Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

laptop's admin password appears to have been hijacked


  • This topic is locked This topic is locked
19 replies to this topic

#1 Artbroken

Artbroken

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:03:59 PM

Posted 29 August 2015 - 08:11 PM

Began having problems with popups despite having Norton installed. While attempting to remedy that issue, a user control box would pop up with the account name "temporarory" (spelled that way), and asking for administrator password for any attempted system changes or attempting to run antivirus programs. 

This is my sister's computer, and either she or someone has run FRST in the past. I was unable to run a fresh download, as Norton would remove it as soon as it was downloaded. But, the old FRST file (from July) seems to work just fine.

I also cannot shut Norton off, because of the admin password issue.

Here are the logs from FRST scan.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:29-08-2015
Ran by Speed (ATTENTION: The user is not administrator) on SPEED-PC (29-08-2015 20:56:59)
Running from C:\Users\Speed\Downloads
Loaded Profiles: Speed (Available Profiles: Speed & temporarory)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> wininit.exe
Failed to access process -> csrss.exe
Failed to access process -> services.exe
Failed to access process -> lsass.exe
Failed to access process -> lsm.exe
Failed to access process -> winlogon.exe
Failed to access process -> svchost.exe
Failed to access process -> SH4Service.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> wlanext.exe
Failed to access process -> conhost.exe
Failed to access process -> spoolsv.exe
Failed to access process -> svchost.exe
Failed to access process -> armsvc.exe
Failed to access process -> alotservice.exe
Failed to access process -> AppleMobileDeviceService.exe
Failed to access process -> mDNSResponder.exe
Failed to access process -> SkypeC2CAutoUpdateSvc.exe
Failed to access process -> SkypeC2CPNRSvc.exe
Failed to access process -> svchost.exe
Failed to access process -> fsssvc.exe
Failed to access process -> svchost.exe
Failed to access process -> nis.exe
Failed to access process -> ccSvcHst.exe
Failed to access process -> sftvsa.exe
Failed to access process -> svchost.exe
Failed to access process -> TODDSrv.exe
Failed to access process -> TosCoSrv.exe
Failed to access process -> WLIDSVC.EXE
Failed to access process -> 5qbarsvc.exe
Failed to access process -> sftlist.exe
Failed to access process -> WLIDSVCM.EXE
Failed to access process -> TecoService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\nis.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
() C:\Users\Speed\AppData\Roaming\Dashlane\DashlanePlugin.exe
(W3i, LLC) C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe
() C:\Program Files (x86)\Boost\BoostUpdater.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
Failed to access process -> CVHSVC.EXE
Failed to access process -> iPodService.exe
Failed to access process -> svchost.exe
Failed to access process -> SearchIndexer.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> TMachInfo.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
Failed to access process -> LMS.exe
(VER_COMPANY_NAME) C:\Program Files (x86)\Zwinky_5q\bar\1.bin\5qbrmon.exe
Failed to access process -> SymcPCCULaunchSvc.exe
Failed to access process -> svchost.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Sony Corporation) C:\Program Files (x86)\Sony\Bloggie Software\BGVolumeWatcher.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
Failed to access process -> TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
Failed to access process -> PresentationFontCache.exe
Failed to access process -> UNS.exe
Failed to access process -> TrustedInstaller.exe
() C:\Users\Speed\AppData\Roaming\Dashlane\Dashlane.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Failed to access process -> WmiPrvSE.exe
Failed to access process -> taskeng.exe
Failed to access process -> SearchProtocolHost.exe
Failed to access process -> SearchFilterHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe [3218792 2010-08-17] (Toshiba)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294712 2010-11-29] (TOSHIBA Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [BrowserSafeguard] => "C:\Program Files (x86)\BrowserSafeguard\BrowserSafeguard.exe"
HKLM-x32\...\Run: [BrowserSafeguard Update Task] => "C:\Program Files (x86)\BrowserSafeguard\uninstall.BrowserSafeguard.exe" /CheckUpdate=true
HKLM-x32\...\Run: [ITSecMng] => C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [83336 2009-07-22] (TOSHIBA CORPORATION)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4019636695-2809996151-3074566073-1000\...\Run: [BreezyConnector] => C:\Users\Speed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BreezyPrint Corporation\Breezy Connector.appref-ms
HKU\S-1-5-21-4019636695-2809996151-3074566073-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-4019636695-2809996151-3074566073-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-4019636695-2809996151-3074566073-1000\...\Run: [com.apple.dav.bookmarks.daemon] => C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
HKU\S-1-5-21-4019636695-2809996151-3074566073-1000\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1326408 2013-11-15] (Apple Inc.)
HKU\S-1-5-21-4019636695-2809996151-3074566073-1000\...\Run: [WeatherBug] => C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exe [146736 2014-04-01] ()
HKU\S-1-5-21-4019636695-2809996151-3074566073-1000\...\Run: [Dashlane] => C:\Users\Speed\AppData\Roaming\Dashlane\Dashlane.exe [227512 2015-07-22] ()
HKU\S-1-5-21-4019636695-2809996151-3074566073-1000\...\Run: [DashlanePlugin] => C:\Users\Speed\AppData\Roaming\Dashlane\DashlanePlugin.exe [285880 2015-07-22] ()
HKU\S-1-5-21-4019636695-2809996151-3074566073-1000\...\Run: [InstallIQUpdater] => C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe [1179648 2011-10-11] (W3i, LLC)
HKU\S-1-5-18\...\Run: [Exetender] => C:\Program Files (x86)\Free Ride Games\GPlayer.exe [4862384 2012-03-21] (Exent Technologies Ltd.)
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => No File
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => No File
Startup: C:\Users\Speed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BoostUpdater.lnk [2014-08-05]
ShortcutTarget: BoostUpdater.lnk -> C:\Program Files (x86)\Boost\BoostUpdater.exe ()
Startup: C:\Users\Speed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts App.lnk [2014-08-05]
ShortcutTarget: Severe Weather Alerts App.lnk -> C:\Users\Speed\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsApp.exe ()
Startup: C:\Users\Speed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts.lnk [2014-08-05]
