\verizon.exe
FirewallRules: [UDP Query User{F2BD0414-BEDB-4FE8-9095-1885FE1F90A1}C:\program files\verizon cloud\verizon.exe] => (Allow) C:\program files\verizon cloud\verizon.exe
FirewallRules: [TCP Query User{8C94E785-12A3-431E-A82C-0E60258627A8}C:\program files\verizon cloud\verizon cloud service.exe] => (Allow) C:\program files\verizon cloud\verizon cloud service.exe
FirewallRules: [UDP Query User{53925B2E-9653-426D-9E81-CA34267140BB}C:\program files\verizon cloud\verizon cloud service.exe] => (Allow) C:\program files\verizon cloud\verizon cloud service.exe
FirewallRules: [TCP Query User{2FD0B2F3-E57C-4D1E-816D-5EF2B10FF829}C:\program files (x86)\skygolf\caddiesync express\caddiesyncexpress.exe] => (Allow) C:\program files (x86)\skygolf\caddiesync express\caddiesyncexpress.exe
FirewallRules: [UDP Query User{81E482E9-E9E5-4F92-BB5F-60285D746896}C:\program files (x86)\skygolf\caddiesync express\caddiesyncexpress.exe] => (Allow) C:\program files (x86)\skygolf\caddiesync express\caddiesyncexpress.exe
FirewallRules: [{6F495731-76EB-4A16-AF2E-270BF15A953B}] => (Block) C:\program files (x86)\skygolf\caddiesync express\caddiesyncexpress.exe
FirewallRules: [{535130A4-FF02-4BB3-81F3-639C41D2A721}] => (Block) C:\program files (x86)\skygolf\caddiesync express\caddiesyncexpress.exe
FirewallRules: [TCP Query User{B5251C47-691A-4951-A5CF-84BA442B50B4}C:\program files\verizon cloud\verizon cloud service.exe] => (Block) C:\program files\verizon cloud\verizon cloud service.exe
FirewallRules: [UDP Query User{5FFEEA7D-BB59-4418-AD35-4572E467304C}C:\program files\verizon cloud\verizon cloud service.exe] => (Block) C:\program files\verizon cloud\verizon cloud service.exe
FirewallRules: [{2262AB93-8669-4416-947C-B49BC8DA0DF0}] => (Allow) C:\Users\Annie Lee\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{184B76AD-8C71-42DA-829C-ED1A2D68EB1D}] => (Allow) C:\Users\Annie Lee\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{2972F64F-0605-4D62-A6C0-D34C7AD43F35}] => (Allow) LPort=8888
FirewallRules: [TCP Query User{8447185E-7CA5-49D2-B9EC-C9FFD5BC7052}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [UDP Query User{1D2B96DF-87B4-46F1-B4CA-3197DA003193}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [{E8CBC82B-A8D7-4874-B94A-14F4ADD19CD1}] => (Allow) LPort=8888
FirewallRules: [{823CA12A-2DD1-4F14-A2B9-4850C379B351}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3E334AC9-BBF5-4A70-97B6-19FF04020C29}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{59AB761F-0607-4463-B3FF-85BDE9F50236}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{726B7157-5B85-4E4F-AB6B-2E32CB56708E}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{1F539854-2028-443A-A292-C3304FC9CD97}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{AEE54630-9ED9-4321-AD62-874140D7E3BA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{31EA8F9F-1507-4345-B4F3-FC1D976E7782}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A5A848D3-7C00-43F6-8DA5-AD981B225FDB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{45ECA376-40E2-44A5-9409-F8E1A21CA14D}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{613A5B42-EC8C-4075-B753-CA954125B237}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FC0790DF-AA19-4AA9-82B9-0A4C427DDD38}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{DC231899-3E4F-4DD3-9ADF-464A737B8DE2}C:\program files (x86)\hewlett-packard\hp support solutions\modules\hpdevicedetection3.exe] => (Allow) C:\program files (x86)\hewlett-packard\hp support solutions\modules\hpdevicedetection3.exe
FirewallRules: [UDP Query User{8AA91B7F-E990-4D50-9B52-78DF9F0245C9}C:\program files (x86)\hewlett-packard\hp support solutions\modules\hpdevicedetection3.exe] => (Allow) C:\program files (x86)\hewlett-packard\hp support solutions\modules\hpdevicedetection3.exe
FirewallRules: [{95B2CECD-3153-4011-A22D-AEDB05F9320E}] => (Allow) C:\Program Files (x86)\Adobe\Acrobat.com\Acrobat.com.exe
FirewallRules: [{00D39A77-90D3-4934-878C-6DB591A9CBC6}] => (Allow) C:\Program Files (x86)\Adobe\Acrobat.com\Acrobat.com.exe
FirewallRules: [{32703C21-3E2C-4C1F-9FEF-26898E5B0443}] => (Allow) C:\Program Files (x86)\Adobe\Acrobat.com\Acrobat.com.exe
FirewallRules: [{7AB78B71-F016-4F83-984C-6FE55B6A3297}] => (Allow) C:\Program Files (x86)\Adobe\Acrobat.com\Acrobat.com.exe
FirewallRules: [{29B71756-DE34-4564-BBFB-B4C817BB4209}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Faulty Device Manager Devices =============
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (10/27/2016 06:01:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7488
Error: (10/27/2016 06:01:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7488
