Welcome to WindowsInstructed Forums

Welcome to the WindowsInstructed Forums

Sign-up for an account today to receive free malware removal help. Personal Windows help and much more. Or continue as a guest and ask any question you would like to ask us! Please do remember that being a member you get advantages like notifications of replies and faster replies from most members. Also members don't see ads ;) 

We hope to help you with your issues.

The WindowsInstructed Forums Staff

PatL

Members
  • Content count

    202
  • Joined

  • Last visited

About PatL

  • Rank
    Advanced Member

Recent Profile Visitors

1,191 profile views
  1. solved

    The only problem I had with the repair tool is it reactived my DNS cache which with a HUGE host file made the computer almost unbootable in normal mode. An that WMI service says stopped there but I looked into it an it says it's running and all that under services and you had said if it's not broken don't worry about it. I re-ran rkill in Safe Mode to see if it'd do the same thing and well, no. It ran perfectly fine which means it was either a glitch or as you guessed one of my programs caused that error. On the whole though I'm not too worried about at this point. Thanks again for the help and dealing with 'paranoia' regarding infections.
  2. solved

    Hey Kris, svchost.exe VT https://www.virustotal.com/en/file/121118a0f5e0e8c933efd28c9901e54e42792619a8a3a6d11e1f0025a7324bc2/analysis/1451704766/ lsm.exe VT https://www.virustotal.com/en/file/939903f93ff37525a6c4b5cba29cdeee6d6055c42d605e80ae787f2a76f9870e/analysis/1451704034/ lsass.exe VT https://www.virustotal.com/en/file/acf4095ee673afaf9fdde9e8efa191a4a72baa0371a3ad26925ea267e0e40e61/analysis/1451704284/ csrss.exe VT https://www.virustotal.com/en/file/f9112b88fec5ef10a7aedf88dcee61956d1fcde7cb42197216e8265578713786/analysis/1451704383/ services.exe VT https://www.virustotal.com/en/file/8ea41124a4e97732c5daa616457fba7111cb38986f3427fa776ed00bc1407171/analysis/1451704471/ wininit.exe VT https://www.virustotal.com/en/file/f6b4d18fa0d3c4958711ac0d476c21a6fdf2897f989a0ad290b43f463dd8b5b0/analysis/1451704590/ winlogon.exe VT https://www.virustotal.com/en/file/473e42c5b48493c84cf1b22d054ad1c788fce3603e439abc77a3b37dacff9f1c/analysis/1451704662/ Some of the files weren't digitally signed, is that a problem at all? Should I just consider it a weird problem with rkill? What did it mean by saying possible patched files? and all the nosign dlls that were posrep1, whatever that means.... on the whole though you think that I'm clean and good to go right?
  3. solved

    Here you go. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:29-12-2015 Ran by Patrick (administrator) on PATRICK-PC (01-01-2016 15:51:22) Running from C:\Users\Patrick\Desktop Loaded Profiles: Patrick (Available Profiles: Patrick) Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (RaMMicHaeL) C:\Program Files\Unchecky\bin\unchecky_svc.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe (Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (RaMMicHaeL) C:\Program Files\Unchecky\bin\unchecky_bg.exe (Zemana Ltd.) C:\Program Files\Zemana AntiMalware\ZAM.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Zemana Ltd.) C:\Program Files\Zemana AntiMalware\ZAM.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Ruiware) C:\Program Files\Ruiware\WinPatrol\WinPatrol.exe (MyCity) C:\Program Files\MCShield\MCShieldRTM.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1361088 2015-08-06] (COMODO) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2015-12-01] (AVAST Software) HKLM\...\Run: [ZAM] => C:\Program Files\Zemana AntiMalware\ZAM.exe [12783848 2015-12-28] (Zemana Ltd.) HKLM Group Policy restriction on software: %userprofile%\AppData\*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.txt*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.ppt*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\*.bat <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.bat <====== ATTENTION HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.jse <====== ATTENTION HKLM Group Policy restriction on software: C:\Users\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.txt*.jse <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.pif <====== ATTENTION HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION HKLM Group Policy restriction on software: *.docx*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.xls*.jse <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.avi*.cmd <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.jpeg*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.rar*.cmd <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.mp4*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.ppt*.js <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.js <====== ATTENTION HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.docx*.js <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\*.js <====== ATTENTION HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.mp4*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.7z*.cmd <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.pptx*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.wma*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.mp3*.js <====== ATTENTION HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION HKLM Group Policy restriction on software: *.mp3*.jse <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.avi*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.gif*.bat <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.wmv*.jse <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.js <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.pdf*.js <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION HKLM Group Policy restriction on software: bcdedit.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.docx*.cmd <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.bat <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*\*.jse <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.exe <====== ATTENTION HKLM Group Policy restriction on software: C:\Users\*.js <====== ATTENTION HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.rtf*.cmd <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.jse <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.zip*.jse <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.js <====== ATTENTION HKLM Group Policy restriction on software: *.pdf*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION HKLM Group Policy restriction on software: *.docx*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.7z*.js <====== ATTENTION HKLM Group Policy restriction on software: *.txt*.cmd <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.pub*.js <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION HKLM Group Policy restriction on software: C:\Users\*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.7z*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.scr <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*\*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.gif*.jse <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.pptx*.bat <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.js <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.zip*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.divx*.bat <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.wma*.js <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.wav*.bat <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\*.js <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.pptx*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.bmp*.js <====== ATTENTION HKLM Group Policy restriction on software: *.rar*.jse <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.txt*.js <====== ATTENTION HKLM Group Policy restriction on software: *.divx*.js <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*\*.js <====== ATTENTION HKLM Group Policy restriction on software: *.doc*.js <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.js <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.png*.js <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.doc*.jse <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.mp4*.js <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.js <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.scr <====== ATTENTION HKLM Group Policy restriction on software: ** <====== ATTENTION HKLM Group Policy restriction on software: *.wma*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.xlsx*.jse <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.avi*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.pub*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.divx*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.rtf*.js <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.png*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.mp3*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.mp4*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.gif*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.gif*.js <====== ATTENTION HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.scr <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\*.js <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION HKLM Group Policy restriction on software: *.xlsx*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.rar*.js <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.jpg*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\*.jse <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.jse <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.wmv*.cmd <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\7z*\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION HKLM Group Policy restriction on software: *.rar*.bat <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.7z*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.jpg*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.doc*.bat <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.jpeg*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.png*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.pub*.jse <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.xls*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.divx*.jse <====== ATTENTION HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.js <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION HKLM Group Policy restriction on software: *.rtf*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.xlsx*.cmd <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.mp3*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.wmv*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.ppt*.jse <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.ppt*.cmd <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.doc*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.js <====== ATTENTION HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.wav*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION HKLM Group Policy restriction on software: *.wav*.cmd <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION HKLM Group Policy restriction on software: *.rtf*.bat <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.jpeg*.js <====== ATTENTION HKLM Group Policy restriction on software: *.bmp*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.wav*.js <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.wma*.cmd <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.jpeg*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.avi*.js <====== ATTENTION HKLM Group Policy restriction on software: *.png*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.xls*.js <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*\*.jse <====== ATTENTION HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.pif <====== ATTENTION HKLM Group Policy restriction on software: C:\Users\*.bat <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.jpg*.js <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.jse <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.jpg*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.zip*.js <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION HKLM Group Policy restriction on software: *.xlsx*.js <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.pdf*.cmd <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\rar*\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.bmp*.cmd <====== ATTENTION HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.xls*.cmd <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\*.jse <====== ATTENTION HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.zip*.cmd <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\wz*\*.jse <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.js <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.js <====== ATTENTION HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION HKLM Group Policy restriction on software: %appdata%\*.js <====== ATTENTION HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.pdf*.jse <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Local\Temp\*.zip\*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.pptx*.js <====== ATTENTION HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION HKLM Group Policy restriction on software: *.wmv*.js <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.js <====== ATTENTION HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION HKLM Group Policy restriction on software: *.bmp*.bat <====== ATTENTION HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.bat <====== ATTENTION HKLM Group Policy restriction on software: %userprofile%\AppData\*.js <====== ATTENTION HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION HKLM Group Policy restriction on software: *.pub*.bat <====== ATTENTION HKU\S-1-5-21-2985130882-1756615807-8858886-1000\...\Run: [WinPatrol] => C:\Program Files\Ruiware\WinPatrol\winpatrol.exe [1238152 2015-06-03] (Ruiware) HKU\S-1-5-21-2985130882-1756615807-8858886-1000\...\Run: [MCShield Monitor] => C:\Program Files\MCShield\mcshieldrtm.exe [650816 2015-06-03] (MyCity) HKU\S-1-5-21-2985130882-1756615807-8858886-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [10240 2009-07-13] (Microsoft Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-12-01] (AVAST Software) BootExecute: autocheck autochk * ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 Tcpip\..\Interfaces\{084AFF87-4C03-499A-AB4A-DA3055C45748}: [DhcpNameServer] 75.75.75.75 75.75.76.76 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome SearchScopes: HKU\S-1-5-21-2985130882-1756615807-8858886-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms} FireFox: ======== FF ProfilePath: C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\t6lv2mj3.default-1450049531832 FF DefaultSearchEngine.US: Google FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-28] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\CrazyTalk4Native.dll [2015-06-03] (C3D) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ctdomemhelper.dll [2015-06-03] (Reallusion Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ctframeplayerobject.dll [2015-06-03] (Reallusion Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ctplayerobject.dll [2015-06-03] (Reallusion Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\imagickrt.dll [2015-06-03] (BEXTech) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-09-26] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npRLCT4Player.dll [2015-06-03] ( ) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\rlcontentclass.dll [2015-06-03] (Reallusion Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\RLMusicPacker.dll [2015-06-03] () FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\RLMusicUnpacker.dll [2015-06-03] () FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\RLVoicePacker.dll [2015-06-03] () FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\RLVoiceUnpacker.dll [2015-06-03] () FF Extension: NoScript - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\t6lv2mj3.default-1450049531832\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-12-31] FF Extension: Adblock Plus - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\t6lv2mj3.default-1450049531832\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-12-15] Chrome: ======= CHR Profile: C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-26] CHR Extension: (Google Drive) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-26] CHR Extension: (Adblock Plus) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-11-27] CHR Extension: (Google Docs Offline) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-27] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2015-12-01] (AVAST Software) R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [4353840 2015-09-10] (COMODO) S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [1664704 2015-08-06] (COMODO) R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes) R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 Unchecky; C:\Program Files\Unchecky\bin\unchecky_svc.exe [243448 2015-12-29] (RaMMicHaeL) S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2015-06-03] (Microsoft Corporation) R2 ZAMSvc; C:\Program Files\Zemana AntiMalware\ZAM.exe [12783848 2015-12-28] (Zemana Ltd.) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24016 2015-12-01] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [81168 2015-12-18] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-12-01] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49776 2015-12-01] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [794952 2015-12-01] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436360 2015-12-18] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [117712 2015-12-01] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209432 2015-12-01] (AVAST Software) R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [17064 2015-11-18] (COMODO) R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [627312 2015-11-18] (COMODO) R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [41736 2015-08-04] (COMODO) R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [30616 2014-12-20] (Elaborate Bytes AG) R1 epp32; C:\Windows\System32\DRIVERS\epp32.sys [111368 2015-06-18] (Emsisoft GmbH) R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [91176 2015-08-04] (COMODO) R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [94936 2016-01-01] (Malwarebytes) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-13] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2016-01-01] (Malwarebytes) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-13] (Malwarebytes Corporation) S3 qcusbser; C:\Windows\System32\DRIVERS\qcusbser.sys [232160 2015-09-02] (QUALCOMM Incorporated) R2 secdrv; C:\Windows\system32\Drivers\secdrv.sys [11973 2015-10-20] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed] R1 ZAM; C:\Windows\System32\drivers\zam32.sys [179448 2015-12-21] (Zemana Ltd.) R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard32.sys [179448 2015-12-15] (Zemana Ltd.) U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation) S3 catchme; \??\C:\Users\Patrick\AppData\Local\Temp\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-01-01 15:48 - 2016-01-01 15:48 - 00004329 _____ C:\Users\Patrick\Desktop\Fixlog.txt 2016-01-01 15:41 - 2016-01-01 15:51 - 00000000 ____D C:\FRST 2016-01-01 15:24 - 2016-01-01 11:51 - 00330720 _____ C:\Users\Patrick\Documents\Rkill.txt 2016-01-01 15:11 - 2016-01-01 15:37 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2016-01-01 15:03 - 2016-01-01 15:03 - 00024064 _____ C:\Windows\zoek-delete.exe 2016-01-01 12:35 - 2016-01-01 12:37 - 00577330 _____ C:\Users\Patrick\Documents\TDSSKiller.3.1.0.9_01.01.2016_12.35.16_log.txt 2016-01-01 12:32 - 2016-01-01 12:32 - 00004216 _____ C:\Users\Patrick\Documents\TDSSKiller.3.1.0.9_01.01.2016_12.32.21_log.txt 2016-01-01 12:27 - 2016-01-01 14:15 - 00000000 ____D C:\zoek_backup 2016-01-01 12:24 - 2016-01-01 12:24 - 00022458 _____ C:\Users\Patrick\Documents\ComboFix.txt 2016-01-01 12:13 - 2016-01-01 12:24 - 00000000 ____D C:\Qoobox 2016-01-01 12:13 - 2011-06-25 22:45 - 00256000 _____ C:\Windows\PEV.exe 2016-01-01 12:13 - 2010-11-07 09:20 - 00208896 _____ C:\Windows\MBR.exe 2016-01-01 12:13 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2016-01-01 12:13 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2016-01-01 12:13 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2016-01-01 12:13 - 2000-08-30 16:00 - 00098816 _____ C:\Windows\sed.exe 2016-01-01 12:13 - 2000-08-30 16:00 - 00080412 _____ C:\Windows\grep.exe 2016-01-01 12:13 - 2000-08-30 16:00 - 00068096 _____ C:\Windows\zip.exe 2016-01-01 12:11 - 2016-01-01 12:11 - 00000000 ____D C:\AdwCleaner 2016-01-01 11:55 - 2016-01-01 15:37 - 00000000 ____D C:\Users\Patrick\Desktop\mbar 2016-01-01 11:54 - 2016-01-01 15:04 - 00240288 _____ C:\Windows\ntbtlog.txt 2016-01-01 11:54 - 2016-01-01 11:54 - 00311720 _____ C:\Windows\system32\FNTCACHE.DAT 2016-01-01 11:30 - 2016-01-01 11:31 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Patrick\Desktop\mbar-1.09.3.1001.exe 2016-01-01 11:30 - 2016-01-01 11:30 - 05643309 ____R (Swearware) C:\Users\Patrick\Desktop\ComboFix.exe 2016-01-01 11:24 - 2016-01-01 11:24 - 00406411 _____ C:\Users\Patrick\Documents\Peter Newman - The Vagrant (epub).epub 2016-01-01 11:16 - 2016-01-01 11:51 - 00330720 _____ C:\Users\Patrick\Desktop\Rkill.txt 2016-01-01 11:15 - 2016-01-01 11:15 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Patrick\Desktop\tdsskiller.exe 2016-01-01 11:15 - 2016-01-01 11:15 - 01745920 _____ C:\Users\Patrick\Desktop\AdwCleaner.exe 2016-01-01 11:14 - 2016-01-01 11:14 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\Patrick\Desktop\rkill.exe 2016-01-01 11:05 - 2016-01-01 11:05 - 00000000 ____D C:\Users\Patrick\AppData\Local\Macromedia 2015-12-30 12:02 - 2016-01-01 15:44 - 00023877 _____ C:\Users\Patrick\Desktop\Addition.txt 2015-12-30 12:01 - 2016-01-01 15:51 - 00042216 _____ C:\Users\Patrick\Desktop\FRST.txt 2015-12-29 21:52 - 2016-01-01 11:09 - 00000000 ____D C:\Users\Patrick\AppData\Local\Mozilla 2015-12-29 17:41 - 2015-12-29 17:41 - 01721856 _____ (Farbar) C:\Users\Patrick\Desktop\FRST.exe 2015-12-29 17:37 - 2015-12-29 17:37 - 00001697 _____ C:\Users\Public\Desktop\Planescape Torment.lnk 2015-12-29 17:34 - 2015-12-29 17:34 - 00000000 ____D C:\GOG Games 2015-12-28 10:33 - 2015-12-28 10:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware 2015-12-27 16:21 - 2015-12-27 17:09 - 00000000 ___HD C:\Users\Patrick\Downloads\Ant Videos 2015-12-27 13:02 - 2015-12-27 13:02 - 00001089 _____ C:\DelFix.txt 2015-12-27 11:38 - 2015-12-27 11:38 - 00000000 ____D C:\Users\Patrick\Documents\Decrypt Output 2015-12-27 11:37 - 2015-12-27 11:37 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\.Epubor 2015-12-25 17:17 - 2015-12-25 17:17 - 00000000 ____D C:\VTRoot 2015-12-25 15:12 - 2015-12-25 15:12 - 00000000 ____D C:\Program Files\PrivaZer 2015-12-22 22:02 - 2015-12-22 22:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wipe 2015-12-16 19:02 - 2015-12-16 19:04 - 00000039 _____ C:\Users\Public\Documents\CryptoPrevent Premium Product Key.txt 2015-12-11 18:33 - 2015-12-11 18:35 - 00000000 ____D C:\Users\Patrick\Documents\Alphasmart Neo 2015-12-10 12:09 - 2016-01-01 11:53 - 00010974 _____ C:\Windows\system32\Drivers\fvstore.dat 2015-12-09 13:40 - 2015-12-09 13:40 - 20366848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-12-09 13:40 - 2015-12-09 13:40 - 12856832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-12-09 13:40 - 2015-12-09 13:40 - 04514816 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-12-09 13:40 - 2015-12-09 13:40 - 02386944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-12-09 13:40 - 2015-12-09 13:40 - 02280448 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-12-09 13:40 - 2015-12-09 13:40 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-12-09 13:40 - 2015-12-09 13:40 - 02011136 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-12-09 13:40 - 2015-12-09 13:40 - 01311744 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-12-09 13:40 - 2015-12-09 13:40 - 01251328 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-12-09 13:40 - 2015-12-09 13:40 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-12-09 13:40 - 2015-12-09 13:40 - 00909824 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-12-09 13:40 - 2015-12-09 13:40 - 00811520 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll 2015-12-09 13:40 - 2015-12-09 13:40 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-12-09 13:40 - 2015-12-09 13:40 - 00687104 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-12-09 13:40 - 2015-12-09 13:40 - 00684032 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-12-09 13:40 - 2015-12-09 13:40 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-12-09 13:40 - 2015-12-09 13:40 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-12-09 13:40 - 2015-12-09 13:40 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-12-09 13:40 - 2015-12-09 13:40 - 00496640 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-12-09 13:40 - 2015-12-09 13:40 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-12-09 13:40 - 2015-12-09 13:40 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-12-09 13:40 - 2015-12-09 13:40 - 00341192 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-12-09 13:40 - 2015-12-09 13:40 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-12-09 13:40 - 2015-12-09 13:40 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2015-12-09 13:40 - 2015-12-09 13:40 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-12-09 13:40 - 2015-12-09 13:40 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2015-12-09 13:40 - 2015-12-09 13:40 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-12-09 13:40 - 2015-12-09 13:40 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-12-09 13:40 - 2015-12-09 13:40 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-12-09 13:40 - 2015-12-09 13:40 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-12-09 13:40 - 2015-12-09 13:40 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-12-09 13:40 - 2015-12-09 13:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-12-09 13:40 - 2015-12-09 13:40 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-12-09 13:40 - 2015-12-09 13:40 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-12-09 13:40 - 2015-12-09 13:40 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-12-09 13:40 - 2015-12-09 13:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-12-09 13:40 - 2015-11-11 10:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll 2015-12-09 13:40 - 2015-11-11 10:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll 2015-12-09 13:40 - 2015-11-09 16:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-12-09 13:40 - 2015-11-09 16:12 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-12-09 13:39 - 2015-12-09 13:39 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2015-12-09 13:38 - 2015-12-09 13:38 - 00627712 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll 2015-12-09 13:38 - 2015-12-09 13:38 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\els.dll 2015-12-09 13:37 - 2015-12-09 13:37 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll 2015-12-09 13:37 - 2015-11-05 01:48 - 00117760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys 2015-12-05 02:24 - 2016-01-01 15:41 - 00157696 _____ C:\Windows\ERUNT.exe 2015-12-03 09:01 - 2015-12-03 09:01 - 00000000 ____D C:\Program Files\Common Files\AV ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-01-01 15:50 - 2015-11-15 17:01 - 00000659 _____ C:\Windows\ZAM_Guard.krnl.trace 2016-01-01 15:50 - 2015-06-03 11:04 - 00000000 ____D C:\ProgramData\MCShield 2016-01-01 15:49 - 2015-11-16 07:56 - 00000620 _____ C:\Windows\ZAM.krnl.trace 2016-01-01 15:49 - 2015-06-02 13:21 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-01-01 15:49 - 2009-07-13 20:53 - 00032650 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2016-01-01 15:49 - 2009-07-13 20:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-01-01 15:49 - 2009-07-13 18:37 - 00000000 ____D C:\Windows 2016-01-01 15:47 - 2009-07-13 20:34 - 00015120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-01-01 15:47 - 2009-07-13 20:34 - 00015120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-01-01 15:46 - 2015-06-02 12:49 - 00784072 _____ C:\Windows\system32\PerfStringBackup.INI 2016-01-01 15:46 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\inf 2016-01-01 12:37 - 2015-06-02 13:58 - 00000000 ____D C:\Users\Patrick\Documents\Malware Logs 2016-01-01 12:22 - 2009-07-13 18:04 - 00000215 _____ C:\Windows\system.ini 2016-01-01 12:12 - 2015-06-12 09:55 - 00000000 ____D C:\Windows\erdnt 2016-01-01 11:55 - 2015-06-02 13:19 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2016-01-01 11:53 - 2015-06-07 15:55 - 00000000 ____D C:\Program Files\PeerBlock 2016-01-01 11:05 - 2015-06-03 11:24 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\Mozilla 2016-01-01 08:23 - 2015-09-18 10:33 - 00000000 ____D C:\Users\Patrick\AppData\Local\PrivaZer 2016-01-01 08:13 - 2015-06-04 09:44 - 00000000 ____D C:\Program Files\System Ninja 2016-01-01 08:10 - 2015-06-08 13:56 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\Adobe 2016-01-01 08:10 - 2015-06-08 13:56 - 00000000 ____D C:\Users\Patrick\AppData\LocalLow\Adobe 2016-01-01 08:10 - 2015-06-07 15:50 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\uTorrent 2016-01-01 08:10 - 2015-06-07 15:21 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\acccore 2016-01-01 08:09 - 2015-06-04 09:45 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\Wipe 2016-01-01 08:08 - 2015-06-03 13:21 - 00000000 ____D C:\Program Files\Glary Utilities 5 2016-01-01 08:07 - 2015-06-21 16:25 - 00000000 ____D C:\ProgramData\TEMP 2016-01-01 08:02 - 2015-06-24 19:53 - 00000000 ____D C:\Program Files\PC Tools Registry Mechanic 2016-01-01 07:57 - 2015-06-02 13:20 - 00000000 ____D C:\Users\Patrick\AppData\Roaming\vlc 2015-12-31 21:06 - 2015-06-02 13:58 - 00000000 ____D C:\Users\Patrick\Documents\My Kindle Content 2015-12-31 19:46 - 2015-06-02 13:34 - 00000000 ____D C:\Users\Patrick\Documents\Calibre Library 2015-12-31 19:45 - 2015-06-02 14:04 - 00000000 ____D C:\Users\Patrick\Documents\My Pandigital Content 2015-12-30 12:23 - 2015-06-23 08:07 - 00030848 _____ C:\Windows\system32\Drivers\TrueSight.sys 2015-12-29 22:51 - 2015-06-03 10:58 - 00000000 ____D C:\Program Files\Mozilla Firefox 2015-12-29 17:37 - 2015-11-08 11:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com 2015-12-29 17:37 - 2009-07-13 20:52 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2015-12-29 16:43 - 2009-07-13 20:52 - 00000000 ____D C:\Windows\system32\FxsTmp 2015-12-28 11:12 - 2015-06-03 10:49 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-12-28 11:12 - 2015-06-03 10:49 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-12-28 10:33 - 2015-09-16 16:17 - 00000000 ____D C:\Program Files\Zemana AntiMalware 2015-12-25 15:12 - 2015-09-20 08:33 - 00001839 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrivaZer.lnk 2015-12-22 22:02 - 2015-06-04 09:45 - 00000000 ____D C:\Program Files\Wipe 2015-12-22 08:54 - 2015-06-26 16:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management 2015-12-22 08:54 - 2015-06-03 15:30 - 00000000 ____D C:\Program Files\Calibre2 2015-12-21 09:15 - 2015-06-03 11:05 - 00179448 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam32.sys 2015-12-18 08:50 - 2015-09-12 18:59 - 00436360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2015-12-18 08:50 - 2015-09-12 18:59 - 00081168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys 2015-12-18 08:44 - 2015-06-02 12:58 - 00000000 ____D C:\Users\Patrick 2015-12-15 14:45 - 2015-06-03 11:05 - 00179448 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard32.sys 2015-12-13 17:09 - 2015-11-24 21:32 - 00000000 ____D C:\Program Files\Starcraft 2015-12-10 15:42 - 2015-06-03 13:21 - 00001046 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk 2015-12-10 13:15 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\rescache 2015-12-09 15:35 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\system32\Msdtc 2015-12-09 13:57 - 2015-10-04 09:37 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2015-12-09 13:55 - 2015-10-04 09:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-12-09 13:48 - 2015-06-02 12:53 - 00000000 ____D C:\Windows\system32\MRT 2015-12-09 13:41 - 2015-06-02 12:53 - 137798368 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-12-08 17:58 - 2015-08-07 22:56 - 00000000 ____D C:\Windows\Minidump 2015-12-08 15:51 - 2015-06-23 14:13 - 00000000 ____D C:\ProgramData\HitmanPro ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed ATTENTION: ==> Could not access BCD. LastRegBack: 2015-12-30 02:33 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x86) Version:29-12-2015 Ran by Patrick (2016-01-01 15:52:24) Running from C:\Users\Patrick\Desktop Microsoft Windows 7 Home Premium Service Pack 1 (X86) (2015-06-02 20:58:32) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2985130882-1756615807-8858886-500 - Administrator - Disabled) Guest (S-1-5-21-2985130882-1756615807-8858886-501 - Limited - Disabled) Patrick (S-1-5-21-2985130882-1756615807-8858886-1000 - Administrator - Enabled) => C:\Users\Patrick ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Comodo Defense+ (Enabled - Up to date) {493CE176-EB84-BC8D-9707-B3ACF7598648} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} FW: COMODO Firewall (Enabled) {CA6681B7-87D1-B25B-86E8-21EB720D8B8E} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-2985130882-1756615807-8858886-1000\...\uTorrent) (Version: 3.4.6.41574 - BitTorrent Inc.) 9-lab Removal Tool (HKLM\...\9-lab Removal Tool) (Version: - ) Adobe Flash Player 20 NPAPI (HKLM\...\{FB7D053D-9F6F-4E16-96BE-D2EF54C620AC}) (Version: 20.0.0.267 - Adobe Systems Incorporated) Adobe Reader XI (11.0.13) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated) Advanced Audio FX Engine (HKLM\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd) AIM 7 (HKLM\...\AIM_7) (Version: - ) Avast Free Antivirus (HKLM\...\Avast) (Version: 11.1.2245 - AVAST Software) calibre (HKLM\...\{3000D354-D0BB-4FF3-89F9-04B6E9DD51BA}) (Version: 2.47.0 - Kovid Goyal) CCleaner (HKLM\...\CCleaner) (Version: 5.13 - Piriform) COMODO Firewall (HKLM\...\{73830292-868E-4C82-9AF5-CCFE2047B6A3}) (Version: 8.2.0.4508 - COMODO Security Solutions Inc.) Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) CryptoPrevent (HKLM\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version: - Foolish IT LLC) Defraggler (HKLM\...\Defraggler) (Version: 2.19 - Piriform) Dell Webcam Central (HKLM\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd) Free YouTube to MP3 Converter version 3.12.59.616 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.59.616 - DVDVideoSoft Ltd.) Glary Utilities 5.40 (HKLM\...\Glary Utilities 5) (Version: 5.40.0.60 - Glarysoft Ltd) Google Chrome (HKLM\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.) Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden Google Update Helper (Version: 1.3.28.15 - Google Inc.) Hidden herdProtect Anti-Malware Scanner (HKLM\...\herdProtectScan) (Version: 1.0 - Reason Company Software Inc.) HostsMan 4.5.102 (HKLM\...\{1A3DD1A9-7B7B-4ECA-AD2F-98466F49F62C}_is1) (Version: 4.5.102.0 - abelhadigital.com) IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.40 - Irfan Skiljan) Live! Cam Avatar Creator (HKLM\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd) Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes) MCShield ::Anti-Malware Tool:: (HKLM\...\MCShield) (Version: 3.0.5.28 - MyCity) Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation) Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation) Mozilla Firefox 43.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 43.0.3 (x86 en-US)) (Version: 43.0.3 - Mozilla) Neverwinter Nights Diamond Edition (HKLM\...\Neverwinter Nights Diamond Edition_is1) (Version: - GOG.com) PC Tools Registry Mechanic 11.0 (HKLM\...\Registry Mechanic_is1) (Version: 11.0 - PC Tools) PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC) Planescape Torment (HKLM\...\GOGPACKPLANESCAPETORMENT_is1) (Version: 2.0.0.8 - GOG.com) PrivaZer (HKLM\...\PrivaZer) (Version: 2.42.0.0 - Goversoft LLC) Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) Sophos Virus Removal Tool (HKLM\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.4 - Sophos Limited) Starcraft (HKLM\...\Starcraft) (Version: - ) System Ninja version 3.1.1 (HKLM\...\{6E67710E-206D-43AB-BF21-E7CD63056C55}_is1) (Version: 3.1.1 - SingularLabs) Unchecky v0.4.2 (HKLM\...\Unchecky) (Version: 0.4.2 - RaMMicHaeL) Vampire - The Masquerade Bloodlines (HKLM\...\InstallShield_{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}) (Version: 1.00.0000 - Activision) Vampire - The Masquerade Bloodlines (Version: 1.00.0000 - Activision) Hidden Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN) WinRAR 5.21 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) Wipe (HKLM\...\wipe) (Version: 15.13 - PrivacyRoot.com) Zemana AntiMalware (HKLM\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.19.797 - Zemana Ltd.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {5C1A8A26-5916-4124-9CBA-B4AA3C9A2CC6} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2015-12-15] (AVAST Software) Task: {6CC0960B-B077-422C-AD33-EABFF5BCCCCC} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-08-06] (COMODO) Task: {89BABECA-F21A-47AD-94B1-C83E1BF0417B} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-06] (COMODO) Task: {9EB4D6E1-CD57-4CDB-B941-671F3B28D21E} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-06] (COMODO) Task: {B01811A5-5CCD-4F5E-B2EE-F6228A73CCA4} - System32\Tasks\CryptoPrevent Update => C:\Program Files\Foolish IT\CryptoPrevent\CryptoPrevent.exe [2015-11-17] (Foolish IT LLC) Task: {C85FDF1B-2856-421F-A088-6A54313AC233} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-12-01] (AVAST Software) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2015-12-01 12:19 - 2015-12-01 12:19 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll 2015-12-01 12:19 - 2015-12-01 12:19 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2016-01-01 12:31 - 2016-01-01 12:31 - 02808832 _____ () C:\Program Files\AVAST Software\Avast\defs\16010101\algo.dll 2015-12-01 12:19 - 2015-12-01 12:19 - 00469008 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll 2015-12-01 12:19 - 2015-12-01 12:19 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Windows\ERUNT.exe:$CmdTcID AlternateDataStreams: C:\Windows\zoek-delete.exe:$CmdTcID AlternateDataStreams: C:\Users\Patrick\Desktop\AdwCleaner.exe:$CmdTcID AlternateDataStreams: C:\Users\Patrick\Desktop\ComboFix.exe:$CmdTcID AlternateDataStreams: C:\Users\Patrick\Desktop\ComboFix.exe:$CmdZnID AlternateDataStreams: C:\Users\Patrick\Desktop\mbar-1.09.3.1001.exe:$CmdTcID AlternateDataStreams: C:\Users\Patrick\Desktop\rkill.exe:$CmdTcID AlternateDataStreams: C:\Users\Patrick\Desktop\tdsskiller.exe:$CmdTcID AlternateDataStreams: C:\Users\Patrick\Desktop\zoek.exe:$CmdTcID ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\59820723.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\59820723.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-08-31 08:41 - 2016-01-01 15:49 - 00002041 ____A C:\Windows\system32\Drivers\etc\hosts 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com 0.0.0.0 media.opencandy.com 0.0.0.0 cdn.opencandy.com 0.0.0.0 tracking.opencandy.com 0.0.0.0 api.opencandy.com 0.0.0.0 api.recommendedsw.com 0.0.0.0 installer.betterinstaller.com 0.0.0.0 installer.filebulldog.com 0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net 0.0.0.0 inno.bisrv.com 0.0.0.0 nsis.bisrv.com 0.0.0.0 cdn.file2desktop.com 0.0.0.0 cdn.goateastcach.us 0.0.0.0 cdn.guttastatdk.us 0.0.0.0 cdn.inskinmedia.com 0.0.0.0 cdn.insta.oibundles2.com 0.0.0.0 cdn.insta.playbryte.com 0.0.0.0 cdn.llogetfastcach.us 0.0.0.0 cdn.montiera.com 0.0.0.0 cdn.msdwnld.com 0.0.0.0 cdn.mypcbackup.com 0.0.0.0 cdn.ppdownload.com 0.0.0.0 cdn.riceateastcach.us 0.0.0.0 cdn.shyapotato.us 0.0.0.0 cdn.solimba.com 0.0.0.0 cdn.tuto4pc.com 0.0.0.0 cdn.appround.biz 0.0.0.0 cdn.bigspeedpro.com 0.0.0.0 cdn.bispd.com 0.0.0.0 cdn.bisrv.com There are 5 more lines. ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2985130882-1756615807-8858886-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 75.75.75.75 - 75.75.76.76 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) mpsdrv => Firewall Service is not running. MpsSvc => Firewall Service is not running. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: !SASCORE => 2 MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: CmdAgent => 2 MSCONFIG\Services: cmdvirth => 3 MSCONFIG\Services: ehSched => 2 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: MBAMScheduler => 2 MSCONFIG\Services: PCToolsSSDMonitorSvc => 2 MSCONFIG\Services: ZAMSvc => 2 MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR MSCONFIG\startupreg: COMODO Internet Security => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe MSCONFIG\startupreg: PeerBlock => C:\Program Files\PeerBlock\peerblock.exe MSCONFIG\startupreg: VirtualCloneDrive => "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [WMP-In-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe FirewallRules: [WMP-Out-UDP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe FirewallRules: [WMP-Out-TCP-x86] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe FirewallRules: [{E926E57D-011D-4F63-BCC5-FFCFDC28D091}] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe FirewallRules: [{CE504808-152F-4073-8BB9-0F8E7C4D30C6}] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe FirewallRules: [{AB3FBA72-52C3-4476-9A38-230DBE05659B}] => (Allow) %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe FirewallRules: [{E75616F7-AD9E-47C7-ABD6-186346D4D54B}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe FirewallRules: [{CF00433B-378F-4E5D-9CA9-2D28B5D234C5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{94C7DDC4-B412-4008-9E5C-B7DFD981E908}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{4C9F968F-5CA5-4408-95B7-5182E8EE521C}C:\users\patrick\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\patrick\appdata\roaming\utorrent\utorrent.exe FirewallRules: [UDP Query User{476381DB-4E2B-49A3-B245-ACCE0D13BE29}C:\users\patrick\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\patrick\appdata\roaming\utorrent\utorrent.exe ==================== Restore Points ========================= 28-12-2015 17:15:23 Scheduled Checkpoint 01-01-2016 12:44:41 zoek.exe restore point Check "winmgmt" service or repair WMI. ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (01/01/2016 12:13:31 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = ComboFix created restore point; Error = 0x8007043c). Error: (01/01/2016 12:13:28 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007043c, This service cannot be started in Safe Mode . Operation: Subscribing Writer Context: Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Writer Name: Shadow Copy Optimization Writer Writer Instance ID: {1431f6cd-44cb-4b66-9aca-605e0709ac6a} Error: (01/01/2016 12:13:28 PM) (Source: VSS) (EventID: 18) (User: ) Description: Volume Shadow Copy Service error: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started during Safe Mode. The Volume Shadow Copy service cannot start while in safe mode. [0x8007043c, This service cannot be started in Safe Mode ] Operation: Subscribing Writer Context: Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Writer Name: Shadow Copy Optimization Writer Writer Instance ID: {1431f6cd-44cb-4b66-9aca-605e0709ac6a} Error: (01/01/2016 12:13:28 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007043c, This service cannot be started in Safe Mode . Operation: Subscribing Writer Context: Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4} Writer Name: ASR Writer Writer Instance ID: {abe66bf1-d778-4cbc-bc92-bab76ac5aa8b} Error: (01/01/2016 12:13:28 PM) (Source: VSS) (EventID: 18) (User: ) Description: Volume Shadow Copy Service error: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started during Safe Mode. The Volume Shadow Copy service cannot start while in safe mode. [0x8007043c, This service cannot be started in Safe Mode ] Operation: Subscribing Writer Context: Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4} Writer Name: ASR Writer Writer Instance ID: {abe66bf1-d778-4cbc-bc92-bab76ac5aa8b} Error: (01/01/2016 12:13:28 PM) (Source: VSS) (EventID: 12346) (User: ) Description: Volume Shadow Copy Error: An error 0x80042302, A Volume Shadow Copy Service component encountered an unexpected error. Check the Application event log for more information. was encountered while trying to initialize the Registry Writer. This may cause future shadow-copy creations to fail. Error: (01/01/2016 12:13:28 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007043c, This service cannot be started in Safe Mode . Operation: Subscribing Writer Context: Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f} Writer Name: COM+ REGDB Writer Writer Instance ID: {d2f11709-9ddc-456f-a976-e20f10cf7deb} Error: (01/01/2016 12:13:28 PM) (Source: VSS) (EventID: 18) (User: ) Description: Volume Shadow Copy Service error: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started during Safe Mode. The Volume Shadow Copy service cannot start while in safe mode. [0x8007043c, This service cannot be started in Safe Mode ] Operation: Subscribing Writer Context: Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f} Writer Name: COM+ REGDB Writer Writer Instance ID: {d2f11709-9ddc-456f-a976-e20f10cf7deb} Error: (01/01/2016 12:13:28 PM) (Source: VSS) (EventID: 12342) (User: ) Description: Volume Shadow Copy Error: An error 0x80042302, A Volume Shadow Copy Service component encountered an unexpected error. Check the Application event log for more information. was encountered while trying to initialize the Registry Writer. This may cause future shadow-copy creations to fail. Error: (01/01/2016 12:13:28 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine Subscribing the Registry server writer failed. hr = 8004230208lx. hr = 0x80042302, A Volume Shadow Copy Service component encountered an unexpected error. Check the Application event log for more information. . System errors: ============= Error: (01/01/2016 03:49:53 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: ) Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly. Error: (01/01/2016 03:49:51 PM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143. Error: (01/01/2016 03:49:23 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error: %%1058 Error: (01/01/2016 03:49:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Internet Connection Sharing (ICS) service depends on the Remote Access Connection Manager service which failed to start because of the following error: %%1058 Error: (01/01/2016 03:48:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The COMODO Internet Security Helper Service service terminated unexpectedly. It has done this 1 time(s). Error: (01/01/2016 03:48:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (01/01/2016 03:48:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s). Error: (01/01/2016 03:48:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Unchecky service terminated unexpectedly. It has done this 1 time(s). Error: (01/01/2016 03:48:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The MBAMScheduler service terminated unexpectedly. It has done this 1 time(s). Error: (01/01/2016 03:48:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. ==================== Memory info =========================== Processor: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz Percentage of memory in use: 37% Total physical RAM: 3544.36 MB Available physical RAM: 2229.56 MB Total Virtual: 7087.04 MB Available Virtual: 5774.66 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.66 GB) (Free:110.82 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 864A2DB2) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================
  4. solved