ShortcutTarget: Severe Weather Alerts.lnk -> C:\Users\Speed\AppData\Local\SevereWeatherAlerts\SevereWeatherAlerts.exe (Weather Notifications, LLC)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-4019636695-2809996151-3074566073-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49544;https=127.0.0.1:49544
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10045&barid={80E6EA4E-E33A-11E2-B85D-E89A8F7D5244}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NIS&pvid=21.6.0.32
HKU\S-1-5-21-4019636695-2809996151-3074566073-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=SnapdoTT&dpid=SnapdoTT&co=US&userid=18e5db55-b241-4562-deb3-6b0a20b923a9&searchtype=ds&q={searchTerms}&installDate={installDate}&barcodeid={barcodeID}&um={UM}
HKU\S-1-5-21-4019636695-2809996151-3074566073-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.toshiba.com
URLSearchHook: HKU\S-1-5-21-4019636695-2809996151-3074566073-1000 - (No Name) - {cc2e2b99-14d3-4516-883c-9ea147f594ef} - C:\Program Files (x86)\Zwinky_5q\bar\1.bin\5qSrcAs.dll (MindSpark)
SearchScopes: HKLM -> DefaultScope {1ECBCAC7-F690-41E5-9FE1-DEC50FD2749A} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {1ECBCAC7-F690-41E5-9FE1-DEC50FD2749A} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_app_14_43_ch&cd=2XzuyEtN2Y1L1Qzu0FtB0D0Fzy0AyDzztDyEtCyEyBtDyCzztN0D0Tzu0StCtDtByEtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StBtAtByByCtC0ByDtGyC0F0AyEtG0EzyyBzztGyBtCtBzztGtCtCtB0C0BtDyC0BzztA0AtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCtAtC0ByC0D0FtBtGtAzz0A0CtGyEzz0D0CtG0A0F0B0EtGyBtCyCtD0BtDyDzzzztA0AtD2Q&cr=579581511&ir=
SearchScopes: HKLM-x32 -> DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10045&barid={80E6EA4E-E33A-11E2-B85D-E89A8F7D5244}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {5a15c091-f3c2-4c8f-8964-e3434a2a4a95} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZJxdm684YYus&ptnrS=ZJxdm684YYus&ptb=414F68EF-031B-435B-B459-F40B96C28A7C&ind=2012052116&n=77ed7a94&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM-x32 -> {9a3b19bb-9b55-4dd7-b8a2-fb2bad65cc3b} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=Z9xdm047YYus&ptnrS=Z9xdm047YYus&si=128449&ptb=7F9FC320-EBCC-4C6D-84AC-8BC50C2C3CCE&psa=&ind=2014110220&st=sb&n=780ce20c&searchfor={searchTerms}
SearchScopes: HKLM-x32 -> {D6A46094-01B9-47EB-8B84-AF9304B314CA} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM-x32 -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10045&barid={80E6EA4E-E33A-11E2-B85D-E89A8F7D5244}
SearchScopes: HKU\S-1-5-21-4019636695-2809996151-3074566073-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=U270DF&PC=U270&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4019636695-2809996151-3074566073-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=U270DF&PC=U270&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4019636695-2809996151-3074566073-1000 -> {1ECBCAC7-F690-41E5-9FE1-DEC50FD2749A} URL = 
SearchScopes: HKU\S-1-5-21-4019636695-2809996151-3074566073-1000 -> {A6863B15-AF4B-4B3C-BC7B-4E3403C604E1} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
BHO: Cinema-Plus-1.2c -> {11111111-1111-1111-1111-110611171162} -> C:\Program Files (x86)\Cinema-Plus-1.2c\Cinema-Plus-1.2c-bho64.dll No File
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.7.0.11\coIEPlg.dll [2015-06-26] (Symantec Corporation)
BHO: Updater By SweetPacks -> {7D4F1959-3F72-49d5-8E59-F02F8AA6815D} -> C:\Program Files\Updater By SweetPacks\Extension64.dll [2013-05-16] ()
BHO: Boost -> {8DE6FC60-E023-4AD7-A3B7-591E1460E7F7} -> C:\Program Files (x86)\Boost\64Boost.dll [2014-05-15] (Jigsaw)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2011-07-11] (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28] (Yahoo! Inc.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.)
BHO-x32: No Name -> {11111111-1111-1111-1111-110611171162} ->  No File
BHO-x32: Toolbar BHO -> {27488090-768a-4d20-a938-f223f71c344c} -> C:\Program Files (x86)\Zwinky_5q\bar\1.bin\5qbar.dll [2012-05-20] (MindSpark)
BHO-x32: Re-Markable -> {2F933C71-070C-F9FC-043D-37CA4A9A7B1F} -> C:\Program Files (x86)\ver7Re-Markable\176.dll No File
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\coIEPlg.dll [2015-06-26] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL [2015-03-04] (Symantec Corporation)
BHO-x32: TV Bar 2 Toolbar -> {75e0046f-2275-4bce-9afd-d8da19abdf0b} -> C:\Users\Speed\AppData\LocalLow\TV_Bar_2\prxtbTV_2.dll [2014-04-10] (ClientConnect Ltd.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-12-18] (Oracle Corporation)
BHO-x32: Updater By SweetPacks -> {7D4F1959-3F72-49d5-8E59-F02F8AA6815D} -> C:\Program Files\Updater By SweetPacks\Extension32.dll [2013-05-16] ()
BHO-x32: ALOT Appbar Helper -> {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} -> C:\Program Files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll [2012-06-21] (Vertro, Inc)
BHO-x32: Boost -> {8DE6FC60-E023-4AD7-A3B7-591E1460E7F7} -> C:\Program Files (x86)\Boost\Boost.dll [2014-05-15] (Jigsaw)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2011-07-11] (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Search Assistant BHO -> {bd3ea7c2-3af8-4463-9a9c-6eb8e136cb02} -> C:\Program Files (x86)\Zwinky_5q\bar\1.bin\5qSrcAs.dll [2012-05-20] (MindSpark)
BHO-x32: GamesBarBHO Class -> {CB0D163C-E9F4-4236-9496-0597E24B23A5} -> C:\Program Files (x86)\GamesBar\2.0.1.82\oberontb.dll [2011-03-03] (Oberon Media Ltd.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-12-18] (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2010-12-05] (<TOSHIBA>)
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28] (Yahoo! Inc)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2011-07-11] (Google Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.7.0.11\coIEPlg.dll [2015-06-26] (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2011-07-11] (Google Inc.)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28] (Yahoo! Inc.)
Toolbar: HKLM-x32 - Zwinky - {3033124f-06bf-4829-873a-310a125b4d4c} - C:\Program Files (x86)\Zwinky_5q\bar\1.bin\5qbar.dll [2012-05-20] (MindSpark)
Toolbar: HKLM-x32 - No Name - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} -  No File
Toolbar: HKLM-x32 - ALOT Appbar - {A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Program Files (x86)\alotappbar\bin\ALOTHelper.dll [2012-06-21] (Vertro, Inc)
Toolbar: HKLM-x32 - TV Bar 2 Toolbar - {75e0046f-2275-4bce-9afd-d8da19abdf0b} - C:\Users\Speed\AppData\LocalLow\TV_Bar_2\prxtbTV_2.dll [2014-04-10] (ClientConnect Ltd.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\coIEPlg.dll [2015-06-26] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-4019636695-2809996151-3074566073-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2011-07-11] (Google Inc.)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} 