Error: (10/27/2016 06:01:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (10/27/2016 06:01:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6396
Error: (10/27/2016 06:01:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6396
Error: (10/27/2016 06:01:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (10/27/2016 06:01:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5382
Error: (10/27/2016 06:01:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5382
Error: (10/27/2016 06:01:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (10/27/2016 06:01:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4368
System errors:
=============
Error: (10/27/2016 05:19:09 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Error: (10/27/2016 01:24:53 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (10/27/2016 01:23:43 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
Error: (10/27/2016 01:17:22 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (10/26/2016 10:18:01 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
Module Path: C:\Windows\System32\bcmihvsrv64.dll
Error: (10/26/2016 10:18:01 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
Module Path: C:\Windows\System32\bcmihvsrv64.dll
Error: (10/26/2016 10:17:56 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
Module Path: C:\Windows\System32\bcmihvsrv64.dll
Error: (10/26/2016 10:17:16 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056
Error: (10/26/2016 10:16:47 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Application Virtualization Client service terminated unexpectedly. It has done this 1 time(s).
Error: (10/26/2016 10:16:47 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
CodeIntegrity:
===================================
Date: 2016-10-27 13:23:43.218
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-10-27 13:23:42.797
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: AMD Phenom(tm) II N640 Dual-Core Processor
Percentage of memory in use: 50%
Total physical RAM: 5882.9 MB
Available physical RAM: 2886.11 MB
Total Virtual: 11763.99 MB
Available Virtual: 8486.3 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:677.05 GB) (Free:575.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:21.29 GB) (Free:3.1 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 2FA17596)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=677 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=21.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)
==================== End of Addition.txt ============================
Still a lot of info here but the scan went sooooo much faster.
2010-01-20 19:20 - 2010-01-20 19:20 - 00611896 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2010-02-28 02:33 - 2010-02-28 02:33 - 00077664 _____ () C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
2010-01-19 02:53 - 2010-01-19 02:53 - 00124560 _____ () c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\PSPContextMenu64.dll
2016-10-26 15:03 - 2016-10-26 22:18 - 19637440 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_205.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Annie Lee\Documents\Annie Walker.avi:TOC.WMV
AlternateDataStreams: C:\Users\Annie Lee\Documents\E-card 1.avi:TOC.WMV
AlternateDataStreams: C:\Users\Annie Lee\Documents\E-card 10.avi:TOC.WMV
AlternateDataStreams: C:\Users\Annie Lee\Documents\E-card 11.avi:TOC.WMV
AlternateDataStreams: C:\Users\Annie Lee\Documents\E-card 12.avi:TOC.WMV
AlternateDataStreams: C:\Users\Annie Lee\Documents\E-card 13.avi:TOC.WMV
AlternateDataStreams: C:\Users\Annie Lee\Documents\E-card 14.avi:TOC.WMV
AlternateDataStreams: C:\Users\Annie Lee\Documents\E-card 15.avi:TOC.WMV
AlternateDataStreams: C:\Users\Annie Lee\Documents\E-card 2.avi:TOC.WMV
AlternateDataStreams: C:\Users\Annie Lee\Documents\E-card 3.avi:TOC.WMV
AlternateDataStreams: C:\Users\Annie Lee\Documents\E-card 4.avi:TOC.WMV
AlternateDataStreams: C:\Users\Annie Lee\Documents\E-card 5.avi:TOC.WMV
AlternateDataStreams: C:\Users\Annie Lee\Documents\E-card 6.avi:TOC.WMV
AlternateDataStreams: C:\Users\Annie Lee\Documents\E-card 7.avi:TOC.WMV
AlternateDataStreams: C:\Users\Annie Lee\Documents\E-card 8.avi:TOC.WMV
AlternateDataStreams: C:\Users\Annie Lee\Documents\E-card 9.avi:TOC.WMV
AlternateDataStreams: C:\Users\Annie Lee\Documents\E-card.avi:TOC.WMV
AlternateDataStreams: C:\Users\Annie Lee\Documents\Tanya Thanks.avi:TOC.WMV
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DpHost => ""="Service"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2899254803-3239824921-2955042760-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Annie Lee\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.254.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Forget Me Not.lnk => C:\Windows\pss\Forget Me Not.lnk.CommonStartup