    So I decided to run rkill and see if it'd find anything and now I'm very worried. Will I meed to reformat my drive based on this log, or is it just false info? After rkill I ran MBAR, Combofix, TDSSKiller, Adwcleaner, Zoek, and FRST. I will post all logs if/when requested. FRST says the files are digitally signed, so what gives? Rkill 2.8.3 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2016 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 01/01/2016 11:16:09 AM in x86 mode. Windows Version: Windows 7 Home Premium Service Pack 1 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * C:\Windows\system32\SearchIndexer.exe (PID: 3892) [WD-HEUR] * C:\Windows\System32\WUDFHost.exe (PID: 4048) [WD-HEUR] * C:\Windows\System32\igfxtray.exe (PID: 3372) [WD-HEUR] * C:\Windows\System32\igfxpers.exe (PID: 4112) [WD-HEUR] * C:\Windows\servicing\TrustedInstaller.exe (PID: 3852) [WD-HEUR] 5 proccesses terminated! Possibly Patched Files. * C:\Windows\system32\csrss.exe * C:\Windows\system32\wininit.exe * C:\Windows\system32\csrss.exe * C:\Windows\system32\winlogon.exe * C:\Windows\system32\services.exe * C:\Windows\system32\lsass.exe * C:\Windows\system32\lsm.exe * C:\Windows\system32\svchost.exe * C:\Windows\system32\svchost.exe * C:\Windows\system32\svchost.exe * C:\Windows\System32\svchost.exe * C:\Windows\System32\svchost.exe * C:\Windows\system32\svchost.exe * C:\Windows\system32\svchost.exe * C:\Windows\system32\svchost.exe * C:\Windows\system32\svchost.exe * C:\Windows\System32\spoolsv.exe * C:\Windows\system32\svchost.exe * C:\Windows\system32\taskhost.exe * C:\Windows\system32\taskeng.exe * C:\Windows\system32\svchost.exe * C:\Windows\System32\svchost.exe * C:\Windows\system32\svchost.exe * C:\Windows\system32\svchost.exe * C:\Windows\system32\taskhost.exe * C:\Windows\system32\DllHost.exe * C:\Windows\system32\DllHost.exe * C:\Windows\system32\conhost.exe Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * No issues found. Checking Windows Service Integrity: * DNS Client (Dnscache) is not Running. Startup Type set to: Disabled * Windows Firewall (MpsSvc) is not Running. Startup Type set to: Disabled * Windows Firewall Authorization Driver (mpsdrv) is not Running. Startup Type set to: Manual * WinDefend [Missing Service] Searching for Missing Digital Signatures: * C:\Windows\System32\browser.dll : 102,912 : 06/03/2015 07:10 PM : 3daa727b5b0a45039b0e1c9a211b8400 [NoSig] +-> C:\Windows\erdnt\cache\browser.dll : 102,912 : 06/03/2015 07:10 PM : 3daa727b5b0a45039b0e1c9a211b8400 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-browserservice_31bf3856ad364e35_6.1.7601.17514_none_7af090a4fc408e78\browser.dll : 102,400 : 11/20/2010 04:18 AM : 6e11f33d14d020f58d5e02e4d67dfa19 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-browserservice_31bf3856ad364e35_6.1.7601.17887_none_7aa7e7c0fc769589\browser.dll : 102,912 : 06/03/2015 07:10 PM : 3daa727b5b0a45039b0e1c9a211b8400 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-browserservice_31bf3856ad364e35_6.1.7601.22044_none_7b599b801576accc\browser.dll : 102,912 : 06/03/2015 07:10 PM : 28b0cf997de2852e9d27a36cdd6884c8 [Pos Repl] * C:\Windows\System32\cngaudit.dll : 12,288 : 07/13/2009 05:15 PM : 50ba656134f78af64e4dd3c8b6fefd7e [NoSig] +-> C:\Windows\erdnt\cache\cngaudit.dll : 12,288 : 07/13/2009 05:15 PM : 50ba656134f78af64e4dd3c8b6fefd7e [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll : 12,288 : 07/13/2009 05:15 PM : 50ba656134f78af64e4dd3c8b6fefd7e [Pos Repl] * C:\Windows\System32\comctl32.dll : 530,432 : 06/11/2015 04:50 PM : 58788565442368b0615ddaf1d452b843 [NoSig] +-> C:\Windows\erdnt\cache\comctl32.dll : 530,432 : 06/11/2015 04:50 PM : 58788565442368b0615ddaf1d452b843 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7601.17514_none_3ba388ec36399c85\comctl32.dll : 530,432 : 11/20/2010 04:18 AM : bdac1aa64495d0f7e1ff810ebbf1f018 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7601.18837_none_3b90d8dc36473182\comctl32.dll : 530,432 : 06/11/2015 04:50 PM : 58788565442368b0615ddaf1d452b843 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7601.23039_none_3c1c4e5d4f63373c\comctl32.dll : 530,432 : 06/11/2015 04:50 PM : 71dd9528dd7d36eb853020401d66089d [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll : 530,432 : 11/20/2010 04:18 AM : bdac1aa64495d0f7e1ff810ebbf1f018 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll : 530,432 : 06/11/2015 04:50 PM : 58788565442368b0615ddaf1d452b843 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.23039_none_ee6532a082bc3b56\comctl32.dll : 530,432 : 06/11/2015 04:50 PM : 71dd9528dd7d36eb853020401d66089d [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll : 1,680,896 : 11/20/2010 03:55 AM : 352b3dc62a0d259a82a052238425c872 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll : 1,680,896 : 06/11/2015 04:50 PM : 885e18b2d0a445fb637850282530eb72 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.23039_none_2b1a83ee457cfdf3\comctl32.dll : 1,680,896 : 06/11/2015 04:50 PM : f7f754ddaa6af9d3f3549f7013bfdf70 [Pos Repl] * C:\Windows\System32\comres.dll : 1,297,408 : 07/13/2009 05:04 PM : 808d8a8b2a3074002852bc856d419576 [NoSig] +-> C:\Windows\erdnt\cache\comres.dll : 1,297,408 : 07/13/2009 05:04 PM : 808d8a8b2a3074002852bc856d419576 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-com-complus.res_31bf3856ad364e35_6.1.7600.16385_none_2c8730fb47856e94\comres.dll : 1,297,408 : 07/13/2009 05:04 PM : 808d8a8b2a3074002852bc856d419576 [Pos Repl] * C:\Windows\System32\conhost.exe : 271,360 : 06/11/2015 04:51 PM : 015e337aba03750d890a035819688fe1 [NoSig] +-> C:\Windows\winsxs\x86_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.17514_none_7663313c605bdebe\conhost.exe : 271,360 : 11/20/2010 04:17 AM : 156f20e7a89573c2fd7cbc305dfc181f [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.18015_none_76641140605b1ff3\conhost.exe : 271,360 : 06/03/2015 07:11 PM : 3fa214b377b8711d859f950fdfeff739 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.18229_none_765d4648605f9b8e\conhost.exe : 271,360 : 06/03/2015 07:07 PM : 2de16a63f71d10b42ace01e759078600 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.18847_none_7645b14060718fac\conhost.exe : 271,360 : 06/11/2015 04:51 PM : 015e337aba03750d890a035819688fe1 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.22177_none_76aecf1779a79a11\conhost.exe : 271,360 : 06/03/2015 07:11 PM : 4f76642d9fef5bfd7fb3e4b16010067a [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.22653_none_76c07745799aee96\conhost.exe : 271,360 : 04/11/2014 06:06 PM : d3a6e0d1c8ff738a1cc4e77cab3fcd91 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.23049_none_76d126c1798d9566\conhost.exe : 271,360 : 05/08/2015 09:40 PM : 7b6eac99f571a2d99777fd2dd7b38490 [Pos Repl] * C:\Windows\System32\cryptsvc.dll : 143,872 : 07/06/2015 08:17 AM : 33f67bbcc3c0499d3f3382473114cfa8 [NoSig] +-> C:\Windows\erdnt\cache\cryptsvc.dll : 143,872 : 07/06/2015 08:17 AM : 33f67bbcc3c0499d3f3382473114cfa8 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll : 136,192 : 11/20/2010 04:18 AM : a585bebf7d054bd9618eda0922d5484a [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18150_none_77d7a417f9359661\cryptsvc.dll : 140,288 : 05/09/2013 08:49 PM : 33adf6e0853ab39ea1723be82842c1d3 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18151_none_77d8a461f934afb8\cryptsvc.dll : 140,288 : 05/12/2013 08:45 PM : 3897dff247d9ed0006190349de264e14 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18741_none_77e37fb1f92c82b1\cryptsvc.dll : 143,872 : 06/03/2015 07:06 PM : 49474b3e37969af4b5c076f42b623aff [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18839_none_77f653d3f91d2e9f\cryptsvc.dll : 143,872 : 07/06/2015 08:17 AM : 33f67bbcc3c0499d3f3382473114cfa8 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22321_none_7882b2d71239f8d6\cryptsvc.dll : 142,848 : 05/09/2013 09:06 PM : e122aa1c9a3cc46ff9ddde46e5eb0c58 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22322_none_7883b3211239122d\cryptsvc.dll : 142,848 : 05/10/2013 08:59 PM : ac04d05309bb2c418d0d80b9fb014642 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22948_none_787420691243d103\cryptsvc.dll : 145,920 : 06/03/2015 07:06 PM : b97e16d36db7b7dd22c97857506fa58a [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.23040_none_786bf63b124b398d\cryptsvc.dll : 145,920 : 07/06/2015 08:17 AM : 59af628bef750ee470fd36751ca52137 [Pos Repl] * C:\Windows\System32\csrss.exe : 6,144 : 07/13/2009 05:14 PM : 342271f6142e7c70805b8a81e1ba5f5c [NoSig] +-> C:\Windows\winsxs\x86_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_58ba39fb456943bd\csrss.exe : 6,144 : 07/13/2009 05:14 PM : 342271f6142e7c70805b8a81e1ba5f5c [Pos Repl] * C:\Windows\System32\ctfmon.exe : 8,704 : 07/13/2009 05:14 PM : 4a3cdcef8ed41b221f3dbef5792fb52d [NoSig] +-> C:\Windows\erdnt\cache\ctfmon.exe : 8,704 : 07/13/2009 05:14 PM : 4a3cdcef8ed41b221f3dbef5792fb52d [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_9d06e2f6f1e51f98\ctfmon.exe : 8,704 : 07/13/2009 05:14 PM : 4a3cdcef8ed41b221f3dbef5792fb52d [Pos Repl] * C:\Windows\System32\d3d8.dll : 1,036,800 : 07/13/2009 05:15 PM : 241a1900c52dcba38b20a4f3671444e0 [NoSig] +-> C:\Windows\winsxs\x86_microsoft-windows-directx-direct3d8_31bf3856ad364e35_6.1.7600.16385_none_c222c27ec21ab213\d3d8.dll : 1,036,800 : 07/13/2009 05:15 PM : 241a1900c52dcba38b20a4f3671444e0 [Pos Repl] * C:\Windows\System32\d3d8thk.dll : 11,264 : 07/13/2009 05:15 PM : 77b1471a490b53b24efe136f09f76550 [NoSig] +-> C:\Windows\winsxs\x86_microsoft-windows-directx-direct3d9_31bf3856ad364e35_6.1.7601.17514_none_c454d690bf084f04\d3d8thk.dll : 11,264 : 07/13/2009 05:15 PM : 77b1471a490b53b24efe136f09f76550 [Pos Repl] * C:\Windows\System32\d3d9.dll : 1,828,352 : 11/20/2010 04:18 AM : 6ef5f3f18413c367195f06e503ab86a6 [NoSig] +-> C:\Windows\erdnt\cache\d3d9.dll : 1,828,352 : 11/20/2010 04:18 AM : 6ef5f3f18413c367195f06e503ab86a6 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-directx-direct3d9_31bf3856ad364e35_6.1.7601.17514_none_c454d690bf084f04\d3d9.dll : 1,828,352 : 11/20/2010 04:18 AM : 6ef5f3f18413c367195f06e503ab86a6 [Pos Repl] * C:\Windows\System32\ddraw.dll : 531,968 : 07/13/2009 05:15 PM : 198552aefeca69d646867ec8d792de95 [NoSig] +-> C:\Windows\erdnt\cache\ddraw.dll : 531,968 : 07/13/2009 05:15 PM : 198552aefeca69d646867ec8d792de95 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-directx-directdraw_31bf3856ad364e35_6.1.7600.16385_none_04dbf9102154d42e\ddraw.dll : 531,968 : 07/13/2009 05:15 PM : 198552aefeca69d646867ec8d792de95 [Pos Repl] * C:\Windows\System32\dllhost.exe : 7,168 : 07/13/2009 05:14 PM : a63dc5c2ea944e6657203e0c8edeaf61 [NoSig] +-> C:\Windows\winsxs\x86_microsoft-windows-com-surrogate_31bf3856ad364e35_6.1.7600.16385_none_43fa44d954d596e7\dllhost.exe : 7,168 : 07/13/2009 05:14 PM : a63dc5c2ea944e6657203e0c8edeaf61 [Pos Repl] * C:\Windows\System32\dnsapi.dll : 270,336 : 03/02/2011 09:38 PM : b40420876b9288e0a1c8cca8a84e5dc9 [NoSig] +-> C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_e3e9e6c8e09b7c76\dnsapi.dll : 270,336 : 11/20/2010 04:18 AM : 59df156711a76bcb993253ec6c9bbf41 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17570_none_e3a50618e0cfbec0\dnsapi.dll : 270,336 : 03/02/2011 09:38 PM : b40420876b9288e0a1c8cca8a84e5dc9 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.21673_none_e431a3c1f9eaaa8f\dnsapi.dll : 270,336 : 03/02/2011 09:12 PM : 1f79f611109c2b97260b68fd6b4fc7dd [Pos Repl] * C:\Windows\System32\dsound.dll : 453,632 : 07/13/2009 05:15 PM : 0e85c11f8850d524b02181c6e02ba9ae [NoSig] +-> C:\Windows\erdnt\cache\dsound.dll : 453,632 : 07/13/2009 05:15 PM : 0e85c11f8850d524b02181c6e02ba9ae [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-audio-dsound_31bf3856ad364e35_6.1.7600.16385_none_5872147ba3367471\dsound.dll : 453,632 : 07/13/2009 05:15 PM : 0e85c11f8850d524b02181c6e02ba9ae [Pos Repl] * C:\Windows\System32\dssenh.dll : 156,728 : 07/13/2009 05:17 PM : 99b9343280af6a4c0f27cf2e28e94bbf [NoSig] +-> C:\Windows\winsxs\x86_microsoft-windows-d..ellman_software_csp_31bf3856ad364e35_6.1.7600.16385_none_3bcf11a6e63842c7\dssenh.dll : 156,728 : 07/13/2009 05:17 PM : 99b9343280af6a4c0f27cf2e28e94bbf [Pos Repl] * C:\Windows\System32\dwm.exe : 92,672 : 07/13/2009 05:14 PM : 505bf4d1cadeb8d4f8bcd08d944de25d [NoSig] +-> C:\Windows\winsxs\x86_microsoft-windows-d..pwindowmanager-core_31bf3856ad364e35_6.1.7601.17514_none_8faafe001b741442\dwm.exe : 92,672 : 07/13/2009 05:14 PM : 505bf4d1cadeb8d4f8bcd08d944de25d [Pos Repl] * C:\Windows\System32\es.dll : 271,360 : 07/13/2009 05:15 PM : f6916efc29d9953d5d0df06882ae8e16 [NoSig] +-> C:\Windows\erdnt\cache\es.dll : 271,360 : 07/13/2009 05:15 PM : f6916efc29d9953d5d0df06882ae8e16 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_0cc3f540b311359a\es.dll : 271,360 : 07/13/2009 05:15 PM : f6916efc29d9953d5d0df06882ae8e16 [Pos Repl] * C:\Windows\System32\hid.dll : 22,016 : 07/13/2009 05:15 PM : 63df770df74acb370ef5a16727069aaf [NoSig] +-> C:\Windows\winsxs\x86_microsoft-windows-hid-user_31bf3856ad364e35_6.1.7600.16385_none_d6829e90e8c23da8\hid.dll : 22,016 : 07/13/2009 05:15 PM : 63df770df74acb370ef5a16727069aaf [Pos Repl] * C:\Windows\System32\hnetcfg.dll : 288,256 : 07/13/2009 05:15 PM : 6383c60ec0133b14f5705f96369421b2 [NoSig] +-> C:\Windows\erdnt\cache\hnetcfg.dll : 288,256 : 07/13/2009 05:15 PM : 6383c60ec0133b14f5705f96369421b2 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-i..ectionsharingconfig_31bf3856ad364e35_6.1.7600.16385_none_b00c9bd7f5ed1c02\hnetcfg.dll : 288,256 : 07/13/2009 05:15 PM : 6383c60ec0133b14f5705f96369421b2 [Pos Repl] * C:\Windows\System32\ias.dll : 19,456 : 07/13/2009 05:15 PM : a1e91b5b5273573fc132b683e550b5e6 [NoSig] +-> C:\Windows\erdnt\cache\ias.dll : 19,456 : 07/13/2009 05:15 PM : a1e91b5b5273573fc132b683e550b5e6 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-n..ion_service_runtime_31bf3856ad364e35_6.1.7601.17514_none_fb08448fa0c85c23\ias.dll : 19,456 : 07/13/2009 05:15 PM : a1e91b5b5273573fc132b683e550b5e6 [Pos Repl] * C:\Windows\System32\imm32.dll : 118,272 : 11/20/2010 04:19 AM : 4a8e2f20809cc161107faa94f6cf2685 [NoSig] +-> C:\Windows\erdnt\cache\imm32.dll : 118,272 : 11/20/2010 04:19 AM : 4a8e2f20809cc161107faa94f6cf2685 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-imm32_31bf3856ad364e35_6.1.7601.17514_none_5e5d8801d8ad160d\imm32.dll : 118,272 : 11/20/2010 04:19 AM : 4a8e2f20809cc161107faa94f6cf2685 [Pos Repl] * C:\Windows\System32\ipsecsvc.dll : 350,208 : 11/20/2010 04:19 AM : 53946b69ba0836bd95b03759530c81ec [NoSig] +-> C:\Windows\winsxs\x86_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.1.7601.17514_none_4615e1bd4a475777\IPSECSVC.DLL : 350,208 : 11/20/2010 04:19 AM : 53946b69ba0836bd95b03759530c81ec [Pos Repl] * C:\Windows\System32\kernel32.dll : 868,352 : 05/08/2015 07:13 PM : 957655757f43858692289b96f73716d8 [NoSig] +-> C:\Windows\erdnt\cache\kernel32.dll : 868,352 : 05/08/2015 07:13 PM : 957655757f43858692289b96f73716d8 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17514_none_95c54f2cb48da1b9\kernel32.dll : 857,600 : 11/20/2010 04:19 AM : 5553784d774ca845380650e010bbda2c [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18015_none_95c62f30b48ce2ee\kernel32.dll : 868,352 : 06/03/2015 07:11 PM : ae09b85158c66e2c154c5c9b3c0027b3 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18409_none_95d507dcb48120f5\kernel32.dll : 868,352 : 06/03/2015 07:07 PM : f74ffa7654702f81884bdb41eb80dac2 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18847_none_95a7cf30b4a352a7\kernel32.dll : 868,352 : 05/08/2015 07:13 PM : 957655757f43858692289b96f73716d8 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22177_none_9610ed07cdd95d0c\kernel32.dll : 868,352 : 06/03/2015 07:11 PM : 6d0d4b00c7cb4fa829f396a83b327894 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22653_none_96229535cdccb191\kernel32.dll : 872,448 : 04/11/2014 06:06 PM : 0acc3056081e646e242a8eab2348271a [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23049_none_963344b1cdbf5861\kernel32.dll : 872,448 : 05/08/2015 09:41 PM : 8d5cc74bfa8f947cb283527806db7b1f [Pos Repl] * C:\Windows\System32\ksuser.dll : 4,608 : 07/13/2009 05:15 PM : 9c67f6bbda3881cfd02095160cf91576 [NoSig] +-> C:\Windows\erdnt\cache\ksuser.dll : 4,608 : 07/13/2009 05:15 PM : 9c67f6bbda3881cfd02095160cf91576 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-d..tshow-kernelsupport_31bf3856ad364e35_6.1.7601.17514_none_ea090647f58e5d9c\ksuser.dll : 4,608 : 07/13/2009 05:15 PM : 9c67f6bbda3881cfd02095160cf91576 [Pos Repl] * C:\Windows\System32\linkinfo.dll : 22,016 : 07/13/2009 05:15 PM : 5987ea8a82c53359bcd2c29d6588583e [NoSig] +-> C:\Windows\erdnt\cache\linkinfo.dll : 22,016 : 07/13/2009 05:15 PM : 5987ea8a82c53359bcd2c29d6588583e [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-linkinfo_31bf3856ad364e35_6.1.7600.16385_none_383b884006a7a723\linkinfo.dll : 22,016 : 07/13/2009 05:15 PM : 5987ea8a82c53359bcd2c29d6588583e [Pos Repl] * C:\Windows\System32\lpk.dll : 26,624 : 09/11/2015 09:16 AM : d4a40f3f8d4a18536a87327cdd9f67ab [NoSig] +-> C:\Windows\erdnt\cache\lpk.dll : 26,624 : 09/11/2015 09:16 AM : d4a40f3f8d4a18536a87327cdd9f67ab [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17514_none_abda8263b8c87657\lpk.dll : 26,624 : 07/13/2009 05:15 PM : 4f154d2c9c6df951fd6e5aabbae6b5ee [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.18946_none_abbc0403b8df0b15\lpk.dll : 26,624 : 08/11/2015 08:09 PM : 60aa427e651e0d97a6666af6d7391549 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.18985_none_ab8fc409b9006182\lpk.dll : 26,624 : 09/11/2015 09:16 AM : d4a40f3f8d4a18536a87327cdd9f67ab [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.23149_none_ac4879ced1fa2a26\lpk.dll : 26,624 : 08/11/2015 08:09 PM : 9bf6d3db71ea5b46d07168d583f92668 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.23188_none_ac1c39d4d21b8093\lpk.dll : 26,624 : 09/11/2015 09:16 AM : db39c9a2ecc639a130b6e34973b40c8c [Pos Repl] * C:\Windows\System32\lsass.exe : 22,528 : 11/11/2015 09:03 AM : 5111fa6ec341bacc07fa69aa9764b6d2 [NoSig] +-> C:\Windows\erdnt\cache\lsass.exe : 22,528 : 11/25/2015 10:19 PM : 5111fa6ec341bacc07fa69aa9764b6d2 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_a851f4adbb0d5141\lsass.exe : 22,528 : 07/13/2009 05:14 PM : f42309c4191c506b71db5d1126d26318 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_a84828d7bb1480d7\lsass.exe : 22,528 : 06/03/2015 07:08 PM : 81951f51e318aecc2d68559e47485cc4 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17940_none_a82d8b59bb293454\lsass.exe : 22,528 : 06/03/2015 07:08 PM : 81951f51e318aecc2d68559e47485cc4 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18443_none_a8306bf1bb26a837\lsass.exe : 22,528 : 06/04/2015 08:27 AM : dd17e1573651293d4ed31053795b3471 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18526_none_a8490e8dbb13b981\lsass.exe : 22,528 : 06/03/2015 07:07 PM : dd17e1573651293d4ed31053795b3471 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18606_none_a85eb04bbb037ec6\lsass.exe : 22,528 : 09/19/2014 01:23 AM : ac0d7a5778d5a8c17ecfeecb302b4fa4 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18637_none_a83f40d1bb1aebf0\lsass.exe : 22,528 : 06/03/2015 07:05 PM : dd17e1573651293d4ed31053795b3471 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18741_none_a82e710fbb286cfe\lsass.exe : 22,528 : 06/03/2015 07:06 PM : 27945cf21e17afbff1e31993aaee4551 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18812_none_a84fe303bb0f2fa9\lsass.exe : 22,528 : 06/03/2015 07:09 PM : 618ba9298726844da4e9e53c7c8d4015 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18869_none_a820d56dbb316cbf\lsass.exe : 22,528 : 06/04/2015 04:34 AM : d2967f6d4205a227aaa7d094c12f7141 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18923_none_a8461547bb166218\lsass.exe : 22,528 : 08/11/2015 06:40 PM : a7d58776c4d1f7d98f93c2dca4fdd0e8 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18933_none_a83b455bbb1e7e09\lsass.exe : 22,528 : 08/11/2015 08:09 PM : 3ad57b7a84035a05079226d1de47e771 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18939_none_a8414717bb191613\lsass.exe : 22,528 : 08/26/2015 04:50 PM : 88142648ed929e6d2178cc3b8c13c00f [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18951_none_a823a4efbb30833d\lsass.exe : 22,528 : 09/29/2015 09:48 AM : 537463850663f2edc50af884d92c0096 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.19007_none_a85f8e69bb02c2d4\lsass.exe : 22,528 : 10/13/2015 10:58 AM : 7d67b4d677a15b1a363d5bd8201b533d [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.19043_none_a8304d91bb26cd3c\lsass.exe : 22,528 : 11/11/2015 09:03 AM : 97b93dd136dd0893180fa69ae4ba65d5 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.19044_none_a8314ddbbb25e693\lsass.exe : 22,528 : 11/11/2015 09:03 AM : 8c2628f35754da178e69fa47e4955162 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.19045_none_a8324e25bb24ffea\lsass.exe : 22,528 : 11/11/2015 09:03 AM : 5111fa6ec341bacc07fa69aa9764b6d2 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_a8a284cad4562b09\lsass.exe : 22,528 : 06/03/2015 07:08 PM : fbcb2dfa40862daa7b1534c9538208a5 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22099_none_a889f15ed46779fd\lsass.exe : 22,528 : 06/04/2015 04:34 AM : 7abc23f3d86880ad62acedc7479608f8 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22653_none_a8af3ab6d44c6119\lsass.exe : 22,528 : 06/04/2015 08:27 AM : 627b40eb2595d8fcf1960f33389eb7d3 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22807_none_a8e94f46d420350e\lsass.exe : 22,528 : 06/03/2015 07:07 PM : 627b40eb2595d8fcf1960f33389eb7d3 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22814_none_a8db7e7cd42b04fa\lsass.exe : 22,528 : 09/19/2014 01:29 AM : f0f6e52554e314a71e776b1086b5b3dd [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22843_none_a8ba0e6ed4443f76\lsass.exe : 22,528 : 06/03/2015 07:05 PM : 627b40eb2595d8fcf1960f33389eb7d3 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22948_none_a8bf11c6d43fbb50\lsass.exe : 22,528 : 06/03/2015 07:06 PM : 8cad69b705d065ccaaa0e4c17c07b21e [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23017_none_a8de5962d4288168\lsass.exe : 22,528 : 06/03/2015 07:09 PM : 35f0817c803dfc520cbf7031b72b6a17 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23072_none_a8987868d45daa5b\lsass.exe : 22,528 : 06/04/2015 04:34 AM : 91d8b4ff9cd5725dd6507f49cc50bb03 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23126_none_a8d28b12d4318129\lsass.exe : 22,528 : 08/11/2015 06:40 PM : cca1bca3020c6a95be416d7deef62b2c [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23136_none_a8c7bb26d4399d1a\lsass.exe : 22,528 : 08/11/2015 08:09 PM : 266a126d1464409df8fa826c48166b0e [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23142_none_a8b8ea12d44553af\lsass.exe : 22,528 : 08/26/2015 04:50 PM : 75d5ac95e945749f314bb8e164cb6eb9 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23153_none_a8af1a70d44c88f7\lsass.exe : 22,528 : 09/11/2015 09:16 AM : ac5a6b04552b30c7b4f8b8a557038f36 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23154_none_a8b01abad44ba24e\lsass.exe : 22,528 : 09/29/2015 09:48 AM : 0d338801138e1924ddf1b159bed26867 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23211_none_a8d85b72d42de3ac\lsass.exe : 22,528 : 10/13/2015 10:55 AM : c23f8ad59a00346b8d78ca1deac64863 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23249_none_a8bfedfed43f0237\lsass.exe : 22,528 : 11/11/2015 09:03 AM : c062abe58aacc3edf050dede50d9a477 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23250_none_a8ac1b78d44f3a19\lsass.exe : 22,528 : 11/11/2015 09:03 AM : 994fa7d20d6639eba1cd08f59aa89f86 [Pos Repl] * C:\Windows\System32\lsm.exe : 267,776 : 11/20/2010 04:17 AM : 8aea9a37c1a3565a204d37c5e72ab791 [NoSig] +-> C:\Windows\winsxs\x86_microsoft-windows-t..localsessionmanager_31bf3856ad364e35_6.1.7601.17514_none_a74c36ac68ccc898\lsm.exe : 267,776 : 11/20/2010 04:17 AM : 8aea9a37c1a3565a204d37c5e72ab791 [Pos Repl] * C:\Windows\System32\mfc40u.dll : 954,288 : 11/20/2010 04:19 AM : ab9eb3745b03ae67ab241a82338dea7b [NoSig] +-> C:\Windows\erdnt\cache\mfc40u.dll : 954,288 : 11/20/2010 04:19 AM : ab9eb3745b03ae67ab241a82338dea7b [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-mfc40u_31bf3856ad364e35_6.1.7601.17514_none_f51a7bf0b3d25294\mfc40u.dll : 954,288 : 11/20/2010 04:19 AM : ab9eb3745b03ae67ab241a82338dea7b [Pos Repl] * C:\Windows\System32\midimap.dll : 16,896 : 07/13/2009 05:15 PM : 5a12c364ad1d4fcc0ad0e56dbbc34462 [NoSig] +-> C:\Windows\erdnt\cache\midimap.dll : 16,896 : 07/13/2009 05:15 PM : 5a12c364ad1d4fcc0ad0e56dbbc34462 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-audio-mmecore-other_31bf3856ad364e35_6.1.7600.16385_none_8cd41e2771e37717\midimap.dll : 16,896 : 07/13/2009 05:15 PM : 5a12c364ad1d4fcc0ad0e56dbbc34462 [Pos Repl] * C:\Windows\System32\mshtml.dll : 20,366,848 : 12/09/2015 01:40 PM : b206e8bd4938b6c6b1c84dd13c12c4df [NoSig] +-> C:\Windows\erdnt\cache\mshtml.dll : 20,366,848 : 12/09/2015 01:40 PM : b206e8bd4938b6c6b1c84dd13c12c4df [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17633_none_99675e667ee909c7\mshtml.dll : 19,740,160 : 06/04/2015 06:13 AM : 61c74d794c14e9fc94d93f5f0f72a3f9 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17801_none_994eeb407efbc262\mshtml.dll : 19,691,008 : 06/03/2015 09:13 PM : d74445161e58644309f858342f5e265c [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17843_none_9952bed87ef85b00\mshtml.dll : 19,607,040 : 06/11/2015 04:51 PM : 975421ac32f9f6e27a58f75dab4b5871 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17914_none_9944d7467f03448d\mshtml.dll : 19,877,376 : 07/15/2015 01:15 PM : fa9dfdaf0d0ba0f2e5bf85c2aa557a6f [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17923_none_9945ee587f024443\mshtml.dll : 19,877,376 : 07/15/2015 01:17 PM : 116f506573b59b85cd0dc18527e9951a [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17959_none_994866867f002a0e\mshtml.dll : 19,870,208 : 08/11/2015 08:09 PM : baaac903bf7f9ca5f1129c972aede6bd [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17963_none_9949ef807efea99f\mshtml.dll : 19,871,232 : 08/26/2015 04:53 PM : a98799eba5baabf1ab2bafce488fc9f9 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.18015_none_99a611b07eba5fdc\mshtml.dll : 19,856,896 : 09/11/2015 09:16 AM : 1730f4b69593eb38072daf273b5565ab [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.18059_none_99a9b7b87eb72bbc\mshtml.dll : 20,357,632 : 10/13/2015 10:54 AM : d586cb95b4eadc0525e8929a241898f5 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.18097_none_99ade6707eb35dd6\mshtml.dll : 20,331,520 : 11/11/2015 09:01 AM : d49701891d475f61b23ba4dbef6e71ec [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.18124_none_999c58d67ec17b83\mshtml.dll : 20,366,848 : 12/09/2015 01:40 PM : b206e8bd4938b6c6b1c84dd13c12c4df [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17514_none_3004c3bef76d8ca4\mshtml.dll : 5,977,600 : 11/20/2010 04:19 AM : c50799f0d47dfb9774f721521b6c41d5 [Pos Repl] * C:\Windows\System32\msimg32.dll : 4,608 : 07/13/2009 05:15 PM : 18ab2e5a40064ed5f7791ac5946a90f3 [NoSig] +-> C:\Windows\erdnt\cache\msimg32.dll : 4,608 : 07/13/2009 05:15 PM : 18ab2e5a40064ed5f7791ac5946a90f3 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-gdi-painting_31bf3856ad364e35_6.1.7600.16385_none_77422e3e7d5fa732\msimg32.dll : 4,608 : 07/13/2009 05:15 PM : 18ab2e5a40064ed5f7791ac5946a90f3 [Pos Repl] * C:\Windows\System32\msprivs.dll : 2,048 : 07/13/2009 05:07 PM : c90878913df3dc504790282043db5f4c [NoSig] +-> C:\Windows\winsxs\x86_microsoft-windows-lsa-msprivs_31bf3856ad364e35_6.1.7600.16385_none_0bef4735dcb96ff8\msprivs.dll : 2,048 : 07/13/2009 05:07 PM : c90878913df3dc504790282043db5f4c [Pos Repl] * C:\Windows\System32\msvcrt.dll : 690,688 : 06/03/2015 07:08 PM : 9dc80a8aaaaac397bdab3c67165a824e [NoSig] +-> C:\Windows\erdnt\cache\msvcrt.dll : 690,688 : 06/03/2015 07:08 PM : 9dc80a8aaaaac397bdab3c67165a824e [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7600.16385_none_d12b8c440039b31e\msvcrt.dll : 690,688 : 07/13/2009 05:15 PM : e46d48a7fe961401f1cbf85531cdf05d [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7601.17744_none_d33c3413fd4084d9\msvcrt.dll : 690,688 : 06/03/2015 07:08 PM : 9dc80a8aaaaac397bdab3c67165a824e [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7601.21878_none_d3a962431672ddd2\msvcrt.dll : 690,688 : 06/03/2015 07:08 PM : 2f740c4b458331357e825e94afb0953a [Pos Repl] * C:\Windows\System32\mswsock.dll : 231,424 : 06/03/2015 09:12 PM : e94c583cde2348950155f2af2876f34d [NoSig] +-> C:\Windows\erdnt\cache\mswsock.dll : 231,424 : 06/03/2015 09:12 PM : e94c583cde2348950155f2af2876f34d [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll : 232,448 : 11/20/2010 04:19 AM : 8999b8631c7fd9f7f9ec3cafd953ba24 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.18254_none_ba2f64c78bae6989\mswsock.dll : 231,424 : 06/03/2015 09:12 PM : e94c583cde2348950155f2af2876f34d [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.22444_none_bac3d364a4c3ea89\mswsock.dll : 231,424 : 06/03/2015 09:12 PM : 6547d445c4b69dc0083b619ac642df04 [Pos Repl] * C:\Windows\System32\netlogon.dll : 563,712 : 11/20/2010 04:20 AM : c1809b9907adedaf16f50c894100883b [NoSig] +-> C:\Windows\erdnt\cache\netlogon.dll : 563,712 : 11/20/2010 04:20 AM : c1809b9907adedaf16f50c894100883b [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll : 563,712 : 11/20/2010 04:20 AM : c1809b9907adedaf16f50c894100883b [Pos Repl] * C:\Windows\System32\netman.dll : 280,576 : 07/13/2009 05:16 PM : 7cccfca7510684768da22092d1fa4db2 [NoSig] +-> C:\Windows\erdnt\cache\netman.dll : 280,576 : 07/13/2009 05:16 PM : 7cccfca7510684768da22092d1fa4db2 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-netman_31bf3856ad364e35_6.1.7600.16385_none_0f9371b9b32368a4\netman.dll : 280,576 : 07/13/2009 05:16 PM : 7cccfca7510684768da22092d1fa4db2 [Pos Repl] * C:\Windows\System32\ntkrnlpa.exe : 3,991,488 : 11/11/2015 09:03 AM : 64ad529b85d7e856f9a4fff9c809e693 [NoSig] +-> C:\Windows\erdnt\cache\ntkrnlpa.exe : 3,991,488 : 11/11/2015 09:03 AM : 64ad529b85d7e856f9a4fff9c809e693 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17514_none_6e37cb8c12652b73\ntkrnlpa.exe : 3,966,848 : 11/20/2010 04:30 AM : 144bd78c6103c8616de047b3532142db [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17592_none_6ddf4b9812a7d84d\ntkrnlpa.exe : 3,967,872 : 04/08/2011 10:02 PM : 102a6182087b18c795664bcd22eb52e9 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17727_none_6e30004a126a8db7\ntkrnlpa.exe : 3,968,368 : 06/03/2015 09:09 PM : 31c59b0ca08b1203e35d2ba19319279e [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17803_none_6e41a0e0125deda0\ntkrnlpa.exe : 3,968,368 : 06/03/2015 07:10 PM : 8f6d5704d7522aab8b4b82c0d35d9184 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18409_none_6e47843c1258aaaf\ntkrnlpa.exe : 3,969,984 : 03/04/2014 01:20 AM : 4d59f470985d08139e42d15842816c47 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18741_none_6e1447ee12804730\ntkrnlpa.exe : 3,973,048 : 06/03/2015 07:06 PM : 6c2d4dc5d2e271f4ae4016fd4587b0b2 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18869_none_6e06ac4c128946f1\ntkrnlpa.exe : 3,989,440 : 06/04/2015 04:34 AM : 641a14e6ac492ed45bc68815e2e2f566 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18923_none_6e2bec26126e3c4a\ntkrnlpa.exe : 3,989,952 : 07/14/2015 07:00 PM : bb50127aacb467f56dddaf0e1e434b33 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18933_none_6e211c3a1276583b\ntkrnlpa.exe : 3,989,952 : 08/11/2015 08:09 PM : 6c95d6264810f816e92780e7db81f7b1 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18939_none_6e271df61270f045\ntkrnlpa.exe : 3,989,952 : 08/26/2015 04:50 PM : 7798c39730ca28b18f8cc45edbb479dc [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.19018_none_6e3b95a61261d24e\ntkrnlpa.exe : 3,990,976 : 10/13/2015 10:58 AM : 63fd03ced9739062e9b94f0d1e54a406 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.19045_none_6e182504127cda1c\ntkrnlpa.exe : 3,991,488 : 11/11/2015 09:03 AM : 64ad529b85d7e856f9a4fff9c809e693 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21701_none_6ec9394b2b7d606e\ntkrnlpa.exe : 3,967,872 : 04/08/2011 10:01 PM : 9cf7f5d025183fa10e130445bc071b70 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21863_none_6e8a5c3d2bac37e9\ntkrnlpa.exe : 3,971,440 : 06/03/2015 09:09 PM : 2eda0dccf5f00cdb91a9ecbe45cb0b3d [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21955_none_6e972ea32ba24bcd\ntkrnlpa.exe : 3,971,952 : 06/03/2015 07:10 PM : 93358348d0b79812caaa83a1377e4449 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22616_none_6ec352232b81178c\ntkrnlpa.exe : 3,974,080 : 03/04/2014 02:42 AM : fb18fe03dec1297107946c4d597797c3 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22948_none_6ea4e8a52b979582\ntkrnlpa.exe : 3,977,664 : 06/03/2015 07:06 PM : b6258de1ba2eb5f718b65d206d2912ce [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.23072_none_6e7e4f472bb5848d\ntkrnlpa.exe : 3,994,560 : 06/04/2015 04:34 AM : 4aa0a6fdbad338fbe8550fa68a465e17 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.23126_none_6eb861f12b895b5b\ntkrnlpa.exe : 3,995,584 : 07/14/2015 07:04 PM : 2ededa680b11d41a01992c7cd2ade28c [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.23136_none_6ead92052b91774c\ntkrnlpa.exe : 3,995,584 : 08/11/2015 08:09 PM : 4dcab20257f5272950eecb4db96815cc [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.23142_none_6e9ec0f12b9d2de1\ntkrnlpa.exe : 3,995,584 : 08/26/2015 04:50 PM : ede7d6d205b86de1c7362d198c3018f8 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.23153_none_6e94f14f2ba46329\ntkrnlpa.exe : 3,995,584 : 09/11/2015 09:16 AM : 3805c457c6669d93b545f09f0c11339c [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.23223_none_6eb562f92b8c0c7d\ntkrnlpa.exe : 3,996,608 : 10/13/2015 10:55 AM : 72dd2c8d7583ba87c09d4aa2e7c4453f [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.23250_none_6e91f2572ba7144b\ntkrnlpa.exe : 3,996,608 : 11/11/2015 09:03 AM : 71b49ece9891466e3c62c0ea2583c3b6 [Pos Repl] * C:\Windows\System32\ntoskrnl.exe : 3,935,680 : 11/11/2015 09:03 AM : a860caa340d18b2cb7b93a9c67fddb49 [NoSig] +-> C:\Windows\erdnt\cache\ntoskrnl.exe : 3,935,680 : 11/11/2015 09:03 AM : a860caa340d18b2cb7b93a9c67fddb49 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17514_none_6e37cb8c12652b73\ntoskrnl.exe : 3,911,040 : 11/20/2010 04:30 AM : 2088d9994332583edb3c561de31ea5ad [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17592_none_6ddf4b9812a7d84d\ntoskrnl.exe : 3,912,576 : 04/08/2011 10:02 PM : 5d21c487f79f8245e799071589e035bf [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17727_none_6e30004a126a8db7\ntoskrnl.exe : 3,913,584 : 06/03/2015 09:09 PM : f0f0e99a65f598a1a7720f5111c4da8f [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17803_none_6e41a0e0125deda0\ntoskrnl.exe : 3,913,072 : 06/03/2015 07:10 PM : 28f44480e411c3ddf04b63f6560e6ef4 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18409_none_6e47843c1258aaaf\ntoskrnl.exe : 3,914,176 : 03/04/2014 01:20 AM : 31fa2485dfc773f1e718a4d19f443fa9 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18741_none_6e1447ee12804730\ntoskrnl.exe : 3,917,760 : 06/03/2015 07:06 PM : 2cfe69a0a8afda8db9a773d728000bb7 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18869_none_6e06ac4c128946f1\ntoskrnl.exe : 3,934,144 : 06/04/2015 04:34 AM : 583fff12d2f0d6e1a8746462c433895f [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18923_none_6e2bec26126e3c4a\ntoskrnl.exe : 3,934,656 : 07/14/2015 07:00 PM : d2d535add20a3d9340539336e46ddb20 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18933_none_6e211c3a1276583b\ntoskrnl.exe : 3,934,656 : 08/11/2015 08:09 PM : dc18ffff3175376abd38e6d48309f7f9 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18939_none_6e271df61270f045\ntoskrnl.exe : 3,934,656 : 08/26/2015 04:50 PM : b83b25734c88c16026dfa483c5fe2107 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.19018_none_6e3b95a61261d24e\ntoskrnl.exe : 3,936,192 : 10/13/2015 10:58 AM : c19537a50b723e0f7b53d413163b35ee [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.19045_none_6e182504127cda1c\ntoskrnl.exe : 3,935,680 : 11/11/2015 09:03 AM : a860caa340d18b2cb7b93a9c67fddb49 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21701_none_6ec9394b2b7d606e\ntoskrnl.exe : 3,912,576 : 04/08/2011 10:01 PM : d385343510b75545ec5db3a64c2d2492 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21863_none_6e8a5c3d2bac37e9\ntoskrnl.exe : 3,916,656 : 06/03/2015 09:09 PM : 00b12ea93ed392fbd09f07b63e926647 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21955_none_6e972ea32ba24bcd\ntoskrnl.exe : 3,916,656 : 06/03/2015 07:10 PM : 2e02a17e8965ad671e4987e503ad38b1 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22616_none_6ec352232b81178c\ntoskrnl.exe : 3,918,784 : 03/04/2014 02:42 AM : a3ebcbbe7eff3f736adc532a6c73e775 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22948_none_6ea4e8a52b979582\ntoskrnl.exe : 3,921,848 : 06/03/2015 07:06 PM : ac9a49269b41ca6d814912ce7a2475e6 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.23072_none_6e7e4f472bb5848d\ntoskrnl.exe : 3,939,776 : 06/04/2015 04:34 AM : def4491fb75633a4eb4648f68b7df8c2 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.23126_none_6eb861f12b895b5b\ntoskrnl.exe : 3,939,776 : 07/14/2015 07:04 PM : ecbd9b1ff41e554971d98df2f7b8a52d [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.23136_none_6ead92052b91774c\ntoskrnl.exe : 3,939,776 : 08/11/2015 08:09 PM : 4555f0c9cfdb8158c7a9e462f6fcd053 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.23142_none_6e9ec0f12b9d2de1\ntoskrnl.exe : 3,939,776 : 08/26/2015 04:50 PM : eba077fc13f9ccd445a8b0dd1b9c760e [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.23153_none_6e94f14f2ba46329\ntoskrnl.exe : 3,939,776 : 09/11/2015 09:16 AM : cc8b9e9917fe633620ce976526a0da2b [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.23223_none_6eb562f92b8c0c7d\ntoskrnl.exe : 3,940,800 : 10/13/2015 10:55 AM : 2f53f96932cd96aa58b3f0ec16ac904d [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.23250_none_6e91f2572ba7144b\ntoskrnl.exe : 3,940,800 : 11/11/2015 09:03 AM : 9abf05bb3a985af1a67ef6a13418b9fe [Pos Repl] * C:\Windows\System32\ole32.dll : 1,414,656 : 07/04/2015 09:48 AM : 4548507ed3c17db4739dbbeaf6378004 [NoSig] +-> C:\Windows\erdnt\cache\ole32.dll : 1,414,656 : 07/04/2015 09:48 AM : 4548507ed3c17db4739dbbeaf6378004 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7601.17514_none_ae2511475093798f\ole32.dll : 1,414,144 : 11/20/2010 04:20 AM : 928cf7268086631f54c3d8e17238c6dd [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7601.18915_none_ae2602615092a123\ole32.dll : 1,414,656 : 07/04/2015 09:48 AM : 4548507ed3c17db4739dbbeaf6378004 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7601.23118_none_aeb2782c69adc034\ole32.dll : 1,414,656 : 07/04/2015 09:48 AM : 1327be7f332b0695c0158d6dde9551a9 [Pos Repl] * C:\Windows\System32\olepro32.dll : 90,112 : 11/20/2010 04:20 AM : 703ffd301ab900b047337c5d40fd6f96 [NoSig] +-> C:\Windows\erdnt\cache\olepro32.dll : 90,112 : 11/20/2010 04:20 AM : 703ffd301ab900b047337c5d40fd6f96 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-ole-automation-legacy_31bf3856ad364e35_6.1.7601.17514_none_3c1b247e5ff65f89\olepro32.dll : 90,112 : 11/20/2010 04:20 AM : 703ffd301ab900b047337c5d40fd6f96 [Pos Repl] * C:\Windows\System32\perfctrs.dll : 39,424 : 07/13/2009 05:16 PM : edd2ad141debd425d74a52a4d7be6ac4 [NoSig] +-> C:\Windows\erdnt\cache\perfctrs.dll : 39,424 : 07/13/2009 05:16 PM : edd2ad141debd425d74a52a4d7be6ac4 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-p..ormancebasecounters_31bf3856ad364e35_6.1.7600.16385_none_314993e6be6d6809\perfctrs.dll : 39,424 : 07/13/2009 05:16 PM : edd2ad141debd425d74a52a4d7be6ac4 [Pos Repl] * C:\Windows\System32\powrprof.dll : 145,408 : 07/13/2009 05:16 PM : 08dfdbd2fd4ea951dc46b1c7661ed35a [NoSig] +-> C:\Windows\erdnt\cache\powrprof.dll : 145,408 : 07/13/2009 05:16 PM : 08dfdbd2fd4ea951dc46b1c7661ed35a [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-userpowermanagement_31bf3856ad364e35_6.1.7600.16385_none_a2eff4845e2bf4e2\powrprof.dll : 145,408 : 07/13/2009 05:16 PM : 08dfdbd2fd4ea951dc46b1c7661ed35a [Pos Repl] * C:\Windows\System32\psbase.dll : 50,688 : 07/13/2009 05:16 PM : 274992d0945889a6b56d0e1bd4288a6e [NoSig] +-> C:\Windows\winsxs\x86_microsoft-windows-s..ty-protectedstorage_31bf3856ad364e35_6.1.7600.16385_none_481f6abd91b25a15\psbase.dll : 50,688 : 07/13/2009 05:16 PM : 274992d0945889a6b56d0e1bd4288a6e [Pos Repl] * C:\Windows\System32\pstorsvc.dll : 23,552 : 07/13/2009 05:16 PM : 0a3ccb2c4f603d99f34d742fc9544b97 [NoSig] +-> C:\Windows\winsxs\x86_microsoft-windows-s..ty-protectedstorage_31bf3856ad364e35_6.1.7600.16385_none_481f6abd91b25a15\pstorsvc.dll : 23,552 : 07/13/2009 05:16 PM : 0a3ccb2c4f603d99f34d742fc9544b97 [Pos Repl] * C:\Windows\System32\qmgr.dll : 585,728 : 11/20/2010 04:20 AM : e585445d5021971fae10393f0f1c3961 [NoSig] +-> C:\Windows\erdnt\cache\qmgr.dll : 585,728 : 11/20/2010 04:20 AM : e585445d5021971fae10393f0f1c3961 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_25982ed857b42497\qmgr.dll : 585,728 : 11/20/2010 04:20 AM : e585445d5021971fae10393f0f1c3961 [Pos Repl] * C:\Windows\System32\rasadhlp.dll : 11,776 : 07/13/2009 05:16 PM : ed6ee83d61ebc683c2cd8e899ea6febe [NoSig] +-> C:\Windows\erdnt\cache\rasadhlp.dll : 11,776 : 07/13/2009 05:16 PM : ed6ee83d61ebc683c2cd8e899ea6febe [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-rasautodial_31bf3856ad364e35_6.1.7600.16385_none_0fb054d9c6a6b4d4\rasadhlp.dll : 11,776 : 07/13/2009 05:16 PM : ed6ee83d61ebc683c2cd8e899ea6febe [Pos Repl] * C:\Windows\System32\regsvc.dll : 112,640 : 07/13/2009 05:16 PM : cb9a8683f4ef2bf99e123d79950d7935 [NoSig] +-> C:\Windows\erdnt\cache\regsvc.dll : 112,640 : 07/13/2009 05:16 PM : cb9a8683f4ef2bf99e123d79950d7935 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-remoteregistry-service_31bf3856ad364e35_6.1.7600.16385_none_893c5bdce4cae672\regsvc.dll : 112,640 : 07/13/2009 05:16 PM : cb9a8683f4ef2bf99e123d79950d7935 [Pos Repl] * C:\Windows\System32\rpcss.dll : 376,832 : 11/20/2010 04:21 AM : 7660f01d3b38aca1747e397d21d790af [NoSig] +-> C:\Windows\erdnt\cache\rpcss.dll : 376,832 : 11/20/2010 04:21 AM : 7660f01d3b38aca1747e397d21d790af [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_6bd245e79c221747\rpcss.dll : 376,832 : 11/20/2010 04:21 AM : 7660f01d3b38aca1747e397d21d790af [Pos Repl] * C:\Windows\System32\scecli.dll : 175,616 : 11/20/2010 04:21 AM : 8124944ec89d6a1815e4e53f5b96aaf4 [NoSig] +-> C:\Windows\erdnt\cache\scecli.dll : 175,616 : 11/20/2010 04:21 AM : 8124944ec89d6a1815e4e53f5b96aaf4 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll : 175,616 : 11/20/2010 04:21 AM : 8124944ec89d6a1815e4e53f5b96aaf4 [Pos Repl] * C:\Windows\System32\schannel.dll : 251,392 : 11/11/2015 09:03 AM : 0dd296312e531c6e0bf1ab7f2c092801 [NoSig] +-> C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.17514_none_241db4f9b384efcc\schannel.dll : 224,256 : 11/20/2010 04:21 AM : 135f7ac9be35ab1df727faf2e60e92f8 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.17725_none_2413e923b38c1f62\schannel.dll : 224,768 : 06/03/2015 07:08 PM : 1affb765af1fdcc0c185c38e9ddddaee [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.17940_none_23f94ba5b3a0d2df\schannel.dll : 247,808 : 06/04/2015 04:34 AM : af78f66116814fdd6677cebd73035cdd [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.18409_none_242d6da9b3786f08\schannel.dll : 247,808 : 06/03/2015 07:05 PM : 828185688fdaae6c7959b884abed1766 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.18489_none_23d6ee49b3b94e90\schannel.dll : 247,808 : 06/03/2015 07:05 PM : f95e1e9d97d25c11f29ca34c843a6f4d [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.18606_none_242a7097b37b1d51\schannel.dll : 248,832 : 09/19/2014 01:23 AM : 8cfaefcd7f1e004950fcae870a501b3e [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.18741_none_23fa315bb3a00b89\schannel.dll : 248,832 : 06/03/2015 07:06 PM : 77949ecd7d87bc4a181c9b5e3d019d4f [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.18812_none_241ba34fb386ce34\schannel.dll : 248,832 : 10/13/2015 10:58 AM : dc5aeeef4234ec50aa2162285034bf82 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.18843_none_23fc33d5b39e3b5e\schannel.dll : 248,832 : 06/03/2015 07:09 PM : 2665a3d34d1c62df303723422215b001 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.18869_none_23ec95b9b3a90b4a\schannel.dll : 248,832 : 06/04/2015 04:34 AM : bbabc6702529cfadac0ec2b28168a288 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.18923_none_2411d593b38e00a3\schannel.dll : 248,832 : 07/14/2015 06:55 PM : 38e51c1356d8669105b797ca6562da6d [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.18933_none_240705a7b3961c94\schannel.dll : 248,832 : 08/11/2015 08:09 PM : fe748feaa8a5a7677da1c2c6ce405ade [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.18939_none_240d0763b390b49e\schannel.dll : 248,832 : 08/26/2015 04:50 PM : f58753faee561563530d110d1da78df4 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.18951_none_23ef653bb3a821c8\schannel.dll : 248,832 : 09/29/2015 09:48 AM : 31f7525fb731186382a8a33da036dacb [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.19007_none_242b4eb5b37a615f\schannel.dll : 248,832 : 10/13/2015 10:58 AM : 0834e70a068360d85cdc47697a4b7898 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.19043_none_23fc0dddb39e6bc7\schannel.dll : 251,392 : 11/11/2015 09:03 AM : 7421cf73303664edfcdd968cfe91ccd2 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.19044_none_23fd0e27b39d851e\schannel.dll : 251,392 : 11/11/2015 09:03 AM : b11a43f734199715aa5d243d231f7fae [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.19045_none_23fe0e71b39c9e75\schannel.dll : 251,392 : 11/11/2015 09:03 AM : 0dd296312e531c6e0bf1ab7f2c092801 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.21861_none_246e4516cccdc994\schannel.dll : 224,768 : 06/03/2015 07:08 PM : 3dbcbd8adb406c43a2127544d7ba974e [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.22099_none_2455b1aaccdf1888\schannel.dll : 247,808 : 06/04/2015 04:34 AM : abf890af1b55146f7dfe7a937f503b0a [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.22616_none_24a93b90cca0dbe5\schannel.dll : 247,808 : 03/04/2014 02:39 AM : 2ca65ec66d4ea3c6e8bad9f2115aaa64 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.22807_none_24b50f92cc97d399\schannel.dll : 247,808 : 06/03/2015 07:07 PM : c2597cc43e9f3f54f87526045e5d616a [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.22814_none_24a73ec8cca2a385\schannel.dll : 248,832 : 09/19/2014 01:29 AM : f07fc786d166ab6c6c7e217c82ad4a78 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.22843_none_2485cebaccbbde01\schannel.dll : 248,832 : 06/03/2015 07:05 PM : 51499f7d51aa8ee15d94e397796a8da2 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.22865_none_24722f76ccca4891\schannel.dll : 248,832 : 06/04/2015 08:31 AM : 51499f7d51aa8ee15d94e397796a8da2 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.22948_none_248ad212ccb759db\schannel.dll : 248,832 : 06/03/2015 07:06 PM : 86ceda9380e183b19c76adc62e380301 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.23017_none_24aa19aecca01ff3\schannel.dll : 248,832 : 10/13/2015 10:58 AM : a9884624df5f6fd874a543d281164b78 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.23045_none_2487a956ccba4118\schannel.dll : 248,832 : 06/03/2015 07:09 PM : 81e49397682c109eb2b0a9fe7838d89c [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.23072_none_246438b4ccd548e6\schannel.dll : 248,832 : 06/04/2015 04:34 AM : d44f44ef0bb8c2947bc20e40a33258d3 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.23126_none_249e4b5ecca91fb4\schannel.dll : 248,832 : 07/14/2015 07:00 PM : 57675cc4e04cb9fa452f3e06ed6589f5 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.23136_none_24937b72ccb13ba5\schannel.dll : 248,832 : 08/11/2015 08:09 PM : 1ac49dba31773666d2115f0809e20939 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.23142_none_2484aa5eccbcf23a\schannel.dll : 248,832 : 08/26/2015 04:50 PM : 129dea6c35bd7e537569e40dac45dd81 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.23153_none_247adabcccc42782\schannel.dll : 248,832 : 09/11/2015 09:16 AM : 8cf9cf9986436315b1036e3fd72b0eb5 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.23154_none_247bdb06ccc340d9\schannel.dll : 248,832 : 09/29/2015 09:48 AM : 47a44e0c508acbc06061315c821e869f [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.23211_none_24a41bbecca58237\schannel.dll : 248,832 : 10/13/2015 10:55 AM : d700d80c0b49ba3deae29098c3a0314c [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.23249_none_248bae4accb6a0c2\schannel.dll : 251,392 : 11/11/2015 09:03 AM : 99a55ab326f8f5eaa4146ad3cf1fd69a [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.1.7601.23250_none_2477dbc4ccc6d8a4\schannel.dll : 251,392 : 11/11/2015 09:03 AM : 6353bff4e7d154d87dfde8887297ece8 [Pos Repl] * C:\Windows\System32\schedsvc.dll : 751,104 : 09/11/2015 09:17 AM : 9060b8d5bcd5f2b019249f85e3d811f3 [NoSig] +-> C:\Windows\erdnt\cache\schedsvc.dll : 751,104 : 09/11/2015 09:17 AM : 9060b8d5bcd5f2b019249f85e3d811f3 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.1.7601.17514_none_3108887cf54491c3\schedsvc.dll : 750,592 : 11/20/2010 04:21 AM : a04bb13f8a72f8b6e8b4071723e4e336 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.1.7601.18951_none_30da38bef567c3bf\schedsvc.dll : 751,104 : 09/11/2015 09:17 AM : 9060b8d5bcd5f2b019249f85e3d811f3 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.1.7601.23154_none_3166ae8a0e82e2d0\schedsvc.dll : 751,616 : 09/11/2015 09:17 AM : 580dbf6b82b79545c9abca021037a385 [Pos Repl] * C:\Windows\System32\services.exe : 259,072 : 06/03/2015 07:09 PM : 0780a42dbd7d9969f9bf4a19aa4285b5 [NoSig] +-> C:\Windows\erdnt\cache\services.exe : 259,072 : 06/03/2015 07:09 PM : 0780a42dbd7d9969f9bf4a19aa4285b5 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe : 259,072 : 07/13/2009 05:14 PM : 5f1b6a9c35d3d5ca72d6d6fdef9747d6 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7601.18829_none_d1614ac32b8ec5cf\services.exe : 259,072 : 06/03/2015 07:09 PM : 0780a42dbd7d9969f9bf4a19aa4285b5 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7601.23033_none_d1d9ee0844ba1cc2\services.exe : 259,072 : 06/03/2015 07:09 PM : 97981140500e86e5bbad7b76ba890146 [Pos Repl] * C:\Windows\System32\setupapi.dll : 1,667,584 : 11/20/2010 04:21 AM : 10fb16b50affda6d44588f3c445dc273 [NoSig] +-> C:\Windows\winsxs\x86_microsoft-windows-setupapi_31bf3856ad364e35_6.1.7601.17514_none_36fcc39c247ff360\setupapi.dll : 1,667,584 : 11/20/2010 04:21 AM : 10fb16b50affda6d44588f3c445dc273 [Pos Repl] * C:\Windows\System32\sfc.dll : 2,560 : 07/13/2009 05:10 PM : 40caeee0eaf1b8569f7c8df6420f2cb9 [NoSig] +-> C:\Windows\erdnt\cache\sfc.dll : 2,560 : 07/13/2009 05:10 PM : 40caeee0eaf1b8569f7c8df6420f2cb9 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-sfc_31bf3856ad364e35_6.1.7600.16385_none_a70c196fbd853ae9\sfc.dll : 2,560 : 07/13/2009 05:10 PM : 40caeee0eaf1b8569f7c8df6420f2cb9 [Pos Repl] * C:\Windows\System32\shsvcs.dll : 328,192 : 11/20/2010 04:21 AM : 414da952a35bf5d50192e28263b40577 [NoSig] +-> C:\Windows\erdnt\cache\shsvcs.dll : 328,192 : 11/20/2010 04:21 AM : 414da952a35bf5d50192e28263b40577 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.1.7601.17514_none_cf37c7157b2fafed\shsvcs.dll : 328,192 : 11/20/2010 04:21 AM : 414da952a35bf5d50192e28263b40577 [Pos Repl] * C:\Windows\System32\smss.exe : 69,632 : 11/11/2015 09:03 AM : b86f1ce6e405f68a859ad6b7088a06c7 [NoSig] +-> C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_ac10fe207a85352b\smss.exe : 69,632 : 07/13/2009 05:14 PM : 16742790895960690237a5143cedec8b [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18113_none_ae40f33e7774c473\smss.exe : 69,632 : 06/03/2015 09:12 PM : de91dcc7bc55e940979097e98f743205 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18741_none_ae1e8e4a778ed482\smss.exe : 69,632 : 06/03/2015 07:06 PM : 01c6c743fe49d0fb3f0a1391fef1deb3 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18869_none_ae10f2a87797d443\smss.exe : 69,632 : 06/04/2015 04:34 AM : abd1dc994fd40c5f74f7dfdceeb64599 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18923_none_ae363282777cc99c\smss.exe : 69,632 : 08/11/2015 06:40 PM : 10f4a8ee79f4e0ecc88ac71ca068b54c [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18933_none_ae2b62967784e58d\smss.exe : 69,632 : 08/11/2015 08:09 PM : 2b8b8e5ae54d0eaae5b84f65c325c3a7 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18939_none_ae316452777f7d97\smss.exe : 69,632 : 08/26/2015 04:50 PM : 774202c5f5a03ff413d0b478124ae91a [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.19018_none_ae45dc0277705fa0\smss.exe : 69,632 : 10/13/2015 10:58 AM : 9a282f6d9f02ef5de4c081a7fe65999f [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.19045_none_ae226b60778b676e\smss.exe : 69,632 : 11/11/2015 09:03 AM : b86f1ce6e405f68a859ad6b7088a06c7 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22653_none_ae9f57f190b2c89d\smss.exe : 69,632 : 04/11/2014 06:06 PM : d8a5e3b8eb601b897ac78b060177e460 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22948_none_aeaf2f0190a622d4\smss.exe : 69,632 : 06/03/2015 07:06 PM : 7ffc65934b6cc409d62448adfe50ebf1 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.23072_none_ae8895a390c411df\smss.exe : 69,632 : 06/04/2015 04:34 AM : 1f4bf2d256946ef3a2426c843f3941d6 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.23126_none_aec2a84d9097e8ad\smss.exe : 69,632 : 08/11/2015 06:40 PM : 697a24c3a9f1ecd602c3d961d001036c [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.23136_none_aeb7d86190a0049e\smss.exe : 69,632 : 08/11/2015 08:09 PM : c288ed8b99bc77dd8c8006cb8e97dc10 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.23142_none_aea9074d90abbb33\smss.exe : 69,632 : 08/26/2015 04:50 PM : e11ac92b5c7a004ba03e65e3ac61d7b2 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.23153_none_ae9f37ab90b2f07b\smss.exe : 69,632 : 09/11/2015 09:16 AM : 04b603e5589954dcb4efb7ff89664c25 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.23223_none_aebfa955909a99cf\smss.exe : 69,632 : 10/13/2015 10:58 AM : bf9ef8c8d655675485ee8721883457a6 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.23226_none_aec2aa339097e5d4\smss.exe : 69,632 : 10/13/2015 10:55 AM : a0139421a3a940e49381effc6884dd65 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.23250_none_ae9c38b390b5a19d\smss.exe : 69,632 : 11/11/2015 09:03 AM : 2d4c894b10e8ada7bbd897d1c019b491 [Pos Repl] * C:\Windows\System32\spoolsv.exe : 317,440 : 06/04/2015 09:33 AM : 9aea093b8f9c37cf45538382caba2475 [NoSig] +-> C:\Windows\erdnt\cache\spoolsv.exe : 317,440 : 06/04/2015 09:33 AM : 9aea093b8f9c37cf45538382caba2475 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.17514_none_d8530d0d1fcade21\spoolsv.exe : 317,440 : 11/20/2010 04:17 AM : 866a43013535dc8587c258e43579c764 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.17777_none_d815322f1ff8cc1a\spoolsv.exe : 317,440 : 06/04/2015 09:33 AM : 9aea093b8f9c37cf45538382caba2475 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.21921_none_d8cedec038f3454c\spoolsv.exe : 317,952 : 06/04/2015 09:33 AM : cae10a25f936c053e41cbe0fa06ff15d [Pos Repl] * C:\Windows\System32\ssdpsrv.dll : 162,816 : 07/13/2009 05:16 PM : d887c9fd02ac9fa880f6e5027a43e118 [NoSig] +-> C:\Windows\erdnt\cache\ssdpsrv.dll : 162,816 : 07/13/2009 05:16 PM : d887c9fd02ac9fa880f6e5027a43e118 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-upnpssdp_31bf3856ad364e35_6.1.7600.16385_none_7f9fc90f328bdf26\ssdpsrv.dll : 162,816 : 07/13/2009 05:16 PM : d887c9fd02ac9fa880f6e5027a43e118 [Pos Repl] * C:\Windows\System32\svchost.exe : 20,992 : 07/13/2009 05:14 PM : 54a47f6b5e09a77e61649109c6a08866 [NoSig] +-> C:\Windows\erdnt\cache\svchost.exe : 20,992 : 07/13/2009 05:14 PM : 54a47f6b5e09a77e61649109c6a08866 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe : 20,992 : 07/13/2009 05:14 PM : 54a47f6b5e09a77e61649109c6a08866 [Pos Repl] * C:\Windows\System32\tapisrv.dll : 242,176 : 11/20/2010 04:21 AM : 613bf4820361543956909043a265c6ac [NoSig] +-> C:\Windows\erdnt\cache\tapisrv.dll : 242,176 : 11/20/2010 04:21 AM : 613bf4820361543956909043a265c6ac [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-tapiservice_31bf3856ad364e35_6.1.7601.17514_none_e54442c74334b18a\tapisrv.dll : 242,176 : 11/20/2010 04:21 AM : 613bf4820361543956909043a265c6ac [Pos Repl] * C:\Windows\System32\taskeng.exe : 192,000 : 11/20/2010 04:17 AM : 4f2659160afcca990305816946f69407 [NoSig] +-> C:\Windows\winsxs\x86_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.1.7601.17514_none_e7b3b71a1d1c8662\taskeng.exe : 192,000 : 11/20/2010 04:17 AM : 4f2659160afcca990305816946f69407 [Pos Repl] * C:\Windows\System32\taskhost.exe : 49,152 : 06/03/2015 09:12 PM : 72e953215cade1a726c04aafdf6b463d [NoSig] +-> C:\Windows\winsxs\x86_microsoft-windows-taskhost_31bf3856ad364e35_6.1.7601.17514_none_2a461244b897f204\taskhost.exe : 49,152 : 11/20/2010 04:17 AM : 7fa8ba5a780e4757964ac9d4238302b9 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-taskhost_31bf3856ad364e35_6.1.7601.18010_none_2a41f0d6b89bb486\taskhost.exe : 49,152 : 06/03/2015 09:12 PM : 72e953215cade1a726c04aafdf6b463d [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-taskhost_31bf3856ad364e35_6.1.7601.22172_none_2a8caeadd1e82ea4\taskhost.exe : 49,152 : 06/03/2015 09:12 PM : 7cc22b26114a4101de18a35aebece9cc [Pos Repl] * C:\Windows\System32\termsrv.dll : 523,776 : 06/03/2015 07:05 PM : fcfd4f50419b4bc72e80066da10d2e54 [NoSig] +-> C:\Windows\erdnt\cache\termsrv.dll : 523,776 : 06/03/2015 07:05 PM : fcfd4f50419b4bc72e80066da10d2e54 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_90a6abb3b286306d\termsrv.dll : 521,216 : 11/20/2010 04:21 AM : 382c804c92811be57829d8e550a900e2 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.18540_none_908223ffb2a23885\termsrv.dll : 523,264 : 06/03/2015 07:07 PM : e05e31f7bf577228e27cffca5b54abbd [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.18637_none_9093f7d7b293cb1c\termsrv.dll : 523,776 : 06/03/2015 07:05 PM : fcfd4f50419b4bc72e80066da10d2e54 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.22750_none_9100f2c4cbc7f167\termsrv.dll : 525,824 : 06/03/2015 07:07 PM : 278f31dd3bfde48f2e1fff882fbd24b5 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.22843_none_910ec574cbbd1ea2\termsrv.dll : 526,848 : 06/03/2015 07:05 PM : dd01319264b6d19e379bdd079a27da91 [Pos Repl] * C:\Windows\System32\upnphost.dll : 266,752 : 07/13/2009 05:16 PM : 833fbb672460efce8011d262175fad33 [NoSig] +-> C:\Windows\erdnt\cache\upnphost.dll : 266,752 : 07/13/2009 05:16 PM : 833fbb672460efce8011d262175fad33 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-upnpdevicehost_31bf3856ad364e35_6.1.7600.16385_none_c1be8a9895d79340\upnphost.dll : 266,752 : 07/13/2009 05:16 PM : 833fbb672460efce8011d262175fad33 [Pos Repl] * C:\Windows\System32\user32.dll : 811,520 : 12/09/2015 01:40 PM : 4c5a23ae4f5157f579c89736ea5d42ce [NoSig] +-> C:\Windows\erdnt\cache\user32.dll : 811,520 : 12/09/2015 01:40 PM : 4c5a23ae4f5157f579c89736ea5d42ce [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll : 811,520 : 11/20/2010 04:21 AM : f1dd3acaee5e6b4bbc69bc6df75cef66 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.19061_none_cf068ea4cbca196c\user32.dll : 811,520 : 12/09/2015 01:40 PM : 4c5a23ae4f5157f579c89736ea5d42ce [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.23265_none_cf942e7de4e41bb9\user32.dll : 811,520 : 12/09/2015 01:40 PM : e175dd0a22ec01ba2e2efcf0b14b8426 [Pos Repl] * C:\Windows\System32\userinit.exe : 26,624 : 11/20/2010 04:17 AM : 61ac3efdfacfdd3f0f11dd4fd4044223 [NoSig] +-> C:\Windows\erdnt\cache\userinit.exe : 26,624 : 11/20/2010 04:17 AM : 61ac3efdfacfdd3f0f11dd4fd4044223 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe : 26,624 : 11/20/2010 04:17 AM : 61ac3efdfacfdd3f0f11dd4fd4044223 [Pos Repl] * C:\Windows\System32\usp10.dll : 627,712 : 12/09/2015 01:38 PM : 3553707b119ad5aaf1f31bff5517a093 [NoSig] +-> C:\Windows\erdnt\cache\usp10.dll : 627,712 : 12/09/2015 01:38 PM : 3553707b119ad5aaf1f31bff5517a093 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.1.7601.17514_none_af01e2f9b6be7939\usp10.dll : 626,176 : 11/20/2010 04:21 AM : 804aaafebb3ad5f49334dd906bcb1de5 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.1.7601.18454_none_aed68a9bb6df0577\usp10.dll : 626,688 : 06/03/2015 07:07 PM : a5f833506bf6a1b5d693e1499dee2444 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.1.7601.19054_none_aed66c3bb6df2a7c\usp10.dll : 627,712 : 12/09/2015 01:38 PM : 3553707b119ad5aaf1f31bff5517a093 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.1.7601.22666_none_af5759f4d002f107\usp10.dll : 626,688 : 06/03/2015 07:07 PM : 5a7b3405c2aae5369f6cb42fe248fbb0 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.1.7601.23259_none_af650c5ecff84620\usp10.dll : 627,712 : 12/09/2015 01:38 PM : d529d8f23f9c686a293203eb837b61ec [Pos Repl] * C:\Windows\System32\UxTheme.dll : 249,856 : 07/13/2009 05:16 PM : 63bfdf555da2075a77d677829c3cccd0 [NoSig] +-> C:\Windows\winsxs\x86_microsoft-windows-uxtheme_31bf3856ad364e35_6.1.7600.16385_none_a5baf0f767e33083\uxtheme.dll : 249,856 : 07/13/2009 05:16 PM : 63bfdf555da2075a77d677829c3cccd0 [Pos Repl] * C:\Windows\System32\version.dll : 21,504 : 07/13/2009 05:16 PM : 702254574e7e52052de39408457b7149 [NoSig] +-> C:\Windows\erdnt\cache\version.dll : 21,504 : 07/13/2009 05:16 PM : 702254574e7e52052de39408457b7149 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-version_31bf3856ad364e35_6.1.7600.16385_none_14d4a552b2395165\version.dll : 21,504 : 07/13/2009 05:16 PM : 702254574e7e52052de39408457b7149 [Pos Repl] * C:\Windows\System32\w32time.dll : 288,768 : 07/13/2009 05:16 PM : 55187fd710e27d5095d10a472c8baf1c [NoSig] +-> C:\Windows\erdnt\cache\w32time.dll : 288,768 : 07/13/2009 05:16 PM : 55187fd710e27d5095d10a472c8baf1c [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-time-service_31bf3856ad364e35_6.1.7600.16385_none_887db9d2ce9e3aa0\w32time.dll : 288,768 : 07/13/2009 05:16 PM : 55187fd710e27d5095d10a472c8baf1c [Pos Repl] * C:\Windows\System32\wbem\wmiprvse.exe : 257,536 : 11/20/2010 04:17 AM : 4fb491ac8d46aaf22ba8bc5c73dabef7 [NoSig] +-> C:\Windows\winsxs\x86_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.1.7601.17514_none_126a2876e9a722d2\WmiPrvSE.exe : 257,536 : 11/20/2010 04:17 AM : 4fb491ac8d46aaf22ba8bc5c73dabef7 [Pos Repl] * C:\Windows\System32\wdigest.dll : 172,032 : 11/11/2015 09:03 AM : a748dec93b4e8c9dde11b79fb6e97088 [NoSig] +-> C:\Windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7600.16385_none_3aa3a13ade08a93a\wdigest.dll : 171,520 : 07/13/2009 05:16 PM : 0450cf487ecd8a67b56f59f9a96d024d [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.18409_none_3ce46db2daeaac10\wdigest.dll : 172,032 : 06/03/2015 07:05 PM : 3a1abe045a3e30799576e83a2d012b43 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.18489_none_3c8dee52db2b8b98\wdigest.dll : 172,032 : 06/03/2015 07:05 PM : c71cc796f0e2e9bd542c87532706fcfe [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.18606_none_3ce170a0daed5a59\wdigest.dll : 172,032 : 09/19/2014 01:23 AM : 37bc079204bf9b087d6de6b728908b4b [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.18741_none_3cb13164db124891\wdigest.dll : 172,032 : 06/03/2015 07:06 PM : 49376c9720930363acf92799c6878bff [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.18812_none_3cd2a358daf90b3c\wdigest.dll : 172,032 : 06/03/2015 07:09 PM : 6954b10c2cf2d99e3f138fb9bdf32547 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.18869_none_3ca395c2db1b4852\wdigest.dll : 172,032 : 06/04/2015 04:34 AM : a9e8f961f7fe1edeef8f46eeb800f2d8 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.18923_none_3cc8d59cdb003dab\wdigest.dll : 172,032 : 08/11/2015 06:40 PM : 33b93baf8f7cca02828ac3d564e2798a [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.18933_none_3cbe05b0db08599c\wdigest.dll : 172,032 : 08/11/2015 08:09 PM : 51c161d5638465251857b2207bd535cb [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.18939_none_3cc4076cdb02f1a6\wdigest.dll : 172,032 : 08/26/2015 04:50 PM : 3f4331e86ddfdebdeab55b24b4dfdc46 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.18951_none_3ca66544db1a5ed0\wdigest.dll : 172,032 : 09/29/2015 09:48 AM : ef5fc09e1ff10f2f88fe0588d955d766 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.19018_none_3cd87f1cdaf3d3af\wdigest.dll : 172,032 : 10/13/2015 10:58 AM : 6d16d1b9db2526b985bbb9b27a56b70b [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.19043_none_3cb30de6db10a8cf\wdigest.dll : 172,032 : 11/11/2015 09:03 AM : 5061cb79b956807ad5ae5a43b8697f17 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.19044_none_3cb40e30db0fc226\wdigest.dll : 172,032 : 11/11/2015 09:03 AM : d5b34f4a4ef5cada09f18529c8b6e609 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.19045_none_3cb50e7adb0edb7d\wdigest.dll : 172,032 : 11/11/2015 09:03 AM : a748dec93b4e8c9dde11b79fb6e97088 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.22616_none_3d603b99f41318ed\wdigest.dll : 172,032 : 06/04/2015 08:27 AM : 2d934b2b5ca353d353a8166c0125d122 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.22807_none_3d6c0f9bf40a10a1\wdigest.dll : 172,032 : 06/03/2015 07:07 PM : 2d934b2b5ca353d353a8166c0125d122 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.22814_none_3d5e3ed1f414e08d\wdigest.dll : 172,032 : 09/19/2014 01:29 AM : 3d46ee1128a16acc8df8ac9e44939c0d [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.22843_none_3d3ccec3f42e1b09\wdigest.dll : 172,032 : 06/03/2015 07:05 PM : 2d934b2b5ca353d353a8166c0125d122 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.22865_none_3d292f7ff43c8599\wdigest.dll : 172,032 : 06/04/2015 08:31 AM : 2d934b2b5ca353d353a8166c0125d122 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.22948_none_3d41d21bf42996e3\wdigest.dll : 172,032 : 06/03/2015 07:06 PM : ac863cc3ed0fe6faad8cc1a5f4a9507b [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.23017_none_3d6119b7f4125cfb\wdigest.dll : 172,032 : 06/03/2015 07:09 PM : d8620bb81e6b8d0f861a59705cd902d6 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.23072_none_3d1b38bdf44785ee\wdigest.dll : 172,032 : 06/04/2015 04:34 AM : 523476c1b9322a9f71df8f2cebe61f8c [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.23126_none_3d554b67f41b5cbc\wdigest.dll : 172,032 : 08/11/2015 06:40 PM : 5c07d3b50e7f488c3de5c85ba5f2ab06 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.23136_none_3d4a7b7bf42378ad\wdigest.dll : 172,032 : 08/11/2015 08:09 PM : b12092d69d1c936339fb37f9d181cfc5 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.23142_none_3d3baa67f42f2f42\wdigest.dll : 172,032 : 08/26/2015 04:50 PM : a858c6416a8fd4e5bc0dc86747227984 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.23153_none_3d31dac5f436648a\wdigest.dll : 172,032 : 09/11/2015 09:16 AM : d032e1ad68c6c948c854009576567fea [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.23154_none_3d32db0ff4357de1\wdigest.dll : 172,032 : 09/29/2015 09:48 AM : ca971d4f3b74216fcb789b08e17f0d66 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.23223_none_3d524c6ff41e0dde\wdigest.dll : 172,032 : 10/13/2015 10:58 AM : bcdf2b2d49ac9574079b0f6d7c4dfb3b [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.23226_none_3d554d4df41b59e3\wdigest.dll : 172,032 : 10/13/2015 10:55 AM : 2a85547b7f0ef61f41601614151983f4 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.23249_none_3d42ae53f428ddca\wdigest.dll : 172,032 : 11/11/2015 09:03 AM : 1b21c820d84178ada8ec5b7df299a6f5 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.1.7601.23250_none_3d2edbcdf43915ac\wdigest.dll : 172,032 : 11/11/2015 09:03 AM : e74d851c1b5c9da828d799262a4b5d0a [Pos Repl] * C:\Windows\System32\wiaservc.dll : 463,360 : 11/20/2010 04:21 AM : e1fb3706030fb4578a0d72c2fc3689e4 [NoSig] +-> C:\Windows\erdnt\cache\wiaservc.dll : 463,360 : 11/20/2010 04:21 AM : e1fb3706030fb4578a0d72c2fc3689e4 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-w..sition-coreservices_31bf3856ad364e35_6.1.7601.17514_none_349ba4fd11957512\wiaservc.dll : 463,360 : 11/20/2010 04:21 AM : e1fb3706030fb4578a0d72c2fc3689e4 [Pos Repl] * C:\Windows\System32\wininet.dll : 2,011,136 : 12/09/2015 01:40 PM : b60461b5ced2bfae1a870c61c66966c4 [NoSig] +-> C:\Windows\erdnt\cache\wininet.dll : 2,011,136 : 12/09/2015 01:40 PM : b60461b5ced2bfae1a870c61c66966c4 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17633_none_880d3f47fe92a091\wininet.dll : 1,888,256 : 06/04/2015 06:13 AM : f285d499ec42969d963ca49eada63218 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17801_none_87f4cc21fea5592c\wininet.dll : 1,882,112 : 06/03/2015 09:13 PM : cb5f450d21b9d76b7f01d006e4aedb40 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17843_none_87f89fb9fea1f1ca\wininet.dll : 1,950,720 : 06/11/2015 04:51 PM : e4eb138060bae0dbab1a3b71a3141fe7 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17914_none_87eab827feacdb57\wininet.dll : 1,951,232 : 07/15/2015 01:15 PM : 63b01f72fd727d5736dbef54174d8f93 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17959_none_87ee4767fea9c0d8\wininet.dll : 1,951,232 : 08/11/2015 08:09 PM : 0ac8cd2138fd10c4a0e2ff08f892359c [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.18015_none_884bf291fe63f6a6\wininet.dll : 1,951,232 : 09/11/2015 09:16 AM : a8c80a92549afdd6891c8159d4c0a107 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.18059_none_884f9899fe60c286\wininet.dll : 2,011,136 : 10/13/2015 10:54 AM : e401e66ccb2ae219cf41f7f901c410c1 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.18097_none_8853c751fe5cf4a0\wininet.dll : 2,011,136 : 11/11/2015 09:02 AM : 832ca97817b20b74e2d74a8154630311 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.18124_none_884239b7fe6b124d\wininet.dll : 2,011,136 : 12/09/2015 01:40 PM : b60461b5ced2bfae1a870c61c66966c4 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17514_none_1eaaa4a07717236e\wininet.dll : 980,992 : 11/20/2010 04:21 AM : 44214c94911c7cfb1d52cb64d5e8368d [Pos Repl] * C:\Windows\System32\wininit.exe : 96,256 : 07/13/2009 05:14 PM : b5c5dcad3899512020d135600129d665 [NoSig] +-> C:\Windows\erdnt\cache\wininit.exe : 96,256 : 07/13/2009 05:14 PM : b5c5dcad3899512020d135600129d665 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe : 96,256 : 07/13/2009 05:14 PM : b5c5dcad3899512020d135600129d665 [Pos Repl] * C:\Windows\System32\winlogon.exe : 304,128 : 06/03/2015 07:07 PM : 52449fd429d6053b78ae564def303870 [NoSig] +-> C:\Windows\erdnt\cache\winlogon.exe : 304,128 : 06/03/2015 07:07 PM : 52449fd429d6053b78ae564def303870 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe : 286,720 : 11/20/2010 04:17 AM : 6d13e1406f50c66e2a95d97f22c47560 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_71da23b23327143c\winlogon.exe : 304,128 : 03/04/2014 01:17 AM : 998507b046ba314ce8245364c686fa67 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18540_none_71a5e34e334f9d18\winlogon.exe : 304,128 : 06/03/2015 07:07 PM : 52449fd429d6053b78ae564def303870 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_7255f1994c4f8119\winlogon.exe : 304,640 : 03/04/2014 02:39 AM : d53972f87d850cd2eb4b29b60cafdd77 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22750_none_7224b2134c7555fa\winlogon.exe : 304,640 : 06/03/2015 07:07 PM : 4f37b93c14aee313bec52a23afb15c2e [Pos Repl] * C:\Windows\System32\ws2_32.dll : 206,848 : 11/20/2010 04:21 AM : 7ff15a4f092cd4a96055ba69f903e3e9 [NoSig] +-> C:\Windows\erdnt\cache\ws2_32.dll : 206,848 : 11/20/2010 04:21 AM : 7ff15a4f092cd4a96055ba69f903e3e9 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_f4bf1aae2c981ecf\ws2_32.dll : 206,848 : 11/20/2010 04:21 AM : 7ff15a4f092cd4a96055ba69f903e3e9 [Pos Repl] * C:\Windows\System32\ws2help.dll : 4,608 : 07/13/2009 05:11 PM : 808aabdf9337312195caff76d1804786 [NoSig] +-> C:\Windows\erdnt\cache\ws2help.dll : 4,608 : 07/13/2009 05:11 PM : 808aabdf9337312195caff76d1804786 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\ws2help.dll : 4,608 : 07/13/2009 05:11 PM : 808aabdf9337312195caff76d1804786 [Pos Repl] * C:\Windows\System32\wuauclt.exe : 136,192 : 12/01/2015 10:42 PM : bcc864123ef97e57b1a0c3a2066c216f [NoSig] +-> C:\Windows\erdnt\cache\wuauclt.exe : 136,192 : 12/27/2015 12:52 AM : bcc864123ef97e57b1a0c3a2066c216f [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.5.7601.17514_none_c315782c0def9f8f\wuauclt.exe : 47,104 : 11/20/2010 04:17 AM : 75b06acd9d8dc0fe3603294e1899f496 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.6.7600.320_none_79d7b1ac99325eca\wuauclt.exe : 54,240 : 06/03/2015 06:02 PM : 072678e0d68e9c3a7960328671134c7b [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.6.7601.18804_none_8b4f0446acb2edd5\wuauclt.exe : 131,584 : 06/03/2015 07:08 PM : cff96e0ce6f81f5968a6d61786642855 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.6.7601.18847_none_8b26c574acd0a99e\wuauclt.exe : 131,584 : 06/04/2015 04:33 AM : 23d5ad57221486ce8b13d4d84e26cab2 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.6.7601.18917_none_8b47371eacb852f2\wuauclt.exe : 135,168 : 07/09/2015 09:42 AM : 594a7af88348468dab24781bf3921230 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.6.7601.18937_none_8b319746acc88ad4\wuauclt.exe : 135,680 : 08/11/2015 08:10 PM : 5a0cb97a5801bca649c17752f8379472 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.6.7601.18979_none_8b08582aace72d46\wuauclt.exe : 135,680 : 09/11/2015 09:16 AM : ef6122ab06b2b38cf1fb0efd9a173ae3 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.6.7601.19016_none_8b460ef6acb96cdd\wuauclt.exe : 136,192 : 10/10/2015 08:07 AM : 5cfd1ca0fe043353d73923f659446f77 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.6.7601.19046_none_8b259f32acd1c0b0\wuauclt.exe : 136,192 : 11/06/2015 02:15 PM : a28ed9e67c6ebd952dc354fdc4a52595 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.6.7601.19077_none_8b062fb8ace92dda\wuauclt.exe : 136,192 : 12/01/2015 10:42 PM : bcc864123ef97e57b1a0c3a2066c216f [Pos Repl] * C:\Windows\explorer.exe : 2,616,320 : 06/04/2015 09:33 AM : 8b88ebbb05a0e56b7dcc708498c02b3e [NoSig] +-> C:\Windows\erdnt\cache\explorer.exe : 2,616,320 : 06/04/2015 09:33 AM : 8b88ebbb05a0e56b7dcc708498c02b3e [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe : 2,616,320 : 11/20/2010 04:17 AM : 40d777b7a95e00593eb1568c68514493 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe : 2,616,320 : 06/04/2015 09:33 AM : 8b88ebbb05a0e56b7dcc708498c02b3e [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe : 2,616,320 : 06/04/2015 09:33 AM : 0fb9c74046656d1579a64660ad67b746 [Pos Repl] * C:\Windows\System32\drivers\acpi.sys : 274,304 : 11/20/2010 04:29 AM : cea80c80bed809aa0da6febc04733349 [NoSig] +-> C:\Windows\System32\DriverStore\FileRepository\acpi.inf_x86_neutral_a1f4891fe0de4401\acpi.sys : 274,304 : 11/20/2010 04:29 AM : cea80c80bed809aa0da6febc04733349 [Pos Repl] +-> C:\Windows\winsxs\x86_acpi.inf_31bf3856ad364e35_6.1.7601.17514_none_24902def2c49e853\acpi.sys : 274,304 : 11/20/2010 04:29 AM : cea80c80bed809aa0da6febc04733349 [Pos Repl] * C:\Windows\System32\drivers\afd.sys : 338,944 : 11/11/2015 09:03 AM : 93b49fa857f7036a4eff32371f6e7391 [NoSig] +-> C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_d9efac7dbcaf385b\afd.sys : 338,944 : 11/20/2010 00:40 AM : 1151fd4fb0216cfed887bfde29ebd516 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.18264_none_d9b98067bcd7e63c\afd.sys : 338,944 : 06/03/2015 09:12 PM : f81bb7e487edceab630a7ee66cf23913 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.18489_none_d9a8e5cdbce3971f\afd.sys : 338,944 : 06/03/2015 07:09 PM : d0b388da1d111a34366e04eb4a5dd156 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.19031_none_d9d6d4b9bcc265b7\afd.sys : 338,944 : 11/11/2015 09:03 AM : 93b49fa857f7036a4eff32371f6e7391 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.22457_none_da50efe2d5eab341\afd.sys : 338,944 : 06/03/2015 09:12 PM : 66dd39ca12baeb8d32111581769d9117 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.22705_none_da85049cd5c3ec53\afd.sys : 338,944 : 06/03/2015 07:09 PM : 9876cb32f95ab3e7b56a86b8465399be [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.23237_none_da667526d5da9ab2\afd.sys : 338,944 : 11/11/2015 09:03 AM : 3ea58284bd7b72f78d505e82366f7e0c [Pos Repl] * C:\Windows\System32\drivers\agp440.sys : 53,312 : 07/13/2009 05:26 PM : 507812c3054c21cef746b6ee3d04dd6e [NoSig] +-> C:\Windows\erdnt\cache\AGP440.sys : 53,312 : 07/13/2009 05:26 PM : 507812c3054c21cef746b6ee3d04dd6e [Pos Repl] +-> C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys : 53,312 : 07/13/2009 05:26 PM : 507812c3054c21cef746b6ee3d04dd6e [Pos Repl] +-> C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys : 53,312 : 07/13/2009 05:26 PM : 507812c3054c21cef746b6ee3d04dd6e [Pos Repl] * C:\Windows\System32\drivers\asyncmac.sys : 17,920 : 07/13/2009 03:54 PM : add2ade1c2b285ab8378d2daaf991481 [NoSig] +-> C:\Windows\erdnt\cache\asyncmac.sys : 17,920 : 07/13/2009 03:54 PM : add2ade1c2b285ab8378d2daaf991481 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-rasbase-asyncmac_31bf3856ad364e35_6.1.7600.16385_none_242e2506962cd3e0\asyncmac.sys : 17,920 : 07/13/2009 03:54 PM : add2ade1c2b285ab8378d2daaf991481 [Pos Repl] * C:\Windows\System32\drivers\atapi.sys : 21,584 : 07/13/2009 05:26 PM : 338c86357871c167a96ab976519bf59e [NoSig] +-> C:\Windows\erdnt\cache\atapi.sys : 21,584 : 07/13/2009 05:26 PM : 338c86357871c167a96ab976519bf59e [Pos Repl] +-> C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_a5025d31bee4647c\atapi.sys : 21,584 : 07/13/2009 05:26 PM : 338c86357871c167a96ab976519bf59e [Pos Repl] +-> C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys : 21,584 : 07/13/2009 05:26 PM : 338c86357871c167a96ab976519bf59e [Pos Repl] +-> C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys : 21,584 : 07/13/2009 05:26 PM : 338c86357871c167a96ab976519bf59e [Pos Repl] +-> C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_df26d4d57fdef5b0\atapi.sys : 21,584 : 07/13/2009 05:26 PM : 338c86357871c167a96ab976519bf59e [Pos Repl] +-> C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_dfc9143c98e9a6c4\atapi.sys : 21,584 : 07/13/2009 05:26 PM : 338c86357871c167a96ab976519bf59e [Pos Repl] * C:\Windows\System32\drivers\battc.sys : 25,168 : 07/13/2009 05:26 PM : 2b8ee031fd700ab942ebe60665440e83 [NoSig] +-> C:\Windows\System32\DriverStore\FileRepository\battery.inf_x86_neutral_5752155055c5e2d7\battc.sys : 25,168 : 07/13/2009 05:26 PM : 2b8ee031fd700ab942ebe60665440e83 [Pos Repl] +-> C:\Windows\winsxs\x86_battery.inf_31bf3856ad364e35_6.1.7600.16385_none_15fde90fb523bb21\battc.sys : 25,168 : 07/13/2009 05:26 PM : 2b8ee031fd700ab942ebe60665440e83 [Pos Repl] * C:\Windows\System32\drivers\beep.sys : 6,144 : 07/13/2009 03:45 PM : 505506526a9d467307b3c393dedaf858 [NoSig] +-> C:\Windows\erdnt\cache\beep.sys : 6,144 : 07/13/2009 03:45 PM : 505506526a9d467307b3c393dedaf858 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_c3f6f77668f0ddcc\beep.sys : 6,144 : 07/13/2009 03:45 PM : 505506526a9d467307b3c393dedaf858 [Pos Repl] * C:\Windows\System32\drivers\bridge.sys : 78,336 : 07/13/2009 04:41 PM : 77361d72a04f18809d0efb6cceb74d4b [NoSig] +-> C:\Windows\winsxs\x86_microsoft-windows-networkbridge_31bf3856ad364e35_6.1.7600.16385_none_07c046fe67692e98\bridge.sys : 78,336 : 07/13/2009 04:41 PM : 77361d72a04f18809d0efb6cceb74d4b [Pos Repl] * C:\Windows\System32\drivers\cdfs.sys : 70,656 : 07/13/2009 03:11 PM : 77ea11b065e0a8ab902d78145ca51e10 [NoSig] +-> C:\Windows\winsxs\x86_microsoft-windows-cdfs_31bf3856ad364e35_6.1.7600.16385_none_a63de9327e477e37\cdfs.sys : 70,656 : 07/13/2009 03:11 PM : 77ea11b065e0a8ab902d78145ca51e10 [Pos Repl] * C:\Windows\System32\drivers\cdrom.sys : 108,544 : 11/20/2010 00:38 AM : be167ed0fdb9c1fa1133953c18d5a6c9 [NoSig] +-> C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_6381e09675524225\cdrom.sys : 108,544 : 11/20/2010 00:38 AM : be167ed0fdb9c1fa1133953c18d5a6c9 [Pos Repl] +-> C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_61b0c5ce02098355\cdrom.sys : 108,544 : 11/20/2010 00:38 AM : be167ed0fdb9c1fa1133953c18d5a6c9 [Pos Repl] * C:\Windows\System32\drivers\classpnp.sys : 140,864 : 07/13/2009 05:26 PM : a6388a5abf92c7927c085db0a958125f [NoSig] +-> C:\Windows\winsxs\x86_microsoft-windows-classpnp_31bf3856ad364e35_6.1.7601.17514_none_178a98870a53ee4d\Classpnp.sys : 140,864 : 07/13/2009 05:26 PM : a6388a5abf92c7927c085db0a958125f [Pos Repl] * C:\Windows\System32\drivers\CmBatt.sys : 14,080 : 07/13/2009 03:19 PM : dea805815e587dad1dd2c502220b5616 [NoSig] +-> C:\Windows\System32\DriverStore\FileRepository\battery.inf_x86_neutral_5752155055c5e2d7\CmBatt.sys : 14,080 : 07/13/2009 03:19 PM : dea805815e587dad1dd2c502220b5616 [Pos Repl] +-> C:\Windows\winsxs\x86_battery.inf_31bf3856ad364e35_6.1.7600.16385_none_15fde90fb523bb21\CmBatt.sys : 14,080 : 07/13/2009 03:19 PM : dea805815e587dad1dd2c502220b5616 [Pos Repl] * C:\Windows\System32\drivers\compbatt.sys : 19,024 : 07/13/2009 05:26 PM : a6023d3823c37043986713f118a89bee [NoSig] +-> C:\Windows\System32\DriverStore\FileRepository\battery.inf_x86_neutral_5752155055c5e2d7\compbatt.sys : 19,024 : 07/13/2009 05:26 PM : a6023d3823c37043986713f118a89bee [Pos Repl] +-> C:\Windows\winsxs\x86_battery.inf_31bf3856ad364e35_6.1.7600.16385_none_15fde90fb523bb21\compbatt.sys : 19,024 : 07/13/2009 05:26 PM : a6023d3823c37043986713f118a89bee [Pos Repl] * C:\Windows\System32\drivers\diskdump.sys : 27,072 : 02/03/2014 06:07 PM : 5fb4f271032b6435f3b2252f577a4815 [NoSig] +-> C:\Windows\winsxs\x86_microsoft-windows-diskdump_31bf3856ad364e35_6.1.7601.17514_none_68c59ff7f58849e8\Diskdump.sys : 27,008 : 11/20/2010 04:29 AM : 81773be2b369f54ede42ae62b59bb895 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-diskdump_31bf3856ad364e35_6.1.7601.18386_none_687bd683f5bf5f80\Diskdump.sys : 27,072 : 02/03/2014 06:07 PM : 5fb4f271032b6435f3b2252f577a4815 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-diskdump_31bf3856ad364e35_6.1.7601.22589_none_690876130eda4876\Diskdump.sys : 27,072 : 02/03/2014 06:06 PM : 648f4ddb63ae28f735f3aad93262d836 [Pos Repl] * C:\Windows\System32\drivers\disk.sys : 57,424 : 07/13/2009 05:20 PM : 565003f326f99802e68ca78f2a68e9ff [NoSig] +-> C:\Windows\System32\DriverStore\FileRepository\disk.inf_x86_neutral_b431b61a11f8df6c\disk.sys : 57,424 : 07/13/2009 05:20 PM : 565003f326f99802e68ca78f2a68e9ff [Pos Repl] +-> C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_f99cd807d58018cb\disk.sys : 57,424 : 07/13/2009 05:20 PM : 565003f326f99802e68ca78f2a68e9ff [Pos Repl] * C:\Windows\System32\drivers\drmkaud.sys : 5,120 : 07/13/2009 03:50 PM : b918e7c5f9bf77202f89e1a9539f2eb4 [NoSig] +-> C:\Windows\System32\DriverStore\FileRepository\wdmaudio.inf_x86_neutral_aed2a4456700dfde\drmkaud.sys : 5,120 : 07/13/2009 03:50 PM : b918e7c5f9bf77202f89e1a9539f2eb4 [Pos Repl] +-> C:\Windows\System32\DriverStore\FileRepository\wdmaudio.inf_x86_neutral_df2ea65e936720f7\drmkaud.sys : 5,120 : 07/13/2009 03:50 PM : b918e7c5f9bf77202f89e1a9539f2eb4 [Pos Repl] +-> C:\Windows\winsxs\x86_wdmaudio.inf_31bf3856ad364e35_6.1.7600.16385_none_603daf367b793e32\drmkaud.sys : 5,120 : 07/13/2009 03:50 PM : b918e7c5f9bf77202f89e1a9539f2eb4 [Pos Repl] +-> C:\Windows\winsxs\x86_wdmaudio.inf_31bf3856ad364e35_6.1.7601.18276_none_622fc7907896be4c\drmkaud.sys : 5,120 : 07/13/2009 03:50 PM : b918e7c5f9bf77202f89e1a9539f2eb4 [Pos Repl] +-> C:\Windows\winsxs\x86_wdmaudio.inf_31bf3856ad364e35_6.1.7601.22472_none_62b5651991b7f5e1\drmkaud.sys : 5,120 : 07/13/2009 03:50 PM : b918e7c5f9bf77202f89e1a9539f2eb4 [Pos Repl] * C:\Windows\System32\drivers\drmk.sys : 81,408 : 06/03/2015 07:09 PM : 9842041e2f5ace1e2f5fb4ef02053dc8 [NoSig] +-> C:\Windows\System32\DriverStore\FileRepository\wdmaudio.inf_x86_neutral_aed2a4456700dfde\drmk.sys : 80,896 : 07/13/2009 04:41 PM : 27f9288af019e6daca281ede51ff5928 [Pos Repl] +-> C:\Windows\System32\DriverStore\FileRepository\wdmaudio.inf_x86_neutral_df2ea65e936720f7\drmk.sys : 81,408 : 06/03/2015 07:09 PM : 9842041e2f5ace1e2f5fb4ef02053dc8 [Pos Repl] +-> C:\Windows\winsxs\x86_wdmaudio.inf_31bf3856ad364e35_6.1.7600.16385_none_603daf367b793e32\drmk.sys : 80,896 : 07/13/2009 04:41 PM : 27f9288af019e6daca281ede51ff5928 [Pos Repl] +-> C:\Windows\winsxs\x86_wdmaudio.inf_31bf3856ad364e35_6.1.7601.18276_none_622fc7907896be4c\drmk.sys : 81,408 : 06/03/2015 07:09 PM : 9842041e2f5ace1e2f5fb4ef02053dc8 [Pos Repl] +-> C:\Windows\winsxs\x86_wdmaudio.inf_31bf3856ad364e35_6.1.7601.22472_none_62b5651991b7f5e1\drmk.sys : 81,408 : 06/03/2015 07:09 PM : b18626d736d6a1faf61a958773f42fcb [Pos Repl] * C:\Windows\System32\drivers\dxapi.sys : 13,312 : 07/13/2009 03:25 PM : 5fcd3320aae71506b43f9e12e4e72172 [NoSig] +-> C:\Windows\winsxs\x86_microsoft-windows-useros_31bf3856ad364e35_6.1.7600.16385_none_cd450af4ce8086e8\dxapi.sys : 13,312 : 07/13/2009 03:25 PM : 5fcd3320aae71506b43f9e12e4e72172 [Pos Repl] * C:\Windows\System32\drivers\dxg.sys : 76,288 : 07/13/2009 03:25 PM : 1b6242b20cb56f85a158e67f09ee84fe [NoSig] +-> C:\Windows\winsxs\x86_microsoft-windows-dxg_31bf3856ad364e35_6.1.7600.16385_none_a8c197c1bc709e3e\dxg.sys : 76,288 : 07/13/2009 03:25 PM : 1b6242b20cb56f85a158e67f09ee84fe [Pos Repl] * C:\Windows\System32\drivers\fastfat.sys : 148,480 : 07/13/2009 03:14 PM : 7e0ab74553476622fb6ae36f73d97d35 [NoSig] +-> C:\Windows\winsxs\x86_microsoft-windows-fat_31bf3856ad364e35_6.1.7600.16385_none_ae8981a3b8b7be50\fastfat.sys : 148,480 : 07/13/2009 03:14 PM : 7e0ab74553476622fb6ae36f73d97d35 [Pos Repl] * C:\Windows\System32\drivers\fdc.sys : 25,088 : 07/13/2009 03:45 PM : e817a017f82df2a1f8cfdbda29388b29 [NoSig] +-> C:\Windows\System32\DriverStore\FileRepository\fdc.inf_x86_neutral_67322cb863995ea8\fdc.sys : 25,088 : 07/13/2009 03:45 PM : e817a017f82df2a1f8cfdbda29388b29 [Pos Repl] +-> C:\Windows\winsxs\x86_fdc.inf_31bf3856ad364e35_6.1.7600.16385_none_0168099141bb7be7\fdc.sys : 25,088 : 07/13/2009 03:45 PM : e817a017f82df2a1f8cfdbda29388b29 [Pos Repl] * C:\Windows\System32\drivers\flpydisk.sys : 19,968 : 07/13/2009 03:45 PM : 87907aa70cb3c56600f1c2fb8841579b [NoSig] +-> C:\Windows\System32\DriverStore\FileRepository\flpydisk.inf_x86_neutral_2102f5344367a352\flpydisk.sys : 19,968 : 07/13/2009 03:45 PM : 87907aa70cb3c56600f1c2fb8841579b [Pos Repl] +-> C:\Windows\winsxs\x86_flpydisk.inf_31bf3856ad364e35_6.1.7600.16385_none_e6e06650dbcf54b4\flpydisk.sys : 19,968 : 07/13/2009 03:45 PM : 87907aa70cb3c56600f1c2fb8841579b [Pos Repl] * C:\Windows\System32\drivers\fltMgr.sys : 198,208 : 07/13/2009 05:20 PM : 7520ec808e0c35e0ee6f841294316653 [NoSig] +-> C:\Windows\winsxs\x86_microsoft-windows-filtermanager-core_31bf3856ad364e35_6.1.7600.16385_none_10dfc9158c1fa6f6\fltMgr.sys : 198,208 : 07/13/2009 05:20 PM : 7520ec808e0c35e0ee6f841294316653 [Pos Repl] * C:\Windows\System32\drivers\fs_rec.sys : 19,824 : 02/29/2012 09:46 PM : 7dae5ebcc80e45d3253f4923dc424d05 [NoSig] +-> C:\Windows\winsxs\x86_microsoft-windows-coreos_31bf3856ad364e35_6.1.7601.17514_none_2759b0329c936042\fs_rec.sys : 19,536 : 07/13/2009 05:20 PM : a574b4360e438977038aae4bf60d79a2 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-coreos_31bf3856ad364e35_6.1.7601.18288_none_2711e56c9cc8ab61\fs_rec.sys : 19,824 : 06/04/2015 08:31 AM : 7dae5ebcc80e45d3253f4923dc424d05 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-coreos_31bf3856ad364e35_6.1.7601.22484_none_279782f5b5e9e2f6\fs_rec.sys : 19,536 : 07/13/2009 05:20 PM : a574b4360e438977038aae4bf60d79a2 [Pos Repl] * C:\Windows\System32\drivers\hidclass.sys : 55,808 : 07/02/2013 07:36 PM : 50abe682ebe752eaf62b18790d6d491c [NoSig] +-> C:\Windows\System32\DriverStore\FileRepository\input.inf_x86_neutral_1436b88c77b8881d\hidclass.sys : 55,808 : 07/02/2013 07:36 PM : 50abe682ebe752eaf62b18790d6d491c [Pos Repl] +-> C:\Windows\System32\DriverStore\FileRepository\input.inf_x86_neutral_9e1eba5724be176f\hidclass.sys : 55,808 : 11/20/2010 01:59 AM : 931a1df1520abc6e84ba4a75e6957025 [Pos Repl] +-> C:\Windows\winsxs\x86_input.inf_31bf3856ad364e35_6.1.7601.17514_none_227703b27e5fc8e6\hidclass.sys : 55,808 : 11/20/2010 01:59 AM : 931a1df1520abc6e84ba4a75e6957025 [Pos Repl] +-> C:\Windows\winsxs\x86_input.inf_31bf3856ad364e35_6.1.7601.18199_none_222567647e9c4c26\hidclass.sys : 55,808 : 07/02/2013 07:36 PM : 50abe682ebe752eaf62b18790d6d491c [Pos Repl] +-> C:\Windows\winsxs\x86_input.inf_31bf3856ad364e35_6.1.7601.22374_none_22bfa47b97ae3282\hidclass.sys : 55,808 : 07/01/2013 07:45 PM : 88b69d95d2e9555d58e9aad74ba04c87 [Pos Repl] * C:\Windows\System32\drivers\hidparse.sys : 25,728 : 07/02/2013 07:36 PM : f1b27299f547d452edaef01fc187cb91 [NoSig] +-> C:\Windows\System32\DriverStore\FileRepository\input.inf_x86_neutral_1436b88c77b8881d\hidparse.sys : 25,728 : 07/02/2013 07:36 PM : f1b27299f547d452edaef01fc187cb91 [Pos Repl] +-> C:\Windows\System32\DriverStore\FileRepository\input.inf_x86_neutral_9e1eba5724be176f\hidparse.sys : 25,728 : 07/13/2009 03:51 PM : 6c26122f1931d4d7810240f32ddce890 [Pos Repl] +-> C:\Windows\winsxs\x86_input.inf_31bf3856ad364e35_6.1.7601.17514_none_227703b27e5fc8e6\hidparse.sys : 25,728 : 07/13/2009 03:51 PM : 6c26122f1931d4d7810240f32ddce890 [Pos Repl] +-> C:\Windows\winsxs\x86_input.inf_31bf3856ad364e35_6.1.7601.18199_none_222567647e9c4c26\hidparse.sys : 25,728 : 07/02/2013 07:36 PM : f1b27299f547d452edaef01fc187cb91 [Pos Repl] +-> C:\Windows\winsxs\x86_input.inf_31bf3856ad364e35_6.1.7601.22374_none_22bfa47b97ae3282\hidparse.sys : 25,728 : 07/01/2013 07:45 PM : a525dab2db79fd7c8a30c8c35009c253 [Pos Repl] * C:\Windows\System32\drivers\hidusb.sys : 24,064 : 11/20/2010 01:59 AM : 10c19f8290891af023eaec0832e1eb4d [NoSig] +-> C:\Windows\System32\DriverStore\FileRepository\input.inf_x86_neutral_1436b88c77b8881d\hidusb.sys : 24,064 : 11/20/2010 01:59 AM : 10c19f8290891af023eaec0832e1eb4d [Pos Repl] +-> C:\Windows\System32\DriverStore\FileRepository\input.inf_x86_neutral_9e1eba5724be176f\hidusb.sys : 24,064 : 11/20/2010 01:59 AM : 10c19f8290891af023eaec0832e1eb4d [Pos Repl] +-> C:\Windows\winsxs\x86_input.inf_31bf3856ad364e35_6.1.7601.17514_none_227703b27e5fc8e6\hidusb.sys : 24,064 : 11/20/2010 01:59 AM : 10c19f8290891af023eaec0832e1eb4d [Pos Repl] +-> C:\Windows\winsxs\x86_input.inf_31bf3856ad364e35_6.1.7601.18199_none_222567647e9c4c26\hidusb.sys : 24,064 : 11/20/2010 01:59 AM : 10c19f8290891af023eaec0832e1eb4d [Pos Repl] +-> C:\Windows\winsxs\x86_input.inf_31bf3856ad364e35_6.1.7601.22374_none_22bfa47b97ae3282\hidusb.sys : 24,064 : 11/20/2010 01:59 AM : 10c19f8290891af023eaec0832e1eb4d [Pos Repl] * C:\Windows\System32\drivers\http.sys : 514,560 : 06/03/2015 07:07 PM : 487569e5da56a5a432ff8af6d3599cf9 [NoSig] +-> C:\Windows\winsxs\x86_microsoft-windows-http_31bf3856ad364e35_6.1.7601.17514_none_aec86634771d0623\http.sys : 513,536 : 11/20/2010 00:40 AM : 871917b07a141bff43d76d8844d48106 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-http_31bf3856ad364e35_6.1.7601.18772_none_ae85731c774f8f0a\http.sys : 514,560 : 06/03/2015 07:07 PM : 487569e5da56a5a432ff8af6d3599cf9 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-http_31bf3856ad364e35_6.1.7601.22976_none_af1312f590699157\http.sys : 514,560 : 06/03/2015 07:07 PM : 5e714d8de046ca462986e0db79b027f8 [Pos Repl] * C:\Windows\System32\drivers\i8042prt.sys : 80,896 : 07/13/2009 03:11 PM : f151f0bdc47f4a28b1b20a0818ea36d6 [NoSig] +-> C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_x86_neutral_50ad659974198591\i8042prt.sys : 80,896 : 07/13/2009 03:11 PM : f151f0bdc47f4a28b1b20a0818ea36d6 [Pos Repl] +-> C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_x86_neutral_7a9084e0177406eb\i8042prt.sys : 80,896 : 07/13/2009 03:11 PM : f151f0bdc47f4a28b1b20a0818ea36d6 [Pos Repl] +-> C:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.1.7601.17514_none_9955d7c4373b0589\i8042prt.sys : 80,896 : 07/13/2009 03:11 PM : f151f0bdc47f4a28b1b20a0818ea36d6 [Pos Repl] +-> C:\Windows\winsxs\x86_msmouse.inf_31bf3856ad364e35_6.1.7600.16385_none_4e0a61a033aec8c3\i8042prt.sys : 80,896 : 07/13/2009 03:11 PM : f151f0bdc47f4a28b1b20a0818ea36d6 [Pos Repl] * C:\Windows\System32\drivers\intelide.sys : 15,424 : 07/13/2009 05:20 PM : a0f12f2c9ba6c72f3987ce780e77c130 [NoSig] +-> C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_a5025d31bee4647c\intelide.sys : 15,424 : 07/13/2009 05:20 PM : a0f12f2c9ba6c72f3987ce780e77c130 [Pos Repl] +-> C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\intelide.sys : 15,424 : 07/13/2009 05:20 PM : a0f12f2c9ba6c72f3987ce780e77c130 [Pos Repl] +-> C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\intelide.sys : 15,424 : 07/13/2009 05:20 PM : a0f12f2c9ba6c72f3987ce780e77c130 [Pos Repl] +-> C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_df26d4d57fdef5b0\intelide.sys : 15,424 : 07/13/2009 05:20 PM : a0f12f2c9ba6c72f3987ce780e77c130 [Pos Repl] +-> C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_dfc9143c98e9a6c4\intelide.sys : 15,424 : 07/13/2009 05:20 PM : a0f12f2c9ba6c72f3987ce780e77c130 [Pos Repl] * C:\Windows\System32\drivers\intelppm.sys : 53,760 : 07/13/2009 03:11 PM : 3b514d27bfc4accb4037bc6685f766e0 [NoSig] +-> C:\Windows\System32\DriverStore\FileRepository\cpu.inf_x86_neutral_729b871528391032\intelppm.sys : 53,760 : 07/13/2009 03:11 PM : 3b514d27bfc4accb4037bc6685f766e0 [Pos Repl] +-> C:\Windows\winsxs\x86_cpu.inf_31bf3856ad364e35_6.1.7600.16385_none_5d20b0c250b4b524\intelppm.sys : 53,760 : 07/13/2009 03:11 PM : 3b514d27bfc4accb4037bc6685f766e0 [Pos Repl] * C:\Windows\System32\drivers\ipfltdrv.sys : 58,880 : 07/13/2009 03:54 PM : 709d1761d3b19a932ff0238ea6d50200 [NoSig] +-> C:\Windows\winsxs\x86_microsoft-windows-rasipfilter_31bf3856ad364e35_6.1.7600.16385_none_e73fda0c2083052a\ipfltdrv.sys : 58,880 : 07/13/2009 03:54 PM : 709d1761d3b19a932ff0238ea6d50200 [Pos Repl] * C:\Windows\System32\drivers\ipnat.sys : 101,888 : 07/13/2009 03:54 PM : a5fa468d67abcdaa36264e463a7bb0cd [NoSig] +-> C:\Windows\winsxs\x86_microsoft-windows-ipnat_31bf3856ad364e35_6.1.7600.16385_none_5aee6dbbdcaf7199\ipnat.sys : 101,888 : 07/13/2009 03:54 PM : a5fa468d67abcdaa36264e463a7bb0cd [Pos Repl] * C:\Windows\System32\drivers\irenum.sys : 13,824 : 07/13/2009 03:53 PM : 42996cff20a3084a56017b7902307e9f [NoSig] +-> C:\Windows\winsxs\x86_microsoft-windows-irdaircomm_31bf3856ad364e35_6.1.7600.16385_none_2867d22e85fcfdfa\irenum.sys : 13,824 : 07/13/2009 03:53 PM : 42996cff20a3084a56017b7902307e9f [Pos Repl] * C:\Windows\System32\drivers\isapnp.sys : 46,656 : 07/13/2009 05:20 PM : 1f32bb6b38f62f7df1a7ab7292638a35 [NoSig] +-> C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\isapnp.sys : 46,656 : 07/13/2009 05:20 PM : 1f32bb6b38f62f7df1a7ab7292638a35 [Pos Repl] +-> C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\isapnp.sys : 46,656 : 07/13/2009 05:20 PM : 1f32bb6b38f62f7df1a7ab7292638a35 [Pos Repl] * C:\Windows\System32\drivers\kbdclass.sys : 42,576 : 07/13/2009 05:20 PM : adef52ca1aeae82b50df86b56413107e [NoSig] +-> C:\Windows\erdnt\cache\kbdclass.sys : 42,576 : 07/13/2009 05:20 PM : adef52ca1aeae82b50df86b56413107e [Pos Repl] +-> C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_x86_neutral_50ad659974198591\kbdclass.sys : 42,576 : 07/13/2009 05:20 PM : adef52ca1aeae82b50df86b56413107e [Pos Repl] +-> C:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.1.7601.17514_none_9955d7c4373b0589\kbdclass.sys : 42,576 : 07/13/2009 05:20 PM : adef52ca1aeae82b50df86b56413107e [Pos Repl] * C:\Windows\System32\drivers\ksecdd.sys : 67,520 : 11/11/2015 09:03 AM : a061e519acde34843dfa3f1c7358daa2 [NoSig] +-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_a851f4adbb0d5141\ksecdd.sys : 67,456 : 11/20/2010 04:30 AM : 412cea1aa78cc02a447f5c9e62b32ff1 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_a84828d7bb1480d7\ksecdd.sys : 67,440 : 06/03/2015 07:08 PM : f4647bb23db9038a7536cf6b68f4207f [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17940_none_a82d8b59bb293454\ksecdd.sys : 67,440 : 06/04/2015 04:34 AM : b7895b4182c0d16f6efadeb8081e8d36 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18443_none_a8306bf1bb26a837\ksecdd.sys : 67,520 : 06/04/2015 08:27 AM : 4120da10aa42a9996f4575db9e3e6e6e [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18526_none_a8490e8dbb13b981\ksecdd.sys : 67,520 : 06/03/2015 07:07 PM : 4120da10aa42a9996f4575db9e3e6e6e [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18606_none_a85eb04bbb037ec6\ksecdd.sys : 67,520 : 09/19/2014 01:27 AM : e8c692b2fad343b81ac533906aa38f86 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18637_none_a83f40d1bb1aebf0\ksecdd.sys : 67,520 : 06/03/2015 07:05 PM : 4120da10aa42a9996f4575db9e3e6e6e [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18741_none_a82e710fbb286cfe\ksecdd.sys : 67,512 : 06/03/2015 07:06 PM : eab3020cb1f7dd9e7394147d05f49699 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18812_none_a84fe303bb0f2fa9\ksecdd.sys : 67,512 : 06/03/2015 07:09 PM : a5b076011c853b4cafd6296217a6e345 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18869_none_a820d56dbb316cbf\ksecdd.sys : 67,520 : 06/04/2015 04:34 AM : 3c9d9dfcf517103677d7b6255c727b48 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18923_none_a8461547bb166218\ksecdd.sys : 67,520 : 08/11/2015 06:40 PM : 4a480c9b9a6e721cb01326dfacaa4869 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18933_none_a83b455bbb1e7e09\ksecdd.sys : 67,520 : 08/11/2015 08:09 PM : 48732bfa0c692bec15dbbfe754e594c6 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18939_none_a8414717bb191613\ksecdd.sys : 67,520 : 08/26/2015 04:50 PM : 88246fd556e98bf416ac00c418b83d1d [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18951_none_a823a4efbb30833d\ksecdd.sys : 68,952 : 09/29/2015 09:48 AM : 2fa1766aac086edd7f9c70c333ff5b31 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.19007_none_a85f8e69bb02c2d4\ksecdd.sys : 67,520 : 10/13/2015 10:58 AM : afbaf1fd434b1c0afe6ee6de3066a0f1 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.19043_none_a8304d91bb26cd3c\ksecdd.sys : 67,520 : 11/11/2015 09:03 AM : 7c21ee287699161e0658791f180bc199 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.19044_none_a8314ddbbb25e693\ksecdd.sys : 67,520 : 11/11/2015 09:03 AM : 74e0c864f1c4f0fc88d45a10a778c5bd [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.19045_none_a8324e25bb24ffea\ksecdd.sys : 67,520 : 11/11/2015 09:03 AM : a061e519acde34843dfa3f1c7358daa2 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_a8a284cad4562b09\ksecdd.sys : 67,440 : 06/03/2015 07:08 PM : 91beb3c853eb11ab8363f2f261875fea [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22099_none_a889f15ed46779fd\ksecdd.sys : 67,440 : 06/04/2015 04:34 AM : 4b39e0e306d64ba64ffbb5ab956486e9 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22653_none_a8af3ab6d44c6119\ksecdd.sys : 67,520 : 06/04/2015 08:27 AM : eadf7b02e9d1419984ea4127edb22d69 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22807_none_a8e94f46d420350e\ksecdd.sys : 67,520 : 06/03/2015 07:07 PM : eadf7b02e9d1419984ea4127edb22d69 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22814_none_a8db7e7cd42b04fa\ksecdd.sys : 67,512 : 09/19/2014 01:35 AM : 41247f4198cd48c9ad12dcadf13f6e37 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22843_none_a8ba0e6ed4443f76\ksecdd.sys : 67,520 : 06/03/2015 07:05 PM : eadf7b02e9d1419984ea4127edb22d69 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22948_none_a8bf11c6d43fbb50\ksecdd.sys : 67,512 : 06/03/2015 07:06 PM : 9040634222611e8d99250c0a4a15a205 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23017_none_a8de5962d4288168\ksecdd.sys : 67,520 : 06/03/2015 07:09 PM : 16e5771d435254189e9e2d02e69e774e [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23072_none_a8987868d45daa5b\ksecdd.sys : 67,520 : 06/04/2015 04:34 AM : 17920ed7800719a18630003c80ec0f70 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23126_none_a8d28b12d4318129\ksecdd.sys : 67,520 : 07/14/2015 07:04 PM : c0f9c8581c383bb964616f164720522b [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23136_none_a8c7bb26d4399d1a\ksecdd.sys : 67,520 : 08/11/2015 08:09 PM : f620dbee343a0c0d9e0fe5ad9e952afc [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23142_none_a8b8ea12d44553af\ksecdd.sys : 67,520 : 08/26/2015 04:50 PM : b6df13fa5b5b170d2a8d5ac5a0f80129 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23153_none_a8af1a70d44c88f7\ksecdd.sys : 67,520 : 09/11/2015 09:16 AM : 8f0290ad8b9d980ce397712668c871d1 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23154_none_a8b01abad44ba24e\ksecdd.sys : 68,952 : 09/29/2015 09:48 AM : 8d6383aa6c5ce24c7e18f1db64d7a9eb [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23211_none_a8d85b72d42de3ac\ksecdd.sys : 67,520 : 10/13/2015 10:55 AM : edd80923ee118f8277a48ede57643f52 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23249_none_a8bfedfed43f0237\ksecdd.sys : 67,520 : 11/11/2015 09:03 AM : 30465bf49ddefbfd245eccb1104597eb [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.23250_none_a8ac1b78d44f3a19\ksecdd.sys : 67,520 : 11/11/2015 09:03 AM : 6b283b7c5c213765107fc4546f04a588 [Pos Repl] * C:\Windows\System32\drivers\ks.sys : 190,976 : 11/20/2010 01:50 AM : 5dcef0c32be0f33277326586fa503689 [NoSig] +-> C:\Windows\winsxs\x86_microsoft-windows-kernelstreaming_31bf3856ad364e35_6.1.7601.17514_none_59882c42f4263458\ks.sys : 190,976 : 11/20/2010 01:50 AM : 5dcef0c32be0f33277326586fa503689 [Pos Repl] * C:\Windows\System32\drivers\mcd.sys : 18,432 : 07/13/2009 03:45 PM : ef08d2ebe3eabba43cc57eee001027b6 [NoSig] +-> C:\Windows\winsxs\x86_microsoft.windows.h..changer-driverclass_31bf3856ad364e35_6.1.7600.16385_none_c87bc13e280dd10a\mcd.sys : 18,432 : 07/13/2009 03:45 PM : ef08d2ebe3eabba43cc57eee001027b6 [Pos Repl] * C:\Windows\System32\drivers\modem.sys : 31,744 : 07/13/2009 03:55 PM : f001861e5700ee84e2d4e52c712f4964 [NoSig] +-> C:\Windows\winsxs\x86_microsoft-windows-u..em-core-classdriver_31bf3856ad364e35_6.1.7600.16385_none_2fdad9144fff701e\modem.sys : 31,744 : 07/13/2009 03:55 PM : f001861e5700ee84e2d4e52c712f4964 [Pos Repl] * C:\Windows\System32\drivers\mouclass.sys : 41,552 : 07/13/2009 05:20 PM : fb18cc1d4c2e716b6b903b0ac0cc0609 [NoSig] +-> C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_x86_neutral_7a9084e0177406eb\mouclass.sys : 41,552 : 07/13/2009 05:20 PM : fb18cc1d4c2e716b6b903b0ac0cc0609 [Pos Repl] +-> C:\Windows\winsxs\x86_msmouse.inf_31bf3856ad364e35_6.1.7600.16385_none_4e0a61a033aec8c3\mouclass.sys : 41,552 : 07/13/2009 05:20 PM : fb18cc1d4c2e716b6b903b0ac0cc0609 [Pos Repl] * C:\Windows\System32\drivers\mouhid.sys : 26,112 : 07/13/2009 03:45 PM : 2c388d2cd01c9042596cf3c8f3c7b24d [NoSig] +-> C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_x86_neutral_7a9084e0177406eb\mouhid.sys : 26,112 : 07/13/2009 03:45 PM : 2c388d2cd01c9042596cf3c8f3c7b24d [Pos Repl] +-> C:\Windows\winsxs\x86_msmouse.inf_31bf3856ad364e35_6.1.7600.16385_none_4e0a61a033aec8c3\mouhid.sys : 26,112 : 07/13/2009 03:45 PM : 2c388d2cd01c9042596cf3c8f3c7b24d [Pos Repl] * C:\Windows\System32\drivers\mountmgr.sys : 78,784 : 08/11/2015 08:09 PM : bad9c0366134ba181514e9263c8ce606 [NoSig] +-> C:\Windows\winsxs\x86_microsoft-windows-mountpointmanager_31bf3856ad364e35_6.1.7601.17514_none_f49f8eb16547dc9f\mountmgr.sys : 78,208 : 11/20/2010 04:30 AM : fc8771f45ecccfd89684e38842539b9b [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-mountpointmanager_31bf3856ad364e35_6.1.7601.18741_none_f47c0b136562f85c\mountmgr.sys : 78,784 : 06/03/2015 07:06 PM : 644905a19d0f37f2233dfce53bc4bc19 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-mountpointmanager_31bf3856ad364e35_6.1.7601.18933_none_f488df5f65590967\mountmgr.sys : 78,784 : 08/11/2015 08:09 PM : bad9c0366134ba181514e9263c8ce606 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-mountpointmanager_31bf3856ad364e35_6.1.7601.22948_none_f50cabca7e7a46ae\mountmgr.sys : 78,784 : 06/03/2015 07:06 PM : b4867ea6a6bc23ebe4db0839ed3e3dc2 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-mountpointmanager_31bf3856ad364e35_6.1.7601.23136_none_f515552a7e742878\mountmgr.sys : 78,784 : 08/11/2015 08:09 PM : 2f3dfd64d97830b5f00d2bfc4ac1445f [Pos Repl] * C:\Windows\System32\drivers\mrxdav.sys : 116,224 : 06/03/2015 07:06 PM : 03f899f521d2aaed1c55008f734df252 [NoSig] +-> C:\Windows\winsxs\x86_microsoft-windows-webdavredir-mrxdav_31bf3856ad364e35_6.1.7601.17514_none_16b24f2323fdbda5\mrxdav.sys : 115,712 : 11/20/2010 00:42 AM : ceb46ab7c01c9f825f8cc6babc18166a [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-webdavredir-mrxdav_31bf3856ad364e35_6.1.7601.18706_none_16bf0ca723f3e851\mrxdav.sys : 116,224 : 06/03/2015 07:06 PM : 03f899f521d2aaed1c55008f734df252 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-webdavredir-mrxdav_31bf3856ad364e35_6.1.7601.22913_none_173ada8e3d1c552e\mrxdav.sys : 116,736 : 06/03/2015 07:06 PM : 1c3ebf74425637371dd208b67381a949 [Pos Repl] * C:\Windows\System32\drivers\mrxsmb.sys : 124,416 : 11/11/2015 09:03 AM : c7492026f6691a92c4508dddb041ce4e [NoSig] +-> C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.17514_none_8198d720af5f882e\mrxsmb.sys : 123,904 : 11/20/2010 00:42 AM : b272b4c3e085ea860c12f2e4faf2ffa2 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.17565_none_8163c7ceaf872d3a\mrxsmb.sys : 123,904 : 06/03/2015 07:06 PM : ed3d3419b064f28d812995ed8cadc541 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.18923_none_818cf7baaf689905\mrxsmb.sys : 124,416 : 08/11/2015 06:40 PM : 7a97b5b6e04ab52fa53c8ea574913a04 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.18933_none_818227ceaf70b4f6\mrxsmb.sys : 124,416 : 08/11/2015 08:09 PM : fedaab6716b44de8b9efc14dd9a26215 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.18939_none_8188298aaf6b4d00\mrxsmb.sys : 124,416 : 08/26/2015 04:50 PM : baf4e2be25e8edfdaa98aa17d92e3c35 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.18951_none_816a8762af82ba2a\mrxsmb.sys : 124,416 : 09/29/2015 09:48 AM : a6d93b0eaed452179b7a032ce9eec4a1 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.19018_none_819ca13aaf5c2f09\mrxsmb.sys : 124,416 : 10/13/2015 10:58 AM : 249fe98bd066894910a32dd53c8c5d16 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.19043_none_81773004af790429\mrxsmb.sys : 124,416 : 11/11/2015 09:03 AM : 19333b28c8a0eea3484d83cb3d761fe8 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.19044_none_8178304eaf781d80\mrxsmb.sys : 124,416 : 11/11/2015 09:03 AM : 08855aaa5b91863d79aec5f13751ddc0 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.19045_none_81793098af7736d7\mrxsmb.sys : 124,416 : 11/11/2015 09:03 AM : c7492026f6691a92c4508dddb041ce4e [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.21666_none_81ee64e3c8a3e65b\mrxsmb.sys : 123,904 : 06/03/2015 07:06 PM : c76fd653db8b90da85ead12b12fffc9f [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.23126_none_82196d85c883b816\mrxsmb.sys : 124,928 : 08/11/2015 06:40 PM : 000c1eef05d422a76e57e84736ef25f0 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.23136_none_820e9d99c88bd407\mrxsmb.sys : 124,928 : 08/11/2015 08:09 PM : 688e0d9c2f56f4a6c7156f067d43d2fd [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.23142_none_81ffcc85c8978a9c\mrxsmb.sys : 124,928 : 08/26/2015 04:50 PM : 8352bf69becef0e2f101b39afba764b1 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.23153_none_81f5fce3c89ebfe4\mrxsmb.sys : 124,928 : 09/11/2015 09:16 AM : 5fd8fe8a4f26a48abc023b738f853e87 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.23154_none_81f6fd2dc89dd93b\mrxsmb.sys : 124,928 : 09/29/2015 09:48 AM : c99f13b5b86a602f95777ac4358c0947 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.23223_none_82166e8dc8866938\mrxsmb.sys : 124,928 : 10/13/2015 10:58 AM : c005da60943770fbdf1984420ad28631 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.23226_none_82196f6bc883b53d\mrxsmb.sys : 124,928 : 10/13/2015 10:55 AM : 27ca5a47023ae986a16cdd7a0aad7093 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.23249_none_8206d071c8913924\mrxsmb.sys : 124,928 : 11/11/2015 09:03 AM : 49ea7522035c23d3f1734f470344593e [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-smbminirdr_31bf3856ad364e35_6.1.7601.23250_none_81f2fdebc8a17106\mrxsmb.sys : 124,928 : 11/11/2015 09:03 AM : d40c0988c276d10c8284713fdd09338f [Pos Repl] * C:\Windows\System32\drivers\msfs.sys : 22,528 : 07/13/2009 03:11 PM : daefb28e3af5a76abcc2c3078c07327f [NoSig] +-> C:\Windows\winsxs\x86_microsoft-windows-msfs_31bf3856ad364e35_6.1.7600.16385_none_a646965e7e3ffc0c\msfs.sys : 22,528 : 07/13/2009 03:11 PM : daefb28e3af5a76abcc2c3078c07327f [Pos Repl] * C:\Windows\System32\drivers\MSKSSRV.sys : 8,320 : 07/13/2009 03:45 PM : 8c0860d6366aaffb6c5bb9df9448e631 [NoSig] +-> C:\Windows\winsxs\x86_microsoft-windows-kernelstreamingsupport_31bf3856ad364e35_6.1.7600.16385_none_61cb11453c0f45a5\mskssrv.sys : 8,320 : 07/13/2009 03:45 PM : 8c0860d6366aaffb6c5bb9df9448e631 [Pos Repl] * C:\Windows\System32\drivers\MSPCLOCK.sys : 5,888 : 07/13/2009 03:45 PM : 3ea8b949f963562cedbb549eac0c11ce [NoSig] +-> C:\Windows\winsxs\x86_microsoft-windows-kernelstreamingsupport_31bf3856ad364e35_6.1.7600.16385_none_61cb11453c0f45a5\mspclock.sys : 5,888 : 07/13/2009 03:45 PM : 3ea8b949f963562cedbb549eac0c11ce [Pos Repl] * C:\Windows\System32\drivers\MSPQM.sys : 5,504 : 07/13/2009 03:45 PM : f456e973590d663b1073e9c463b40932 [NoSig] +-> C:\Windows\winsxs\x86_microsoft-windows-kernelstreamingsupport_31bf3856ad364e35_6.1.7600.16385_none_61cb11453c0f45a5\mspqm.sys : 5,504 : 07/13/2009 03:45 PM : f456e973590d663b1073e9c463b40932 [Pos Repl] * C:\Windows\System32\drivers\mssmbios.sys : 28,240 : 07/13/2009 05:20 PM : fc6b9ff600cc585ea38b12589bd4e246 [NoSig] +-> C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\mssmbios.sys : 28,240 : 07/13/2009 05:20 PM : fc6b9ff600cc585ea38b12589bd4e246 [Pos Repl] +-> C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\mssmbios.sys : 28,240 : 07/13/2009 05:20 PM : fc6b9ff600cc585ea38b12589bd4e246 [Pos Repl] * C:\Windows\System32\drivers\mup.sys : 49,728 : 07/13/2009 05:20 PM : 159fad02f64e6381758c990f753bcc80 [NoSig] +-> C:\Windows\winsxs\x86_microsoft-windows-mup_31bf3856ad364e35_6.1.7600.16385_none_acc89f51b9d75e29\mup.sys : 49,728 : 07/13/2009 05:20 PM : 159fad02f64e6381758c990f753bcc80 [Pos Repl] * C:\Windows\System32\drivers\ndis.sys : 712,640 : 11/11/2015 09:03 AM : 9804fb2e46077f2977552347dfca7e05 [NoSig] +-> C:\Windows\erdnt\cache\ndis.sys : 712,640 : 11/11/2015 09:03 AM : 9804fb2e46077f2977552347dfca7e05 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_a9ce95b27a512623\ndis.sys : 712,576 : 11/20/2010 04:30 AM : e7c54812a2aaf43316eb6930c1ffa108 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17939_none_a9bdfee47a5cd154\ndis.sys : 712,048 : 08/22/2012 09:16 AM : 8c9c922d71f1cd4def73f186416b7896 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.19030_none_a9b4bda47a653a28\ndis.sys : 712,640 : 11/11/2015 09:03 AM : 9804fb2e46077f2977552347dfca7e05 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.22097_none_aa0491cf93ad1c31\ndis.sys : 712,048 : 08/22/2012 09:05 AM : 15b74b6283cebcce3054c1001ca01b5e [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.23235_none_aa435dc7937e55cc\ndis.sys : 713,152 : 11/11/2015 09:03 AM : 43c1c599ff590c875764cb6254a506b6 [Pos Repl] * C:\Windows\System32\drivers\ndistapi.sys : 20,992 : 07/13/2009 03:54 PM : e4a8aec125a2e43a9e32afeea7c9c888 [NoSig] +-> C:\Windows\winsxs\x86_microsoft-windows-rasbase_31bf3856ad364e35_6.1.7601.17514_none_0fe7d1ccd8b15e24\ndistapi.sys : 20,992 : 07/13/2009 03:54 PM : e4a8aec125a2e43a9e32afeea7c9c888 [Pos Repl] * C:\Windows\System32\drivers\ndisuio.sys : 46,080 : 11/20/2010 02:06 AM : d8a65dafb3eb41cbb622745676fcd072 [NoSig] +-> C:\Windows\winsxs\x86_microsoft-windows-ndisuio_31bf3856ad364e35_6.1.7601.17514_none_6df871af452036ec\ndisuio.sys : 46,080 : 11/20/2010 02:06 AM : d8a65dafb3eb41cbb622745676fcd072 [Pos Repl] * C:\Windows\System32\drivers\ndiswan.sys : 118,784 : 11/20/2010 02:07 AM : 38fbe267e7e6983311179230facb1017 [NoSig] +-> C:\Windows\winsxs\x86_microsoft-windows-rasbase-ndiswan_31bf3856ad364e35_6.1.7601.17514_none_f53ffaacb58ce159\ndiswan.sys : 118,784 : 11/20/2010 02:07 AM : 38fbe267e7e6983311179230facb1017 [Pos Repl] * C:\Windows\System32\drivers\ndproxy.sys : 48,640 : 11/20/2010 02:07 AM : a4bdc541e69674fbff1a8ff00be913f2 [NoSig] +-> C:\Windows\winsxs\x86_microsoft-windows-rasbase_31bf3856ad364e35_6.1.7601.17514_none_0fe7d1ccd8b15e24\ndproxy.sys : 48,640 : 11/20/2010 02:07 AM : a4bdc541e69674fbff1a8ff00be913f2 [Pos Repl] * C:\Windows\System32\drivers\netbios.sys : 36,352 : 07/13/2009 03:53 PM : 80b275b1ce3b0e79909db7b39af74d51 [NoSig] +-> C:\Windows\winsxs\x86_microsoft-windows-netbios_31bf3856ad364e35_6.1.7600.16385_none_59b80e4dcc72e431\netbios.sys : 36,352 : 07/13/2009 03:53 PM : 80b275b1ce3b0e79909db7b39af74d51 [Pos Repl] * C:\Windows\System32\drivers\netbt.sys : 187,904 : 11/20/2010 00:39 AM : 280122ddcf04b378edd1ad54d71c1e54 [NoSig] +-> C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_626c324d55864070\netbt.sys : 187,904 : 11/20/2010 00:39 AM : 280122ddcf04b378edd1ad54d71c1e54 [Pos Repl] * C:\Windows\System32\drivers\npfs.sys : 35,328 : 07/13/2009 03:11 PM : 1db262a9f8c087e8153d89bef3d2235f [NoSig] +-> C:\Windows\winsxs\x86_microsoft-windows-npfs_31bf3856ad364e35_6.1.7600.16385_none_a647db007e3ec880\npfs.sys : 35,328 : 07/13/2009 03:11 PM : 1db262a9f8c087e8153d89bef3d2235f [Pos Repl] * C:\Windows\System32\drivers\ntfs.sys : 1,212,352 : 06/03/2015 07:10 PM : c8dff8d07755a66c7a4a738930f0feac [NoSig] +-> C:\Windows\erdnt\cache\ntfs.sys : 1,212,352 : 06/03/2015 07:10 PM : c8dff8d07755a66c7a4a738930f0feac [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17514_none_a87893a87b2db29e\ntfs.sys : 1,211,264 : 11/20/2010 04:30 AM : 33c3093d09017cfe2e219f2472bff6eb [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17577_none_a83ab4fe7b5ba649\ntfs.sys : 1,211,264 : 06/04/2015 09:33 AM : 81189c3d7763838e55c397759d49007a [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.18378_none_a83b9ab47b5adef3\ntfs.sys : 1,212,352 : 06/03/2015 07:10 PM : c8dff8d07755a66c7a4a738930f0feac [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.21680_none_a8b27fd79487b0a3\ntfs.sys : 1,211,264 : 06/04/2015 09:33 AM : e2ede3f02f95b896a1c7c6f0cc0c4083 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.22580_none_a8b267299487cd1d\ntfs.sys : 1,213,376 : 06/03/2015 07:10 PM : 90ee3c4bd199287d2630c5232f459367 [Pos Repl] * C:\Windows\System32\drivers\null.sys : 4,608 : 07/13/2009 03:11 PM : f9756a98d69098dca8945d62858a812c [NoSig] +-> C:\Windows\erdnt\cache\null.sys : 4,608 : 07/13/2009 03:11 PM : f9756a98d69098dca8945d62858a812c [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-null_31bf3856ad364e35_6.1.7600.16385_none_a93c43a07c50a038\null.sys : 4,608 : 07/13/2009 03:11 PM : f9756a98d69098dca8945d62858a812c [Pos Repl] * C:\Windows\System32\drivers\parport.sys : 79,360 : 07/13/2009 03:45 PM : 2ea877ed5dd9713c5ac74e8ea7348d14 [NoSig] +-> C:\Windows\System32\DriverStore\FileRepository\msports.inf_x86_neutral_c1a802e06677f73f\parport.sys : 79,360 : 07/13/2009 03:45 PM : 2ea877ed5dd9713c5ac74e8ea7348d14 [Pos Repl] +-> C:\Windows\winsxs\x86_msports.inf_31bf3856ad364e35_6.1.7600.16385_none_f86e06d519b1d9a4\parport.sys : 79,360 : 07/13/2009 03:45 PM : 2ea877ed5dd9713c5ac74e8ea7348d14 [Pos Repl] * C:\Windows\System32\drivers\partmgr.sys : 56,176 : 06/03/2015 07:08 PM : 3f34a1b4c5f6475f320c275e63afce9b [NoSig] +-> C:\Windows\winsxs\x86_microsoft-windows-partitionmanager_31bf3856ad364e35_6.1.7601.17514_none_e3a37d7718b1a99e\partmgr.sys : 56,192 : 11/20/2010 04:30 AM : bf8f6af06da75b336f07e23aef97d93b [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-partitionmanager_31bf3856ad364e35_6.1.7601.17796_none_e34f027718f0b622\partmgr.sys : 56,176 : 06/03/2015 07:08 PM : 3f34a1b4c5f6475f320c275e63afce9b [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-partitionmanager_31bf3856ad364e35_6.1.7601.21946_none_e40eb0c431e5c75e\partmgr.sys : 56,176 : 06/03/2015 07:08 PM : 2dbfa1d13f039e222d18bc7b36ac6cdb [Pos Repl] * C:\Windows\System32\drivers\parvdm.sys : 8,704 : 07/13/2009 03:45 PM : eb0a59f29c19b86479d36b35983daadc [NoSig] +-> C:\Windows\System32\DriverStore\FileRepository\msports.inf_x86_neutral_c1a802e06677f73f\parvdm.sys : 8,704 : 07/13/2009 03:45 PM : eb0a59f29c19b86479d36b35983daadc [Pos Repl] +-> C:\Windows\winsxs\x86_msports.inf_31bf3856ad364e35_6.1.7600.16385_none_f86e06d519b1d9a4\parvdm.sys : 8,704 : 07/13/2009 03:45 PM : eb0a59f29c19b86479d36b35983daadc [Pos Repl] * C:\Windows\System32\drivers\pciidex.sys : 42,560 : 07/13/2009 05:19 PM : ede040d666ff81bf1978d0f19f799e7a [NoSig] +-> C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_a5025d31bee4647c\pciidex.sys : 42,560 : 07/13/2009 05:19 PM : ede040d666ff81bf1978d0f19f799e7a [Pos Repl] +-> C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\pciidex.sys : 42,560 : 07/13/2009 05:19 PM : ede040d666ff81bf1978d0f19f799e7a [Pos Repl] +-> C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\pciidex.sys : 42,560 : 07/13/2009 05:19 PM : ede040d666ff81bf1978d0f19f799e7a [Pos Repl] +-> C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_df26d4d57fdef5b0\pciidex.sys : 42,560 : 07/13/2009 05:19 PM : ede040d666ff81bf1978d0f19f799e7a [Pos Repl] +-> C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_dfc9143c98e9a6c4\pciidex.sys : 42,560 : 07/13/2009 05:19 PM : ede040d666ff81bf1978d0f19f799e7a [Pos Repl] * C:\Windows\System32\drivers\pci.sys : 153,984 : 11/20/2010 04:30 AM : 673e55c3498eb970088e812ea820aa8f [NoSig] +-> C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\pci.sys : 153,984 : 11/20/2010 04:30 AM : 673e55c3498eb970088e812ea820aa8f [Pos Repl] +-> C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\pci.sys : 153,984 : 11/20/2010 04:30 AM : 673e55c3498eb970088e812ea820aa8f [Pos Repl] * C:\Windows\System32\drivers\pcmcia.sys : 180,288 : 07/13/2009 05:19 PM : f396431b31693e71e8a80687ef523506 [NoSig] +-> C:\Windows\System32\DriverStore\FileRepository\pcmcia.inf_x86_neutral_42dda5eb5768a3df\pcmcia.sys : 180,288 : 07/13/2009 05:19 PM : f396431b31693e71e8a80687ef523506 [Pos Repl] +-> C:\Windows\winsxs\x86_pcmcia.inf_31bf3856ad364e35_6.1.7600.16385_none_85a22802fc99e371\pcmcia.sys : 180,288 : 07/13/2009 05:19 PM : f396431b31693e71e8a80687ef523506 [Pos Repl] * C:\Windows\System32\drivers\portcls.sys : 177,152 : 10/03/2013 05:17 PM : eb6137d696a9b4e9718ac6f8641cb4c9 [NoSig] +-> C:\Windows\System32\DriverStore\FileRepository\wdmaudio.inf_x86_neutral_aed2a4456700dfde\portcls.sys : 177,152 : 07/13/2009 03:51 PM : d72708c9f49500c13d7d067e169b7715 [Pos Repl] +-> C:\Windows\System32\DriverStore\FileRepository\wdmaudio.inf_x86_neutral_df2ea65e936720f7\portcls.sys : 177,152 : 10/03/2013 05:17 PM : eb6137d696a9b4e9718ac6f8641cb4c9 [Pos Repl] +-> C:\Windows\winsxs\x86_wdmaudio.inf_31bf3856ad364e35_6.1.7600.16385_none_603daf367b793e32\portcls.sys : 177,152 : 07/13/2009 03:51 PM : d72708c9f49500c13d7d067e169b7715 [Pos Repl] +-> C:\Windows\winsxs\x86_wdmaudio.inf_31bf3856ad364e35_6.1.7601.18276_none_622fc7907896be4c\portcls.sys : 177,152 : 10/03/2013 05:17 PM : eb6137d696a9b4e9718ac6f8641cb4c9 [Pos Repl] +-> C:\Windows\winsxs\x86_wdmaudio.inf_31bf3856ad364e35_6.1.7601.22472_none_62b5651991b7f5e1\portcls.sys : 177,152 : 10/03/2013 05:23 PM : b3e02d59c6e49f6a4293eecd67a67be0 [Pos Repl] * C:\Windows\System32\drivers\processr.sys : 52,224 : 07/13/2009 03:11 PM : 85b1e3a0c7585bc4aae6899ec6fcf011 [NoSig] +-> C:\Windows\System32\DriverStore\FileRepository\cpu.inf_x86_neutral_729b871528391032\processr.sys : 52,224 : 07/13/2009 03:11 PM : 85b1e3a0c7585bc4aae6899ec6fcf011 [Pos Repl] +-> C:\Windows\winsxs\x86_cpu.inf_31bf3856ad364e35_6.1.7600.16385_none_5d20b0c250b4b524\processr.sys : 52,224 : 07/13/2009 03:11 PM : 85b1e3a0c7585bc4aae6899ec6fcf011 [Pos Repl] * C:\Windows\System32\drivers\rasacd.sys : 11,776 : 07/13/2009 03:54 PM : 30a81b53c766d0133bb86d234e5556ab [NoSig] +-> C:\Windows\winsxs\x86_microsoft-windows-rasautodial_31bf3856ad364e35_6.1.7600.16385_none_0fb054d9c6a6b4d4\rasacd.sys : 11,776 : 07/13/2009 03:54 PM : 30a81b53c766d0133bb86d234e5556ab [Pos Repl] * C:\Windows\System32\drivers\rasl2tp.sys : 78,848 : 07/13/2009 03:54 PM : d9f91eafec2815365cbe6d167e4e332a [NoSig] +-> C:\Windows\winsxs\x86_microsoft-windows-rasbase-rasl2tp_31bf3856ad364e35_6.1.7600.16385_none_99b2a2c04941dfb7\rasl2tp.sys : 78,848 : 07/13/2009 03:54 PM : d9f91eafec2815365cbe6d167e4e332a [Pos Repl] * C:\Windows\System32\drivers\raspppoe.sys : 77,824 : 07/13/2009 03:54 PM : 0fe8b15916307a6ac12bfb6a63e45507 [NoSig] +-> C:\Windows\winsxs\x86_microsoft-windows-rasbase-raspppoe_31bf3856ad364e35_6.1.7600.16385_none_5609da43fbeb6e85\raspppoe.sys : 77,824 : 07/13/2009 03:54 PM : 0fe8b15916307a6ac12bfb6a63e45507 [Pos Repl] * C:\Windows\System32\drivers\raspptp.sys : 73,728 : 07/13/2009 03:54 PM : 631e3e205ad6d86f2aed6a4a8e69f2db [NoSig] +-> C:\Windows\winsxs\x86_microsoft-windows-rasbase-raspptp_31bf3856ad364e35_6.1.7600.16385_none_99c574fc492a728d\raspptp.sys : 73,728 : 07/13/2009 03:54 PM : 631e3e205ad6d86f2aed6a4a8e69f2db [Pos Repl] * C:\Windows\System32\drivers\rdbss.sys : 242,688 : 11/20/2010 00:44 AM : d528bc58a489409ba40334ebf96a311b [NoSig] +-> C:\Windows\winsxs\x86_microsoft-windows-rdbss_31bf3856ad364e35_6.1.7601.17514_none_5bdc41b7bfab889f\rdbss.sys : 242,688 : 11/20/2010 00:44 AM : d528bc58a489409ba40334ebf96a311b [Pos Repl] * C:\Windows\System32\drivers\rdpcdd.sys : 6,656 : 11/20/2010 02:22 AM : 23dae03f29d253ae74c44f99e515f9a1 [NoSig] +-> C:\Windows\winsxs\x86_microsoft-windows-t..niportdisplaydriver_31bf3856ad364e35_6.1.7601.17514_none_d6e28e069c8110ef\RDPCDD.sys : 6,656 : 11/20/2010 02:22 AM : 23dae03f29d253ae74c44f99e515f9a1 [Pos Repl] * C:\Windows\System32\drivers\rdpwd.sys : 184,320 : 06/03/2015 07:07 PM : cd9214a6ae17d188d17c3cf8cb9cc693 [NoSig] +-> C:\Windows\winsxs\x86_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7601.17514_none_4d7cf2333344a165\rdpwd.sys : 183,808 : 11/20/2010 02:22 AM : 288b06960d78428ff89e811632684e20 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7601.17779_none_4d4117e93370c20c\rdpwd.sys : 183,808 : 06/03/2015 06:26 PM : 244c83332f44589ae98fc347f11b2693 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7601.18540_none_4d586a7f3360a97d\rdpwd.sys : 184,320 : 06/03/2015 07:07 PM : cd9214a6ae17d188d17c3cf8cb9cc693 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7601.21924_none_4dfbc4c44c6a5495\rdpwd.sys : 183,808 : 06/03/2015 06:26 PM : 2570d1f85c0ce1096e075f2de96d11d9 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7601.22750_none_4dd739444c86625f\rdpwd.sys : 186,368 : 06/03/2015 07:07 PM : e1e18e2987072861707681a0e6d16f21 [Pos Repl] * C:\Windows\System32\drivers\rmcast.sys : 117,760 : 11/05/2015 01:48 AM : afa8ccafc4a0983b09ac386e643f8f81 [NoSig] +-> C:\Windows\winsxs\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.1.7601.17514_none_5685361ce62d187b\rmcast.sys : 117,760 : 11/20/2010 02:06 AM : 906dcfc5ebf4ec0433f8d4fffb0ba334 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.1.7601.19055_none_565abfa8e64ce315\rmcast.sys : 117,760 : 11/05/2015 01:48 AM : afa8ccafc4a0983b09ac386e643f8f81 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-rmcast_31bf3856ad364e35_6.1.7601.23260_none_56d48cfbff771d44\rmcast.sys : 117,760 : 11/05/2015 01:43 AM : 0c9c1f5096a8f301665a656cdade65e3 [Pos Repl] * C:\Windows\System32\drivers\rndismp.sys : 33,280 : 07/04/2012 11:45 AM : ed80d303102a746d30c1684b387bcbf1 [NoSig] +-> C:\Windows\winsxs\x86_microsoft-windows-rndis-miniport_31bf3856ad364e35_6.1.7600.16385_none_e10505d0ed38f22a\RNDISMP.sys : 33,280 : 07/13/2009 03:54 PM : 7400cfab5cf36f2294e80b3f3bda3ebc [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-rndis-miniport_31bf3856ad364e35_6.1.7601.17887_none_e2ed70b4ea5d7cd5\RNDISMP.sys : 33,280 : 07/04/2012 11:45 AM : ed80d303102a746d30c1684b387bcbf1 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-rndis-miniport_31bf3856ad364e35_6.1.7601.22044_none_e39f2474035d9418\RNDISMP.sys : 33,280 : 07/04/2012 11:41 AM : d501fe23fef6c001f1bf21975eec7808 [Pos Repl] * C:\Windows\System32\drivers\rootmdm.sys : 8,192 : 07/13/2009 03:55 PM : 564297827d213f52c7a3a2ff749568ca [NoSig] +-> C:\Windows\winsxs\x86_microsoft-windows-unimodem-core_31bf3856ad364e35_6.1.7600.16385_none_946e88ef35e184db\rootmdm.sys : 8,192 : 07/13/2009 03:55 PM : 564297827d213f52c7a3a2ff749568ca [Pos Repl] * C:\Windows\System32\drivers\scsiport.sys : 140,160 : 11/20/2010 04:30 AM : 099972e1faf4950d3994fbab9dd21253 [NoSig] +-> C:\Windows\winsxs\x86_microsoft.windows.s..se.scsi_port_driver_31bf3856ad364e35_6.1.7601.17514_none_e78797ce8860e655\scsiport.sys : 140,160 : 11/20/2010 04:30 AM : 099972e1faf4950d3994fbab9dd21253 [Pos Repl] * C:\Windows\System32\drivers\serenum.sys : 17,920 : 07/13/2009 03:45 PM : 9ad8b8b515e3df6acd4212ef465de2d1 [NoSig] +-> C:\Windows\System32\DriverStore\FileRepository\msports.inf_x86_neutral_c1a802e06677f73f\serenum.sys : 17,920 : 07/13/2009 03:45 PM : 9ad8b8b515e3df6acd4212ef465de2d1 [Pos Repl] +-> C:\Windows\winsxs\x86_msports.inf_31bf3856ad364e35_6.1.7600.16385_none_f86e06d519b1d9a4\serenum.sys : 17,920 : 07/13/2009 03:45 PM : 9ad8b8b515e3df6acd4212ef465de2d1 [Pos Repl] * C:\Windows\System32\drivers\serial.sys : 83,456 : 07/13/2009 03:45 PM : 5fb7fcea0490d821f26f39cc5ea3d1e2 [NoSig] +-> C:\Windows\System32\DriverStore\FileRepository\msports.inf_x86_neutral_c1a802e06677f73f\serial.sys : 83,456 : 07/13/2009 03:45 PM : 5fb7fcea0490d821f26f39cc5ea3d1e2 [Pos Repl] +-> C:\Windows\winsxs\x86_msports.inf_31bf3856ad364e35_6.1.7600.16385_none_f86e06d519b1d9a4\serial.sys : 83,456 : 07/13/2009 03:45 PM : 5fb7fcea0490d821f26f39cc5ea3d1e2 [Pos Repl] * C:\Windows\System32\drivers\sffdisk.sys : 11,264 : 07/13/2009 03:45 PM : 9f976e1eb233df46fce808d9dea3eb9c [NoSig] +-> C:\Windows\System32\DriverStore\FileRepository\sffdisk.inf_x86_neutral_7e5210507f8fc265\sffdisk.sys : 11,264 : 07/13/2009 03:45 PM : 9f976e1eb233df46fce808d9dea3eb9c [Pos Repl] +-> C:\Windows\winsxs\x86_sffdisk.inf_31bf3856ad364e35_6.1.7601.17514_none_a642f2ee482c0cd4\sffdisk.sys : 11,264 : 07/13/2009 03:45 PM : 9f976e1eb233df46fce808d9dea3eb9c [Pos Repl] * C:\Windows\System32\drivers\sffp_sd.sys : 12,800 : 11/20/2010 01:50 AM : 6d4ccaedc018f1cf52866bbbaa235982 [NoSig] +-> C:\Windows\System32\DriverStore\FileRepository\sffdisk.inf_x86_neutral_7e5210507f8fc265\sffp_sd.sys : 12,800 : 11/20/2010 01:50 AM : 6d4ccaedc018f1cf52866bbbaa235982 [Pos Repl] +-> C:\Windows\winsxs\x86_sffdisk.inf_31bf3856ad364e35_6.1.7601.17514_none_a642f2ee482c0cd4\sffp_sd.sys : 12,800 : 11/20/2010 01:50 AM : 6d4ccaedc018f1cf52866bbbaa235982 [Pos Repl] * C:\Windows\System32\drivers\sfloppy.sys : 13,824 : 07/13/2009 03:45 PM : db96666cc8312ebc45032f30b007a547 [NoSig] +-> C:\Windows\System32\DriverStore\FileRepository\flpydisk.inf_x86_neutral_2102f5344367a352\sfloppy.sys : 13,824 : 07/13/2009 03:45 PM : db96666cc8312ebc45032f30b007a547 [Pos Repl] +-> C:\Windows\winsxs\x86_flpydisk.inf_31bf3856ad364e35_6.1.7600.16385_none_e6e06650dbcf54b4\sfloppy.sys : 13,824 : 07/13/2009 03:45 PM : db96666cc8312ebc45032f30b007a547 [Pos Repl] * C:\Windows\System32\drivers\smclib.sys : 17,408 : 07/13/2009 03:45 PM : 2e467e6ca8e0a140c08011844c0d3936 [NoSig] +-> C:\Windows\winsxs\x86_microsoft.windows.s...smart_card_library_31bf3856ad364e35_6.1.7600.16385_none_f9da031b490b1c8a\smclib.sys : 17,408 : 07/13/2009 03:45 PM : 2e467e6ca8e0a140c08011844c0d3936 [Pos Repl] * C:\Windows\System32\drivers\srv.sys : 311,808 : 04/28/2011 06:46 PM : e4c2764065d66ea1d2d3ebc28fe99c46 [NoSig] +-> C:\Windows\winsxs\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7601.17514_none_dbfed34654b5b0e0\srv.sys : 311,296 : 11/20/2010 00:45 AM : 112127c3b2e64d7680cc39cd0a39dd7e [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7601.17608_none_dc0da64054a9f772\srv.sys : 311,808 : 04/28/2011 06:46 PM : e4c2764065d66ea1d2d3ebc28fe99c46 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-smbserver-v1_31bf3856ad364e35_6.1.7601.21717_none_dc8b72d56dd099d6\srv.sys : 311,808 : 04/28/2011 07:19 PM : b9526afe58b0eb537a391dfa925a1e40 [Pos Repl] * C:\Windows\System32\drivers\stream.sys : 54,656 : 06/04/2015 04:34 AM : 575df237408ca735631f7a0dc423d873 [NoSig] +-> C:\Windows\winsxs\x86_microsoft-windows-streamclass_31bf3856ad364e35_6.1.7600.16385_none_5e3aebd498f644ed\stream.sys : 53,632 : 07/13/2009 03:50 PM : 45b44fc9e5ac0db02b19d515ee809de5 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-streamclass_31bf3856ad364e35_6.1.7601.18828_none_60651fc295e95aea\stream.sys : 54,656 : 06/04/2015 04:34 AM : 575df237408ca735631f7a0dc423d873 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-streamclass_31bf3856ad364e35_6.1.7601.23033_none_60dec351af13cb34\stream.sys : 54,656 : 06/04/2015 04:34 AM : ab4804ea38071e127a18c344b082699e [Pos Repl] * C:\Windows\System32\drivers\swenum.sys : 12,240 : 07/13/2009 05:19 PM : e58c78a848add9610a4db6d214af5224 [NoSig] +-> C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\swenum.sys : 12,240 : 07/13/2009 05:19 PM : e58c78a848add9610a4db6d214af5224 [Pos Repl] +-> C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\swenum.sys : 12,240 : 07/13/2009 05:19 PM : e58c78a848add9610a4db6d214af5224 [Pos Repl] * C:\Windows\System32\drivers\tape.sys : 24,576 : 07/13/2009 03:45 PM : 949c35bf4ae6c110a924ab5e2175dda7 [NoSig] +-> C:\Windows\winsxs\x86_microsoft.windows.h..pedrive-driverclass_31bf3856ad364e35_6.1.7600.16385_none_9200269b1ea20fd1\tape.sys : 24,576 : 07/13/2009 03:45 PM : 949c35bf4ae6c110a924ab5e2175dda7 [Pos Repl] * C:\Windows\System32\Drivers\tcpip.sys : 1,294,272 : 06/03/2015 07:09 PM : 5579dd18546999f5d0ec39d018726c6b [NoSig] +-> C:\Windows\erdnt\cache\tcpip.sys : 1,294,272 : 06/03/2015 07:09 PM : 5579dd18546999f5d0ec39d018726c6b [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_b5257c3dc4a85a01\tcpip.sys : 1,290,112 : 11/20/2010 04:30 AM : 37e8fa3779668837ca9e2c36d2415949 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17964_none_b4ef7439c4d0da52\tcpip.sys : 1,293,680 : 10/03/2012 08:58 AM : e23a56f843e2aebbb209d0acca73c640 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18254_none_b4fa2013c4c8ebf1\tcpip.sys : 1,294,272 : 06/03/2015 09:12 PM : ca59f7c570af70bc174f477cfe2d9ee3 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18438_none_b513c4dfc4b513b9\tcpip.sys : 1,294,272 : 06/03/2015 07:09 PM : 5579dd18546999f5d0ec39d018726c6b [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22124_none_b5a428d6ddce3d9a\tcpip.sys : 1,308,040 : 10/03/2012 08:44 AM : d490dd0a91b4eac3b4ee08d11ee37c31 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22444_none_b58e8eb0ddde6cf1\tcpip.sys : 1,309,120 : 06/03/2015 09:12 PM : 6c4f3d92764ffa22d28061a4d9235446 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22648_none_b59293a4dddacc9b\tcpip.sys : 1,310,144 : 04/04/2014 06:16 PM : ea47ab18e289333ab94397d77ca6e3a1 [Pos Repl] * C:\Windows\System32\drivers\tdi.sys : 21,504 : 11/20/2010 00:39 AM : 2f885864d5bc8a16c86bee595969a48a [NoSig] +-> C:\Windows\winsxs\x86_microsoft-windows-tdi-driver_31bf3856ad364e35_6.1.7601.17514_none_68f5b27794389235\tdi.sys : 21,504 : 11/20/2010 00:39 AM : 2f885864d5bc8a16c86bee595969a48a [Pos Repl] * C:\Windows\System32\drivers\tdpipe.sys : 18,432 : 11/20/2010 02:21 AM : 1cb91b2bd8f6dd367dfc2ef26fd751b2 [NoSig] +-> C:\Windows\winsxs\x86_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.1.7601.17514_none_ddb3a157a2f95be2\tdpipe.sys : 18,432 : 11/20/2010 02:21 AM : 1cb91b2bd8f6dd367dfc2ef26fd751b2 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.1.7601.17779_none_dd77c70da3257c89\tdpipe.sys : 18,432 : 11/20/2010 02:21 AM : 1cb91b2bd8f6dd367dfc2ef26fd751b2 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.1.7601.21924_none_de3273e8bc1f0f12\tdpipe.sys : 18,432 : 11/20/2010 02:21 AM : 1cb91b2bd8f6dd367dfc2ef26fd751b2 [Pos Repl] * C:\Windows\System32\drivers\tdtcp.sys : 24,576 : 06/03/2015 06:26 PM : 2c2c5afe7ee4f620d69c23c0617651a8 [NoSig] +-> C:\Windows\winsxs\x86_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.1.7601.17514_none_ddb3a157a2f95be2\tdtcp.sys : 24,576 : 11/20/2010 02:21 AM : 2c10395baa4847f83042813c515cc289 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.1.7601.17779_none_dd77c70da3257c89\tdtcp.sys : 24,576 : 06/03/2015 06:26 PM : 2c2c5afe7ee4f620d69c23c0617651a8 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.1.7601.21924_none_de3273e8bc1f0f12\tdtcp.sys : 24,576 : 06/03/2015 06:26 PM : 010560bc6586d1c1cc7cef24b5db4d94 [Pos Repl] * C:\Windows\System32\drivers\tdx.sys : 74,752 : 11/11/2015 09:03 AM : bb8817d0508dd5ea69c770c8def5ab67 [NoSig] +-> C:\Windows\erdnt\cache\tdx.sys : 74,752 : 11/11/2015 09:03 AM : bb8817d0508dd5ea69c770c8def5ab67 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_ec4532373a57c1c2\tdx.sys : 74,752 : 11/20/2010 00:39 AM : b459575348c20e8121d6039da063c704 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.18658_none_ec1ddecd3a74adaa\tdx.sys : 74,752 : 11/10/2014 05:32 PM : 7fe680a3dfa421c4a8e4879ae4c5aab0 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.19031_none_ec2c5a733a6aef1e\tdx.sys : 74,752 : 11/11/2015 09:03 AM : bb8817d0508dd5ea69c770c8def5ab67 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.22865_none_ec99acb4539d1a87\tdx.sys : 74,752 : 11/10/2014 05:40 PM : d4eb5d50a5171245223ed7bc6427fbcd [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.23237_none_ecbbfae053832419\tdx.sys : 74,752 : 11/11/2015 09:03 AM : 0e5c6676f9abdb1c54c461ea5ba8175b [Pos Repl] * C:\Windows\System32\drivers\termdd.sys : 53,120 : 11/20/2010 04:30 AM : 04dbf4b01ea4bf25a9a3e84affac9b20 [NoSig] +-> C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\termdd.sys : 53,120 : 11/20/2010 04:30 AM : 04dbf4b01ea4bf25a9a3e84affac9b20 [Pos Repl] +-> C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\termdd.sys : 53,120 : 11/20/2010 04:30 AM : 04dbf4b01ea4bf25a9a3e84affac9b20 [Pos Repl] * C:\Windows\System32\drivers\udfs.sys : 246,784 : 11/20/2010 00:42 AM : ee43346c7e4b5e63e54f927babbb32ff [NoSig] +-> C:\Windows\winsxs\x86_microsoft-windows-udfs_31bf3856ad364e35_6.1.7601.17514_none_a881022e7b25c9ef\udfs.sys : 246,784 : 11/20/2010 00:42 AM : ee43346c7e4b5e63e54f927babbb32ff [Pos Repl] * C:\Windows\System32\drivers\usb8023.sys : 15,872 : 02/11/2013 07:32 PM : fe8a57c8e04edd3aa8add8f3c8f65297 [NoSig] +-> C:\Windows\winsxs\x86_microsoft-windows-rndis-usb-microport_31bf3856ad364e35_6.1.7600.16385_none_c4c31b1bb3fed11a\usb8023.sys : 15,872 : 07/13/2009 03:54 PM : b71da871254d96d0349639d03e4c1cc1 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-rndis-usb-microport_31bf3856ad364e35_6.1.7601.18076_none_c6b52fa9b11c56e6\usb8023.sys : 15,872 : 02/11/2013 07:32 PM : fe8a57c8e04edd3aa8add8f3c8f65297 [Pos Repl] +-> C:\Windows\winsxs\x86_microsoft-windows-rndis-usb-microport_31bf3856ad364e35_6.1.7601.22248_none_c7613eb2ca1fd2b2\usb8023.sys : 15,872 : 02/11/2013 07:20 PM : 81c26bc6f9c73334df29b859ad3e5659 [Pos Repl] * C:\Windows\System32\drivers\usbcamd2.sys : 25,856 : 11/20/2010 02:00 AM : e071e5be621fec4590117c488a78ae32 [NoSig] +-> C:\Windows\winsxs\x86_microsoft-windows-usbcamd_31bf3856ad364e35_6.1.7601.17514_none_a18fcb7bd67d2768\USBCAMD2.sys : 25,856 : 11/20/2010 02:00 AM : e071e5be621fec4590117c488a78ae32 [Pos Repl] * C:\Windows\System32\drivers\usbcamd.sys : 25,856 : 11/20/2010 02:00 AM : fd82d2b38c465a55c527e339ba1201b1 [NoSig] +-> C:\Windows\winsxs\x86_microsoft-windows-usbcamd_31bf3856ad364e35_6.1.7601.17514_none_a18fcb7bd67d2768\USBCAMD.sys : 25,856 : 11/20/2010 02:00 AM : fd82d2b38c465a55c527e339ba1201b1 [Pos Repl] * C:\Windows\System32\drivers\usbccgp.sys : 76,288 : 06/03/2015 07:06 PM : 0803fba9fe829d61ae26ec0bcc910c46 [NoSig] +-> C:\Windows\System32\DriverStore\FileRepository\usb.inf_x86_neutral_2620fd493cad7d41\usbccgp.sys : 75,776 : 11/20/2010 02:00 AM : 7e72e7d7e0757d59481d530fd2b0bfae [Pos Repl] +-> C:\Windows\System32\DriverStore\FileRepository\usb.inf_x86_neutral_4232097e28daf017\usbccgp.sys : 76,288 : 06/03/2015 07:06 PM : 0803fba9fe829d61ae26ec0bcc910c46 [Pos Repl] +-> C:\Windows\winsxs\x86_usb.inf_31bf3856ad364e35_6.1.7601.17514_none_ccffd0e16cb46c7a\usbccgp.sys : 75,776 : 11/20/2010 02:00 AM : 7e72e7d7e0757d59481d530fd2b0bfae [Pos Repl] +-> C:\Windows\winsxs\x86_usb.inf_31bf3856ad364e35_6.1.7601.18328_none_ccf8e7896cb90d1a\usbccgp.sys : 76,288 : 06/03/2015 07:06 PM : 0803fba9fe829d61ae26ec0bcc910c46 [Pos Repl] +-> C:\Windows\winsxs\x86_usb.inf_31bf3856ad364e35_6.1.7601.22526_none_cd8085a685d8775d\usbccgp.sys : 76,288 : 06/03/2015 07:06 PM : 5620619ce693aadf8767cda00f940bee [Pos Repl] * C:\Windows\System32\drivers\usbd.sys : 6,016 : 06/03/2015 07:06 PM : 74f805ab12eb0e3e49e469f19ff02640 [NoSig] +-> C:\Windows\System32\DriverStore\FileRepository\usbport.inf_x86_neutral_d53c05ca022d95f2\usbd.sys : 6,016 : 06/03/2015 07:06 PM : 74f805ab12eb0e3e49e469f19ff02640 [Pos Repl] +-> C:\Windows\System32\DriverStore\FileRepository\usbport.inf_x86_neutral_f9abf85fd00186bd\usbd.sys : 5,888 : 07/13/2009 03:51 PM : 18e71ea0e063037a5c3c8272a5262b7c [Pos Repl] +-> C:\Windows\winsxs\x86_usbport.inf_31bf3856ad364e35_6.1.7601.17514_none_bfc9c95e61cfba61\usbd.sys : 5,888 : 07/13/2009 03:51 PM : 18e71ea0e063037a5c3c8272a5262b7c [Pos Repl] +-> C:\Windows\winsxs\x86_usbport.inf_31bf3856ad364e35_6.1.7601.18328_none_bfc2e00661d45b01\usbd.sys : 6,016 : 06/03/2015 07:06 PM : 74f805ab12eb0e3e49e469f19ff02640 [Pos Repl] +-> C:\Windows\winsxs\x86_usbport.inf_31bf3856ad364e35_6.1.7601.22526_none_c04a7e237af3c544\usbd.sys : 6,016 : 06/03/2015 07:06 PM : 7c2bc8d0fcbb45ca9231e4743b0d04fb [Pos Repl] * C:\Windows\System32\drivers\usbehci.sys : 43,520 : 06/03/2015 07:06 PM : d40855f89b69305140bbd7e9a3ba2da6 [NoSig] +-> C:\Windows\System32\DriverStore\FileRepository\usbport.inf_x86_neutral_d53c05ca022d95f2\usbehci.sys : 43,520 : 06/03/2015 07:06 PM : d40855f89b69305140bbd7e9a3ba2da6 [Pos Repl] +-> C:\Windows\System32\DriverStore\FileRepository\usbport.inf_x86_neutral_f9abf85fd00186bd\usbehci.sys : 42,496 : 11/20/2010 01:59 AM : cfbce999c057d78979a181c9c60f208e [Pos Repl] +-> C:\Windows\winsxs\x86_usbport.inf_31bf3856ad364e35_6.1.7601.17514_none_bfc9c95e61cfba61\usbehci.sys : 42,496 : 11/20/2010 01:59 AM : cfbce999c057d78979a181c9c60f208e [Pos Repl] +-> C:\Windows\winsxs\x86_usbport.inf_31bf3856ad364e35_6.1.7601.18328_none_bfc2e00661d45b01\usbehci.sys : 43,520 : 06/03/2015 07:06 PM : d40855f89b69305140bbd7e9a3ba2da6 [Pos Repl] +-> C:\Windows\winsxs\x86_usbport.inf_31bf3856ad364e35_6.1.7601.22526_none_c04a7e237af3c544\usbehci.sys : 43,520 : 06/03/2015 07:06 PM : 3735f2a99c5ea762d869748333c83ce8 [Pos Repl] * C:\Windows\System32\drivers\usbhub.sys : 258,560 : 06/03/2015 07:06 PM : edf2df71c4f1e13a6ac75f5224de655a [NoSig] +-> C:\Windows\System32\DriverStore\FileRepository\usb.inf_x86_neutral_2620fd493cad7d41\usbhub.sys : 258,560 : 11/20/2010 02:01 AM : 9d22aad9ac6a07c691a1113e5f860868 [Pos Repl] +-> C:\Windows\System32\DriverStore\FileRepository\usb.inf_x86_neutral_4232097e28daf017\usbhub.sys : 258,560 : 06/03/2015 07:06 PM : edf2df71c4f1e13a6ac75f5224de655a [Pos Repl] +-> C:\Windows\System32\DriverStore\FileRepository\usbport.inf_x86_neutral_d53c05ca022d95f2\usbhub.sys : 258,560 : 06/03/2015 07:06 PM : edf2df71c4f1e13a6ac75f5224de655a [Pos Repl] +-> C:\Windows\System32\DriverStore\FileRepository\usbport.inf_x86_neutral_f9abf85fd00186bd\usbhub.sys : 258,560 : 11/20/2010 02:01 AM : 9d22aad9ac6a07c691a1113e5f860868 [Pos Repl] +-> C:\Windows\winsxs\x86_usb.inf_31bf3856ad364e35_6.1.7601.17514_none_ccffd0e16cb46c7a\usbhub.sys : 258,560 : 11/20/2010 02:01 AM : 9d22aad9ac6a07c691a1113e5f860868 [Pos Repl] +-> C:\Windows\winsxs\x86_usb.inf_31bf3856ad364e35_6.1.7601.18328_none_ccf8e7896cb90d1a\usbhub.sys : 258,560 : 06/03/2015 07:06 PM : edf2df71c4f1e13a6ac75f5224de655a [Pos Repl] +-> C:\Windows\winsxs\x86_usb.inf_31bf3856ad364e35_6.1.7601.22526_none_cd8085a685d8775d\usbhub.sys : 258,560 : 06/03/2015 07:06 PM : 7de31b21fa92ee427c058c44ceb7859b [Pos Repl] +-> C:\Windows\winsxs\x86_usbport.inf_31bf3856ad364e35_6.1.7601.17514_none_bfc9c95e61cfba61\usbhub.sys : 258,560 : 11/20/2010 02:01 AM : 9d22aad9ac6a07c691a1113e5f860868 [Pos Repl] +-> C:\Windows\winsxs\x86_usbport.inf_31bf3856ad364e35_6.1.7601.18328_none_bfc2e00661d45b01\usbhub.sys : 258,560 : 06/03/2015 07:06 PM : edf2df71c4f1e13a6ac75f5224de655a [Pos Repl] +-> C:\Windows\winsxs\x86_usbport.inf_31bf3856ad364e35_6.1.7601.22526_none_c04a7e237af3c544\usbhub.sys : 258,560 : 06/03/2015 07:06 PM : 7de31b21fa92ee427c058c44ceb7859b [Pos Repl] * C:\Windows\System32\drivers\usbport.sys : 284,672 : 06/03/2015 07:06 PM : ec2c5af37b76d7b58c642cb74423db7a [NoSig] +-> C:\Windows\System32\DriverStore\FileRepository\usbport.inf_x86_neutral_d53c05ca022d95f2\usbport.sys : 284,672 : 06/03/2015 07:06 PM : ec2c5af37b76d7b58c642cb74423db7a [Pos Repl] +-> C:\Windows\System32\DriverStore\FileRepository\usbport.inf_x86_neutral_f9abf85fd00186bd\usbport.sys : 284,672 : 11/20/2010 02:00 AM : f3adcfb2f0ba791a26ac8e9c33d7e20e [Pos Repl] +-> C:\Windows\winsxs\x86_usbport.inf_31bf3856ad364e35_6.1.7601.17514_none_bfc9c95e61cfba61\usbport.sys : 284,672 : 11/20/2010 02:00 AM : f3adcfb2f0ba791a26ac8e9c33d7e20e [Pos Repl] +-> C:\Windows\winsxs\x86_usbport.inf_31bf3856ad364e35_6.1.7601.18328_none_bfc2e00661d45b01\usbport.sys : 284,672 : 06/03/2015 07:06 PM : ec2c5af37b76d7b58c642cb74423db7a [Pos Repl] +-> C:\Windows\winsxs\x86_usbport.inf_31bf3856ad364e35_6.1.7601.22526_none_c04a7e237af3c544\usbport.sys : 284,672 : 06/03/2015 07:06 PM : 7855d97212a9a62d1105a44729d0a4ca [Pos Repl] * C:\Windows\System32\drivers\USBSTOR.sys : 76,288 : 06/04/2015 09:33 AM : f991ab9cc6b908db552166768176896a [NoSig] +-> C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_x86_neutral_c77d41a490bdc63d\USBSTOR.SYS : 76,288 : 11/20/2010 02:00 AM : bf63ebfc6979fefb2bc03df7989a0c1a [Pos Repl] +-> C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_x86_neutral_e6d53e776821c5b8\USBSTOR.SYS : 76,288 : 06/04/2015 09:33 AM : f991ab9cc6b908db552166768176896a [Pos Repl] +-> C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.1.7601.17514_none_4a8db8a1f615344e\USBSTOR.SYS : 76,288 : 11/20/2010 02:00 AM : bf63ebfc6979fefb2bc03df7989a0c1a [Pos Repl] +-> C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.1.7601.17577_none_4a4fd9f7f64327f9\USBSTOR.SYS : 76,288 : 06/04/2015 09:33 AM : f991ab9cc6b908db552166768176896a [Pos Repl] +-> C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.1.7601.21680_none_4ac7a4d10f6f3253\USBSTOR.SYS : 76,288 : 06/04/2015 09:33 AM : 6a3db51d317307f3ac65cb127b9a2beb [Pos Repl] * C:\Windows\System32\drivers\usbuhci.sys : 24,064 : 06/03/2015 07:06 PM : 800aabfd625eeff899f7e5496bde37ab [NoSig] +-> C:\Windows\System32\DriverStore\FileRepository\usbport.inf_x86_neutral_d53c05ca022d95f2\usbuhci.sys : 24,064 : 06/03/2015 07:06 PM : 800aabfd625eeff899f7e5496bde37ab [Pos Repl] +-> C:\Windows\System32\DriverStore\FileRepository\usbport.inf_x86_neutral_f9abf85fd00186bd\usbuhci.sys : 24,064 : 07/13/2009 03:51 PM : 78780c3ebce17405b1ccd07a3a8a7d72 [Pos Repl] +-> C:\Windows\winsxs\x86_usbport.inf_31bf3856ad364e35_6.1.7601.17514_none_bfc9c95e61cfba61\usbuhci.sys : 24,064 : 07/13/2009 03:51 PM : 78780c3ebce17405b1ccd07a3a8a7d72 [Pos Repl] +-> C:\Windows\winsxs\x86_usbport.inf_31bf3856ad364e35_6.1.7601.18328_none_bfc2e00661d45b01\usbuhci.sys : 24,064 : 06/03/2015 07:06 PM : 800aabfd625eeff899f7e5496bde37ab [Pos Repl] +-> C:\Windows\winsxs\x86_usbport.inf_31bf3856ad364e35_6.1.7601.22526_none_c04a7e237af3c544\usbuhci.sys : 24,576 : 06/03/2015 07:06 PM : 876a815194383359f9f22833d4057138 [Pos Repl] * C:\Windows\System32\drivers\vga.sys : 25,088 : 07/13/2009 03:25 PM : 8e38096ad5c8570a6f1570a61e251561 [NoSig] +-> C:\Windows\winsxs\x86_microsoft-windows-standardvga_31bf3856ad364e35_6.1.7600.16385_none_9c6287a93b5351ec\vga.sys : 25,088 : 07/13/2009 03:25 PM : 8e38096ad5c8570a6f1570a61e251561 [Pos Repl] * C:\Windows\System32\drivers\videoprt.sys : 111,616 : 07/13/2009 03:25 PM : 15c126d1b55814b9e5cab10a9c1f4c67 [NoSig] +-> C:\Windows\winsxs\x86_microsoft-windows-videoport_31bf3856ad364e35_6.1.7600.16385_none_bbf0a23665b80f3d\videoprt.sys : 111,616 : 07/13/2009 03:25 PM : 15c126d1b55814b9e5cab10a9c1f4c67 [Pos Repl] * C:\Windows\System32\drivers\volsnap.sys : 245,632 : 11/20/2010 04:30 AM : f497f67932c6fa693d7de2780631cfe7 [NoSig] +-> C:\Windows\System32\DriverStore\FileRepository\volume.inf_x86_neutral_6dee0205881d1a1d\volsnap.sys : 245,632 : 11/20/2010 04:30 AM : f497f67932c6fa693d7de2780631cfe7 [Pos Repl] +-> C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_17be216c5a5713d8\volsnap.sys : 245,632 : 11/20/2010 04:30 AM : f497f67932c6fa693d7de2780631cfe7 [Pos Repl] * C:\Windows\System32\drivers\wanarp.sys : 63,488 : 11/20/2010 02:07 AM : 3c3c78515f5ab448b022bdf5b8ffdd2e [NoSig] +-> C:\Windows\winsxs\x86_microsoft-windows-rasbase_31bf3856ad364e35_6.1.7601.17514_none_0fe7d1ccd8b15e24\wanarp.sys : 63,488 : 11/20/2010 02:07 AM : 3c3c78515f5ab448b022bdf5b8ffdd2e [Pos Repl] * C:\Windows\System32\drivers\wmilib.sys : 14,912 : 07/13/2009 05:19 PM : 9a5b1059fe015db5269fbb25acbf841d [NoSig] +-> C:\Windows\winsxs\x86_microsoft-windows-wmilib_31bf3856ad364e35_6.1.7600.16385_none_592b507a658046bb\wmilib.sys : 14,912 : 07/13/2009 05:19 PM : 9a5b1059fe015db5269fbb25acbf841d [Pos Repl] * C:\Windows\System32\drivers\ws2ifsl.sys : 16,384 : 07/13/2009 03:55 PM : 6db3276587b853bf886b69528fdb048c [NoSig] +-> C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys : 16,384 : 07/13/2009 03:55 PM : 6db3276587b853bf886b69528fdb048c [Pos Repl] Checking HOSTS File: * HOSTS file entries found: 127.0.0.1 localhost ::1 localhost 0.0.0.0 www2.a-counter.kiev.ua 0.0.0.0 wad.adbasket.net 0.0.0.0 show.adclick.lv 0.0.0.0 servedby.adcombination.com 0.0.0.0 www.adexit.com 0.0.0.0 222-33544_999.pub.adfirmative.com 0.0.0.0 c.adfirmative.com 0.0.0.0 rc.de.adlink.net 0.0.0.0 tr.de.adlink.net 0.0.0.0 adloyal.pl 0.0.0.0 ad.admamba.com 0.0.0.0 ads.admodus.com 0.0.0.0 img.adnet.com.tr 0.0.0.0 tt11.adobe.com 0.0.0.0 ad02.adonspot.com 0.0.0.0 e.adpower.bg 0.0.0.0 pop.adrent.net 0.0.0.0 cntr.adrime.com 20 out of 395486 HOSTS entries shown. Please review HOSTS file for further entries. Program finished at: 01/01/2016 11:51:49 AM Execution time: 0 hours(s), 35 minute(s), and 39 seconds(s)
  5. Hey Kris, I tried to get the pic, but it's hard for me to use the laptop mouse pad thingy. Also I didn't realize until just now that I forgot to run ZHPcleaner. Want me to go do that one or skip it. Here are the others logs starting with the fresh JRT that Gus requested. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.0.1 (11.24.2015) Operating System: Windows 7 Professional x64 Ran by Nancy (Administrator) on Thu 12/31/2015 at 16:03:02.92 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 0 Registry: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Thu 12/31/2015 at 16:09:08.71 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Zemana AntiMalware 2.19.2.797 (Installed) ------------------------------------------------------- Scan Result : Completed Scan Date : 2015/12/31 Operating System : Windows 7 64-bit Processor : 4X Intel(R) Core(TM) i7-3520M CPU @ 2.90GHz BIOS Mode : Legacy CUID : 00EC26F6FBE3F64DEB0A5D Scan Type : Deep Scan Duration : 27m 7s Scanned Objects : 268852 Detected Objects : 3 Excluded Objects : 0 Read Level : SCSI Auto Upload : Yes Include All Extensions : No Scan Documents : No Domain Info : WORKGROUP,0,2 Detected Objects ------------------------------------------------------- Chrome Startup Url Status : Scanned Object : http://www.trovi.com/?gd=&ctid=CT3324369&octid=EB_ORIGINAL_CTID&ISID=M5981B495-0909-4CC0-852B-84EE7AC585BB&SearchSource=55&CUI=&UM=5&UP=SPCB043DAE-D790-45A0-AF3C-F7934D2AF8E4&SSPV= MD5 : - Publisher : - Size : - Version : - Detection : Suspicious Browser Setting Cleaning Action : Repair Traces : Browser Setting - Chrome Startup Url Chrome Startup Url Status : Scanned Object : http://speedial.com/?f=7&a=spd_cmi_14_26_ch&cd=2XzuyEtN2Y1L1QzuyCtDtDtBzytBtDzyyE0FyD0ByEyE0EtBtN0D0Tzu0SzytDyBtN1L2XzutBtFtBtCtFtCtDtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StByByDyEtA0D0DyDtG0AyCyC0EtGyEyE0A0BtGtD0F0BtCtGyD0A0A0DtDtA0CtAyBtB0EtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtA0DyEyEtDtByCtGyD0A0EtBtG0BtByE0EtGyDtAyC0CtGtCyDyCyDyB0BzzyEzzyD0AyB2Q&cr=705865216&ir= MD5 : - Publisher : - Size : - Version : - Detection : Suspicious Browser Setting Cleaning Action : Repair Traces : Browser Setting - Chrome Startup Url AdwCleaner.exe Status : Scanned Object : %userprofile%\downloads\adwcleaner.exe MD5 : 76F7569DB01B4D65431B0E6BBBDD261D Publisher : - Size : 1743360 Version : 5.0.2.6 Detection : Heur.Malicious!Pa Cleaning Action : Quarantine Traces : File - %userprofile%\downloads\adwcleaner.exe Cleaning Result ------------------------------------------------------- Cleaned : 3 Reported as safe : 0 Failed : 0 SecurityCheck by glax24 v.1.4.0.32 [01.11.15] WebSite: www.safezone.cc DateLog: 31.12.2015 16:23:16 Path starting: C:\Users\Nancy\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe Log directory: C:\SecurityCheck\ IsAdmin: True User: Nancy VersionXML: 2.22is-29.12.2015 ___________________________________________________________________________ Windows 7(6.1.7601) Service Pack 1 (x64) Professional Lang: English(0409) Installation date OS: 20.02.2015 20:37:07 LicenseStatus: Windows(R) 7, Professional edition The machine is permanently activated. Boot Mode: Normal Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe SystemDrive: C: FS: [NTFS] Capacity: [420.7 Gb] Used: [413.4 Gb] Free: [7.3 Gb] ------------------------------- [ Windows ] ------------------------------- Internet Explorer 11.0.9600.18124 User Account Control enabled Automatic download and scheduled installation Date install updates: 2015-12-29 18:36:15 Windows Update (wuauserv) - The service is running Security Center (wscsvc) - The service is running Remote Registry (RemoteRegistry) - The service has stopped ---------------------------- [ Antivirus_WMI ] ---------------------------- avast! Antivirus (enabled and up to date) --------------------------- [ FirewallWindows ] --------------------------- Windows Firewall (MpsSvc) - The service is running --------------------------- [ AntiSpyware_WMI ] --------------------------- Windows Defender (enabled and up to date) avast! Antivirus (enabled and up to date) ---------------------- [ AntiVirusFirewallInstall ] ----------------------- Avast Free Antivirus v.11.1.2245 -------------------------- [ SecurityUtilities ] -------------------------- Malwarebytes Anti-Malware version 2.2.0.1024 v.2.2.0.1024 --------------------------- [ OtherUtilities ] ---------------------------- VLC media player 2.1.2 v.2.1.2 Warning! Download Update --------------------------------- [ IM ] ---------------------------------- Skype™ 7.15 v.7.15.103 Warning! Download Update ^Optional update.^ --------------------------- [ AppleProduction ] --------------------------- Bonjour v.3.0.0.10 Warning! Download Update ^Please use Apple Software Update tool.^ iTunes v.12.2.2.25 Warning! Download Update ^Please use Apple Software Update tool.^ Bonjour Service (Bonjour Service) - The service is running --------------------------- [ AdobeProduction ] --------------------------- Adobe AIR v.16.0.0.245 Warning! Download Update Adobe Flash Player 20 ActiveX v.20.0.0.267 Adobe Reader X (10.1.16) MUI v.10.1.16 Warning! Download Update Uninstall old version and install new one. ------------------------------- [ Browser ] ------------------------------- Google Chrome v.47.0.2526.106 Mozilla Firefox 37.0.1 (x86 en-US) v.37.0.1 Warning! Download Update --------------------------- [ RunningProcess ] ---------------------------- C:\Program Files\AVAST Software\Avast\AvastSvc.exe v.11.1.2245.1540 C:\Program Files\AVAST Software\Avast\AvastUI.exe v.11.1.2245.1540 C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe v.2.3.125.0 C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe v.3.1.6.0 C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe v.3.2.19.0 c:\program files\windows defender\MpCmdRun.exe v.6.1.7600.16385 ---------------------------- [ UnwantedApps ] ----------------------------- Skype Click to Call v.7.5.0.9082 Warning! Browser's toolbar. It can slow down the working of your browser and have violation privacy problems. ----------------------------- [ End of Log ] ------------------------------ Adware Removal Tool found no results and saved no log. http://imgur.com/Nza8uEs
  6. Hey Gus, So, if I understand you correctly post a fresh JRT and then re-run the fixlist, or am I misunderstanding the instructions? Also, noted. I will not install any new programs from this point forward, I was attempting to free up enough space to run the scan in the first place is all. Any idea why the HD is suddenly filling up on us? My thoughts was it was related to DropBox, is that a possibility?
  7. Fresh FRST and Addition if you need them. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-12-2015 Ran by Nancy (administrator) on NANCY-THINK (30-12-2015 15:08:32) Running from C:\Users\Nancy\Desktop Loaded Profiles: Nancy (Available Profiles: Nancy) Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Lenovo.) C:\Windows\System32\ibmpmsvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Tablet Shortcut\TSMService.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (© 2015 Microsoft Corporation) C:\Users\Nancy\AppData\Local\Microsoft\BingSvc\BingSvc.exe (Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Tablet Shortcut\TSMResident.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13653208 2013-09-13] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-30] (Realtek Semiconductor) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-08-13] (Apple Inc.) HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.) HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133400 2012-02-28] (Intel Corporation) HKLM-x32\...\Run: [TSMResident] => C:\Program Files (x86)\ThinkPad\Tablet Shortcut\TSMRESIDENT.EXE [485336 2012-01-27] (Lenovo Group Limited) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-07-18] (Intel Corporation) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2015-12-25] (AVAST Software) HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [508656 2012-08-31] (Dolby Laboratories Inc.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [24952376 2015-12-21] (Dropbox, Inc.) Winlogon\Notify\igfxcui: C:\Windows\SYSTEM32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3978699618-3184049334-1933831361-1000\...\Run: [BingSvc] => C:\Users\Nancy\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-11] (© 2015 Microsoft Corporation) HKU\S-1-5-21-3978699618-3184049334-1933831361-1000\...\Run: [HP ENVY 4500 series (NET)] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP) HKU\S-1-5-21-3978699618-3184049334-1933831361-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8590760 2015-12-08] (Piriform Ltd) HKU\S-1-5-21-3978699618-3184049334-1933831361-1000\...\MountPoints2: {c19e4149-9741-11e4-923f-806e6f6e6963} - Q:\LenovoQDrive.exe Lsa: [Notification Packages] scecli C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-12-25] (AVAST Software) ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-21] (Dropbox, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2015-07-21] ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\Users\Nancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-12-17] ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 Tcpip\..\Interfaces\{A06C1286-9309-49A0-AC09-1FF1560B5C20}: [DhcpNameServer] 75.75.75.75 75.75.76.76 Tcpip\..\Interfaces\{A42E1BEF-D5C9-43C5-BB8B-D1940F8E4BF7}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKU\S-1-5-21-3978699618-3184049334-1933831361-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13-comm.msn.com/?pc=LNJB HKU\S-1-5-21-3978699618-3184049334-1933831361-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13-comm.msn.com/?pc=LNJB HKU\S-1-5-21-3978699618-3184049334-1933831361-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://home.lenovo.com HKU\S-1-5-21-3978699618-3184049334-1933831361-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://home.lenovo.com HKU\S-1-5-21-3978699618-3184049334-1933831361-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/1ewenusDefaultPack/SK2M_FRPage BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-12-15] (Microsoft Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-12-25] (AVAST Software) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-12-15] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-12-15] (Microsoft Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-12-25] (AVAST Software) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-12-15] (Microsoft Corporation) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-05-04] (Microsoft Corporation) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Nancy\AppData\Roaming\Mozilla\Firefox\Profiles\5txw4ulo.default FF DefaultSearchEngine: Bing FF SelectedSearchEngine: Bing FF SearchEngineOrder.3: Bing FF Keyword.URL: hxxp://www.bing.com/search?FORM=SK2ADF&PC=SK2A&q= FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-05] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-05] (Intel Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-05-04] (Microsoft Corporation) FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2013-06-17] (Nitro PDF) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.) FF Extension: Bing Search - C:\Users\Nancy\AppData\Roaming\Mozilla\Firefox\Profiles\5txw4ulo.default\Extensions\bingsearch.full@microsoft.com [2015-12-25] [not signed] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-10-08] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-25] FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2015-12-25] Chrome: ======= CHR HomePage: Default -> hxxp://mysearch.avg.com?cid={581B5146-72B9-4870-BC3B-2B9119025B0D}&mid=5da24c3e294747d2a284c56461f83549-466bd3acdd16b60674841d15a2d14e120db4be49&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2014-06-23 07:57:46&v=3.0.0.2&pid=wtu&sg=&sap=hp CHR StartupUrls: Default -> "chrome://newtab/","hxxp://speedial.com/?f=7&a=spd_cmi_14_26_ch&cd=2XzuyEtN2Y1L1QzuyCtDtDtBzytBtDzyyE0FyD0ByEyE0EtBtN0D0Tzu0SzytDyBtN1L2XzutBtFtBtCtFtCtDtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StByByDyEtA0D0DyDtG0AyCyC0EtGyEyE0A0BtGtD0F0BtCtGyD0A0A0DtDtA0CtAyBtB0EtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtA0DyEyEtDtByCtGyD0A0EtBtG0BtByE0EtGyDtAyC0CtGtCyDyCyDyB0BzzyEzzyD0AyB2Q&cr=705865216&ir=","hxxp://www.trovi.com/?gd=&ctid=CT3324369&octid=EB_ORIGINAL_CTID&ISID=M5981B495-0909-4CC0-852B-84EE7AC585BB&SearchSource=55&CUI=&UM=5&UP=SPCB043DAE-D790-45A0-AF3C-F7934D2AF8E4&SSPV=","hxxp://mysearch.avg.com?cid={9E673517-C454-4696-8860-FB2D7119F410}&mid=05733d4c30e247d2a1ecb14bd4eda6a8-0e771769dee16573ac476074aa220252f58c1565&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-06-29 09:53:58&v=18.1.0.443&pid=safeguard&sg=&sap=hp","hxxp://mysearch.avg.com?cid={9E673517-C454-4696-8860-FB2D7119F410}&mid=05733d4c30e247d2a1ecb14bd4eda6a8-0e771769dee16573ac476074aa220252f58c1565&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2014-06-23 07:57:46&v=18.1.0.443&pid=wtu&sg=&sap=hp","hxxp://mysearch.avg.com?cid={581B5146-72B9-4870-BC3B-2B9119025B0D}&mid=5da24c3e294747d2a284c56461f83549-466bd3acdd16b60674841d15a2d14e120db4be49&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2014-06-23 07:57:46&v=3.1.0.6&pid=wtu&sg=&sap=hp","hxxps://mysearch.avg.com?cid={022B79FB-1BD7-4841-84BE-CF580DA2B223}&mid=30764e78fd6b47d19d7ba9944e491566-b5c5182b6e62cdf490399024317b2a3cd9f31517&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2014-08-28 17:38:15&v=3.2.0.14&pid=wtu&sg=&sap=hp","hxxps://mysearch.avg.com?cid={022B79FB-1BD7-4841-84BE-CF580DA2B223}&mid=30764e78fd6b47d19d7ba9944e491566-b5c5182b6e62cdf490399024317b2a3cd9f31517&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2014-08-28 17:38:15&v=3.2.0.15&pid=wtu&sg=&sap=hp" CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms} CHR DefaultSearchKeyword: Default -> bing.com CHR Profile: C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Drive) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-10] CHR Extension: (Adblock Plus) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-11-27] CHR Extension: (Google Docs Offline) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18] CHR Extension: (Chrome Web Store Payments) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-30] CHR HKLM\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\Exts\Chrome.crx <not found> CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-3978699618-3184049334-1933831361-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bmkckgpgekmanipelfidlhmkfcjicion] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\Exts\Chrome.crx <not found> CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-12-25] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-12-25] CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.) S2 ASRSVC; C:\Program Files (x86)\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe [79136 2010-10-27] (Lenovo Group Limited) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2015-12-25] (AVAST Software) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation) S2 CAMService; C:\Program Files\Intel\CAM\bin\CAMService.exe [1243344 2014-09-03] (Intel® Corporation) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2802360 2015-11-24] (Microsoft Corporation) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-29] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-29] (Dropbox, Inc.) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation) R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [115184 2014-07-08] (Lenovo Group Limited) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2014-12-04] () R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-06-17] (Nitro PDF Software) R2 TabletSVC; C:\Program Files (x86)\ThinkPad\Tablet Shortcut\TSMService.exe [83920 2012-02-08] (Lenovo Group Limited) R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2015-01-08] (Microsoft Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3820960 2014-12-04] (Intel® Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-12-25] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-12-25] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-12-25] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-12-25] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1055560 2015-12-25] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [451040 2015-12-25] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2015-12-25] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-12-25] (AVAST Software) R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170200 2013-03-27] (Broadcom Corporation.) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R1 HBtnKey; C:\Windows\System32\DRIVERS\wstbtndb.sys [17064 2010-06-28] (Lenovo) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-30] (Malwarebytes) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation) R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45296 2014-07-28] (Synaptics Incorporated) R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.) S3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-08] (ThinkVantage Communications Utility) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-12-30 15:08 - 2015-12-30 15:10 - 00026568 _____ C:\Users\Nancy\Desktop\FRST.txt 2015-12-30 14:59 - 2015-12-30 14:59 - 06805328 _____ (Piriform Ltd) C:\Users\Nancy\Downloads\ccsetup513.exe 2015-12-30 14:59 - 2015-12-30 14:59 - 00002796 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2015-12-30 14:59 - 2015-12-30 14:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2015-12-30 14:59 - 2015-12-30 14:59 - 00000000 ____D C:\Program Files\CCleaner 2015-12-30 14:48 - 2015-12-30 14:52 - 00014095 _____ C:\Users\Nancy\Downloads\Fixlog.txt 2015-12-30 12:37 - 2015-12-30 12:37 - 00000000 ___HD C:\OneDriveTemp 2015-12-29 17:21 - 2015-12-30 14:57 - 00000000 ___RD C:\Users\Nancy\Dropbox 2015-12-29 17:14 - 2015-12-29 17:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-12-29 17:13 - 2015-12-29 17:13 - 00000000 ____D C:\Users\Nancy\AppData\Roaming\Dropbox 2015-12-29 17:05 - 2015-12-30 15:10 - 00000906 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job 2015-12-29 17:05 - 2015-12-30 14:56 - 00000000 ____D C:\Users\Nancy\AppData\Local\Dropbox 2015-12-29 17:05 - 2015-12-30 14:53 - 00000902 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job 2015-12-29 17:05 - 2015-12-29 17:14 - 00000000 ____D C:\Program Files (x86)\Dropbox 2015-12-29 17:05 - 2015-12-29 17:05 - 00690072 _____ (Dropbox, Inc.) C:\Users\Nancy\Downloads\DropboxInstaller.exe 2015-12-29 17:05 - 2015-12-29 17:05 - 00003902 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA 2015-12-29 17:05 - 2015-12-29 17:05 - 00003650 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore 2015-12-29 17:05 - 2015-12-29 17:05 - 00000000 ____D C:\ProgramData\Dropbox 2015-12-28 14:42 - 2015-12-30 12:27 - 00129713 _____ C:\Users\Nancy\Desktop\SE TIMELINE.pptx 2015-12-25 15:18 - 2015-12-25 15:19 - 00047479 _____ C:\Users\Nancy\Downloads\FRST.txt 2015-12-25 15:18 - 2015-12-25 15:19 - 00033330 _____ C:\Users\Nancy\Downloads\Addition.txt 2015-12-25 15:17 - 2015-12-30 15:08 - 00000000 ____D C:\FRST 2015-12-25 12:49 - 2015-12-25 12:49 - 00386096 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2015-12-25 12:49 - 2015-12-25 12:49 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr 2015-12-25 12:44 - 2015-12-25 12:44 - 00000982 _____ C:\Users\Nancy\Desktop\JRT.txt 2015-12-25 12:32 - 2015-12-26 13:56 - 00000000 ____D C:\AdwCleaner 2015-12-25 12:31 - 2015-12-25 12:31 - 01599336 _____ (Malwarebytes) C:\Users\Nancy\Downloads\JRT.exe 2015-12-25 12:30 - 2015-12-25 12:30 - 02370560 _____ (Farbar) C:\Users\Nancy\Desktop\FRST64.exe 2015-12-25 12:30 - 2015-12-25 12:30 - 01743360 _____ C:\Users\Nancy\Downloads\AdwCleaner.exe 2015-12-25 12:24 - 2015-12-25 12:24 - 03480040 _____ (McAfee, Inc.) C:\Users\Nancy\Downloads\MCPR.exe 2015-12-25 12:23 - 2015-12-25 12:23 - 00972464 _____ (Foolish IT LLC ) C:\Users\Nancy\Downloads\CryptoPreventSetup (1).exe 2015-12-25 12:22 - 2015-12-25 12:22 - 22908888 _____ (Malwarebytes ) C:\Users\Nancy\Downloads\mbam-setup-2.2.0.1024.exe 2015-12-25 12:20 - 2015-12-25 12:23 - 161199376 _____ (AVAST Software) C:\Users\Nancy\Downloads\avast_free_antivirus_setup (1).exe 2015-12-19 05:38 - 2015-12-20 10:41 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\095A42F0.sys 2015-12-15 16:45 - 2015-12-15 16:45 - 00927262 _____ C:\Users\Nancy\Downloads\Incomplete Report (1).jpeg 2015-12-15 16:45 - 2015-12-15 16:45 - 00007848 _____ C:\Users\Nancy\Downloads\15FA MO SFC Infant Final Grading Rosters (1).pdf 2015-12-10 10:23 - 2015-12-10 10:23 - 00000000 ___RD C:\Users\Nancy\Documents\Notes 2015-12-09 12:31 - 2015-11-20 10:54 - 03170304 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-12-09 12:31 - 2015-11-20 10:54 - 02609152 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-12-09 12:31 - 2015-11-20 10:54 - 00709632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-12-09 12:31 - 2015-11-20 10:54 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-12-09 12:31 - 2015-11-20 10:54 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-12-09 12:31 - 2015-11-20 10:54 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-12-09 12:31 - 2015-11-20 10:54 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2015-12-09 12:31 - 2015-11-20 10:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-12-09 12:31 - 2015-11-20 10:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-12-09 12:31 - 2015-11-20 10:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-12-09 12:31 - 2015-11-20 10:54 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2015-12-09 12:31 - 2015-11-20 10:34 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-12-09 12:31 - 2015-11-20 10:34 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-12-09 12:31 - 2015-11-20 10:34 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-12-09 12:31 - 2015-11-20 10:34 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2015-12-09 12:31 - 2015-11-20 10:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-12-09 12:31 - 2015-11-11 13:12 - 00387792 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-12-09 12:31 - 2015-11-11 12:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-12-09 12:31 - 2015-11-11 10:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll 2015-12-09 12:31 - 2015-11-11 10:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll 2015-12-09 12:31 - 2015-11-11 10:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll 2015-12-09 12:31 - 2015-11-11 10:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll 2015-12-09 12:31 - 2015-11-11 08:21 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-12-09 12:31 - 2015-11-11 08:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-12-09 12:31 - 2015-11-11 07:44 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-12-09 12:31 - 2015-11-11 07:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-12-09 12:31 - 2015-11-11 07:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-12-09 12:31 - 2015-11-11 07:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-12-09 12:31 - 2015-11-11 06:57 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-12-09 12:31 - 2015-11-10 10:55 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-12-09 12:31 - 2015-11-10 10:55 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-12-09 12:31 - 2015-11-10 10:55 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll 2015-12-09 12:31 - 2015-11-10 10:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2015-12-09 12:31 - 2015-11-10 10:37 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll 2015-12-09 12:31 - 2015-11-10 09:47 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-12-09 12:31 - 2015-11-09 16:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-12-09 12:31 - 2015-11-09 16:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-12-09 12:31 - 2015-11-09 16:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-12-09 12:31 - 2015-11-09 16:12 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-12-09 12:31 - 2015-11-09 16:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-12-09 12:31 - 2015-11-09 16:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-12-09 12:31 - 2015-11-09 16:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-12-09 12:31 - 2015-11-09 16:06 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-12-09 12:31 - 2015-11-09 16:06 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-12-09 12:31 - 2015-11-09 16:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-12-09 12:31 - 2015-11-09 16:03 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-12-09 12:31 - 2015-11-09 16:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-12-09 12:31 - 2015-11-09 16:02 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-12-09 12:31 - 2015-11-09 15:50 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-12-09 12:31 - 2015-11-09 15:47 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-12-09 12:31 - 2015-11-09 15:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-12-09 12:31 - 2015-11-09 15:44 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2015-12-09 12:31 - 2015-11-09 15:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2015-12-09 12:31 - 2015-11-09 15:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-12-09 12:31 - 2015-11-09 15:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-12-09 12:31 - 2015-11-09 15:35 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-12-09 12:31 - 2015-11-09 15:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-12-09 12:31 - 2015-11-09 15:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-12-09 12:31 - 2015-11-09 15:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-12-09 12:31 - 2015-11-08 14:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-12-09 12:31 - 2015-11-08 14:32 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-12-09 12:31 - 2015-11-08 14:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-12-09 12:31 - 2015-11-08 14:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-12-09 12:31 - 2015-11-08 14:15 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-12-09 12:31 - 2015-11-08 14:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-12-09 12:31 - 2015-11-08 14:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-12-09 12:31 - 2015-11-08 14:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-12-09 12:31 - 2015-11-08 14:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-12-09 12:31 - 2015-11-08 14:06 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-12-09 12:31 - 2015-11-08 14:04 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-12-09 12:31 - 2015-11-08 14:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-12-09 12:31 - 2015-11-08 14:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-12-09 12:31 - 2015-11-08 14:01 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-12-09 12:31 - 2015-11-08 14:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-12-09 12:31 - 2015-11-08 14:01 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-12-09 12:31 - 2015-11-08 13:52 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-12-09 12:31 - 2015-11-08 13:48 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-12-09 12:31 - 2015-11-08 13:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-12-09 12:31 - 2015-11-08 13:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-12-09 12:31 - 2015-11-08 13:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-12-09 12:31 - 2015-11-08 13:29 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2015-12-09 12:31 - 2015-11-08 13:18 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2015-12-09 12:31 - 2015-11-08 13:15 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-12-09 12:31 - 2015-11-08 13:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-12-09 12:31 - 2015-11-08 13:14 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-12-09 12:31 - 2015-11-08 13:14 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-12-09 12:31 - 2015-11-08 13:13 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-12-09 12:31 - 2015-11-08 12:53 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-12-09 12:31 - 2015-11-08 12:41 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-12-09 12:31 - 2015-11-08 12:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-12-09 12:31 - 2015-11-05 11:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll 2015-12-09 12:31 - 2015-11-05 11:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll 2015-12-09 12:31 - 2015-11-05 11:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2015-12-09 12:31 - 2015-11-05 11:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2015-12-09 12:31 - 2015-11-05 01:53 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys 2015-12-09 12:31 - 2015-11-03 11:04 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll 2015-12-09 12:31 - 2015-11-03 10:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll 2015-12-09 12:31 - 2015-10-08 15:22 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll 2015-12-09 12:31 - 2015-10-08 15:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL 2015-12-09 12:31 - 2015-10-08 15:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll 2015-12-09 12:31 - 2015-10-08 15:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL 2015-12-09 12:31 - 2015-10-08 15:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL 2015-12-09 12:31 - 2015-10-08 15:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll 2015-12-09 12:31 - 2015-10-08 15:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL 2015-12-09 12:31 - 2015-10-08 15:17 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll 2015-12-09 12:31 - 2015-10-08 11:13 - 00419928 _____ C:\Windows\SysWOW64\locale.nls 2015-12-09 12:31 - 2015-10-08 10:52 - 00419928 _____ C:\Windows\system32\locale.nls 2015-12-09 12:30 - 2015-11-03 11:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll 2015-12-09 12:30 - 2015-11-03 10:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll 2015-12-05 11:32 - 2015-12-05 11:32 - 00000000 ____D C:\Users\Nancy\Documents\Bluetooth Exchange Folder 2015-12-05 09:53 - 2015-12-05 09:53 - 00000000 ____D C:\Users\Nancy\Documents\Custom Office Templates 2015-12-03 11:34 - 2015-12-03 11:34 - 02423808 _____ C:\Users\Nancy\Downloads\Orthopedic impairment.ppt 2015-12-03 11:31 - 2015-12-03 11:31 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software 2015-12-03 11:31 - 2015-12-03 11:31 - 00000000 ____D C:\Program Files\Common Files\AV 2015-12-02 14:08 - 2015-12-02 14:11 - 346859724 _____ C:\Users\Nancy\Downloads\Adolescent Great Work (Hershey Farm School) (1).mp4 2015-12-02 13:14 - 2015-12-02 13:14 - 00927262 _____ C:\Users\Nancy\Downloads\Incomplete Report.jpeg 2015-12-02 13:14 - 2015-12-02 13:14 - 00007848 _____ C:\Users\Nancy\Downloads\15FA MO SFC Infant Final Grading Rosters.pdf ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-12-30 15:04 - 2009-07-13 20:45 - 00034432 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-12-30 15:04 - 2009-07-13 20:45 - 00034432 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-12-30 15:02 - 2015-06-05 11:46 - 00000000 ____D C:\Users\Nancy\AppData\Local\CrashDumps 2015-12-30 15:02 - 2015-06-01 09:56 - 00000000 ____D C:\Windows\Minidump 2015-12-30 15:02 - 2012-10-01 11:26 - 00000000 ____D C:\Windows\Panther 2015-12-30 15:02 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf 2015-12-30 15:02 - 2009-07-13 19:20 - 00000000 ____D C:\Windows 2015-12-30 15:01 - 2009-07-13 21:13 - 00786194 _____ C:\Windows\system32\PerfStringBackup.INI 2015-12-30 14:58 - 2015-02-20 12:42 - 00000000 ____D C:\Users\Nancy\AppData\Roaming\Nitro PDF 2015-12-30 14:55 - 2015-05-08 10:36 - 00000000 ___RD C:\Users\Nancy\OneDrive 2015-12-30 14:55 - 2015-04-23 18:32 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-12-30 14:53 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-12-30 14:50 - 2015-11-15 11:50 - 00000000 ____D C:\Users\Nancy\AppData\LocalLow\Temp 2015-12-30 14:49 - 2015-05-08 09:08 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security 2015-12-30 14:49 - 2015-01-08 06:40 - 00000000 ____D C:\Windows\System32\Tasks\TVT 2015-12-30 14:49 - 2015-01-08 06:32 - 00000000 ____D C:\Windows\System32\Tasks\Lenovo 2015-12-30 14:44 - 2015-02-20 12:37 - 00000000 ____D C:\Users\Nancy\AppData\Local\VirtualStore 2015-12-30 14:38 - 2015-02-06 15:38 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-12-30 14:31 - 2015-05-04 14:19 - 00000000 ____D C:\Users\Nancy\Documents\P 2015-12-30 14:30 - 2015-05-04 14:18 - 00000000 ____D C:\Users\Nancy\Documents\M 2015-12-30 14:28 - 2015-05-04 14:18 - 00000000 ____D C:\Users\Nancy\Documents\G 2015-12-30 14:27 - 2015-05-04 14:18 - 00000000 ____D C:\Users\Nancy\Documents\F 2015-12-30 14:27 - 2015-05-04 14:18 - 00000000 ____D C:\Users\Nancy\Documents\E 2015-12-30 14:27 - 2015-05-04 14:17 - 00000000 ____D C:\Users\Nancy\Documents\D 2015-12-30 14:26 - 2015-05-04 14:17 - 00000000 ____D C:\Users\Nancy\Documents\C 2015-12-30 14:24 - 2015-05-04 14:17 - 00000000 ____D C:\Users\Nancy\Documents\A 2015-12-30 12:02 - 2015-04-23 16:43 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2015-12-29 17:33 - 2015-05-04 15:55 - 00000000 ____D C:\Users\Nancy\Desktop\2015 - St. Pete's Sp.Ed 2015-12-29 17:21 - 2015-02-20 12:37 - 00000000 ____D C:\Users\Nancy 2015-12-28 15:38 - 2015-02-06 15:38 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-12-28 15:38 - 2015-02-06 15:38 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-12-28 15:38 - 2015-02-06 15:38 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-12-27 13:15 - 2015-05-03 12:06 - 00000000 ____D C:\Users\Nancy\AppData\Roaming\Skype 2015-12-27 13:12 - 2015-05-03 12:06 - 00000000 ____D C:\ProgramData\Skype 2015-12-27 12:19 - 2015-05-04 14:20 - 00000000 ____D C:\Users\Nancy\Documents\UVWXYZ 2015-12-25 12:50 - 2015-04-23 16:43 - 00451040 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2015-12-25 12:50 - 2015-04-23 16:42 - 00097648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys 2015-12-25 12:49 - 2015-04-23 16:43 - 00273784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys 2015-12-25 12:49 - 2015-04-23 16:43 - 00155304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2015-12-25 12:49 - 2015-04-23 16:43 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2015-12-25 12:49 - 2015-04-23 16:42 - 01055560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2015-12-25 12:49 - 2015-04-23 16:42 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2015-12-25 12:49 - 2015-04-23 16:42 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys 2015-12-25 12:16 - 2015-09-11 13:55 - 00000000 ____D C:\Users\Nancy\AppData\Roaming\vlc 2015-12-20 12:35 - 2015-05-04 15:55 - 00000000 ____D C:\Users\Nancy\Desktop\2015-16 Bay Area 2015-12-18 13:27 - 2015-11-18 14:19 - 00000000 ____D C:\Users\Nancy\AppData\Roaming\HpUpdate 2015-12-16 14:39 - 2015-09-21 09:43 - 00000000 ____D C:\Users\Nancy\Desktop\stuff 2015-12-16 14:13 - 2015-01-08 06:40 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2015-12-16 14:06 - 2015-05-03 07:44 - 00000000 ____D C:\Program Files\Microsoft Office 15 2015-12-14 15:50 - 2015-05-08 10:36 - 00002175 _____ C:\Users\Nancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk 2015-12-10 13:54 - 2015-08-10 13:05 - 00602112 _____ C:\Users\Nancy\Documents\FMP13 Viewing Data.fmp12 2015-12-10 13:54 - 2015-08-10 13:05 - 00212992 _____ C:\Users\Nancy\Documents\FMP13 Layouts.fmp12 2015-12-10 13:54 - 2014-04-17 12:09 - 10473472 _____ C:\Users\Nancy\Documents\FMP13 Getting Started.fmp12 2015-12-10 11:34 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache 2015-12-10 10:53 - 2015-10-30 01:42 - 00000000 ___HD C:\$WINDOWS.~BT 2015-12-10 03:21 - 2015-05-04 13:59 - 00000000 ____D C:\Windows\system32\MRT 2015-12-10 03:05 - 2015-05-04 13:59 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-12-09 13:05 - 2015-01-08 06:33 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk 2015-12-06 13:23 - 2015-09-11 14:00 - 00000000 ____D C:\Users\Nancy\AppData\Roaming\Apple Computer 2015-12-04 12:02 - 2015-01-08 06:40 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2015-12-04 12:02 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared 2015-12-02 13:18 - 2010-11-20 19:27 - 00301728 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe ==================== Files in the root of some directories ======= 2015-05-06 09:15 - 2015-05-06 09:15 - 0000000 _____ () C:\Users\Nancy\AppData\Local\{02324D99-2CBD-44E4-A5D6-1EB1D5299FA7} 2015-07-07 11:59 - 2015-07-07 12:00 - 0000000 _____ () C:\Users\Nancy\AppData\Local\{74B210C6-CAF2-4624-A4EF-75806F9D36AE} 2015-11-18 14:17 - 2015-11-18 14:17 - 0000057 _____ () C:\ProgramData\Ament.ini 2015-07-20 19:53 - 2015-07-20 19:53 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2015-02-20 12:51 - 2015-02-20 12:51 - 0000952 ___SH () C:\ProgramData\KGyGaAvL.sys ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-12-20 11:28 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version:25-12-2015 Ran by Nancy (2015-12-30 15:11:11) Running from C:\Users\Nancy\Desktop Windows 7 Professional Service Pack 1 (X64) (2015-02-20 20:37:07) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3978699618-3184049334-1933831361-500 - Administrator - Disabled) Guest (S-1-5-21-3978699618-3184049334-1933831361-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3978699618-3184049334-1933831361-1002 - Limited - Enabled) Nancy (S-1-5-21-3978699618-3184049334-1933831361-1000 - Administrator - Enabled) => C:\Users\Nancy ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated) Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.267 - Adobe Systems Incorporated) Adobe Reader X (10.1.16) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.16 - Adobe Systems Incorporated) Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2245 - AVAST Software) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Burn.Now 4.5 (x32 Version: 4.5.0 - Corel Corporation) Hidden CCleaner (HKLM\...\CCleaner) (Version: 5.13 - Piriform) Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation) Corel DVD MovieFactory 7 (x32 Version: 7.0.0 - Corel Corporation) Hidden Corel DVD MovieFactory Lenovo Edition (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation) Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.6.392 - Corel Inc.) Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - ) Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.17 - Dolby Laboratories Inc) Dropbox (HKLM-x32\...\Dropbox) (Version: 3.12.6 - Dropbox, Inc.) Dropbox Update Helper (x32 Version: 1.3.27.77 - Dropbox, Inc.) Hidden FileMaker Pro 13 (HKLM-x32\...\{EA92821A-03A5-4B00-85F4-834BBD8ABC24}_FileMaker) (Version: 13.0.3.0 - FileMaker, Inc.) FileMaker Pro 13 (x32 Version: 13.0.3.0 - FileMaker, Inc.) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.) Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google) Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google) Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden HP ENVY 4500 series Basic Device Software (HKLM\...\{6915424E-704F-4F5D-9057-9C7B406B36DB}) (Version: 32.3.198.49673 - Hewlett-Packard Co.) HP ENVY 4500 series Help (HKLM-x32\...\{95BECC50-22B4-4FCA-8A2E-BF77713E6D3A}) (Version: 30.0.0 - Hewlett Packard) HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden Integrated Camera Driver Installer Package Ver.1.2.1.18 (HKLM-x32\...\{A78800AF-1779-4AE8-8EBE-16E1BE727C71}) (Version: 1.2.1.18 - RICOH) Intel Driver Update Utility (HKLM-x32\...\{45076b94-d6e6-41ae-abd0-609e78177aee}) (Version: 2.1.0.17 - Intel) Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Driver Update Utility 2.1 (x32 Version: 2.1.0.17 - Intel) Hidden Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.3.1427 - Intel Corporation) Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 18.7 - Intel) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2843 - Intel Corporation) Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.9.254 - Intel Corporation) Intel(R) WiDi (HKLM\...\{728985C5-A04B-457C-9D62-15360F3EAF85}) (Version: 3.1.29.0 - Intel Corporation) Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - ) Intel® PROSet/Wireless Software (HKLM-x32\...\{a9888f41-68ae-43df-bd7d-d93405a44106}) (Version: 17.13.11 - Intel Corporation) Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation) iTunes (HKLM\...\{BFEAB774-C7DC-4032-B05A-DA5F7CB7B365}) (Version: 12.2.2.25 - Apple Inc.) Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 2.15 - Lenovo) Lenovo Patch Utility (HKLM-x32\...\{6E6E7725-C7BC-4C39-8B3F-14B67331A120}) (Version: 1.3.0.9 - Lenovo Group Limited) Lenovo Patch Utility 64 bit (HKLM\...\{ABE4638D-D208-4061-9F26-E3E11E3A1E0C}) (Version: 1.3.1.1 - Lenovo Group Limited) Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.10.17 - Lenovo) Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes) Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4779.1002 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3978699618-3184049334-1933831361-1000\...\OneDriveSetup.exe) (Version: 17.3.6281.1202 - Microsoft Corporation) Microsoft Touch Pack for Windows 7 (HKLM-x32\...\{8FF90DB8-6DED-44A3-B182-244FEC09012F}) (Version: 1.0.40517.00 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation) Mozilla Firefox 37.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 en-US)) (Version: 37.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0.1 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Nitro Pro 8 (HKLM\...\{7E9123BE-E96E-46EF-A097-6EEC2065F752}) (Version: 8.5.5.2 - Nitro) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4779.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4779.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4779.1002 - Microsoft Corporation) Hidden On Screen Display (HKLM\...\OnScreenDisplay) (Version: 8.60.00 - ) Product Improvement Study for HP ENVY 4500 series (HKLM\...\{58139103-BACF-4BDC-B71C-955F9164ADA6}) (Version: 32.3.198.49673 - Hewlett-Packard Co.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7040 - Realtek Semiconductor Corp.) Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - ) RICOH_Media_Driver_v2.14.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.14.18.01 - RICOH) Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation) Skype™ 7.15 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.15.103 - Skype Technologies S.A.) ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.4500 - Broadcom Corporation) ThinkPad Tablet Button Driver (HKLM-x32\...\{26903C89-780A-463E-8CBD-E47A73927254}) (Version: 1.04 - ) ThinkPad Tablet Shortcut Menu (HKLM-x32\...\{9a2db59f-091a-40b4-958d-1c8264624126}) (Version: 6.33 - Lenovo) ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.14 - ) VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN) Windows Driver Package - Intel (e1cexpress) Net (01/11/2012 11.15.16.0) (HKLM\...\EC2A0F2B229770EC589265FCF2B4839A0C221993) (Version: 01/11/2012 11.15.16.0 - Intel) Windows Driver Package - Intel System (01/11/2012 9.3.0.1020) (HKLM\...\09839A9B5EDA69DA2DCC34637B5140AAF8A53B44) (Version: 01/11/2012 9.3.0.1020 - Intel) Windows Driver Package - Intel System (08/26/2011 9.3.0.1011) (HKLM\...\9D7CD466F7FC8B18FF1B84943B7BB8648D17FCE8) (Version: 08/26/2011 9.3.0.1011 - Intel) Windows Driver Package - Intel System (08/26/2011 9.3.0.1011) (HKLM\...\D8EF6CACF49BD33CC1FACD124C8CC2B1A8E8AE35) (Version: 08/26/2011 9.3.0.1011 - Intel) Windows Driver Package - Intel USB (08/26/2011 9.3.0.1011) (HKLM\...\97EE1802A0385A37DE6323FA39EC76BEB2D73E41) (Version: 08/26/2011 9.3.0.1011 - Intel) Windows Driver Package - Lenovo 1.65.05.20 (02/29/2012 1.65.05.20) (HKLM\...\E3535F123E7F666D573665142F90D3E5004DC326) (Version: 02/29/2012 1.65.05.20 - Lenovo) Windows Driver Package - Synaptics (SynTP) Mouse (04/06/2012 16.1.1.0) (HKLM\...\64B3C27E4CF7B6AD920184EFFF6C488C55EF2892) (Version: 04/06/2012 16.1.1.0 - Synaptics) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3978699618-3184049334-1933831361-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Nancy\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileCoAuthLib64.dll () CustomCLSID: HKU\S-1-5-21-3978699618-3184049334-1933831361-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Nancy\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {06FD4A87-AFCE-4140-BA67-1CD851D66CF6} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-12-15] (Microsoft Corporation) Task: {102B709B-C39F-4E95-8034-FED794AC63A4} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => C:\Windows\system32\GWX\GWX.exe Task: {176A22F2-3B53-4F24-9D12-D9C024D07F28} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-12-08] (Piriform Ltd) Task: {1A5C954B-AEF6-46F3-A61F-FF97597D10CA} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION Task: {4277EF66-6522-4E73-8BCB-B10E7D9CBD74} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2015-12-15] (AVAST Software) Task: {43479BCD-33E4-432E-9641-1AC614BFDAC9} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Time-5d => C:\Windows\system32\GWX\GWX.exe Task: {4D1B6365-6060-4F58-A1AC-BDCF37048962} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-12-25] (AVAST Software) Task: {5969AF1A-C9FF-4A2C-A2B4-8E914D514F3C} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => C:\Windows\system32\GWX\GWX.exe Task: {6D2E85A0-E59D-48B0-9FE8-EBF618A923B9} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe Task: {6F1F630C-967B-4720-9184-7C0F4143BF46} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-28] (Adobe Systems Incorporated) Task: {718BF44B-079E-4864-B6AF-DF53C64DCCF8} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation) Task: {72BD39B1-75CB-4A30-893C-711B368DDB8B} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION Task: {894A9766-F6AC-422F-9059-055934A65A80} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe Task: {8AEB5DF9-6887-4591-9F41-EE157573BFE7} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe Task: {8B46DEAB-92B0-4885-B2E7-2B5A21395B18} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => C:\Windows\system32\GWX\GWXConfigManager.exe Task: {AD66501A-06B1-4756-BEBA-B4DBFFF12D01} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-12-29] (Dropbox, Inc.) Task: {BC2B258F-A03D-4015-8DC4-C2EF86749684} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe Task: {D4D4D4D0-DED8-4D6B-819B-456FAFD6652B} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => C:\Windows\system32\GWX\GWX.exe Task: {D626C022-CF1B-429C-B984-0E6C0ADCE9E1} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => C:\Windows\system32\GWX\GWX.exe Task: {E8628EA2-6AC0-4909-AA18-E4491D1EE43C} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-12-29] (Dropbox, Inc.) Task: {EED85344-A30A-4321-87FD-1F44DE1A8060} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => C:\Windows\system32\GWX\GWXConfigManager.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2015-05-15 15:26 - 2015-05-15 15:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2015-05-15 15:26 - 2015-05-15 15:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2015-05-04 10:02 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2015-01-08 06:30 - 2012-03-20 18:05 - 00051776 _____ () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe 2015-01-08 06:30 - 2012-03-18 22:09 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2015-12-25 12:49 - 2015-12-25 12:49 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll 2015-12-25 12:49 - 2015-12-25 12:49 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2015-12-30 12:01 - 2015-12-30 12:01 - 02808832 _____ () C:\Program Files\AVAST Software\Avast\defs\15123001\algo.dll 2015-12-25 12:49 - 2015-12-25 12:49 - 00469008 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll 2015-05-04 10:02 - 2015-05-04 10:02 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll 2015-12-25 12:49 - 2015-12-25 12:49 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2015-12-29 17:14 - 2015-12-21 11:42 - 00034768 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd 2015-12-29 17:13 - 2015-12-21 11:42 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd 2015-12-29 17:13 - 2015-12-21 16:22 - 00022848 _____ () C:\Program Files (x86)\Dropbox\Client\Crypto.Random.OSRNG.winrandom.pyd 2015-12-29 17:13 - 2015-12-21 16:22 - 00023352 _____ () C:\Program Files (x86)\Dropbox\Client\Crypto.Util._counter.pyd 2015-12-29 17:13 - 2015-12-21 16:22 - 00042296 _____ () C:\Program Files (x86)\Dropbox\Client\Crypto.Cipher._AES.pyd 2015-12-29 17:13 - 2015-12-21 11:42 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll 2015-12-29 17:14 - 2015-12-21 11:42 - 00093640 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd 2015-12-29 17:14 - 2015-12-21 11:42 - 00018376 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd 2015-12-29 17:14 - 2015-12-21 16:22 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd 2015-12-29 17:14 - 2015-12-21 11:42 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd 2015-12-29 17:13 - 2015-12-21 11:42 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll 2015-12-29 17:14 - 2015-12-21 16:22 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd 2015-12-29 17:14 - 2015-12-21 11:42 - 00692688 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd 2015-12-29 17:13 - 2015-12-21 16:22 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd 2015-12-29 17:14 - 2015-12-21 11:42 - 00109520 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd 2015-12-29 17:13 - 2015-12-21 16:22 - 01734984 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd 2015-12-29 17:13 - 2015-12-21 16:22 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd 2015-12-29 17:14 - 2015-12-21 16:22 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_python_x66cf7a7cx17a72769.pyd 2015-12-29 17:14 - 2015-12-21 16:22 - 00021840 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd 2015-12-29 17:13 - 2015-12-21 16:22 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd 2015-12-29 17:14 - 2015-12-21 11:42 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd 2015-12-29 17:13 - 2015-12-21 11:42 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd 2015-12-29 17:14 - 2015-12-21 11:42 - 00114640 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd 2015-12-29 17:14 - 2015-12-21 16:22 - 00021320 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_pywin_kernel32_xde9e4433x360333f0.pyd 2015-12-29 17:14 - 2015-12-21 11:42 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd 2015-12-29 17:14 - 2015-12-21 11:42 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd 2015-12-29 17:14 - 2015-12-21 11:42 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd 2015-12-29 17:14 - 2015-12-21 11:42 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd 2015-12-29 17:14 - 2015-12-21 11:42 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd 2015-12-29 17:14 - 2015-12-21 11:42 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd 2015-12-29 17:14 - 2015-12-21 11:42 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd 2015-12-29 17:13 - 2015-12-21 16:22 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd 2015-12-29 17:13 - 2015-12-21 11:42 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll 2015-12-29 17:14 - 2015-12-21 11:42 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd 2015-12-29 17:13 - 2015-12-21 16:22 - 00117056 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd 2015-12-29 17:14 - 2015-12-21 16:22 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd 2015-12-29 17:14 - 2015-12-21 11:42 - 00134608 _____ () C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd 2015-12-29 17:13 - 2015-12-21 11:42 - 00134088 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd 2015-12-29 17:13 - 2015-12-21 11:42 - 00240584 _____ () C:\Program Files (x86)\Dropbox\Client\jpegtran.pyd 2015-12-29 17:13 - 2015-12-21 16:22 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd 2015-12-29 17:13 - 2015-12-21 16:22 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd 2015-12-29 17:13 - 2015-12-21 16:22 - 00021304 _____ () C:\Program Files (x86)\Dropbox\Client\Crypto.Util.strxor.pyd 2015-12-29 17:14 - 2015-12-21 11:42 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd 2015-12-29 17:13 - 2015-12-21 16:22 - 00084792 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL 2015-12-29 17:13 - 2015-12-21 16:22 - 01826608 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd 2015-12-29 17:14 - 2015-12-21 11:42 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd 2015-12-29 17:13 - 2015-12-21 16:22 - 03891504 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd 2015-12-29 17:13 - 2015-12-21 16:22 - 01950000 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd 2015-12-29 17:13 - 2015-12-21 16:22 - 00519984 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd 2015-12-29 17:13 - 2015-12-21 16:22 - 00133936 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd 2015-12-29 17:13 - 2015-12-21 16:22 - 00225080 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd 2015-12-29 17:13 - 2015-12-21 16:22 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd 2015-12-29 17:14 - 2015-12-21 16:22 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd 2015-12-29 17:13 - 2015-12-21 16:22 - 00486704 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd 2015-12-29 17:13 - 2015-12-21 16:22 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd 2015-12-29 17:14 - 2015-12-21 11:42 - 00019920 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick.2\qtquick2plugin.dll 2015-12-29 17:13 - 2015-12-21 11:42 - 00786904 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll 2015-12-29 17:13 - 2015-12-21 11:42 - 00063448 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Layouts\qquicklayoutsplugin.dll 2015-12-29 17:14 - 2015-12-21 11:42 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Window.2\windowplugin.dll 2015-05-04 10:05 - 2015-05-04 10:05 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll 2015-01-08 06:28 - 2012-02-20 19:09 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll 2015-05-04 10:02 - 2015-05-04 10:02 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Windows:nlsPreferences ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3978699618-3184049334-1933831361-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Nancy\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 75.75.75.75 - 75.75.76.76 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [{52C8AF3C-EEDB-40D5-B40E-980D6FEAED77}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe FirewallRules: [{8E1C6F3F-648F-49E2-A6A6-6FDA27E1BDC3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{4A05EB58-18E7-4F0B-9313-D6E4853C9A18}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{1E07D8D3-B3A5-4C17-8960-CA6E306C252B}] => (Allow) C:\Users\Nancy\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe FirewallRules: [{4E6CE2FC-8268-4D14-A29B-545997E8FD6B}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{2A6B11E3-1177-44F0-8D90-5CF0EF1679C8}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe FirewallRules: [{C5FBFAFA-F3AC-4E07-9DC4-A757A41CD9B1}] => (Allow) C:\Users\Nancy\AppData\Local\Microsoft\OneDrive\OneDrive.exe FirewallRules: [{A6F3CE01-E5A7-465B-8D84-5CADAAFB343C}] => (Allow) C:\Users\Nancy\AppData\Local\Temp\7zS8196.tmp\SymNRT.exe FirewallRules: [{7945B5FA-F52C-4297-8301-F8A5D015A40B}] => (Allow) C:\Users\Nancy\AppData\Local\Temp\7zS8196.tmp\SymNRT.exe FirewallRules: [{D19D116A-6D86-4DB7-94CF-0E4202A1EF79}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe FirewallRules: [{FEB7CBCC-25ED-42EE-9757-9249AD14ED88}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe FirewallRules: [{5917F57B-348C-456B-8004-11D6CDD962DE}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe FirewallRules: [{24D6BFA5-E45B-41C7-B789-38BE9EC02CA3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{C5C972A2-CEFE-4903-9884-D2CDC1E0D77F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{31C72947-DCCD-43AE-A1D1-13CAA3BC3F02}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{975D0954-FC29-490A-8257-0250DB7F10A2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [TCP Query User{D62EC980-4DCF-4914-8909-629334957BDF}C:\program files (x86)\filemaker\filemaker pro 13\filemaker pro.exe] => (Allow) C:\program files (x86)\filemaker\filemaker pro 13\filemaker pro.exe FirewallRules: [UDP Query User{5B6E74BF-B235-42A7-979B-D81F06C358C2}C:\program files (x86)\filemaker\filemaker pro 13\filemaker pro.exe] => (Allow) C:\program files (x86)\filemaker\filemaker pro 13\filemaker pro.exe FirewallRules: [TCP Query User{172F27EA-CCD1-4EFE-A233-3D3C4A655495}C:\program files (x86)\filemaker\filemaker pro 13\filemaker pro.exe] => (Allow) C:\program files (x86)\filemaker\filemaker pro 13\filemaker pro.exe FirewallRules: [UDP Query User{5E091BF3-7C86-47AF-AE27-9B89D856C7D9}C:\program files (x86)\filemaker\filemaker pro 13\filemaker pro.exe] => (Allow) C:\program files (x86)\filemaker\filemaker pro 13\filemaker pro.exe FirewallRules: [{8900D893-5CA1-4878-A789-F67691CAF24F}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{E6D8B136-3CC4-44DA-8538-4ABD3AFC1F13}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\DeviceSetup.exe FirewallRules: [{9969B1B6-0E4D-4184-829F-41CCBD9D6BD0}] => (Allow) LPort=5357 FirewallRules: [{7B900013-8FAF-4F0D-A97A-A22464513E6D}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe FirewallRules: [{4F00177D-DDF4-43E2-BF3E-E987DEC83ADC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{3620BA42-2831-40BF-B1A7-E8AF51D46C29}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe ==================== Restore Points ========================= 29-12-2015 10:34:24 Windows Update 30-12-2015 14:49:09 Restore Point Created by FRST ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== System errors: ============= CodeIntegrity: =================================== Date: 2015-12-03 10:55:54.031 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-12-03 10:54:37.886 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-12-03 10:54:22.751 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-11-23 11:38:54.316 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-11-23 11:38:50.622 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-10-19 16:37:24.902 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-10-19 16:32:42.898 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-10-19 16:31:58.805 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-10-07 10:02:55.171 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-10-07 10:02:48.611 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-3520M CPU @ 2.90GHz Percentage of memory in use: 48% Total physical RAM: 3791.8 MB Available physical RAM: 1937.27 MB Total Virtual: 7581.8 MB Available Virtual: 5089.16 MB ==================== Drives ================================ Drive c: (Windows7_OS) (Fixed) (Total:420.67 GB) (Free:5.79 GB) NTFS ==>[system with boot components (obtained from drive)] Drive d: (SYSTEM RESERVED) (Fixed) (Total:13.72 GB) (Free:13.63 GB) NTFS Drive q: (Lenovo_Recovery) (Fixed) (Total:29.91 GB) (Free:16.46 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: ADAAE04B) Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=420.7 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=29.9 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=13.7 GB) - (Type=05) ==================== End of Addition.txt ============================