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Winsock: Catalog9-x64 01 C:\windows\system32\MyOSProtect64.dll [350768 2014-09-04] (MyOSCompany)
Winsock: Catalog9-x64 02 C:\windows\system32\MyOSProtect64.dll [350768 2014-09-04] (MyOSCompany)
Winsock: Catalog9-x64 03 C:\windows\system32\MyOSProtect64.dll [350768 2014-09-04] (MyOSCompany)
Winsock: Catalog9-x64 04 C:\windows\system32\MyOSProtect64.dll [350768 2014-09-04] (MyOSCompany)
Winsock: Catalog9-x64 15 C:\windows\system32\MyOSProtect64.dll [350768 2014-09-04] (MyOSCompany)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{41CB1D3D-8989-4FA9-9EF1-73677B066C87}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{B089CA44-E052-40D8-9115-61B9C4444059}: [DhcpNameServer] 209.18.47.61 209.18.47.62
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF ProfilePath: C:\Users\Speed\AppData\Roaming\Mozilla\Firefox\Profiles\x9icd9rm.default
FF NewTab: hxxp://www.trovi.com/?gd=&ctid=CT3330390&octid=EB_ORIGINAL_CTID&ISID=M1AF58237-B777-48DF-936D-A94AF49E8127&SearchSource=69&CUI=&SSPV=SP21715VA_sp_ff&Lay=1&UM=6&UP=SP587B2229-74A0-4B54-A523-F32D97D8C639
FF SearchEngineOrder.1: Ask Search
FF SelectedSearchEngine: Astromenda
FF Homepage: hxxp://astromenda.com/?f=1&a=ast_app_14_43_ch&cd=2XzuyEtN2Y1L1Qzu0FtB0D0Fzy0AyDzztDyEtCyEyBtDyCzztN0D0Tzu0StCtDtByEtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StBtAtByByCtC0ByDtGyC0F0AyEtG0EzyyBzztGyBtCtBzztGtCtCtB0C0BtDyC0BzztA0AtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCtAtC0ByC0D0FtBtGtAzz0A0CtGyEzz0D0CtG0A0F0B0EtGyBtCyCtD0BtDyDzzzztA0AtD2Q&cr=579581511&ir=
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-20] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-20] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll [2013-02-18] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @exent.com/npExentCtl,version=7.0.0.0 -> C:\Program Files (x86)\Free Ride Games\npExentCtl.dll [2009-12-27] (Exent Technologies Ltd.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-04-02] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-04-02] (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-12-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-12-18] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll [2010-09-01] (Oberon-Media )
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [2014-08-09] (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [2014-08-09] (globalUpdate)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-29] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-11] ()
FF Plugin-x32: @Zwinky_5q.com/Plugin -> C:\Program Files (x86)\Zwinky_5q\bar\1.bin\NP5qStub.dll [2012-05-20] (MindSpark)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-09-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4019636695-2809996151-3074566073-1000: @nsroblox.roblox.com/launcher -> C:\Users\Speed\AppData\Local\Roblox\Versions\version-f4fa73127aa54242\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-4019636695-2809996151-3074566073-1000: @nsroblox.roblox.com/launcher64 -> C:\Users\Speed\AppData\Local\Roblox\Versions\version-f4fa73127aa54242\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-4019636695-2809996151-3074566073-1000: @sony.com/Some -> C:\Program Files (x86)\Sony\Bloggie Software\npsome.dll [2011-06-09] (Sony)
FF Plugin HKU\S-1-5-21-4019636695-2809996151-3074566073-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Speed\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-12-05] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-4019636695-2809996151-3074566073-1000: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\Speed\AppData\Roaming\CATALI~2\NPBCSK~1.DLL [2013-06-07] (Catalina Marketing Corporation)
FF user.js: detected! => C:\Users\Speed\AppData\Roaming\Mozilla\Firefox\Profiles\x9icd9rm.default\user.js [2014-10-21]
FF SearchPlugin: C:\Users\Speed\AppData\Roaming\Mozilla\Firefox\Profiles\x9icd9rm.default\searchplugins\ask-search.xml [2014-01-29]
FF SearchPlugin: C:\Users\Speed\AppData\Roaming\Mozilla\Firefox\Profiles\x9icd9rm.default\searchplugins\Astromenda.xml [2014-12-12]
FF SearchPlugin: C:\Users\Speed\AppData\Roaming\Mozilla\Firefox\Profiles\x9icd9rm.default\searchplugins\trovi-search.xml [2014-10-13]
FF SearchPlugin: C:\Users\Speed\AppData\Roaming\Mozilla\Firefox\Profiles\x9icd9rm.default\searchplugins\Web Search.xml [2014-08-09]
FF Extension: Plus-HD-V1.9c - C:\Users\Speed\AppData\Roaming\Mozilla\Firefox\Profiles\x9icd9rm.default\Extensions\0b105cbff1eb40b89bca7dae371d@7ead239035fb4613ab38ef.com [2015-06-03]
FF Extension: sipgateffxmichaelrotmanov - C:\Users\Speed\AppData\Roaming\Mozilla\Firefox\Profiles\x9icd9rm.default\Extensions\sipgateffx@michael.rotmanov [2014-08-18]
FF Extension: Astromenda NT - C:\Users\Speed\AppData\Roaming\Mozilla\Firefox\Profiles\x9icd9rm.default\Extensions\{424b0d11-e7fe-4a04-b7df-8f2c77f58aaf} [2014-09-15]
FF Extension: Astrmenda Search - C:\Users\Speed\AppData\Roaming\Mozilla\Firefox\Profiles\x9icd9rm.default\Extensions\{8dc5c42e-9204-2a64-8b97-fa94ff8a241f} [2014-10-21]
FF Extension: Boost - C:\Users\Speed\AppData\Roaming\Mozilla\Firefox\Profiles\x9icd9rm.default\Extensions\boost@boost.net.xpi [2014-05-15]
FF Extension: Framed Display - C:\Users\Speed\AppData\Roaming\Mozilla\Firefox\Profiles\x9icd9rm.default\Extensions\{7012eec1-4f37-42d4-a2cd-26727494d248}.xpi [2014-10-20]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-10-17]
FF HKLM\...\Firefox\Extensions: [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] - C:\Program Files\Updater By SweetPacks\Firefox
FF Extension: Updater By SweetPacks - C:\Program Files\Updater By SweetPacks\Firefox [2013-07-02]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-11-27]
FF HKLM-x32\...\Firefox\Extensions: [5qffxtbr@Zwinky_5q.com] - C:\Program Files (x86)\Zwinky_5q\bar\1.bin
FF Extension: No Name - C:\Program Files (x86)\Zwinky_5q\bar\1.bin [2012-05-20]
FF HKLM-x32\...\Firefox\Extensions: [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] - C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.5.0.19\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.5.0.19\coFFPlgn [2015-08-21]
FF HKU\S-1-5-21-4019636695-2809996151-3074566073-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-4019636695-2809996151-3074566073-1000\...\Firefox\Extensions: [{3E5C8284-F12E-5CA8-47C1-0926B2C48BAB}] - C:\Program Files (x86)\ver7Re-Markable\176.xpi
FF Extension: No Name - C:\Program Files (x86)\ver7Re-Markable\176.xpi [2014-08-09]
FF HKU\S-1-5-21-4019636695-2809996151-3074566073-1000\...\Firefox\Extensions: [{442718d9-475e-452a-b3e1-fb1ee16b8e9f}] - C:\Users\Speed\AppData\Roaming\Dashlane\3.5.0.89717\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}
FF Extension: Dashlane - C:\Users\Speed\AppData\Roaming\Dashlane\3.5.0.89717\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f} [2015-08-02]
StartMenuInternet: FIREFOX.EXE - firefox.exe
 