MSCONFIG\startupreg: DBAgent => "C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe" /WinStart
MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
MSCONFIG\startupreg: VerizonCloud => C:\Program Files\Verizon\Verizon Cloud\VerizonCloud.exe
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{C70A8F1B-6255-436F-A34D-386D68C70B1E}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{956D37A3-C816-4092-B512-5EAC6787657C}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{C492717A-5C9A-4D2C-A4A3-BA8684AB2CB1}] => (Allow) svchost.exe
FirewallRules: [{BA868B56-6F8B-4C06-8C7A-D364E688304A}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{E9406A49-894F-4548-B161-BD58D5CD3EF6}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR8.EXE
FirewallRules: [{D10D95B4-2608-4E26-955D-943E9567994D}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe
FirewallRules: [{DBCE8E7A-EFF1-4707-AB76-7F46BFA79EB5}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe
FirewallRules: [{ABBE0784-97D8-4930-AD37-BCA1EB277FDE}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe
FirewallRules: [{9A1FBB7D-F554-49ED-8BDF-9F2B89B3E79B}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe
FirewallRules: [{24AA8D61-A521-4A30-B884-656D0005B405}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{38D35CBB-A72E-4079-A69C-819F16E6B648}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
FirewallRules: [{01F902E4-13C6-48B8-AD25-13B48771CC1A}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Video\HPMediaSmartVideo.exe
FirewallRules: [{05C36025-79B5-42D3-8136-BE3A8F71463F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Photo\HPMediaSmartPhoto.exe
FirewallRules: [{1A115508-7489-4EA2-894C-D89778F66BB0}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Music\HPTouchSmartMusic.exe
FirewallRules: [{43FB7325-4D71-4181-BEA7-24717D3F6E83}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\CinemaNow\CinemaNow.exe
FirewallRules: [{1339D4B3-C814-4A90-99A5-07DF8D307067}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\CinemaNow\CinemaNow.exe
FirewallRules: [{BF11FB17-9348-4196-BABB-EC579A1249F2}] => (Allow) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe
FirewallRules: [{FBDB488B-EA21-45EC-AEB8-E11B7142B351}] => (Allow) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe
FirewallRules: [{0FFA21BB-8412-4766-8D10-C27196C02B98}] => (Allow) C:\Program Files\HP\HP Photosmart 5520 series\Bin\DeviceSetup.exe
FirewallRules: [{94C21FB3-57B2-4BCB-B5CA-14EFBD5CF639}] => (Allow) C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{52EC9F2E-E9AA-4101-8FB5-C042EE591AC6}] => (Allow) C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [TCP Query User{7C03FDDB-1CD4-40AB-AB72-998B12A668AC}C:\program files\verizon cloud\verizon.exe] => (Allow) C:\program files\verizon cloud\verizon.exe
FirewallRules: [UDP Query User{F2BD0414-BEDB-4FE8-9095-1885FE1F90A1}C:\program files\verizon cloud\verizon.exe] => (Allow) C:\program files\verizon cloud\verizon.exe
FirewallRules: [TCP Query User{8C94E785-12A3-431E-A82C-0E60258627A8}C:\program files\verizon cloud\verizon cloud service.exe] => (Allow) C:\program files\verizon cloud\verizon cloud service.exe
FirewallRules: [UDP Query User{53925B2E-9653-426D-9E81-CA34267140BB}C:\program files\verizon cloud\verizon cloud service.exe] => (Allow) C:\program files\verizon cloud\verizon cloud service.exe
FirewallRules: [TCP Query User{2FD0B2F3-E57C-4D1E-816D-5EF2B10FF829}C:\program files (x86)\skygolf\caddiesync express\caddiesyncexpress.exe] => (Allow) C:\program files (x86)\skygolf\caddiesync express\caddiesyncexpress.exe
FirewallRules: [UDP Query User{81E482E9-E9E5-4F92-BB5F-60285D746896}C:\program files (x86)\skygolf\caddiesync express\caddiesyncexpress.exe] => (Allow) C:\program files (x86)\skygolf\caddiesync express\caddiesyncexpress.exe
FirewallRules: [{6F495731-76EB-4A16-AF2E-270BF15A953B}] => (Block) C:\program files (x86)\skygolf\caddiesync express\caddiesyncexpress.exe
FirewallRules: [{535130A4-FF02-4BB3-81F3-639C41D2A721}] => (Block) C:\program files (x86)\skygolf\caddiesync express\caddiesyncexpress.exe
FirewallRules: [TCP Query User{B5251C47-691A-4951-A5CF-84BA442B50B4}C:\program files\verizon cloud\verizon cloud service.exe] => (Block) C:\program files\verizon cloud\verizon cloud service.exe
FirewallRules: [UDP Query User{5FFEEA7D-BB59-4418-AD35-4572E467304C}C:\program files\verizon cloud\verizon cloud service.exe] => (Block) C:\program files\verizon cloud\verizon cloud service.exe