  8. Hey Gus, Have not cleared the gwx garbage or disabled defender yet but will do so. There is a new problem. For some reason the HD space is rapidly an I mean RAPIDLY filling up. it went from 5GB to 900MB in a few minutes of me looking at it. So. I ran Ccleaner and cleaned 887 mb but I don't understand what's going on. Here are the logs. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.0.1 (11.24.2015) Operating System: Windows 7 Professional x64 Ran by Nancy (Administrator) on Fri 12/25/2015 at 12:39:55.08 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 1 Successfully deleted: C:\Users\Nancy\AppData\Roaming\Mozilla\Firefox\Profiles\5txw4ulo.default\extensions\bingsearch.full@microsoft.com\search.xml (File) Registry: 2 Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7981827E-1957-46E8-9098-828F8058388D} (Registry Key) Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Fri 12/25/2015 at 12:44:26.49 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Fix result of Farbar Recovery Scan Tool (x64) Version:25-12-2015 Ran by Nancy (2015-12-30 14:48:56) Run:1 Running from C:\Users\Nancy\Downloads Loaded Profiles: Nancy (Available Profiles: Nancy) Boot Mode: Normal ============================================== fixlist content: ***************** CloseProcesses: CreateRestorePoint: Task: {0EA1F14F-CE10-4648-BC21-46B756D611E7} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation) Task: {180A4CBA-7B89-4169-BA99-79AF861891D7} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe C:\Windows\system32\GWX\GWXUXWorker.exe C:\Windows\SysWOW64\GWX C:\Windows\system32\GWX HKLM-x32\...\Run: [] => [X] ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3978699618-3184049334-1933831361-1000 -> DefaultScope {7981827E-1957-46E8-9098-828F8058388D} URL = FF Keyword.URL: hxxp://www.bing.com/search?FORM=SK2ADF&PC=SK2A&q= FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.) C:\Users\Nancy\Desktop\~WRL0687.tmp CustomCLSID: HKU\S-1-5-21-3978699618-3184049334-1933831361-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> "C:\Windows\system32\igfxEM.exe" => No File Task: {31482ABC-C172-408A-A7F4-7C3911644A37} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo) Task: {43922215-83F9-48BB-BC66-EB82D4D74564} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe Task: {4A8B8358-D907-4BF0-8758-37FE0171730F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-03] (Google Inc.) Task: {4C9E15E5-573C-4C0D-98C2-E1933DA6849C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated) Task: {517ACC39-79A4-40F4-A618-2426956524E8} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\WSCStub.exe Task: {5E3BE7D1-8D02-4882-8745-87B885EF349B} - System32\Tasks\HPCustParticipation HP ENVY 4500 series => C:\Program Files\HP\HP ENVY 4500 series\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP) Task: {7E662D85-A26B-4FB5-A5C7-02B2093F0DFE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-03] (Google Inc.) Task: {97BAE852-01EE-4ADA-95E5-C11465D4D897} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\SymErr.exe Task: {C9988224-BE9A-4791-B38B-F64DE1442FB7} - System32\Tasks\DiskUpdate => C:\SWTOOLS\OSFIXES\DISKUPDT\DiskUpdate.exe [2009-02-09] () Task: {FD98AB83-D0A2-41F2-A1FC-3FAA37C2A3D3} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation) Task: {FDC84440-75BE-477A-8A72-40B5DF16158C} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\SymErr.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\SymErr.exe C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\WSCStub.exe C:\Program Files (x86)\Norton Internet Security EmptyTemp: Reboot: ***************** Processes closed successfully. Restore point was successfully created. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0EA1F14F-CE10-4648-BC21-46B756D611E7} => key not found. C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{180A4CBA-7B89-4169-BA99-79AF861891D7} => key not found. C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => key removed successfully C:\Windows\System32\GWX\GWX.exe => moved successfully C:\Windows\system32\GWX\GWXUXWorker.exe => moved successfully C:\Windows\SysWOW64\GWX => moved successfully C:\Windows\system32\GWX => moved successfully HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncBackedUp" => key removed successfully "HKCR\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}" => key removed successfully "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncPending" => key removed successfully "HKCR\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}" => key removed successfully "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncRoot" => key removed successfully "HKCR\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}" => key removed successfully "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\SugarSyncShared" => key removed successfully "HKCR\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. HKU\S-1-5-21-3978699618-3184049334-1933831361-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully Firefox "Keyword.URL" removed successfully "HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully "HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3" => key removed successfully C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll => moved successfully "HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9" => key removed successfully C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll => not found. C:\Users\Nancy\Desktop\~WRL0687.tmp => moved successfully "HKU\S-1-5-21-3978699618-3184049334-1933831361-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{31482ABC-C172-408A-A7F4-7C3911644A37}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{31482ABC-C172-408A-A7F4-7C3911644A37}" => key removed successfully C:\Windows\System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Lenovo Customer Feedback Program 64" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{43922215-83F9-48BB-BC66-EB82D4D74564}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{43922215-83F9-48BB-BC66-EB82D4D74564}" => key removed successfully C:\Windows\System32\Tasks\TVT\TVSUUpdateTask => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TVT\TVSUUpdateTask" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4A8B8358-D907-4BF0-8758-37FE0171730F}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4A8B8358-D907-4BF0-8758-37FE0171730F}" => key removed successfully C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4C9E15E5-573C-4C0D-98C2-E1933DA6849C}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4C9E15E5-573C-4C0D-98C2-E1933DA6849C}" => key removed successfully C:\Windows\System32\Tasks\Adobe Acrobat Update Task => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{517ACC39-79A4-40F4-A618-2426956524E8}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{517ACC39-79A4-40F4-A618-2426956524E8}" => key removed successfully C:\Windows\System32\Tasks\Norton WSC Integration => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton WSC Integration" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5E3BE7D1-8D02-4882-8745-87B885EF349B}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5E3BE7D1-8D02-4882-8745-87B885EF349B}" => key removed successfully C:\Windows\System32\Tasks\HPCustParticipation HP ENVY 4500 series => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HPCustParticipation HP ENVY 4500 series" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7E662D85-A26B-4FB5-A5C7-02B2093F0DFE}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7E662D85-A26B-4FB5-A5C7-02B2093F0DFE}" => key removed successfully C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{97BAE852-01EE-4ADA-95E5-C11465D4D897}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{97BAE852-01EE-4ADA-95E5-C11465D4D897}" => key removed successfully C:\Windows\System32\Tasks\Norton Internet Security\Norton Error Processor => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Internet Security\Norton Error Processor" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C9988224-BE9A-4791-B38B-F64DE1442FB7}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C9988224-BE9A-4791-B38B-F64DE1442FB7}" => key removed successfully C:\Windows\System32\Tasks\DiskUpdate => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DiskUpdate" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FD98AB83-D0A2-41F2-A1FC-3FAA37C2A3D3}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FD98AB83-D0A2-41F2-A1FC-3FAA37C2A3D3}" => key removed successfully C:\Windows\System32\Tasks\Microsoft\Office\Office Automatic Updates => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\Office Automatic Updates" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FDC84440-75BE-477A-8A72-40B5DF16158C}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FDC84440-75BE-477A-8A72-40B5DF16158C}" => key removed successfully C:\Windows\System32\Tasks\Norton Internet Security\Norton Error Analyzer => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Internet Security\Norton Error Analyzer" => key removed successfully C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully "C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\SymErr.exe" => not found. "C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\WSCStub.exe" => not found. "C:\Program Files (x86)\Norton Internet Security" => not found. EmptyTemp: => 1.8 GB temporary data Removed. The system needed a reboot. ==== End of Fixlog 14:52:20 ====
  9. Hey Gus, I have not yet deleted the GWX items but shall do so later today. As for JRT I had also run that after Adwcleaner the other day, just forgot to grab the log. So, I will get you the JRT log, and fixlog later on today. What else can I do to help you out?
  10. Oh and the drive has been backed up to an external and it's low on space due to the amount of music and pictures. So what would our next step be Gus?
  11. Hey Gus, Merry Christmas to you as well. I am glad you're willing to help me out and I'm more than patient enough to wait for your fixlist suggestions. I already ran Adwcleaner and MBAM prior to the FRST logs I posted an will post those logs for you now. I did run them from Downloads, but they should suffice with the same functionality and results for the time being. Thanks again for the help! # AdwCleaner v5.026 - Logfile created 25/12/2015 at 12:35:15 # Updated 21/12/2015 by Xplode # Database : 2015-12-23.1 [Server] # Operating system : Windows 7 Professional Service Pack 1 (x64) # Username : Nancy - NANCY-THINK # Running from : C:\Users\Nancy\Downloads\AdwCleaner.exe # Option : Cleaning # Support : http://toolslib.net/forum ***** [ Services ] ***** ***** [ Folders ] ***** ***** [ Files ] ***** [-] File Deleted : C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.azlyrics.com_0.localstorage [-] File Deleted : C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.azlyrics.com_0.localstorage-journal [-] File Deleted : C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.lyricsfreak.com_0.localstorage [-] File Deleted : C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.lyricsfreak.com_0.localstorage-journal ***** [ DLLs ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled tasks ] ***** ***** [ Registry ] ***** ***** [ Web browsers ] ***** [-] [C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : trovi.search [-] [C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com [-] [C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com [-] [C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://www.trovi.com/?gd=&ctid=CT3324369&octid=EB_ORIGINAL_CTID&ISID=M5981B495-0909-4CC0-852B-84EE7AC585BB&SearchSource=55&CUI=&UM=5&UP=SPCB043DAE-D790-45A0-AF3C-F7934D2AF8E4&SSPV= [-] [C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : bmkckgpgekmanipelfidlhmkfcjicion ************************* :: "Tracing" keys removed :: Winsock settings cleared ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2008 bytes] ########## Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 12/25/2015 Scan Time: 3:44 PM Logfile: malware log.txt Administrator: Yes Version: 2.2.0.1024 Malware Database: v2015.12.25.05 Rootkit Database: v2015.12.18.01 License: Premium Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Nancy Scan Type: Custom Scan Result: Completed Objects Scanned: 595802 Time Elapsed: 2 hr, 33 min, 55 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)
  12. So here are the FRST and Addition logs from my moms Lenovo laptop. Let's get it all nice an cleaned up an running faster if we could guys. I have some ideas for a few things to 'fix' myself but before Kris or I do anything I want Gus to give it a shot. I know Gus they were not run from Desktop, but they'll work regardless for the time being. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-12-2015 Ran by Nancy (administrator) on NANCY-THINK (25-12-2015 15:18:08) Running from C:\Users\Nancy\Downloads Loaded Profiles: Nancy (Available Profiles: Nancy) Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Lenovo.) C:\Windows\System32\ibmpmsvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Intel® Corporation) C:\Program Files\Intel\CAM\bin\CAMService.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe (Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Tablet Shortcut\TSMService.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (© 2015 Microsoft Corporation) C:\Users\Nancy\AppData\Local\Microsoft\BingSvc\BingSvc.exe () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Tablet Shortcut\TSMResident.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13653208 2013-09-13] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-30] (Realtek Semiconductor) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-08-13] (Apple Inc.) HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.) HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133400 2012-02-28] (Intel Corporation) HKLM-x32\...\Run: [TSMResident] => C:\Program Files (x86)\ThinkPad\Tablet Shortcut\TSMRESIDENT.EXE [485336 2012-01-27] (Lenovo Group Limited) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-07-18] (Intel Corporation) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2015-12-25] (AVAST Software) HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [508656 2012-08-31] (Dolby Laboratories Inc.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] Winlogon\Notify\igfxcui: C:\Windows\SYSTEM32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3978699618-3184049334-1933831361-1000\...\Run: [BingSvc] => C:\Users\Nancy\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-11] (© 2015 Microsoft Corporation) HKU\S-1-5-21-3978699618-3184049334-1933831361-1000\...\Run: [HP ENVY 4500 series (NET)] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett-Packard Development Company, LP) HKU\S-1-5-21-3978699618-3184049334-1933831361-1000\...\MountPoints2: {c19e4149-9741-11e4-923f-806e6f6e6963} - Q:\LenovoQDrive.exe Lsa: [Notification Packages] scecli C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-12-25] (AVAST Software) ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2015-07-21] ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\Users\Nancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-12-17] ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 Tcpip\..\Interfaces\{A06C1286-9309-49A0-AC09-1FF1560B5C20}: [DhcpNameServer] 75.75.75.75 75.75.76.76 Tcpip\..\Interfaces\{A42E1BEF-D5C9-43C5-BB8B-D1940F8E4BF7}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKU\S-1-5-21-3978699618-3184049334-1933831361-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13-comm.msn.com/?pc=LNJB HKU\S-1-5-21-3978699618-3184049334-1933831361-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13-comm.msn.com/?pc=LNJB HKU\S-1-5-21-3978699618-3184049334-1933831361-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://home.lenovo.com HKU\S-1-5-21-3978699618-3184049334-1933831361-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://home.lenovo.com HKU\S-1-5-21-3978699618-3184049334-1933831361-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/1ewenusDefaultPack/SK2M_FRPage SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3978699618-3184049334-1933831361-1000 -> DefaultScope {7981827E-1957-46E8-9098-828F8058388D} URL = BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-12-15] (Microsoft Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-12-25] (AVAST Software) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-12-15] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-12-15] (Microsoft Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-12-25] (AVAST Software) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-12-15] (Microsoft Corporation) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-05-04] (Microsoft Corporation) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Nancy\AppData\Roaming\Mozilla\Firefox\Profiles\5txw4ulo.default FF DefaultSearchEngine: Bing FF SelectedSearchEngine: Bing FF SearchEngineOrder.3: Bing FF Keyword.URL: hxxp://www.bing.com/search?FORM=SK2ADF&PC=SK2A&q= FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-05] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-05] (Intel Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-05-04] (Microsoft Corporation) FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2013-06-17] (Nitro PDF) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.) FF Extension: Bing Search - C:\Users\Nancy\AppData\Roaming\Mozilla\Firefox\Profiles\5txw4ulo.default\Extensions\bingsearch.full@microsoft.com [2015-12-25] [not signed] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-10-08] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-25] FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2015-12-25] Chrome: ======= CHR HomePage: Default -> hxxp://mysearch.avg.com?cid={581B5146-72B9-4870-BC3B-2B9119025B0D}&mid=5da24c3e294747d2a284c56461f83549-466bd3acdd16b60674841d15a2d14e120db4be49&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2014-06-23 07:57:46&v=3.0.0.2&pid=wtu&sg=&sap=hp CHR StartupUrls: Default -> "chrome://newtab/","hxxp://speedial.com/?f=7&a=spd_cmi_14_26_ch&cd=2XzuyEtN2Y1L1QzuyCtDtDtBzytBtDzyyE0FyD0ByEyE0EtBtN0D0Tzu0SzytDyBtN1L2XzutBtFtBtCtFtCtDtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StByByDyEtA0D0DyDtG0AyCyC0EtGyEyE0A0BtGtD0F0BtCtGyD0A0A0DtDtA0CtAyBtB0EtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAtA0DyEyEtDtByCtGyD0A0EtBtG0BtByE0EtGyDtAyC0CtGtCyDyCyDyB0BzzyEzzyD0AyB2Q&cr=705865216&ir=","hxxp://www.trovi.com/?gd=&ctid=CT3324369&octid=EB_ORIGINAL_CTID&ISID=M5981B495-0909-4CC0-852B-84EE7AC585BB&SearchSource=55&CUI=&UM=5&UP=SPCB043DAE-D790-45A0-AF3C-F7934D2AF8E4&SSPV=","hxxp://mysearch.avg.com?cid={9E673517-C454-4696-8860-FB2D7119F410}&mid=05733d4c30e247d2a1ecb14bd4eda6a8-0e771769dee16573ac476074aa220252f58c1565&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-06-29 09:53:58&v=18.1.0.443&pid=safeguard&sg=&sap=hp","hxxp://mysearch.avg.com?cid={9E673517-C454-4696-8860-FB2D7119F410}&mid=05733d4c30e247d2a1ecb14bd4eda6a8-0e771769dee16573ac476074aa220252f58c1565&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2014-06-23 07:57:46&v=18.1.0.443&pid=wtu&sg=&sap=hp","hxxp://mysearch.avg.com?cid={581B5146-72B9-4870-BC3B-2B9119025B0D}&mid=5da24c3e294747d2a284c56461f83549-466bd3acdd16b60674841d15a2d14e120db4be49&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2014-06-23 07:57:46&v=3.1.0.6&pid=wtu&sg=&sap=hp","hxxps://mysearch.avg.com?cid={022B79FB-1BD7-4841-84BE-CF580DA2B223}&mid=30764e78fd6b47d19d7ba9944e491566-b5c5182b6e62cdf490399024317b2a3cd9f31517&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2014-08-28 17:38:15&v=3.2.0.14&pid=wtu&sg=&sap=hp","hxxps://mysearch.avg.com?cid={022B79FB-1BD7-4841-84BE-CF580DA2B223}&mid=30764e78fd6b47d19d7ba9944e491566-b5c5182b6e62cdf490399024317b2a3cd9f31517&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2014-08-28 17:38:15&v=3.2.0.15&pid=wtu&sg=&sap=hp" CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms} CHR DefaultSearchKeyword: Default -> bing.com CHR Profile: C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Drive) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-10] CHR Extension: (Adblock Plus) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-11-27] CHR Extension: (Google Docs Offline) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18] CHR Extension: (Chrome Web Store Payments) - C:\Users\Nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-30] CHR HKLM\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\Exts\Chrome.crx <not found> CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-3978699618-3184049334-1933831361-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bmkckgpgekmanipelfidlhmkfcjicion] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\Exts\Chrome.crx <not found> CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-12-25] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-12-25] CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.) S2 ASRSVC; C:\Program Files (x86)\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe [79136 2010-10-27] (Lenovo Group Limited) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2015-12-25] (AVAST Software) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation) R2 CAMService; C:\Program Files\Intel\CAM\bin\CAMService.exe [1243344 2014-09-03] (Intel® Corporation) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2802360 2015-11-24] (Microsoft Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation) R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [115184 2014-07-08] (Lenovo Group Limited) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2014-12-04] () R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-06-17] (Nitro PDF Software) R2 TabletSVC; C:\Program Files (x86)\ThinkPad\Tablet Shortcut\TSMService.exe [83920 2012-02-08] (Lenovo Group Limited) R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2015-01-08] (Microsoft Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3820960 2014-12-04] (Intel® Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-12-25] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-12-25] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-12-25] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-12-25] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1055560 2015-12-25] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [451040 2015-12-25] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2015-12-25] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-12-25] (AVAST Software) R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170200 2013-03-27] (Broadcom Corporation.) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R1 HBtnKey; C:\Windows\System32\DRIVERS\wstbtndb.sys [17064 2010-06-28] (Lenovo) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-25] (Malwarebytes) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation) R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45296 2014-07-28] (Synaptics Incorporated) R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.) S3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-08] (ThinkVantage Communications Utility) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-12-25 15:18 - 2015-12-25 15:18 - 00024309 _____ C:\Users\Nancy\Downloads\FRST.txt 2015-12-25 15:17 - 2015-12-25 15:18 - 00000000 ____D C:\FRST 2015-12-25 12:52 - 2015-12-25 12:52 - 00000000 ___HD C:\OneDriveTemp 2015-12-25 12:49 - 2015-12-25 12:49 - 00386096 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2015-12-25 12:49 - 2015-12-25 12:49 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr 2015-12-25 12:44 - 2015-12-25 12:44 - 00000982 _____ C:\Users\Nancy\Desktop\JRT.txt 2015-12-25 12:32 - 2015-12-25 12:35 - 00000000 ____D C:\AdwCleaner 2015-12-25 12:31 - 2015-12-25 12:31 - 01599336 _____ (Malwarebytes) C:\Users\Nancy\Downloads\JRT.exe 2015-12-25 12:30 - 2015-12-25 12:30 - 02370560 _____ (Farbar) C:\Users\Nancy\Downloads\FRST64.exe 2015-12-25 12:30 - 2015-12-25 12:30 - 01743360 _____ C:\Users\Nancy\Downloads\AdwCleaner.exe 2015-12-25 12:24 - 2015-12-25 12:24 - 03480040 _____ (McAfee, Inc.) C:\Users\Nancy\Downloads\MCPR.exe 2015-12-25 12:23 - 2015-12-25 12:23 - 00972464 _____ (Foolish IT LLC ) C:\Users\Nancy\Downloads\CryptoPreventSetup (1).exe 2015-12-25 12:22 - 2015-12-25 12:22 - 22908888 _____ (Malwarebytes ) C:\Users\Nancy\Downloads\mbam-setup-2.2.0.1024.exe 2015-12-25 12:20 - 2015-12-25 12:23 - 161199376 _____ (AVAST Software) C:\Users\Nancy\Downloads\avast_free_antivirus_setup (1).exe 2015-12-25 12:16 - 2015-12-25 12:16 - 00001081 _____ C:\Users\Public\Desktop\VLC media player.lnk 2015-12-21 14:23 - 2015-12-21 14:33 - 00011807 ____H C:\Users\Nancy\Desktop\~WRL0687.tmp 2015-12-19 05:38 - 2015-12-20 10:41 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\095A42F0.sys 2015-12-15 16:45 - 2015-12-15 16:45 - 00927262 _____ C:\Users\Nancy\Downloads\Incomplete Report (1).jpeg 2015-12-15 16:45 - 2015-12-15 16:45 - 00007848 _____ C:\Users\Nancy\Downloads\15FA MO SFC Infant Final Grading Rosters (1).pdf 2015-12-10 10:23 - 2015-12-10 10:23 - 00000000 ___RD C:\Users\Nancy\Documents\Notes 2015-12-09 12:31 - 2015-11-20 10:54 - 03170304 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-12-09 12:31 - 2015-11-20 10:54 - 02609152 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-12-09 12:31 - 2015-11-20 10:54 - 00709632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-12-09 12:31 - 2015-11-20 10:54 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-12-09 12:31 - 2015-11-20 10:54 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-12-09 12:31 - 2015-11-20 10:54 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-12-09 12:31 - 2015-11-20 10:54 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2015-12-09 12:31 - 2015-11-20 10:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-12-09 12:31 - 2015-11-20 10:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-12-09 12:31 - 2015-11-20 10:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-12-09 12:31 - 2015-11-20 10:54 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2015-12-09 12:31 - 2015-11-20 10:34 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-12-09 12:31 - 2015-11-20 10:34 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-12-09 12:31 - 2015-11-20 10:34 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-12-09 12:31 - 2015-11-20 10:34 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2015-12-09 12:31 - 2015-11-20 10:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-12-09 12:31 - 2015-11-11 13:12 - 00387792 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-12-09 12:31 - 2015-11-11 12:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-12-09 12:31 - 2015-11-11 10:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll 2015-12-09 12:31 - 2015-11-11 10:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll 2015-12-09 12:31 - 2015-11-11 10:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll 2015-12-09 12:31 - 2015-11-11 10:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll 2015-12-09 12:31 - 2015-11-11 08:21 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-12-09 12:31 - 2015-11-11 08:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-12-09 12:31 - 2015-11-11 07:44 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-12-09 12:31 - 2015-11-11 07:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-12-09 12:31 - 2015-11-11 07:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-12-09 12:31 - 2015-11-11 07:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-12-09 12:31 - 2015-11-11 06:57 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-12-09 12:31 - 2015-11-10 10:55 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-12-09 12:31 - 2015-11-10 10:55 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-12-09 12:31 - 2015-11-10 10:55 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll 2015-12-09 12:31 - 2015-11-10 10:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2015-12-09 12:31 - 2015-11-10 10:37 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll 2015-12-09 12:31 - 2015-11-10 09:47 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-12-09 12:31 - 2015-11-09 16:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-12-09 12:31 - 2015-11-09 16:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-12-09 12:31 - 2015-11-09 16:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-12-09 12:31 - 2015-11-09 16:12 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-12-09 12:31 - 2015-11-09 16:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-12-09 12:31 - 2015-11-09 16:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-12-09 12:31 - 2015-11-09 16:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-12-09 12:31 - 2015-11-09 16:06 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-12-09 12:31 - 2015-11-09 16:06 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-12-09 12:31 - 2015-11-09 16:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-12-09 12:31 - 2015-11-09 16:03 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-12-09 12:31 - 2015-11-09 16:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-12-09 12:31 - 2015-11-09 16:02 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-12-09 12:31 - 2015-11-09 15:50 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-12-09 12:31 - 2015-11-09 15:47 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-12-09 12:31 - 2015-11-09 15:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-12-09 12:31 - 2015-11-09 15:44 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2015-12-09 12:31 - 2015-11-09 15:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2015-12-09 12:31 - 2015-11-09 15:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-12-09 12:31 - 2015-11-09 15:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-12-09 12:31 - 2015-11-09 15:35 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-12-09 12:31 - 2015-11-09 15:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-12-09 12:31 - 2015-11-09 15:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-12-09 12:31 - 2015-11-09 15:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-12-09 12:31 - 2015-11-08 14:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-12-09 12:31 - 2015-11-08 14:32 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-12-09 12:31 - 2015-11-08 14:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-12-09 12:31 - 2015-11-08 14:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-12-09 12:31 - 2015-11-08 14:15 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-12-09 12:31 - 2015-11-08 14:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-12-09 12:31 - 2015-11-08 14:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-12-09 12:31 - 2015-11-08 14:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-12-09 12:31 - 2015-11-08 14:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-12-09 12:31 - 2015-11-08 14:06 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-12-09 12:31 - 2015-11-08 14:04 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-12-09 12:31 - 2015-11-08 14:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-12-09 12:31 - 2015-11-08 14:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-12-09 12:31 - 2015-11-08 14:01 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-12-09 12:31 - 2015-11-08 14:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-12-09 12:31 - 2015-11-08 14:01 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-12-09 12:31 - 2015-11-08 13:52 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-12-09 12:31 - 2015-11-08 13:48 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-12-09 12:31 - 2015-11-08 13:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-12-09 12:31 - 2015-11-08 13:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-12-09 12:31 - 2015-11-08 13:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-12-09 12:31 - 2015-11-08 13:29 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2015-12-09 12:31 - 2015-11-08 13:18 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2015-12-09 12:31 - 2015-11-08 13:15 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-12-09 12:31 - 2015-11-08 13:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-12-09 12:31 - 2015-11-08 13:14 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-12-09 12:31 - 2015-11-08 13:14 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-12-09 12:31 - 2015-11-08 13:13 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-12-09 12:31 - 2015-11-08 12:53 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-12-09 12:31 - 2015-11-08 12:41 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-12-09 12:31 - 2015-11-08 12:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-12-09 12:31 - 2015-11-05 11:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll 2015-12-09 12:31 - 2015-11-05 11:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll 2015-12-09 12:31 - 2015-11-05 11:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2015-12-09 12:31 - 2015-11-05 11:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2015-12-09 12:31 - 2015-11-05 01:53 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys 2015-12-09 12:31 - 2015-11-03 11:04 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll 2015-12-09 12:31 - 2015-11-03 10:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll 2015-12-09 12:31 - 2015-10-08 15:22 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll 2015-12-09 12:31 - 2015-10-08 15:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL 2015-12-09 12:31 - 2015-10-08 15:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll 2015-12-09 12:31 - 2015-10-08 15:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL 2015-12-09 12:31 - 2015-10-08 15:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL 2015-12-09 12:31 - 2015-10-08 15:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll 2015-12-09 12:31 - 2015-10-08 15:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL 2015-12-09 12:31 - 2015-10-08 15:17 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll 2015-12-09 12:31 - 2015-10-08 11:13 - 00419928 _____ C:\Windows\SysWOW64\locale.nls 2015-12-09 12:31 - 2015-10-08 10:52 - 00419928 _____ C:\Windows\system32\locale.nls 2015-12-09 12:30 - 2015-11-03 11:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll 2015-12-09 12:30 - 2015-11-03 10:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll 2015-12-05 11:32 - 2015-12-05 11:32 - 00000000 ____D C:\Users\Nancy\Documents\Bluetooth Exchange Folder 2015-12-05 09:53 - 2015-12-05 09:53 - 00000000 ____D C:\Users\Nancy\Documents\Custom Office Templates 2015-12-03 11:34 - 2015-12-03 11:34 - 02423808 _____ C:\Users\Nancy\Downloads\Orthopedic impairment.ppt 2015-12-03 11:31 - 2015-12-03 11:31 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software 2015-12-03 11:31 - 2015-12-03 11:31 - 00000000 ____D C:\Program Files\Common Files\AV 2015-12-02 14:08 - 2015-12-02 14:11 - 346859724 _____ C:\Users\Nancy\Downloads\Adolescent Great Work (Hershey Farm School) (1).mp4 2015-12-02 13:14 - 2015-12-02 13:14 - 00927262 _____ C:\Users\Nancy\Downloads\Incomplete Report.jpeg 2015-12-02 13:14 - 2015-12-02 13:14 - 00007848 _____ C:\Users\Nancy\Downloads\15FA MO SFC Infant Final Grading Rosters.pdf 2015-11-27 16:57 - 2015-11-27 16:58 - 346859724 _____ C:\Users\Nancy\Downloads\Adolescent Great Work (Hershey Farm School).mp4 2015-11-27 15:16 - 2015-11-27 15:17 - 267310482 _____ C:\Users\Nancy\Downloads\Passages.m4v ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-12-25 15:18 - 2009-07-13 19:20 - 00000000 ____D C:\Windows 2015-12-25 15:03 - 2009-07-13 20:45 - 00034432 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-12-25 15:03 - 2009-07-13 20:45 - 00034432 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-12-25 14:38 - 2015-02-06 15:38 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-12-25 14:36 - 2015-05-03 08:05 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-12-25 12:55 - 2015-02-20 12:42 - 00000000 ____D C:\Users\Nancy\AppData\Roaming\Nitro PDF 2015-12-25 12:52 - 2015-05-08 10:36 - 00000000 ___RD C:\Users\Nancy\OneDrive 2015-12-25 12:52 - 2015-04-23 18:32 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-12-25 12:51 - 2015-05-03 08:05 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-12-25 12:51 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-12-25 12:50 - 2015-04-23 16:43 - 00451040 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2015-12-25 12:50 - 2015-04-23 16:42 - 00097648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys 2015-12-25 12:49 - 2015-04-23 16:43 - 00273784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys 2015-12-25 12:49 - 2015-04-23 16:43 - 00155304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2015-12-25 12:49 - 2015-04-23 16:43 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2015-12-25 12:49 - 2015-04-23 16:43 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2015-12-25 12:49 - 2015-04-23 16:42 - 01055560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2015-12-25 12:49 - 2015-04-23 16:42 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2015-12-25 12:49 - 2015-04-23 16:42 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys 2015-12-25 12:35 - 2015-05-04 15:55 - 00000000 ____D C:\Users\Nancy\Desktop\2015 - St. Pete's Sp.Ed 2015-12-25 12:19 - 2009-07-13 21:13 - 00786194 _____ C:\Windows\system32\PerfStringBackup.INI 2015-12-25 12:19 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf 2015-12-25 12:16 - 2015-09-11 13:55 - 00000000 ____D C:\Users\Nancy\AppData\Roaming\vlc 2015-12-20 12:35 - 2015-05-04 15:55 - 00000000 ____D C:\Users\Nancy\Desktop\2015-16 Bay Area 2015-12-20 12:34 - 2015-05-04 14:19 - 00000000 ____D C:\Users\Nancy\Documents\P 2015-12-18 13:27 - 2015-11-18 14:19 - 00000000 ____D C:\Users\Nancy\AppData\Roaming\HpUpdate 2015-12-16 14:39 - 2015-09-21 09:43 - 00000000 ____D C:\Users\Nancy\Desktop\stuff 2015-12-16 14:13 - 2015-01-08 06:40 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2015-12-16 14:06 - 2015-05-03 07:44 - 00000000 ____D C:\Program Files\Microsoft Office 15 2015-12-15 22:40 - 2015-05-04 07:57 - 00000000 ___SD C:\Windows\SysWOW64\GWX 2015-12-15 22:40 - 2015-05-04 07:57 - 00000000 ___SD C:\Windows\system32\GWX 2015-12-14 15:50 - 2015-05-08 10:36 - 00002175 _____ C:\Users\Nancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk 2015-12-12 13:38 - 2015-02-06 15:38 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-12-12 13:38 - 2015-02-06 15:38 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-12-12 13:38 - 2015-02-06 15:38 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-12-11 17:45 - 2012-10-01 11:26 - 00000000 ____D C:\Windows\Panther 2015-12-10 13:57 - 2015-05-04 14:17 - 00000000 ____D C:\Users\Nancy\Documents\A 2015-12-10 13:54 - 2015-08-10 13:05 - 00602112 _____ C:\Users\Nancy\Documents\FMP13 Viewing Data.fmp12 2015-12-10 13:54 - 2015-08-10 13:05 - 00212992 _____ C:\Users\Nancy\Documents\FMP13 Layouts.fmp12 2015-12-10 13:54 - 2014-04-17 12:09 - 10473472 _____ C:\Users\Nancy\Documents\FMP13 Getting Started.fmp12 2015-12-10 11:34 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache 2015-12-10 10:53 - 2015-10-30 01:42 - 00000000 ___HD C:\$WINDOWS.~BT 2015-12-10 03:43 - 2009-07-13 20:45 - 00462368 _____ C:\Windows\system32\FNTCACHE.DAT 2015-12-10 03:21 - 2015-05-04 13:59 - 00000000 ____D C:\Windows\system32\MRT 2015-12-10 03:05 - 2015-05-04 13:59 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-12-09 13:05 - 2015-01-08 06:33 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk 2015-12-09 13:03 - 2015-07-20 20:30 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2015-12-06 13:23 - 2015-09-11 14:00 - 00000000 ____D C:\Users\Nancy\AppData\Roaming\Apple Computer 2015-12-06 12:25 - 2015-06-05 11:46 - 00000000 ____D C:\Users\Nancy\AppData\Local\CrashDumps 2015-12-04 12:02 - 2015-01-08 06:40 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2015-12-04 12:02 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared 2015-12-03 18:31 - 2015-05-03 08:05 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-12-03 18:31 - 2015-05-03 08:05 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-12-03 12:25 - 2015-05-03 12:06 - 00000000 ____D C:\Users\Nancy\AppData\Roaming\Skype 2015-12-03 10:52 - 2015-05-03 12:06 - 00000000 ____D C:\ProgramData\Skype 2015-12-03 10:36 - 2015-05-04 14:20 - 00000000 ____D C:\Users\Nancy\Documents\UVWXYZ 2015-12-02 13:18 - 2010-11-20 19:27 - 00301728 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe ==================== Files in the root of some directories ======= 2015-05-06 09:15 - 2015-05-06 09:15 - 0000000 _____ () C:\Users\Nancy\AppData\Local\{02324D99-2CBD-44E4-A5D6-1EB1D5299FA7} 2015-07-07 11:59 - 2015-07-07 12:00 - 0000000 _____ () C:\Users\Nancy\AppData\Local\{74B210C6-CAF2-4624-A4EF-75806F9D36AE} 2015-11-18 14:17 - 2015-11-18 14:17 - 0000057 _____ () C:\ProgramData\Ament.ini 2015-07-20 19:53 - 2015-07-20 19:53 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2015-02-20 12:51 - 2015-02-20 12:51 - 0000952 ___SH () C:\ProgramData\KGyGaAvL.sys Some files in TEMP: ==================== C:\Users\Nancy\AppData\Local\Temp\BingSvc.exe C:\Users\Nancy\AppData\Local\Temp\BSvcProcessor.exe C:\Users\Nancy\AppData\Local\Temp\BSvcUpdater.exe C:\Users\Nancy\AppData\Local\Temp\nitro_pro8_x64.exe C:\Users\Nancy\AppData\Local\Temp\{A7F20DB5-21D2-4C66-9AFC-138EFD1B2983}-44.0.2403.157_44.0.2403.125_chrome_updater.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-12-20 11:28 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version:25-12-2015 Ran by Nancy (2015-12-25 15:18:46) Running from C:\Users\Nancy\Downloads Windows 7 Professional Service Pack 1 (X64) (2015-02-20 20:37:07) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3978699618-3184049334-1933831361-500 - Administrator - Disabled) Guest (S-1-5-21-3978699618-3184049334-1933831361-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3978699618-3184049334-1933831361-1002 - Limited - Enabled) Nancy (S-1-5-21-3978699618-3184049334-1933831361-1000 - Administrator - Enabled) => C:\Users\Nancy ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated) Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.228 - Adobe Systems Incorporated) Adobe Reader X (10.1.16) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.16 - Adobe Systems Incorporated) Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2245 - AVAST Software) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Burn.Now 4.5 (x32 Version: 4.5.0 - Corel Corporation) Hidden Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation) Corel DVD MovieFactory 7 (x32 Version: 7.0.0 - Corel Corporation) Hidden Corel DVD MovieFactory Lenovo Edition (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation) Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.6.392 - Corel Inc.) Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - ) Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.17 - Dolby Laboratories Inc) FileMaker Pro 13 (HKLM-x32\...\{EA92821A-03A5-4B00-85F4-834BBD8ABC24}_FileMaker) (Version: 13.0.3.0 - FileMaker, Inc.) FileMaker Pro 13 (x32 Version: 13.0.3.0 - FileMaker, Inc.) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.) Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google) Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google) Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden HP ENVY 4500 series Basic Device Software (HKLM\...\{6915424E-704F-4F5D-9057-9C7B406B36DB}) (Version: 32.3.198.49673 - Hewlett-Packard Co.) HP ENVY 4500 series Help (HKLM-x32\...\{95BECC50-22B4-4FCA-8A2E-BF77713E6D3A}) (Version: 30.0.0 - Hewlett Packard) HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden Integrated Camera Driver Installer Package Ver.1.2.1.18 (HKLM-x32\...\{A78800AF-1779-4AE8-8EBE-16E1BE727C71}) (Version: 1.2.1.18 - RICOH) Intel Driver Update Utility (HKLM-x32\...\{45076b94-d6e6-41ae-abd0-609e78177aee}) (Version: 2.1.0.17 - Intel) Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Driver Update Utility 2.1 (x32 Version: 2.1.0.17 - Intel) Hidden Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.3.1427 - Intel Corporation) Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 18.7 - Intel) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2843 - Intel Corporation) Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.9.254 - Intel Corporation) Intel(R) WiDi (HKLM\...\{728985C5-A04B-457C-9D62-15360F3EAF85}) (Version: 3.1.29.0 - Intel Corporation) Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - ) Intel® PROSet/Wireless Software (HKLM-x32\...\{a9888f41-68ae-43df-bd7d-d93405a44106}) (Version: 17.13.11 - Intel Corporation) Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation) iTunes (HKLM\...\{BFEAB774-C7DC-4032-B05A-DA5F7CB7B365}) (Version: 12.2.2.25 - Apple Inc.) Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 2.15 - Lenovo) Lenovo Patch Utility (HKLM-x32\...\{6E6E7725-C7BC-4C39-8B3F-14B67331A120}) (Version: 1.3.0.9 - Lenovo Group Limited) Lenovo Patch Utility 64 bit (HKLM\...\{ABE4638D-D208-4061-9F26-E3E11E3A1E0C}) (Version: 1.3.1.1 - Lenovo Group Limited) Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.10.17 - Lenovo) Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes) Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4779.1002 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3978699618-3184049334-1933831361-1000\...\OneDriveSetup.exe) (Version: 17.3.6281.1202 - Microsoft Corporation) Microsoft Touch Pack for Windows 7 (HKLM-x32\...\{8FF90DB8-6DED-44A3-B182-244FEC09012F}) (Version: 1.0.40517.00 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation) Mozilla Firefox 37.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 en-US)) (Version: 37.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0.1 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Nitro Pro 8 (HKLM\...\{7E9123BE-E96E-46EF-A097-6EEC2065F752}) (Version: 8.5.5.2 - Nitro) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4779.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4779.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4779.1002 - Microsoft Corporation) Hidden On Screen Display (HKLM\...\OnScreenDisplay) (Version: 8.60.00 - ) Product Improvement Study for HP ENVY 4500 series (HKLM\...\{58139103-BACF-4BDC-B71C-955F9164ADA6}) (Version: 32.3.198.49673 - Hewlett-Packard Co.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7040 - Realtek Semiconductor Corp.) Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - ) RICOH_Media_Driver_v2.14.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.14.18.01 - RICOH) Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation) Skype™ 7.14 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.14.106 - Skype Technologies S.A.) ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.4500 - Broadcom Corporation) ThinkPad Tablet Button Driver (HKLM-x32\...\{26903C89-780A-463E-8CBD-E47A73927254}) (Version: 1.04 - ) ThinkPad Tablet Shortcut Menu (HKLM-x32\...\{9a2db59f-091a-40b4-958d-1c8264624126}) (Version: 6.33 - Lenovo) ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.14 - ) VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN) Windows Driver Package - Intel (e1cexpress) Net (01/11/2012 11.15.16.0) (HKLM\...\EC2A0F2B229770EC589265FCF2B4839A0C221993) (Version: 01/11/2012 11.15.16.0 - Intel) Windows Driver Package - Intel System (01/11/2012 9.3.0.1020) (HKLM\...\09839A9B5EDA69DA2DCC34637B5140AAF8A53B44) (Version: 01/11/2012 9.3.0.1020 - Intel) Windows Driver Package - Intel System (08/26/2011 9.3.0.1011) (HKLM\...\9D7CD466F7FC8B18FF1B84943B7BB8648D17FCE8) (Version: 08/26/2011 9.3.0.1011 - Intel) Windows Driver Package - Intel System (08/26/2011 9.3.0.1011) (HKLM\...\D8EF6CACF49BD33CC1FACD124C8CC2B1A8E8AE35) (Version: 08/26/2011 9.3.0.1011 - Intel) Windows Driver Package - Intel USB (08/26/2011 9.3.0.1011) (HKLM\...\97EE1802A0385A37DE6323FA39EC76BEB2D73E41) (Version: 08/26/2011 9.3.0.1011 - Intel) Windows Driver Package - Lenovo 1.65.05.20 (02/29/2012 1.65.05.20) (HKLM\...\E3535F123E7F666D573665142F90D3E5004DC326) (Version: 02/29/2012 1.65.05.20 - Lenovo) Windows Driver Package - Synaptics (SynTP) Mouse (04/06/2012 16.1.1.0) (HKLM\...\64B3C27E4CF7B6AD920184EFFF6C488C55EF2892) (Version: 04/06/2012 16.1.1.0 - Synaptics) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3978699618-3184049334-1933831361-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Nancy\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileCoAuthLib64.dll () CustomCLSID: HKU\S-1-5-21-3978699618-3184049334-1933831361-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Nancy\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3978699618-3184049334-1933831361-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> "C:\Windows\system32\igfxEM.exe" => No File ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {06FD4A87-AFCE-4140-BA67-1CD851D66CF6} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-12-15] (Microsoft Corporation) Task: {0EA1F14F-CE10-4648-BC21-46B756D611E7} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation) Task: {180A4CBA-7B89-4169-BA99-79AF861891D7} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation) Task: {31482ABC-C172-408A-A7F4-7C3911644A37} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo) Task: {4277EF66-6522-4E73-8BCB-B10E7D9CBD74} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2015-12-15] (AVAST Software) Task: {43922215-83F9-48BB-BC66-EB82D4D74564} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe Task: {4A8B8358-D907-4BF0-8758-37FE0171730F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-03] (Google Inc.) Task: {4C9E15E5-573C-4C0D-98C2-E1933DA6849C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated) Task: {4D1B6365-6060-4F58-A1AC-BDCF37048962} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-12-25] (AVAST Software) Task: {517ACC39-79A4-40F4-A618-2426956524E8} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\WSCStub.exe Task: {5E3BE7D1-8D02-4882-8745-87B885EF349B} - System32\Tasks\HPCustParticipation HP ENVY 4500 series => C:\Program Files\HP\HP ENVY 4500 series\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP) Task: {6F1F630C-967B-4720-9184-7C0F4143BF46} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-12] (Adobe Systems Incorporated) Task: {718BF44B-079E-4864-B6AF-DF53C64DCCF8} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation) Task: {7E662D85-A26B-4FB5-A5C7-02B2093F0DFE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-03] (Google Inc.) Task: {8AEB5DF9-6887-4591-9F41-EE157573BFE7} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe Task: {97BAE852-01EE-4ADA-95E5-C11465D4D897} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\SymErr.exe Task: {C9988224-BE9A-4791-B38B-F64DE1442FB7} - System32\Tasks\DiskUpdate => C:\SWTOOLS\OSFIXES\DISKUPDT\DiskUpdate.exe [2009-02-09] () Task: {FD98AB83-D0A2-41F2-A1FC-3FAA37C2A3D3} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation) Task: {FDC84440-75BE-477A-8A72-40B5DF16158C} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\SymErr.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2015-05-15 15:26 - 2015-05-15 15:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2015-05-15 15:26 - 2015-05-15 15:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2015-05-04 10:05 - 2015-11-24 10:40 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2015-05-04 10:02 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2015-01-08 06:30 - 2012-03-18 22:09 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2015-01-08 06:30 - 2012-03-20 18:05 - 00051776 _____ () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe 2015-12-25 12:49 - 2015-12-25 12:49 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll 2015-12-25 12:49 - 2015-12-25 12:49 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2015-12-25 10:20 - 2015-12-25 10:20 - 02806272 _____ () C:\Program Files\AVAST Software\Avast\defs\15122505\algo.dll 2015-12-25 12:49 - 2015-12-25 12:49 - 00469008 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll 2015-12-25 12:49 - 2015-12-25 12:49 - 00241896 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll 2015-05-04 10:02 - 2015-05-04 10:02 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll 2015-12-25 12:49 - 2015-12-25 12:49 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2015-05-04 10:05 - 2015-05-04 10:05 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll 2015-01-08 06:28 - 2012-02-20 19:09 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Windows:nlsPreferences ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3978699618-3184049334-1933831361-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Nancy\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 75.75.75.75 - 75.75.76.76 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [{52C8AF3C-EEDB-40D5-B40E-980D6FEAED77}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe FirewallRules: [{8E1C6F3F-648F-49E2-A6A6-6FDA27E1BDC3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{4A05EB58-18E7-4F0B-9313-D6E4853C9A18}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{1E07D8D3-B3A5-4C17-8960-CA6E306C252B}] => (Allow) C:\Users\Nancy\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe FirewallRules: [{4E6CE2FC-8268-4D14-A29B-545997E8FD6B}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{2A6B11E3-1177-44F0-8D90-5CF0EF1679C8}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe FirewallRules: [{C5FBFAFA-F3AC-4E07-9DC4-A757A41CD9B1}] => (Allow) C:\Users\Nancy\AppData\Local\Microsoft\OneDrive\OneDrive.exe FirewallRules: [{A6F3CE01-E5A7-465B-8D84-5CADAAFB343C}] => (Allow) C:\Users\Nancy\AppData\Local\Temp\7zS8196.tmp\SymNRT.exe FirewallRules: [{7945B5FA-F52C-4297-8301-F8A5D015A40B}] => (Allow) C:\Users\Nancy\AppData\Local\Temp\7zS8196.tmp\SymNRT.exe FirewallRules: [{D19D116A-6D86-4DB7-94CF-0E4202A1EF79}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe FirewallRules: [{FEB7CBCC-25ED-42EE-9757-9249AD14ED88}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe FirewallRules: [{5917F57B-348C-456B-8004-11D6CDD962DE}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe FirewallRules: [{24D6BFA5-E45B-41C7-B789-38BE9EC02CA3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{C5C972A2-CEFE-4903-9884-D2CDC1E0D77F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{31C72947-DCCD-43AE-A1D1-13CAA3BC3F02}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{975D0954-FC29-490A-8257-0250DB7F10A2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [TCP Query User{D62EC980-4DCF-4914-8909-629334957BDF}C:\program files (x86)\filemaker\filemaker pro 13\filemaker pro.exe] => (Allow) C:\program files (x86)\filemaker\filemaker pro 13\filemaker pro.exe FirewallRules: [UDP Query User{5B6E74BF-B235-42A7-979B-D81F06C358C2}C:\program files (x86)\filemaker\filemaker pro 13\filemaker pro.exe] => (Allow) C:\program files (x86)\filemaker\filemaker pro 13\filemaker pro.exe FirewallRules: [TCP Query User{172F27EA-CCD1-4EFE-A233-3D3C4A655495}C:\program files (x86)\filemaker\filemaker pro 13\filemaker pro.exe] => (Allow) C:\program files (x86)\filemaker\filemaker pro 13\filemaker pro.exe FirewallRules: [UDP Query User{5E091BF3-7C86-47AF-AE27-9B89D856C7D9}C:\program files (x86)\filemaker\filemaker pro 13\filemaker pro.exe] => (Allow) C:\program files (x86)\filemaker\filemaker pro 13\filemaker pro.exe FirewallRules: [{8900D893-5CA1-4878-A789-F67691CAF24F}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{E6D8B136-3CC4-44DA-8538-4ABD3AFC1F13}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\DeviceSetup.exe FirewallRules: [{9969B1B6-0E4D-4184-829F-41CCBD9D6BD0}] => (Allow) LPort=5357 FirewallRules: [{7B900013-8FAF-4F0D-A97A-A22464513E6D}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe FirewallRules: [{4F00177D-DDF4-43E2-BF3E-E987DEC83ADC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 15-12-2015 04:04:13 Windows Update 15-12-2015 22:40:05 Windows Update 21-12-2015 22:44:54 Windows Update 25-12-2015 11:00:44 Windows Update 25-12-2015 12:40:08 JRT Pre-Junkware Removal ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (12/25/2015 12:51:27 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/25/2015 12:50:11 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "Avast.VC110.DebugCRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"1". Dependent Assembly Avast.VC110.DebugCRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (12/25/2015 12:45:58 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/25/2015 12:37:49 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (12/25/2015 10:30:53 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -2143485946 Error: (12/25/2015 10:30:53 AM) (Source: Microsoft Office 15) (EventID: 2011) (User: ) Description: Office Subscription licensing exception: Error Code: 0x803D0006; CorrelationId: {27164FBD-F8C8-4152-8F68-8919DCED8B01} Error: (12/25/2015 10:29:05 AM) (Source: ESENT) (EventID: 490) (User: ) Description: wuaueng.dll (1148) SUS20ClientDataStore: An attempt to open the file "C:\Windows\SoftwareDistribution\DataStore\DataStore.edb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8). Error: (12/25/2015 10:28:55 AM) (Source: ESENT) (EventID: 490) (User: ) Description: wuaueng.dll (1148) SUS20ClientDataStore: An attempt to open the file "C:\Windows\SoftwareDistribution\DataStore\DataStore.edb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8). Error: (12/23/2015 10:53:53 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "Avast.VC110.DebugCRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1"1". Dependent Assembly Avast.VC110.DebugCRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (12/22/2015 08:18:55 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 14664 System errors: ============= Error: (12/25/2015 12:52:27 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC) Error: (12/25/2015 12:52:26 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (12/25/2015 12:51:29 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: cdrom Error: (12/25/2015 12:47:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Windows Media Player Network Sharing Service service failed to start due to the following error: %%1053 Error: (12/25/2015 12:47:25 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect. Error: (12/25/2015 12:46:49 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC) Error: (12/25/2015 12:46:48 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (12/25/2015 12:45:54 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: cdrom Error: (12/25/2015 12:39:01 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: ) Description: WMPNetworkSvc0x80004005 Error: (12/25/2015 12:38:37 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC) CodeIntegrity: =================================== Date: 2015-12-03 10:55:54.031 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-12-03 10:54:37.886 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-12-03 10:54:22.751 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-11-23 11:38:54.316 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-11-23 11:38:50.622 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-10-19 16:37:24.902 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-10-19 16:32:42.898 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-10-19 16:31:58.805 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-10-07 10:02:55.171 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2015-10-07 10:02:48.611 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-3520M CPU @ 2.90GHz Percentage of memory in use: 51% Total physical RAM: 3791.8 MB Available physical RAM: 1829.23 MB Total Virtual: 7581.8 MB Available Virtual: 5192.4 MB ==================== Drives ================================ Drive c: (Windows7_OS) (Fixed) (Total:420.67 GB) (Free:73.13 GB) NTFS ==>[system with boot components (obtained from drive)] Drive d: (SYSTEM RESERVED) (Fixed) (Total:13.72 GB) (Free:13.63 GB) NTFS Drive q: (Lenovo_Recovery) (Fixed) (Total:29.91 GB) (Free:16.46 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: ADAAE04B) Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=420.7 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=29.9 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=13.7 GB) - (Type=05) ==================== End of Addition.txt ============================
  13. Okay I have given him the instructions exactly as specified. He's a bit uh, scatterbrained though so most likely I'll have to go up there an run these tests for him.
  14. It's better than it was right? An would it be a bad idea to install Cryptoprevent after we declare it all clean?
  15. Okay the renter has expressed interest in making sure his computer is all clean and good to go before he'll give me the chocolate cake he promised. That being the case I had him run FRST, just cause it's been a few months. Here are the logs. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:01-12-2015 Ran by Administrator (administrator) on DIRK-1027E4026E (04-12-2015 06:20:19) Running from C:\Documents and Settings\Administrator\My Documents\Downloads Loaded Profiles: Administrator (Available Profiles: Administrator) Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States) Internet Explorer Version 8 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Zemana Ltd.) C:\Program Files\Zemana AntiMalware\ZAM.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6133520 2015-11-06] (AVAST Software) HKU\S-1-5-21-1801674531-1677128483-1417001333-500\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6453528 2015-07-17] (Piriform Ltd) HKU\S-1-5-21-1801674531-1677128483-1417001333-500\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssmyst.scr [18944 2008-04-14] (Microsoft Corporation) HKU\S-1-5-18\...\Run: [DWQueuedReporting] => c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [437160 2007-02-26] (Microsoft Corporation) HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> (None) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-10-04] (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 Tcpip\..\Interfaces\{D1808A96-80E9-4650-AD35-DDB0B389455D}: [DhcpNameServer] 75.75.75.75 75.75.76.76 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKU\S-1-5-21-1801674531-1677128483-1417001333-500\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-10-27] (Google Inc.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-10-27] (Google Inc.) DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1292600332406 DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bin646ct.default FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] () FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google) FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-16] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-16] (Oracle Corporation) FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [No File] FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=15.0.6.14 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2012-11-05] (RealNetworks, Inc.) FF Plugin: @real.com/nprjplug;version=15.0.6.14 -> c:\program files\real\realplayer\Netscape6\nprjplug.dll [2012-11-05] (RealNetworks, Inc.) FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-11-05] (RealNetworks, Inc.) FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-11-05] (RealNetworks, Inc.) FF Plugin: @real.com/nprpplugin;version=15.0.6.14 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll [2012-11-05] (RealPlayer) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.) FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF Extension: RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-11-05] [not signed] FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF HKLM\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-01-14] [not signed] Chrome: ======= CHR StartupUrls: Default -> "hxxps://www.google.com/" CHR Profile: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2015-08-07] CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-07] CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-11-05] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-10-04] (AVAST Software) S4 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-10-19] (Oracle Corporation) S4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) S3 WmdmPmSN; C:\WINDOWS\system32\MsPMSNSv.dll [27136 2006-10-18] (Microsoft Corporation) [File not signed] R2 ZAMSvc; C:\Program Files\Zemana AntiMalware\ZAM.exe [12312432 2015-07-23] (Zemana Ltd.) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 A5AGU; C:\WINDOWS\System32\DRIVERS\A5AGU.sys [347648 2006-09-21] (D-Link Corporation) R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24016 2015-10-04] (AVAST Software) R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [76000 2015-10-04] (AVAST Software) R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-10-04] (AVAST Software) R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49776 2015-10-04] (AVAST Software) R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [794952 2015-11-06] (AVAST Software) R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [435464 2015-11-06] (AVAST Software) R3 aswStmXP; C:\WINDOWS\system32\drivers\aswStmXP.sys [157888 2015-10-04] (AVAST Software) S3 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57888 2015-10-04] (AVAST Software) R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [208664 2015-10-04] (AVAST Software) R3 E1000; C:\WINDOWS\System32\DRIVERS\e1000325.sys [163840 2005-06-29] (Intel Corporation) R2 fssfltr; C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys [54760 2010-04-28] (Microsoft Corporation) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation) S3 trufos; C:\WINDOWS\System32\drivers\trufos.sys [343456 2015-08-08] (BitDefender S.R.L.) R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard32.sys [97560 2015-08-09] (Zemana Ltd.) S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam32.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-11-17 20:09 - 2015-11-17 20:10 - 00000000 ____D C:\b26ab4e47eb4b2244d3a42 2015-11-16 11:25 - 2015-11-16 11:36 - 00000000 ____D C:\c0d001dab2c8476e77 ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-12-04 06:23 - 2015-08-08 10:38 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp 2015-12-04 06:20 - 2015-08-07 10:12 - 00000000 ____D C:\FRST 2015-12-04 06:03 - 2015-10-27 11:52 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-12-04 05:17 - 2015-08-09 09:58 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job 2015-12-04 02:03 - 2015-10-27 11:52 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-12-03 11:03 - 2010-12-17 07:12 - 00032510 _____ C:\WINDOWS\SchedLgU.Txt 2015-12-03 08:14 - 2015-08-06 09:22 - 00001819 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk 2015-12-02 09:51 - 2010-12-17 07:12 - 00000000 ___RD C:\Documents and Settings\Administrator\My Documents 2015-11-29 12:01 - 2008-04-14 04:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl 2015-11-29 12:00 - 2012-11-16 01:32 - 00000000 __SHD C:\WINDOWS\CSC 2015-11-29 12:00 - 2010-12-17 07:12 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-11-29 11:54 - 2010-12-17 07:12 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini 2015-11-29 11:49 - 2010-12-18 16:04 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Google 2015-11-24 20:41 - 2013-08-31 06:59 - 00001641 _____ C:\Documents and Settings\Administrator\Desktop\Kindle.lnk 2015-11-24 20:41 - 2011-12-09 20:26 - 00000000 ____D C:\Program Files\Amazon 2015-11-20 19:14 - 2010-12-17 07:12 - 00000000 ___RD C:\Documents and Settings\Administrator\My Documents\My Pictures 2015-11-17 00:09 - 2012-11-16 06:16 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\My Kindle Content 2015-11-16 11:47 - 2010-12-17 07:12 - 00000000 ____D C:\Documents and Settings\Administrator 2015-11-06 13:11 - 2010-12-16 06:00 - 00554210 ____C C:\WINDOWS\system32\PerfStringBackup.INI 2015-11-06 12:28 - 2015-08-09 09:57 - 00794952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys 2015-11-06 12:28 - 2015-08-09 09:57 - 00435464 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys Some files in TEMP: ==================== C:\Documents and Settings\Administrator\Local Settings\Temp\dllnt_dump.dll Some zero byte size files/folders: ========================== C:\Windows\logo_1.exe C:\Windows\RUNDL132.EXE C:\Windows\VDLL.DLL C:\Windows\System32\runouce.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x86) Version:01-12-2015 Ran by Administrator (2015-12-04 06:24:19) Running from C:\Documents and Settings\Administrator\My Documents\Downloads Microsoft Windows XP Professional Service Pack 3 (X86) (2010-12-17 15:02:03) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1801674531-1677128483-1417001333-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator Guest (S-1-5-21-1801674531-1677128483-1417001333-501 - Limited - Disabled) HelpAssistant (S-1-5-21-1801674531-1677128483-1417001333-1000 - Limited - Disabled) SUPPORT_388945a0 (S-1-5-21-1801674531-1677128483-1417001333-1002 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Enabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) AC3Filter (remove only) (HKLM\...\AC3Filter) (Version: - ) Across Lite (HKLM\...\{975EA987-5D79-4A1C-AD71-D27B28347B48}) (Version: 2.0.5 - Literate Software) Amazon Kindle (HKLM\...\Amazon Kindle) (Version: 1.13.1.42052 - Amazon) Amazon Music (HKU\S-1-5-21-1801674531-1677128483-1417001333-500\...\Amazon Amazon Music) (Version: 3.9.5.820 - Amazon Services LLC) Apple Application Support (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{C0CC75CD-F5B7-46AD-B016-17C0F5171718}) (Version: 8.0.0.23 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Avast Free Antivirus (HKLM\...\Avast) (Version: 10.4.2233 - AVAST Software) CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform) ChessDB 3.6.19 beta 1 (HKLM\...\ChessDB_is1) (Version: - Dr. David Kirkby) Defraggler (HKLM\...\Defraggler) (Version: 2.19 - Piriform) DFX for Windows Media Player (HKLM\...\DFX for Windows Media Player) (Version: 9.304.0.0 - Power Technology) Google Chrome (HKLM\...\Google Chrome) (Version: 47.0.2526.73 - Google Inc.) Google Earth (HKLM\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google) Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6904.2028 - Google Inc.) Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (Version: 1.3.29.1 - Google Inc.) Hidden Intel(R) Extreme Graphics 2 Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4396 - ) Intel(R) PRO Network Connections Drivers (HKLM\...\PROSet) (Version: - ) iTunes (HKLM\...\{F32DC846-4457-40A8-BECA-BCC0E960BC53}) (Version: 11.4.0.18 - Apple Inc.) Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle) Java 8 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation) Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation) Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation) Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation) Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation) Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation) RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden RealPlayer (HKLM\...\RealPlayer 15.0) (Version: 15.0.6 - RealNetworks) RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden Safari (HKLM\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.) Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden Sonic CinePlayer DVD Pack (HKLM\...\{D4576E0D-2295-4B8E-B663-B68086B00EE5}) (Version: 2.3.1 - Sonic Solutions) SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: - ) WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation) Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation) Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation) Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation) Windows Media DRM Reset (HKLM\...\ResetDRM) (Version: - ) Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - ) Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - ) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= 29-11-2015 03:00:29 Software Distribution Service 3.0 29-11-2015 11:45:56 Software Distribution Service 3.0 29-11-2015 11:54:49 Software Distribution Service 3.0 30-11-2015 13:51:42 System Checkpoint 01-12-2015 21:42:42 System Checkpoint 02-12-2015 22:11:43 System Checkpoint 03-12-2015 22:16:31 System Checkpoint ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-08-08 11:39 - 2015-08-08 17:36 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2015-08-09 09:57 - 2015-10-04 16:16 - 00103376 _____ () C:\Program Files\AVAST Software\Avast\log.dll 2015-08-09 09:57 - 2015-10-04 16:15 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2015-11-29 11:50 - 2015-11-29 11:50 - 02996736 _____ () C:\Program Files\AVAST Software\Avast\defs\15112901\algo.dll 2015-12-04 04:16 - 2015-12-04 04:16 - 02802176 _____ () C:\Program Files\AVAST Software\Avast\defs\15120402\algo.dll 2015-08-09 09:57 - 2015-10-04 16:16 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2008-04-14 04:00 - 2008-04-14 04:00 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll 2008-04-14 04:00 - 2008-04-14 04:00 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll 2014-10-19 06:54 - 2014-02-10 12:44 - 04592128 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll 2014-10-19 06:54 - 2014-02-10 12:44 - 00112128 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\11082778.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\11082778.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\.DEFAULT\...\123topsearch.com -> www.123topsearch.com IE restricted site: HKU\.DEFAULT\...\125sms.co.uk -> www.125sms.co.uk IE restricted site: HKU\.DEFAULT\...\125sms.com -> www.125sms.com IE restricted site: HKU\.DEFAULT\...\12w.net -> download-video.12w.net IE restricted site: HKU\.DEFAULT\...\132.com -> www.132.com IE restricted site: HKU\.DEFAULT\...\1337-crew.to -> www.1337-crew.to IE restricted site: HKU\.DEFAULT\...\1337crew.info -> www.1337crew.info IE restricted site: HKU\.DEFAULT\...\136136.net -> down.136136.net IE restricted site: HKU\.DEFAULT\...\150freesms.de -> www.150freesms.de IE restricted site: HKU\.DEFAULT\...\163ns.com -> ert0003.e76.163ns.com IE restricted site: HKU\.DEFAULT\...\17-plus.com -> 17-plus.com IE restricted site: HKU\.DEFAULT\...\171203.com -> 171203.com IE restricted site: HKU\.DEFAULT\...\17concepts.info -> www.17concepts.info IE restricted site: HKU\.DEFAULT\...\1800searchonline.com -> www.1800searchonline.com IE restricted site: HKU\.DEFAULT\...\180searchassistant.com -> www.180searchassistant.com IE restricted site: HKU\.DEFAULT\...\180solutions.com -> bis.180solutions.com IE restricted site: HKU\.DEFAULT\...\1987324.com -> www.1987324.com IE restricted site: HKU\.DEFAULT\...\1gb.ru -> people.1gb.ru IE restricted site: HKU\.DEFAULT\...\1ghporn.info -> www.1ghporn.info IE restricted site: HKU\.DEFAULT\...\1importantiamreal.com -> www.1importantiamreal.com There are 7847 more sites. IE restricted site: HKU\S-1-5-21-1801674531-1677128483-1417001333-500\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-1801674531-1677128483-1417001333-500\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-1801674531-1677128483-1417001333-500\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-1801674531-1677128483-1417001333-500\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-1801674531-1677128483-1417001333-500\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-1801674531-1677128483-1417001333-500\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-1801674531-1677128483-1417001333-500\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-1801674531-1677128483-1417001333-500\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-1801674531-1677128483-1417001333-500\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-1801674531-1677128483-1417001333-500\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-1801674531-1677128483-1417001333-500\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-1801674531-1677128483-1417001333-500\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-1801674531-1677128483-1417001333-500\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-1801674531-1677128483-1417001333-500\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-1801674531-1677128483-1417001333-500\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-1801674531-1677128483-1417001333-500\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-1801674531-1677128483-1417001333-500\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-21-1801674531-1677128483-1417001333-500\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-1801674531-1677128483-1417001333-500\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-21-1801674531-1677128483-1417001333-500\...\123simsen.com -> www.123simsen.com There are 7867 more sites. ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1801674531-1677128483-1417001333-500\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp DNS Servers: 75.75.75.75 - 75.75.76.76 Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Sonic CinePlayer Quick Launch.lnk => C:\WINDOWS\pss\Sonic CinePlayer Quick Launch.lnkCommon Startup MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe MSCONFIG\startupreg: igfxhkcmd => C:\WINDOWS\system32\hkcmd.exe MSCONFIG\startupreg: igfxpers => C:\WINDOWS\system32\igfxpers.exe MSCONFIG\startupreg: igfxtray => C:\WINDOWS\system32\igfxtray.exe MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" MSCONFIG\startupreg: TkBellExe => "C:\program files\real\realplayer\update\realsched.exe" -osboot ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) DomainProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\wlcsdk.exe] => Enabled:Windows Live Call DomainProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\msnmsgr.exe] => Enabled:Windows Live Messenger StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Administrator\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe] => Disabled:Main program for Octoshape client StandardProfile\AuthorizedApplications: [C:\Program Files\Wyzo\wyzo.exe] => Disabled:Wyzo StandardProfile\AuthorizedApplications: [C:\Program Files\iTunes\iTunes.exe] => Enabled:iTunes StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Google Earth\plugin\geplugin.exe] => Enabled:Google Earth StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\sessmgr.exe] => Disabled:@xpsp2res.dll,-22019 StandardProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\wlcsdk.exe] => Disabled:Windows Live Call StandardProfile\AuthorizedApplications: [C:\Program Files\Internet Explorer\iexplore.exe] => Enabled:Internet Explorer StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\mmc.exe] => Enabled:Microsoft Management Console StandardProfile\AuthorizedApplications: [C:\WINDOWS\Network Diagnostic\xpnetdiag.exe] => Enabled:@xpsp3res.dll,-20000 StandardProfile\AuthorizedApplications: [C:\Program Files\File Type Assistant\TSAssist.exe] => Enabled:ProgramUpdateCheck StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Administrator\Application Data\Spotify\spotify.exe] => Enabled:Spotify StandardProfile\AuthorizedApplications: [C:\Program Files\TVUPlayer\TVUPlayer.exe] => Enabled:TVUPlayer Component StandardProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Messenger\msnmsgr.exe] => Enabled:Windows Live Messenger StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007 StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22008 ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (11/29/2015 00:01:35 PM) (Source: .NET Runtime Optimization Service) (EventID: 1111) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x80029c4a. Error: (11/29/2015 11:59:25 AM) (Source: .NET Runtime Optimization Service) (EventID: 1111) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x80029c4a. Error: (11/29/2015 11:41:50 AM) (Source: .NET Runtime Optimization Service) (EventID: 1111) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x80029c4a. Error: (11/29/2015 07:44:53 AM) (Source: .NET Runtime Optimization Service) (EventID: 1111) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x80029c4a. Error: (11/24/2015 07:29:22 PM) (Source: .NET Runtime Optimization Service) (EventID: 1111) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x80029c4a. Error: (11/24/2015 07:26:45 PM) (Source: .NET Runtime Optimization Service) (EventID: 1111) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x80029c4a. Error: (11/17/2015 08:13:20 PM) (Source: .NET Runtime Optimization Service) (EventID: 1111) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x80029c4a. Error: (11/17/2015 06:10:55 PM) (Source: .NET Runtime Optimization Service) (EventID: 1111) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x80029c4a. Error: (11/17/2015 06:09:08 PM) (Source: .NET Runtime Optimization Service) (EventID: 1111) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x80029c4a. Error: (11/17/2015 06:06:47 PM) (Source: .NET Runtime Optimization Service) (EventID: 1111) (User: ) Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Service reached limit of transient errors. Will shut down. Last error returned from Service Manager: 0x80029c4a. System errors: ============= Error: (12/03/2015 10:09:31 AM) (Source: Dhcp) (EventID: 1002) (User: ) Description: The IP address lease 10.0.0.2 for the Network Card with network address 002401114784 has been denied by the DHCP server 10.0.0.1 (The DHCP Server sent a DHCPNACK message). Error: (12/01/2015 08:09:49 PM) (Source: 0) (EventID: 7) (User: ) Description: \Device\CdRom0 Error: (12/01/2015 08:09:48 PM) (Source: 0) (EventID: 7) (User: ) Description: \Device\CdRom0 Error: (11/29/2015 00:00:58 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Windows Driver Foundation - User-mode Driver Framework service terminated with the following error: %%31 Error: (11/29/2015 11:58:55 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Windows Driver Foundation - User-mode Driver Framework service terminated with the following error: %%31 Error: (11/29/2015 11:41:11 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Windows Driver Foundation - User-mode Driver Framework service terminated with the following error: %%31 Error: (11/29/2015 07:44:16 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Windows Driver Foundation - User-mode Driver Framework service terminated with the following error: %%31 Error: (11/28/2015 00:38:37 PM) (Source: 0) (EventID: 7) (User: ) Description: \Device\CdRom0 Error: (11/28/2015 00:38:36 PM) (Source: 0) (EventID: 7) (User: ) Description: \Device\CdRom0 Error: (11/28/2015 00:38:35 PM) (Source: 0) (EventID: 7) (User: ) Description: \Device\CdRom0 ==================== Memory info =========================== Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz Percentage of memory in use: 73% Total physical RAM: 509.98 MB Available physical RAM: 134.47 MB Total Virtual: 1270.21 MB Available Virtual: 483.86 MB ==================== Drives ================================ Drive c: (Q121``) (Fixed) (Total:18.61 GB) (Free:4.34 GB) NTFS ==>[drive with boot components (Windows XP)] Drive d: (VERA_D1) (CDROM) (Total:4.14 GB) (Free:0 GB) UDF ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows XP) (Size: 18.6 GB) (Disk ID: 1D1D0202) Partition 1: (Active) - (Size=18.6 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================ I know Gus I know he ran it from Downloads but it was actually challenging just getting him to run the program in the first place.

WindowsInstructed Forums

Welcome on the WindowsInstructed Forums. If you have any Windows question or Malware related question then this is the place to be. All your connections are securely encrypted with our server so your privacy is protected as well!