Chrome: 
=======
CHR Profile: C:\Users\Speed\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Speed\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-15]
CHR Extension: (Google Drive) - C:\Users\Speed\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-15]
CHR Extension: (YouTube) - C:\Users\Speed\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-03-03]
CHR Extension: (Google Search) - C:\Users\Speed\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-03-03]
CHR Extension: (MSN Homepage & Bing Search Engine) - C:\Users\Speed\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2015-07-27]
CHR Extension: (Zwinky) - C:\Users\Speed\AppData\Local\Google\Chrome\User Data\Default\Extensions\fidlffpkjchmiflngkkakcmbjmehkdbg [2015-03-31]
CHR Extension: (Boost) - C:\Users\Speed\AppData\Local\Google\Chrome\User Data\Default\Extensions\igckfjdcbkimejmjmpmebffdjjjgncfn [2014-08-05]
CHR Extension: (Norton Identity Safe) - C:\Users\Speed\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-11-04]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Speed\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-18]
CHR Extension: (Skype Click to Call) - C:\Users\Speed\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-08-06]
CHR Extension: (Cinema-Plus-1.2c) - C:\Users\Speed\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnanplinmmnjhobaliikmelmmjpoogkb [2014-08-10]
CHR Extension: (App Bud) - C:\Users\Speed\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkgehohdeddilafacnmjbjlnkomcneoi [2014-09-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Speed\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-15]
CHR Extension: (Astromenda New Tab) - C:\Users\Speed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae [2014-10-21]
CHR Extension: (Gmail) - C:\Users\Speed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-03-03]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\Exts\Chrome.crx [2015-03-20]
CHR HKLM\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-4019636695-2809996151-3074566073-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-4019636695-2809996151-3074566073-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\Exts\Chrome.crx [2015-03-20]
CHR HKLM-x32\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - https://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-08-09] (globalUpdate) [File not signed] <==== ATTENTION
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-08-09] (globalUpdate) [File not signed] <==== ATTENTION
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\NIS.exe [276336 2015-03-07] (Symantec Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe [123320 2011-02-03] (Symantec Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe [126392 2011-02-03] (Symantec Corporation)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S2 ProtectMonitor; C:\monitorsvc.exe [34244 2014-09-02] () [File not signed] <==== ATTENTION
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025920 2014-11-04] (Enigma Software Group USA, LLC.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 Zwinky_5qService; C:\Program Files (x86)\Zwinky_5q\bar\1.bin\5qbarsvc.exe [42528 2012-05-20] (COMPANYVERS_NAME)
R2 AlotService; C:\Users\Emilie.Speed-PC\AppData\LocalLow\alotservice\alotservice.exe [X]
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [X] <==== ATTENTION
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.5.0.19\Definitions\BASHDefs\20150821.001\BHDrvx64.sys [1650936 2015-07-23] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1507000.00B\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-08-02] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153936 2015-08-02] (Symantec Corporation)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2014-11-04] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2014-11-04] ()
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.5.0.19\Definitions\IPSDefs\20150828.001\IDSvia64.sys [767224 2015-08-29] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.5.0.19\Definitions\VirusDefs\20150829.002\ENG64.SYS [138488 2015-08-29] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.5.0.19\Definitions\VirusDefs\20150829.002\EX64.SYS [2146040 2015-08-29] (Symantec Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1507000.00B\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1507000.00B\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1507000.00B\SYMDS64.SYS [493656 2014-07-23] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1507000.00B\SYMEFA64.SYS [1148120 2014-07-23] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-10-13] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [78936 2014-07-23] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1507000.00B\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1507000.00B\SYMNETS.SYS [593112 2014-07-23] (Symantec Corporation)
S3 Tosrfcom; no ImagePath
R2 webinstr; C:\windows\system32\Drivers\webinstr.sys [57528 2014-07-16] (Corsica)
R2 X5XSEx; C:\Program Files (x86)\Free Ride Games\X5XSEx.Sys [55400 2010-11-22] (Exent Technologies Ltd.)
S3 EraserUtilDrv11313; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11313.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-29 20:54 - 2015-08-29 20:56 - 00042124 _____ C:\Users\Speed\Downloads\FRST.txt
2015-08-29 20:53 - 2015-08-29 20:53 - 00000000 ____D C:\Users\Speed\Downloads\FRST-OlderVersion
2015-08-29 19:25 - 2015-08-29 19:25 - 01618432 _____ C:\Users\Speed\Downloads\AdwCleaner.exe
2015-08-29 19:22 - 2015-08-29 19:23 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Speed\Downloads\mbam-setup-2.1.8.1057 (1).exe
2015-08-29 19:21 - 2015-08-29 19:21 - 06667640 _____ (Piriform Ltd) C:\Users\Speed\Downloads\ccsetup509.exe
2015-08-25 11:45 - 2015-08-25 11:46 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Speed\Downloads\mbam-setup-2.1.8.1057.exe
2015-08-21 08:46 - 2015-08-10 21:20 - 25191936 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-08-21 08:46 - 2015-08-10 21:14 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-08-21 08:46 - 2015-08-10 20:33 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-08-21 08:46 - 2015-08-10 20:20 - 19871232 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-08-13 13:24 - 2015-07-30 09:13 - 00124624 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-13 13:24 - 2015-07-30 09:13 - 00103120 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 10:45 - 2015-07-28 16:09 - 00017344 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2015-08-12 10:45 - 2015-07-28 16:05 - 01116672 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-08-12 10:45 - 2015-07-28 16:05 - 00774656 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-08-12 10:45 - 2015-07-28 16:05 - 00743424 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-08-12 10:45 - 2015-07-28 16:05 - 00437760 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-08-12 10:45 - 2015-07-28 16:05 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-08-12 10:45 - 2015-07-28 16:05 - 00069120 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-08-12 10:45 - 2015-07-28 15:55 - 01148416 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-08-12 10:45 - 2015-07-16 15:12 - 06131200 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2015-08-12 10:45 - 2015-07-16 15:12 - 00856064 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdvidcrl.dll
2015-08-12 10:45 - 2015-07-16 15:12 - 00053248 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2015-08-12 10:45 - 2015-07-16 15:11 - 07077376 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2015-08-12 10:45 - 2015-07-16 15:11 - 01057792 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll
2015-08-12 10:45 - 2015-07-16 15:11 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2015-08-12 10:45 - 2015-07-15 14:15 - 05568960 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-08-12 10:45 - 2015-07-15 14:15 - 00155584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-08-12 10:45 - 2015-07-15 14:15 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-08-12 10:45 - 2015-07-15 14:15 - 00094656 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys
2015-08-12 10:45 - 2015-07-15 14:12 - 01730496 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-08-12 10:45 - 2015-07-15 14:11 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2015-08-12 10:45 - 2015-07-15 14:11 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2015-08-12 10:45 - 2015-07-15 14:11 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2015-08-12 10:45 - 2015-07-15 14:11 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-08-12 10:45 - 2015-07-15 14:11 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2015-08-12 10:45 - 2015-07-15 14:10 - 01743360 _____ (Microsoft Corporation) C:\windows\system32\sysmain.dll
2015-08-12 10:45 - 2015-07-15 14:10 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-08-12 10:45 - 2015-07-15 14:10 - 01216512 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2015-08-12 10:45 - 2015-07-15 14:10 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2015-08-12 10:45 - 2015-07-15 14:10 - 00729088 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-08-12 10:45 - 2015-07-15 14:10 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-08-12 10:45 - 2015-07-15 14:10 - 00424960 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2015-08-12 10:45 - 2015-07-15 14:10 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-08-12 10:45 - 2015-07-15 14:10 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-08-12 10:45 - 2015-07-15 14:10 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-08-12 10:45 - 2015-07-15 14:10 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-08-12 10:45 - 2015-07-15 14:10 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-08-12 10:45 - 2015-07-15 14:10 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-08-12 10:45 - 2015-07-15 14:10 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-08-12 10:45 - 2015-07-15 14:10 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-08-12 10:45 - 2015-07-15 14:10 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2015-08-12 10:45 - 2015-07-15 14:10 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-08-12 10:45 - 2015-07-15 14:10 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-08-12 10:45 - 2015-07-15 14:10 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-08-12 10:45 - 2015-07-15 14:10 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-08-12 10:45 - 2015-07-15 14:10 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-08-12 10:45 - 2015-07-15 14:10 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2015-08-12 10:45 - 2015-07-15 14:10 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\msmmsp.dll