FirewallRules: [{2262AB93-8669-4416-947C-B49BC8DA0DF0}] => (Allow) C:\Users\Annie Lee\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{184B76AD-8C71-42DA-829C-ED1A2D68EB1D}] => (Allow) C:\Users\Annie Lee\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{2972F64F-0605-4D62-A6C0-D34C7AD43F35}] => (Allow) LPort=8888
FirewallRules: [TCP Query User{8447185E-7CA5-49D2-B9EC-C9FFD5BC7052}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [UDP Query User{1D2B96DF-87B4-46F1-B4CA-3197DA003193}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [{E8CBC82B-A8D7-4874-B94A-14F4ADD19CD1}] => (Allow) LPort=8888
FirewallRules: [{823CA12A-2DD1-4F14-A2B9-4850C379B351}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3E334AC9-BBF5-4A70-97B6-19FF04020C29}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{59AB761F-0607-4463-B3FF-85BDE9F50236}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{726B7157-5B85-4E4F-AB6B-2E32CB56708E}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{1F539854-2028-443A-A292-C3304FC9CD97}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{AEE54630-9ED9-4321-AD62-874140D7E3BA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{31EA8F9F-1507-4345-B4F3-FC1D976E7782}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A5A848D3-7C00-43F6-8DA5-AD981B225FDB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{45ECA376-40E2-44A5-9409-F8E1A21CA14D}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{613A5B42-EC8C-4075-B753-CA954125B237}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FC0790DF-AA19-4AA9-82B9-0A4C427DDD38}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{DC231899-3E4F-4DD3-9ADF-464A737B8DE2}C:\program files (x86)\hewlett-packard\hp support solutions\modules\hpdevicedetection3.exe] => (Allow) C:\program files (x86)\hewlett-packard\hp support solutions\modules\hpdevicedetection3.exe
FirewallRules: [UDP Query User{8AA91B7F-E990-4D50-9B52-78DF9F0245C9}C:\program files (x86)\hewlett-packard\hp support solutions\modules\hpdevicedetection3.exe] => (Allow) C:\program files (x86)\hewlett-packard\hp support solutions\modules\hpdevicedetection3.exe
FirewallRules: [{95B2CECD-3153-4011-A22D-AEDB05F9320E}] => (Allow) C:\Program Files (x86)\Adobe\Acrobat.com\Acrobat.com.exe
FirewallRules: [{00D39A77-90D3-4934-878C-6DB591A9CBC6}] => (Allow) C:\Program Files (x86)\Adobe\Acrobat.com\Acrobat.com.exe
FirewallRules: [{32703C21-3E2C-4C1F-9FEF-26898E5B0443}] => (Allow) C:\Program Files (x86)\Adobe\Acrobat.com\Acrobat.com.exe
FirewallRules: [{7AB78B71-F016-4F83-984C-6FE55B6A3297}] => (Allow) C:\Program Files (x86)\Adobe\Acrobat.com\Acrobat.com.exe
FirewallRules: [{29B71756-DE34-4564-BBFB-B4C817BB4209}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Faulty Device Manager Devices =============
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (10/27/2016 06:01:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7488
Error: (10/27/2016 06:01:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7488
Error: (10/27/2016 06:01:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (10/27/2016 06:01:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6396
Error: (10/27/2016 06:01:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6396
Error: (10/27/2016 06:01:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (10/27/2016 06:01:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5382
Error: (10/27/2016 06:01:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5382
Error: (10/27/2016 06:01:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (10/27/2016 06:01:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4368
System errors:
=============
Error: (10/27/2016 05:19:09 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Error: (10/27/2016 01:24:53 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (10/27/2016 01:23:43 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
Error: (10/27/2016 01:17:22 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Error: (10/26/2016 10:18:01 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
Module Path: C:\Windows\System32\bcmihvsrv64.dll
Error: (10/26/2016 10:18:01 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
Module Path: C:\Windows\System32\bcmihvsrv64.dll
Error: (10/26/2016 10:17:56 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
Module Path: C:\Windows\System32\bcmihvsrv64.dll
Error: (10/26/2016 10:17:16 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056
Error: (10/26/2016 10:16:47 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Application Virtualization Client service terminated unexpectedly. It has done this 1 time(s).
Error: (10/26/2016 10:16:47 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
CodeIntegrity:
===================================
Date: 2016-10-27 13:23:43.218
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-10-27 13:23:42.797
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: AMD Phenom(tm) II N640 Dual-Core Processor
Percentage of memory in use: 50%
Total physical RAM: 5882.9 MB
Available physical RAM: 2886.11 MB
Total Virtual: 11763.99 MB
Available Virtual: 8486.3 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:677.05 GB) (Free:575.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:21.29 GB) (Free:3.1 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 2FA17596)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=677 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=21.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)
==================== End of Addition.txt ============================
Still a lot of info here but the scan went sooooo much faster.
Broni
Posts: 56,041 +516
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
Anne Kofod
Posts: 43 +0
So I need to rerun FRST then press Fix button?
Anne Kofod
Posts: 43 +0
Wait am I supposed to download the fixlist.txt. The text files from the FRST64 scan are in an open window. There's no icon on my desktop for them. I'm confused
Anne Kofod
Posts: 43 +0
Okay so now I have another Notepad window open that is fixlist.
Should I rerun FRST64 again and press fix button once?
Should I rerun FRST64 again and press fix button once?
Anne Kofod
Posts: 43 +0
Do I need to save the new FRST.txt file and the fixlist.txt file or are having open windows enough? Sorry I'm getting confused.
Anne Kofod
Posts: 43 +0
Okay I think I have it, I have saved my most recent FRST.txt and the fixlist.txt to my desktop and have icons for them on my desktop. Do I rerun the scan now?
Anne Kofod
Posts: 43 +0
Fix result of Farbar Recovery Scan Tool (x64) Version:04-10-2015
Ran by Annie Lee (2016-10-27 22:30:12) Run:1
Running from C:\Users\Annie Lee\Desktop
Loaded Profiles: Annie Lee (Available Profiles: Annie Lee)
Boot Mode: Normal
==============================================
fixlist content:
*****************
HKLM-x32\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2899254803-3239824921-2955042760-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO: No Name -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
U3 catchme; \??\C:\ComboFix\catchme.sys [X]
U2 TMAgent; no ImagePath
2014-07-10 17:57 - 2014-07-10 17:57 - 0003584 _____ () C:\Users\Annie Lee\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-08-22 07:26 - 2016-08-22 07:26 - 0000036 _____ () C:\Users\Annie Lee\AppData\Local\housecall.guid.cache
2016-10-27 11:06 - 2016-10-27 11:06 - 0007597 _____ () C:\Users\Annie Lee\AppData\Local\Resmon.ResmonCfg
2013-09-17 19:49 - 2013-09-17 19:49 - 0000057 _____ () C:\ProgramData\Ament.ini
2016-05-03 10:47 - 2016-05-03 10:53 - 0000304 _____ () C:\ProgramData\hpzinstall.log
2013-09-16 01:30 - 2013-09-16 01:30 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
2010-09-03 02:23 - 2010-09-03 02:23 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2013-09-16 01:30 - 2013-09-16 01:30 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
2010-09-03 02:18 - 2010-09-03 02:19 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2013-09-16 01:29 - 2013-09-16 01:29 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
2013-09-16 01:30 - 2013-09-16 01:30 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
2010-09-03 02:17 - 2010-09-03 02:18 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2010-09-03 02:19 - 2010-09-03 02:23 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2013-09-16 01:30 - 2013-09-16 01:31 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