2015-08-12 10:45 - 2015-07-15 14:09 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2015-08-12 10:45 - 2015-07-15 14:09 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-08-12 10:45 - 2015-07-15 14:05 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-08-12 10:45 - 2015-07-15 14:05 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-08-12 10:45 - 2015-07-15 14:00 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-08-12 10:45 - 2015-07-15 14:00 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-08-12 10:45 - 2015-07-15 14:00 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 14:00 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 14:00 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 14:00 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 14:00 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 14:00 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 14:00 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 14:00 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 13:59 - 03989952 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-08-12 10:45 - 2015-07-15 13:59 - 03934656 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-08-12 10:45 - 2015-07-15 13:56 - 01311768 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-08-12 10:45 - 2015-07-15 13:55 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-08-12 10:45 - 2015-07-15 13:55 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-08-12 10:45 - 2015-07-15 13:55 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-08-12 10:45 - 2015-07-15 13:55 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-08-12 10:45 - 2015-07-15 13:55 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-08-12 10:45 - 2015-07-15 13:54 - 00552960 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-08-12 10:45 - 2015-07-15 13:54 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-08-12 10:45 - 2015-07-15 13:54 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-08-12 10:45 - 2015-07-15 13:54 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2015-08-12 10:45 - 2015-07-15 13:54 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2015-08-12 10:45 - 2015-07-15 13:54 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-08-12 10:45 - 2015-07-15 13:54 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2015-08-12 10:45 - 2015-07-15 13:53 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2015-08-12 10:45 - 2015-07-15 13:53 - 00665088 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2015-08-12 10:45 - 2015-07-15 13:53 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2015-08-12 10:45 - 2015-07-15 13:53 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-08-12 10:45 - 2015-07-15 13:53 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-08-12 10:45 - 2015-07-15 13:53 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2015-08-12 10:45 - 2015-07-15 13:49 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-08-12 10:45 - 2015-07-15 13:48 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-08-12 10:45 - 2015-07-15 13:44 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-08-12 10:45 - 2015-07-15 13:44 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2015-08-12 10:45 - 2015-07-15 13:44 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 13:44 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 12:46 - 00290816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2015-08-12 10:45 - 2015-07-15 12:46 - 00159232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2015-08-12 10:45 - 2015-07-15 12:46 - 00129024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2015-08-12 10:45 - 2015-07-15 12:37 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2015-08-12 10:45 - 2015-07-15 12:37 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2015-08-12 10:45 - 2015-07-15 12:34 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 12:34 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 12:34 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 12:34 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-08-12 10:45 - 2015-07-11 09:15 - 00429568 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe
2015-08-12 10:44 - 2015-07-14 23:19 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\basesrv.dll
2015-08-12 10:43 - 2015-07-20 20:39 - 00389840 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-08-12 10:43 - 2015-07-20 20:12 - 00342736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-08-12 10:43 - 2015-07-16 16:54 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-08-12 10:43 - 2015-07-16 16:37 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-08-12 10:43 - 2015-07-16 16:36 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-08-12 10:43 - 2015-07-16 16:36 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-08-12 10:43 - 2015-07-16 16:36 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-08-12 10:43 - 2015-07-16 16:35 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-08-12 10:43 - 2015-07-16 16:35 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-08-12 10:43 - 2015-07-16 16:27 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-08-12 10:43 - 2015-07-16 16:26 - 05923328 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-08-12 10:43 - 2015-07-16 16:26 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-08-12 10:43 - 2015-07-16 16:23 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-08-12 10:43 - 2015-07-16 16:21 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-08-12 10:43 - 2015-07-16 16:21 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-08-12 10:43 - 2015-07-16 16:21 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-08-12 10:43 - 2015-07-16 16:21 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-08-12 10:43 - 2015-07-16 16:12 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-08-12 10:43 - 2015-07-16 16:08 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-08-12 10:43 - 2015-07-16 16:00 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-08-12 10:43 - 2015-07-16 15:55 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-08-12 10:43 - 2015-07-16 15:54 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-08-12 10:43 - 2015-07-16 15:51 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-08-12 10:43 - 2015-07-16 15:51 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-08-12 10:43 - 2015-07-16 15:51 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-08-12 10:43 - 2015-07-16 15:50 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-08-12 10:43 - 2015-07-16 15:50 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-08-12 10:43 - 2015-07-16 15:49 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-08-12 10:43 - 2015-07-16 15:45 - 02279424 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-08-12 10:43 - 2015-07-16 15:43 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-08-12 10:43 - 2015-07-16 15:43 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-08-12 10:43 - 2015-07-16 15:41 - 00479232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-08-12 10:43 - 2015-07-16 15:39 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-08-12 10:43 - 2015-07-16 15:39 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-08-12 10:43 - 2015-07-16 15:38 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-08-12 10:43 - 2015-07-16 15:36 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-08-12 10:43 - 2015-07-16 15:35 - 00720384 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-08-12 10:43 - 2015-07-16 15:34 - 14451200 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-08-12 10:43 - 2015-07-16 15:33 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-08-12 10:43 - 2015-07-16 15:32 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-08-12 10:43 - 2015-07-16 15:29 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-08-12 10:43 - 2015-07-16 15:24 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-08-12 10:43 - 2015-07-16 15:20 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-08-12 10:43 - 2015-07-16 15:19 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-08-12 10:43 - 2015-07-16 15:17 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-08-12 10:43 - 2015-07-16 15:12 - 04520448 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-08-12 10:43 - 2015-07-16 15:12 - 02427904 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-08-12 10:43 - 2015-07-16 15:10 - 12856832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-08-12 10:43 - 2015-07-16 15:06 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-08-12 10:43 - 2015-07-16 15:06 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-08-12 10:43 - 2015-07-16 15:05 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-08-12 10:43 - 2015-07-16 15:01 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-08-12 10:43 - 2015-07-16 14:49 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-08-12 10:43 - 2015-07-16 14:42 - 01951232 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-08-12 10:43 - 2015-07-16 14:38 - 01310720 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-08-12 10:43 - 2015-07-16 14:37 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-08-12 10:42 - 2015-07-30 14:06 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2015-08-12 10:42 - 2015-07-30 14:06 - 01648128 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2015-08-12 10:42 - 2015-07-30 14:06 - 01180160 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2015-08-12 10:42 - 2015-07-30 14:06 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2015-08-12 10:42 - 2015-07-30 14:06 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2015-08-12 10:42 - 2015-07-30 14:06 - 00041984 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2015-08-12 10:42 - 2015-07-30 14:06 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2015-08-12 10:42 - 2015-07-30 13:57 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2015-08-12 10:42 - 2015-07-30 13:57 - 01251328 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2015-08-12 10:42 - 2015-07-30 13:57 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2015-08-12 10:42 - 2015-07-30 13:57 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2015-08-12 10:42 - 2015-07-30 13:57 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2015-08-12 10:42 - 2015-07-30 13:55 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2015-08-12 10:42 - 2015-07-30 12:56 - 03208192 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-08-12 10:42 - 2015-07-30 12:52 - 00372736 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2015-08-12 10:42 - 2015-07-30 12:49 - 00299520 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2015-08-12 10:42 - 2015-07-14 23:19 - 02004992 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll
2015-08-12 10:42 - 2015-07-14 23:19 - 01887232 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2015-08-12 10:42 - 2015-07-14 23:14 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml6r.dll