AlternateDataStreams: C:\Users\Annie Lee\Documents\Annie Walker.avi:TOC.WMV
AlternateDataStreams: C:\Users\Annie Lee\Documents\E-card 1.avi:TOC.WMV
AlternateDataStreams: C:\Users\Annie Lee\Documents\E-card 10.avi:TOC.WMV
AlternateDataStreams: C:\Users\Annie Lee\Documents\E-card 11.avi:TOC.WMV
AlternateDataStreams: C:\Users\Annie Lee\Documents\E-card 12.avi:TOC.WMV
AlternateDataStreams: C:\Users\Annie Lee\Documents\E-card 13.avi:TOC.WMV
AlternateDataStreams: C:\Users\Annie Lee\Documents\E-card 14.avi:TOC.WMV
AlternateDataStreams: C:\Users\Annie Lee\Documents\E-card 15.avi:TOC.WMV
AlternateDataStreams: C:\Users\Annie Lee\Documents\E-card 2.avi:TOC.WMV
AlternateDataStreams: C:\Users\Annie Lee\Documents\E-card 3.avi:TOC.WMV
AlternateDataStreams: C:\Users\Annie Lee\Documents\E-card 4.avi:TOC.WMV
AlternateDataStreams: C:\Users\Annie Lee\Documents\E-card 5.avi:TOC.WMV
AlternateDataStreams: C:\Users\Annie Lee\Documents\E-card 6.avi:TOC.WMV
AlternateDataStreams: C:\Users\Annie Lee\Documents\E-card 7.avi:TOC.WMV
AlternateDataStreams: C:\Users\Annie Lee\Documents\E-card 8.avi:TOC.WMV
AlternateDataStreams: C:\Users\Annie Lee\Documents\E-card 9.avi:TOC.WMV
AlternateDataStreams: C:\Users\Annie Lee\Documents\E-card.avi:TOC.WMV
AlternateDataStreams: C:\Users\Annie Lee\Documents\Tanya Thanks.avi:TOC.WMV
*****************
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-2899254803-3239824921-2955042760-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}" => key removed successfully
HKCR\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}" => key removed successfully
HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => key not found.
catchme => service removed successfully
TMAgent => service removed successfully
C:\Users\Annie Lee\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
C:\Users\Annie Lee\AppData\Local\housecall.guid.cache => moved successfully
C:\Users\Annie Lee\AppData\Local\Resmon.ResmonCfg => moved successfully
C:\ProgramData\Ament.ini => moved successfully
C:\ProgramData\hpzinstall.log => moved successfully
C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log => moved successfully
C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log => moved successfully
C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log => moved successfully
C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log => moved successfully
C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log => moved successfully
C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log => moved successfully
C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log => moved successfully
C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log => moved successfully
C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log => moved successfully
C:\Users\Annie Lee\Documents\Annie Walker.avi => ":TOC.WMV" ADS removed successfully.
C:\Users\Annie Lee\Documents\E-card 1.avi => ":TOC.WMV" ADS removed successfully.
C:\Users\Annie Lee\Documents\E-card 10.avi => ":TOC.WMV" ADS removed successfully.
C:\Users\Annie Lee\Documents\E-card 11.avi => ":TOC.WMV" ADS removed successfully.
C:\Users\Annie Lee\Documents\E-card 12.avi => ":TOC.WMV" ADS removed successfully.
C:\Users\Annie Lee\Documents\E-card 13.avi => ":TOC.WMV" ADS removed successfully.
C:\Users\Annie Lee\Documents\E-card 14.avi => ":TOC.WMV" ADS removed successfully.
C:\Users\Annie Lee\Documents\E-card 15.avi => ":TOC.WMV" ADS removed successfully.
C:\Users\Annie Lee\Documents\E-card 2.avi => ":TOC.WMV" ADS removed successfully.
C:\Users\Annie Lee\Documents\E-card 3.avi => ":TOC.WMV" ADS removed successfully.
C:\Users\Annie Lee\Documents\E-card 4.avi => ":TOC.WMV" ADS removed successfully.
C:\Users\Annie Lee\Documents\E-card 5.avi => ":TOC.WMV" ADS removed successfully.
C:\Users\Annie Lee\Documents\E-card 6.avi => ":TOC.WMV" ADS removed successfully.
C:\Users\Annie Lee\Documents\E-card 7.avi => ":TOC.WMV" ADS removed successfully.
C:\Users\Annie Lee\Documents\E-card 8.avi => ":TOC.WMV" ADS removed successfully.
C:\Users\Annie Lee\Documents\E-card 9.avi => ":TOC.WMV" ADS removed successfully.
C:\Users\Annie Lee\Documents\E-card.avi => ":TOC.WMV" ADS removed successfully.
C:\Users\Annie Lee\Documents\Tanya Thanks.avi => ":TOC.WMV" ADS removed successfully.
==== End of Fixlog 22:30:13 ====
Ran by Annie Lee (2016-10-27 22:30:12) Run:1
Running from C:\Users\Annie Lee\Desktop
Loaded Profiles: Annie Lee (Available Profiles: Annie Lee)
Boot Mode: Normal
==============================================
fixlist content:
*****************
HKLM-x32\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2899254803-3239824921-2955042760-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO: No Name -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
U3 catchme; \??\C:\ComboFix\catchme.sys [X]
U2 TMAgent; no ImagePath
2014-07-10 17:57 - 2014-07-10 17:57 - 0003584 _____ () C:\Users\Annie Lee\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-08-22 07:26 - 2016-08-22 07:26 - 0000036 _____ () C:\Users\Annie Lee\AppData\Local\housecall.guid.cache
2016-10-27 11:06 - 2016-10-27 11:06 - 0007597 _____ () C:\Users\Annie Lee\AppData\Local\Resmon.ResmonCfg
2013-09-17 19:49 - 2013-09-17 19:49 - 0000057 _____ () C:\ProgramData\Ament.ini
2016-05-03 10:47 - 2016-05-03 10:53 - 0000304 _____ () C:\ProgramData\hpzinstall.log
2013-09-16 01:30 - 2013-09-16 01:30 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
2010-09-03 02:23 - 2010-09-03 02:23 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2013-09-16 01:30 - 2013-09-16 01:30 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
2010-09-03 02:18 - 2010-09-03 02:19 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2013-09-16 01:29 - 2013-09-16 01:29 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
2013-09-16 01:30 - 2013-09-16 01:30 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
2010-09-03 02:17 - 2010-09-03 02:18 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2010-09-03 02:19 - 2010-09-03 02:23 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2013-09-16 01:30 - 2013-09-16 01:31 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
AlternateDataStreams: C:\Users\Annie Lee\Documents\Annie Walker.avi:TOC.WMV
AlternateDataStreams: C:\Users\Annie Lee\Documents\E-card 1.avi:TOC.WMV
AlternateDataStreams: C:\Users\Annie Lee\Documents\E-card 10.avi:TOC.WMV
AlternateDataStreams: C:\Users\Annie Lee\Documents\E-card 11.avi:TOC.WMV
AlternateDataStreams: C:\Users\Annie Lee\Documents\E-card 12.avi:TOC.WMV
AlternateDataStreams: C:\Users\Annie Lee\Documents\E-card 13.avi:TOC.WMV
AlternateDataStreams: C:\Users\Annie Lee\Documents\E-card 14.avi:TOC.WMV
AlternateDataStreams: C:\Users\Annie Lee\Documents\E-card 15.avi:TOC.WMV
AlternateDataStreams: C:\Users\Annie Lee\Documents\E-card 2.avi:TOC.WMV
AlternateDataStreams: C:\Users\Annie Lee\Documents\E-card 3.avi:TOC.WMV
AlternateDataStreams: C:\Users\Annie Lee\Documents\E-card 4.avi:TOC.WMV
AlternateDataStreams: C:\Users\Annie Lee\Documents\E-card 5.avi:TOC.WMV
AlternateDataStreams: C:\Users\Annie Lee\Documents\E-card 6.avi:TOC.WMV
AlternateDataStreams: C:\Users\Annie Lee\Documents\E-card 7.avi:TOC.WMV
AlternateDataStreams: C:\Users\Annie Lee\Documents\E-card 8.avi:TOC.WMV
AlternateDataStreams: C:\Users\Annie Lee\Documents\E-card 9.avi:TOC.WMV
AlternateDataStreams: C:\Users\Annie Lee\Documents\E-card.avi:TOC.WMV
AlternateDataStreams: C:\Users\Annie Lee\Documents\Tanya Thanks.avi:TOC.WMV
*****************
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-2899254803-3239824921-2955042760-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}" => key removed successfully
HKCR\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}" => key removed successfully
HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => key not found.