2015-08-12 10:42 - 2015-07-14 23:13 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2015-08-12 10:42 - 2015-07-14 22:55 - 01390592 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll
2015-08-12 10:42 - 2015-07-14 22:55 - 01241088 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2015-08-12 10:42 - 2015-07-14 22:51 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6r.dll
2015-08-12 10:42 - 2015-07-14 22:51 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2015-08-12 10:42 - 2015-07-09 13:57 - 00193536 _____ (Microsoft Corporation) C:\windows\system32\notepad.exe
2015-08-12 10:42 - 2015-07-09 13:57 - 00193536 _____ (Microsoft Corporation) C:\windows\notepad.exe
2015-08-12 10:42 - 2015-07-09 13:42 - 00179712 _____ (Microsoft Corporation) C:\windows\SysWOW64\notepad.exe
2015-08-12 10:42 - 2015-07-01 16:49 - 00260096 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll
2015-08-12 10:42 - 2015-07-01 16:48 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll
2015-08-12 10:42 - 2015-07-01 16:30 - 00206848 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll
2015-08-12 10:42 - 2015-07-01 16:30 - 00082432 _____ (Microsoft Corporation) C:\windows\SysWOW64\davclnt.dll
2015-08-12 10:41 - 2015-07-20 14:12 - 03154944 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-08-12 10:41 - 2015-07-20 14:12 - 02606080 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-08-12 10:41 - 2015-07-20 14:12 - 00696320 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-08-12 10:41 - 2015-07-20 14:12 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-08-12 10:41 - 2015-07-20 14:12 - 00139776 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-08-12 10:41 - 2015-07-20 14:12 - 00098304 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-08-12 10:41 - 2015-07-20 14:12 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2015-08-12 10:41 - 2015-07-20 14:12 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2015-08-12 10:41 - 2015-07-20 14:12 - 00037376 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-08-12 10:41 - 2015-07-20 14:12 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2015-08-12 10:41 - 2015-07-20 14:12 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2015-08-12 10:41 - 2015-07-20 13:56 - 00566784 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-08-12 10:41 - 2015-07-20 13:56 - 00173056 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-08-12 10:41 - 2015-07-20 13:56 - 00093184 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-08-12 10:41 - 2015-07-20 13:56 - 00034816 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-08-12 10:41 - 2015-07-20 13:56 - 00030208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2015-08-12 10:41 - 2015-07-10 13:51 - 14177280 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2015-08-12 10:41 - 2015-07-10 13:34 - 12875776 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2015-08-12 10:41 - 2015-05-09 14:26 - 00493504 _____ (Microsoft Corporation) C:\windows\system32\mcupdate_GenuineIntel.dll
2015-08-12 10:38 - 2015-08-12 10:39 - 00815748 _____ C:\Users\Speed\Downloads\Skype.zip
2015-08-05 23:10 - 2015-08-05 23:10 - 01564992 _____ (LogMeIn, Inc.) C:\Users\Speed\Downloads\Support-LogMeInRescue(3).exe
2015-08-05 23:09 - 2015-08-05 23:10 - 01564992 _____ (LogMeIn, Inc.) C:\Users\Speed\Downloads\Support-LogMeInRescue(2).exe
2015-08-05 23:08 - 2015-08-05 23:10 - 01564992 _____ (LogMeIn, Inc.) C:\Users\Speed\Downloads\Support-LogMeInRescue(1).exe
2015-08-05 23:07 - 2015-08-05 23:10 - 01564992 _____ (LogMeIn, Inc.) C:\Users\Speed\Downloads\Support-LogMeInRescue.exe
2015-08-02 19:51 - 2015-08-02 19:51 - 00000000 ____D C:\d93fd4ae71fef6e7116e
2015-08-02 19:19 - 2015-06-01 20:07 - 00254976 _____ (Microsoft Corporation) C:\windows\system32\cewmdm.dll
2015-08-02 19:19 - 2015-06-01 19:47 - 00210432 _____ (Microsoft Corporation) C:\windows\SysWOW64\cewmdm.dll
2015-08-02 19:18 - 2015-06-17 13:47 - 00404992 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2015-08-02 19:18 - 2015-06-17 13:37 - 00312320 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2015-08-02 19:18 - 2015-06-09 14:03 - 03180544 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2015-08-02 19:18 - 2015-06-09 14:03 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\RdpGroupPolicyExtension.dll
2015-08-02 19:17 - 2015-07-04 14:07 - 02087424 _____ (Microsoft Corporation) C:\windows\system32\ole32.dll
2015-08-02 19:17 - 2015-07-04 13:48 - 01414656 _____ (Microsoft Corporation) C:\windows\SysWOW64\ole32.dll
2015-08-02 19:17 - 2015-06-15 17:50 - 00112064 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2015-08-02 19:17 - 2015-06-15 17:45 - 03242496 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2015-08-02 19:17 - 2015-06-15 17:45 - 01941504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2015-08-02 19:17 - 2015-06-15 17:45 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2015-08-02 19:17 - 2015-06-15 17:45 - 00070656 _____ (Microsoft Corporation) C:\windows\system32\appinfo.dll
2015-08-02 19:17 - 2015-06-15 17:44 - 00128000 _____ (Microsoft Corporation) C:\windows\system32\msiexec.exe
2015-08-02 19:17 - 2015-06-15 17:43 - 02364416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2015-08-02 19:17 - 2015-06-15 17:43 - 01805824 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2015-08-02 19:17 - 2015-06-15 17:43 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
2015-08-02 19:17 - 2015-06-15 17:42 - 00073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\msiexec.exe
2015-08-02 19:17 - 2015-06-15 17:42 - 00025088 _____ (Microsoft Corporation) C:\windows\system32\msimsg.dll
2015-08-02 19:17 - 2015-06-15 17:37 - 00025088 _____ (Microsoft Corporation) C:\windows\SysWOW64\msimsg.dll
2015-08-02 19:17 - 2015-04-27 15:23 - 01480192 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2015-08-02 19:17 - 2015-04-27 15:23 - 00229376 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2015-08-02 19:17 - 2015-04-27 15:23 - 00188416 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2015-08-02 19:17 - 2015-04-27 15:23 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2015-08-02 19:17 - 2015-04-27 15:05 - 00179200 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2015-08-02 19:17 - 2015-04-27 15:04 - 01174528 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2015-08-02 19:17 - 2015-04-27 15:04 - 00143872 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2015-08-02 19:17 - 2015-04-27 15:04 - 00103936 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptnet.dll
2015-08-02 19:11 - 2015-08-02 19:22 - 00001718 _____ C:\Users\Speed\Desktop\Dashlane.lnk
2015-08-02 19:08 - 2015-08-29 18:40 - 00000000 ____D C:\Users\Speed\AppData\Roaming\Dashlane
2015-08-02 19:08 - 2015-08-02 19:22 - 00000000 ____D C:\Users\Speed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dashlane
2015-08-02 19:08 - 2015-08-02 19:08 - 00000000 ____D C:\Users\Speed\AppData\Local\Packages
2015-08-02 18:36 - 2015-08-02 18:36 - 00000000 ____D C:\Program Files\Common Files\AV
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-29 20:57 - 2015-07-27 20:50 - 00000000 ____D C:\FRST
2015-08-29 20:57 - 2012-07-26 10:40 - 364228778 _____ C:\alotserviceruntime.log
2015-08-29 20:55 - 2009-07-14 00:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-29 20:55 - 2009-07-14 00:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-29 20:54 - 2012-05-15 09:58 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-08-29 20:53 - 2015-07-27 20:50 - 02186752 _____ (Farbar) C:\Users\Speed\Downloads\FRST64.exe
2015-08-29 20:36 - 2011-11-16 12:06 - 00000000 ____D C:\Users\Speed\AppData\Roaming\HpUpdate
2015-08-29 20:33 - 2011-07-11 09:18 - 01925627 _____ C:\windows\WindowsUpdate.log
2015-08-29 20:32 - 2014-09-04 22:57 - 00000292 _____ C:\windows\Tasks\WSE_Astromenda.job
2015-08-29 20:32 - 2009-07-14 00:51 - 00085648 _____ C:\windows\setupact.log
2015-08-29 18:40 - 2014-08-05 17:10 - 00000000 ____D C:\Program Files (x86)\Boost
2015-08-29 18:38 - 2014-06-15 22:42 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-29 18:32 - 2014-06-15 22:42 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-29 18:31 - 2011-07-11 10:01 - 00000000 ____D C:\ProgramData\Norton
2015-08-29 18:22 - 2014-08-10 11:19 - 00000938 _____ C:\windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2015-08-29 01:30 - 2014-08-09 23:21 - 00000934 _____ C:\windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-08-25 19:43 - 2009-07-14 01:13 - 00801730 _____ C:\windows\system32\PerfStringBackup.INI
2015-08-25 11:30 - 2014-08-05 17:09 - 00000000 ____D C:\Users\Speed\AppData\Local\SevereWeatherAlerts
2015-08-22 21:14 - 2011-11-13 10:28 - 00000000 ____D C:\Users\Speed\AppData\Local\CrashDumps
2015-08-22 17:42 - 2014-06-15 22:43 - 00002252 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-22 17:25 - 2014-08-09 17:14 - 00000000 ____D C:\Users\Speed\AppData\Roaming\Smart Driver Updater
2015-08-21 11:47 - 2012-05-21 16:28 - 00000416 _____ C:\windows\Tasks\PC Optimizer Pro64 startups.job
2015-08-21 11:47 - 2009-07-14 01:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-08-21 10:18 - 2010-11-20 23:47 - 01826640 _____ C:\windows\PFRO.log
2015-08-20 18:54 - 2012-05-15 09:58 - 00778440 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-08-20 18:54 - 2012-01-13 14:49 - 00142536 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-14 19:26 - 2009-07-13 23:20 - 00000000 ____D C:\windows\rescache
2015-08-13 15:07 - 2009-07-14 00:45 - 00409576 _____ C:\windows\system32\FNTCACHE.DAT
2015-08-13 15:06 - 2013-03-17 17:30 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-13 15:06 - 2013-03-17 17:30 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-13 13:48 - 2014-12-10 15:50 - 00000000 ____D C:\windows\system32\appraiser
2015-08-13 13:48 - 2014-06-17 14:56 - 00000000 ___SD C:\windows\system32\CompatTel
2015-08-13 13:24 - 2013-03-17 17:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-13 13:07 - 2012-06-18 19:53 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-13 12:52 - 2009-07-13 22:34 - 00000513 _____ C:\windows\win.ini
2015-08-13 12:16 - 2013-08-15 03:01 - 00000000 ____D C:\windows\system32\MRT
2015-08-13 11:57 - 2011-11-28 12:08 - 132483416 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-08-05 22:52 - 2015-02-17 10:55 - 00000000 ____D C:\Users\Speed\AppData\Local\Mozilla Firefox
2015-08-05 22:50 - 2009-07-13 23:20 - 00000000 ____D C:\windows\system32\NDF
2015-08-02 21:07 - 2015-04-21 17:11 - 00000000 ___SD C:\windows\SysWOW64\GWX
2015-08-02 21:07 - 2015-04-21 17:11 - 00000000 ___SD C:\windows\system32\GWX
2015-08-02 21:07 - 2009-07-13 23:20 - 00000000 ____D C:\windows\PolicyDefinitions
2015-08-02 20:19 - 2013-07-02 13:13 - 00000000 ____D C:\Program Files\Updater By SweetPacks
2015-08-02 18:35 - 2014-08-05 18:12 - 00000000 ____D C:\Users\Public\Downloads\Norton
 