catchme => service removed successfully
TMAgent => service removed successfully
C:\Users\Annie Lee\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
C:\Users\Annie Lee\AppData\Local\housecall.guid.cache => moved successfully
C:\Users\Annie Lee\AppData\Local\Resmon.ResmonCfg => moved successfully
C:\ProgramData\Ament.ini => moved successfully
C:\ProgramData\hpzinstall.log => moved successfully
C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log => moved successfully
C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log => moved successfully
C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log => moved successfully
C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log => moved successfully
C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log => moved successfully
C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log => moved successfully
C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log => moved successfully
C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log => moved successfully
C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log => moved successfully
C:\Users\Annie Lee\Documents\Annie Walker.avi => ":TOC.WMV" ADS removed successfully.
C:\Users\Annie Lee\Documents\E-card 1.avi => ":TOC.WMV" ADS removed successfully.
C:\Users\Annie Lee\Documents\E-card 10.avi => ":TOC.WMV" ADS removed successfully.
C:\Users\Annie Lee\Documents\E-card 11.avi => ":TOC.WMV" ADS removed successfully.
C:\Users\Annie Lee\Documents\E-card 12.avi => ":TOC.WMV" ADS removed successfully.
C:\Users\Annie Lee\Documents\E-card 13.avi => ":TOC.WMV" ADS removed successfully.
C:\Users\Annie Lee\Documents\E-card 14.avi => ":TOC.WMV" ADS removed successfully.
C:\Users\Annie Lee\Documents\E-card 15.avi => ":TOC.WMV" ADS removed successfully.
C:\Users\Annie Lee\Documents\E-card 2.avi => ":TOC.WMV" ADS removed successfully.
C:\Users\Annie Lee\Documents\E-card 3.avi => ":TOC.WMV" ADS removed successfully.
C:\Users\Annie Lee\Documents\E-card 4.avi => ":TOC.WMV" ADS removed successfully.
C:\Users\Annie Lee\Documents\E-card 5.avi => ":TOC.WMV" ADS removed successfully.
C:\Users\Annie Lee\Documents\E-card 6.avi => ":TOC.WMV" ADS removed successfully.
C:\Users\Annie Lee\Documents\E-card 7.avi => ":TOC.WMV" ADS removed successfully.
C:\Users\Annie Lee\Documents\E-card 8.avi => ":TOC.WMV" ADS removed successfully.
C:\Users\Annie Lee\Documents\E-card 9.avi => ":TOC.WMV" ADS removed successfully.
C:\Users\Annie Lee\Documents\E-card.avi => ":TOC.WMV" ADS removed successfully.
C:\Users\Annie Lee\Documents\Tanya Thanks.avi => ":TOC.WMV" ADS removed successfully.
==== End of Fixlog 22:30:13 ====
Anne Kofod
Posts: 43 +0
Sorry I think I screwed it up? I hit scan waited til itcompleted then hit fix! UGH
Broni
Posts: 56,041 +516
You did fine
Last scans...
Download Security Check from here or here and save it to your Desktop.
NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
Download Sophos Free Virus Removal Tool and save it to your desktop.
Last scans...
- Double-click SecurityCheck.exe
- Follow the onscreen instructions inside of the black box.
- A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run
Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
- Windows Defender
- Other Services
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
- Double click on TFC.exe to run the program.
- Click on Start button to begin cleaning process.
- TFC will close all running programs, and it may ask you to restart computer.
- Double click the icon and select Run
- Click Next
- Select I accept the terms in this license agreement, then click Next twice
- Click Install
- Click Finish to launch the program
- Once the virus database has been updated click Start Scanning
- If any threats are found click Details, then View log file... (bottom left hand corner)
- Copy and paste the results in your reply
- Close the Notepad document, close the Threat Details screen, then click Start cleanup
- Click Exit to close the program
Similar threads
Latest posts
-
New Affordable AMD B650 Motherboard Roundup- Loadedaxe replied
-
Sony's Ghost of Tsushima brings familiar PlayStation features to PC- WhiteLeaff replied