==================== Files in the root of some directories =======
 
2014-09-04 23:04 - 2014-09-04 23:04 - 0000318 _____ () C:\Users\Speed\AppData\Roaming\aps.uninstall.scan.results
2014-09-04 23:57 - 2015-03-08 13:09 - 0000164 _____ () C:\Users\Speed\AppData\Roaming\WB.CFG
2014-09-16 19:18 - 2014-09-17 22:06 - 1077248 _____ () C:\Users\Speed\AppData\Local\ChromeHitoryDB
2014-12-12 17:00 - 2014-12-18 21:00 - 0000010 _____ () C:\Users\Speed\AppData\Local\DSI.DAT
2014-12-12 17:00 - 2014-12-12 17:00 - 0022528 _____ () C:\Users\Speed\AppData\Local\dsisetup118977592.exe
2014-12-18 21:00 - 2014-12-18 21:00 - 0022528 _____ () C:\Users\Speed\AppData\Local\dsisetup4929319122.exe
2011-11-27 15:14 - 2014-03-15 16:45 - 0001668 _____ () C:\ProgramData\hpzinstall.log
2013-06-24 22:41 - 2013-06-24 22:41 - 4325376 _____ () C:\ProgramData\ReadOnlyInstaller.msi
2013-07-02 13:11 - 2013-07-02 13:11 - 0033958 _____ () C:\ProgramData\uninstaller.exe
 
Files to move or delete:
====================
C:\ProgramData\uninstaller.exe
 
 
Some files in TEMP:
====================
C:\Users\Speed\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite10860.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite12001.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite15292.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite15972.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite17668.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite18989.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite20316.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite26127.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite26931.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite28508.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite31190.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite32298.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite34029.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite36275.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite39760.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite43041.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite43240.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite44438.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite46048.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite46245.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite46962.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite47018.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite47556.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite48779.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite52925.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite57538.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite57683.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite58463.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite64446.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite66362.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite70142.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite75524.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite75721.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite80577.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite81984.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite89ad64e3-3c5c-4e6c-ba31-be71df4e8240.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite91338.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite91480.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite91777.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite97946.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite99219.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite99276.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
ATTENTION: ==> Could not access BCD. The user is not administrator
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:29-08-2015
Ran by Speed (2015-08-29 20:57:49)
Running from C:\Users\Speed\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4019636695-2809996151-3074566073-500 - Administrator - Disabled)
Guest (S-1-5-21-4019636695-2809996151-3074566073-501 - Limited - Disabled)
Speed (S-1-5-21-4019636695-2809996151-3074566073-1000 - Limited - Enabled) => C:\Users\Speed
temporarory (S-1-5-21-4019636695-2809996151-3074566073-1004 - Administrator - Enabled) => C:\Users\temporarory
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton Internet Security (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Internet Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader X (10.1.8) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.8 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.0.112 - Adobe Systems, Inc.)
allday savings (HKLM\...\B021CBBD-E38E-4F8C-8E93-6624B0597A23) (Version: 2.0.1 - allday savings)
ALOT Appbar (HKLM-x32\...\alotAppbar) (Version:  - ALOT) <==== ATTENTION
Amazon Links (HKLM-x32\...\{3135D885-9D9A-4B4D-8D45-9DB05DA115CA}) (Version: 2.02 - TOSHIBA Corporation)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Bluetooth Filter Driver Package (HKLM\...\{65486209-5C54-439C-8383-8AC9BBE25932}) (Version: 1.00.007 - Atheros Communications)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bloggie Software (HKLM-x32\...\BloggieSoftware) (Version: 3.3.1.73 - Sony)
Bloggie Software (x32 Version: 3.3.1.73 - Sony Corporation) Hidden
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v8.00.04(T) - TOSHIBA CORPORATION)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Boost for Internet Explorer (HKLM-x32\...\Boost) (Version: 3.0.0.10 - Verti Technology Group, Inc.)
Browser Features version 2.22 (HKLM-x32\...\{27699FD3-AB4E-46BE-8DD2-7B2D5839BDF1}}_is1) (Version: 2.22 - Browser Features)
BrowserSafeguard with RocketTab (HKU\S-1-5-21-4019636695-2809996151-3074566073-1000\...\RocketTab) (Version:  - BrowserSafeguard with RocketTab) <==== ATTENTION
BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
C310 (x32 Version: 140.0.304.000 - Hewlett-Packard) Hidden
Catalina Savings Printer (HKLM-x32\...\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}) (Version: 1.0.0 - Catalina Marketing Corp) <==== ATTENTION
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cinema-Plus-1.2c (HKLM-x32\...\Cinema-Plus-1.2c) (Version: 1.34.7.29 - Cinema Plus) <==== ATTENTION
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.51.1.0 - Conexant)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dashlane (HKU\S-1-5-21-4019636695-2809996151-3074566073-1000\...\Dashlane) (Version: 3.5.0.89717 - Dashlane SAS)
Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Escape from Frankenstein's Castle (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.0.5.618 - Foxit Corporation)
Free Ride Games Player (HKLM-x32\...\{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}) (Version:  - Exent Technologies Ltd) <==== ATTENTION
FreeSoftToday 025.199 (HKLM-x32\...\fst_us_199_is1) (Version:  - FREESOFTTODAY) <==== ATTENTION
GamesBar 2.0.1.82 (HKLM-x32\...\GamesBar) (Version: 2.0.1.82 - Oberon Media, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.157 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version:  - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.13 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Deskjet 2050 J510 series Basic Device Software (HKLM\...\{D7716C7E-75F1-4C51-A2D5-C6A1E8311D53}) (Version: 20.0.771.0 - Hewlett-Packard Co.)
HP Deskjet 2050 J510 series Help (HKLM-x32\...\{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}) (Version: 140.0.55.55 - Hewlett Packard)
HP Deskjet 2050 J510 series Product Improvement Study (HKLM\...\{88FD4472-F950-4083-A6FA-A829AC785B04}) (Version: 20.0.771.0 - Hewlett-Packard Co.)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart Prem C310 All-In-One Driver Software 14.0 Rel. 7 (HKLM\...\{4E484899-4F93-4086-88BA-56BDDF47A776}) (Version: 14.0 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPAppStudio (x32 Version: 140.0.95.000 - Hewlett-Packard) Hidden
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
InstallIQ Updater (HKLM-x32\...\{8E1CB0F1-67BF-4052-AA23-FA22E94804C1}) (Version: 1.4.3.0 - W3i, LLC)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2353 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java™ 6 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
JavaFX 2.0.3 (HKLM-x32\...\{1111706F-666A-4037-7777-203328764D10}) (Version: 2.0.3 - Oracle Corporation)
Jewel Quest: The Sleepless Star - Collector's Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Label@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
LibreOffice 3.4 (HKLM-x32\...\LibreOffice) (Version: 3.4 - The Document Foundation)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4019636695-2809996151-3074566073-1000\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 35.0.1 (x86 en-US) (HKU\S-1-5-21-4019636695-2809996151-3074566073-1000\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.7.0.11 - Symantec Corporation)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
PS_AIO_07_C310_SW_Min (x32 Version: 140.0.304.000 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 1.0.0.12 - Realtek Semiconductor Corp.)
ROBLOX Player for Speed (HKU\S-1-5-21-4019636695-2809996151-3074566073-1000\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
ROBLOX Studio for Speed (HKU\S-1-5-21-4019636695-2809996151-3074566073-1000\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - ROBLOX Corporation)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Safari Packages (HKU\S-1-5-21-4019636695-2809996151-3074566073-1000\...\Safari Packages) (Version:  - ) <==== ATTENTION
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype Launcher (HKLM-x32\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Smart Driver Updater v3.2 (HKLM-x32\...\Smart Driver Updater_is1) (Version: 3.2 - Avanquest Software)
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.18.9.4384 - Enigma Software Group, LLC)
Status (x32 Version: 140.0.256.000 - Hewlett-Packard) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)
The Weather Channel App (HKLM-x32\...\The Weather Channel App) (Version:  - )
Tom Clancy's Splinter Cell (x32 Version: 2.2.0.97 - WildTangent) Hidden
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.1 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.02.02 - TOSHIBA CORPORATION)
Toshiba Book Place (HKLM-x32\...\{C31337DE-0CDC-45A9-9A32-F099AC78D557}) (Version: 3.0.9490 - K-NFB Reading Technology, Inc.)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.08.64 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.6 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.25.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.8.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}) (Version: 4.08.06.00 - )
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.7 - TOSHIBA Corporation)
Toshiba Laptop Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.10.26 - Symantec Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.86.2 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.6.1 - TOSHIBA CORPORATION)
Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.25 - Toshiba)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.4.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.3.5109 - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.17.64 - TOSHIBA Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.0 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.52 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.7 - TOSHIBA Corporation)
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}) (Version: 4.08.06.00 - )
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.5.4.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.0.19 - TOSHIBA Corporation)
TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{CDADE9BC-612C-42B8-B929-5C6A823E7FF9}) (Version: 1.0.3 - TOSHIBA CORPORATION)
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.4 - Toshiba)
TrayApp (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
TV Bar 2 Toolbar (HKLM-x32\...\TV_Bar_2 Toolbar) (Version: 6.9.0.16 - TV Bar 2)
Unity Web Player (HKU\S-1-5-21-4019636695-2809996151-3074566073-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Updater By SweetPacks 2.0.0.586 (HKLM\...\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}_is1) (Version: 2.0.0.586 - SweetPacks) <==== ATTENTION
WeatherBug® (HKLM-x32\...\WeatherBug®) (Version: 10.0.7.4 - Earth Networks, Inc.)
Web Protect for Windows (HKLM-x32\...\wp-adinject-adk) (Version: 10.0.0 - Web Protect) <==== ATTENTION
WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) Hidden
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.6.14 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Wizard101 (HKU\S-1-5-21-4019636695-2809996151-3074566073-1000\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - )
Zuma's Revenge (x32 Version: 2.2.0.97 - WildTangent) Hidden
Zwinky Toolbar (HKLM-x32\...\Zwinky_5qbar Uninstall) (Version:  - Mindspark Interactive Network) <==== ATTENTION
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
Check "winmgmt" service or repair WMI.
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => 
Task: C:\windows\Tasks\APSnotifierPP1.job =>  <==== ATTENTION
Task: C:\windows\Tasks\APSnotifierPP2.job =>  <==== ATTENTION
Task: C:\windows\Tasks\APSnotifierPP3.job =>  <==== ATTENTION
Task: C:\windows\Tasks\eb52LE3PEp2dBQ02x6ZQxMyTy1.job => 
Task: C:\windows\Tasks\globalUpdateUpdateTaskMachineCore.job =>  <==== ATTENTION
Task: C:\windows\Tasks\globalUpdateUpdateTaskMachineUA.job =>  <==== ATTENTION
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => 
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => 
Task: C:\windows\Tasks\PC Optimizer Pro64 startups.job => 
Task: C:\windows\Tasks\WSE_Astromenda.job => 
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-08-02 19:10 - 2015-07-22 09:20 - 00285880 _____ () C:\Users\Speed\AppData\Roaming\Dashlane\DashlanePlugin.exe
2014-04-21 15:24 - 2014-04-21 15:24 - 00392704 _____ () C:\Program Files (x86)\Boost\BoostUpdater.exe
2010-12-08 18:42 - 2010-12-08 18:42 - 00079264 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2011-04-04 22:18 - 2011-04-04 22:18 - 00094208 _____ () C:\windows\system32\IccLibDll_x64.dll
2015-08-02 19:10 - 2015-07-22 09:20 - 00227512 _____ () C:\Users\Speed\AppData\Roaming\Dashlane\Dashlane.exe
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\windows\system32\Drivers\ldxamxzg.sys:changelist
AlternateDataStreams: C:\ProgramData\TEMP:0F0A5896
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MyOSProtect => ""="service" <==== ATTENTION
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-4019636695-2809996151-3074566073-1000\...\wcpss.net -> hxxp://bb9.wcpss.net
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4019636695-2809996151-3074566073-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Speed\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 209.18.47.61 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{00141E33-1D09-4E17-AD58-6514394606AB}] => (Allow) C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\USBSetup.exe
FirewallRules: [{DE1720A5-5268-4211-9693-D6C3392CBC7D}] => (Allow) C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\USBSetup.exe
FirewallRules: [{597212B4-6A14-4C50-BFF5-CF1633317DEA}] => (Allow) D:\setup\hpznui40.exe
FirewallRules: [{A797DDB0-A671-4613-833C-69380697D341}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{B38E5803-969B-41CF-9E92-74A66D2CB6F8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{07B93871-9BAF-49BD-94F7-9337E12E2ABD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{3B414F54-539F-4E5C-9F4D-E62F790B146C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{C4548CF2-36E8-4836-A05D-2BBF412DEA01}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{01473D51-B916-422B-9AC4-5DCADD93B5EB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{32A5D0AF-51C3-46C1-A4C4-0AEB512D609A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{CE9D58C5-096C-41C8-8E8F-BB1936DB5AC9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{CFBFD13D-9BF0-4F5F-B817-138A16370F21}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{13F9BB82-CF09-4BD3-89BE-C4B3F321F057}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{852FDE7E-3113-46BA-96E1-6C45A0436CD7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{8CCE895F-F524-404F-AF58-A8A855CED664}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{63076FE8-8773-4391-BCA6-ECE771EC9B3B}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{BE745393-21CF-4EFD-BDF4-8D4AAC219998}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{9FB9B4AF-16CF-4284-81FC-2101D4491AAB}] => (Allow) C:\Users\Speed\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{2417C900-4CEB-4F9C-8395-A8CCEC9F39DE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8E78FD78-01BA-45A9-B029-6E60461A18E0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{65829B96-46C9-4F38-B9BD-2B43EBBCA958}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5128FEE2-6818-4AB6-8F5B-2DB203462D81}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{61AF4955-60EC-4720-97CF-5649FC3EDCE7}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{3C68D86D-E057-4473-81B2-F10552DDBC9D}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{76F38E06-8BC2-44FE-878A-CF6FB9993672}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{6EA2CCF7-2295-45BB-88D4-83954AF3FD0D}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{26C22423-3A72-46C0-8326-A751B3602BF7}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{98876759-CBA2-40CB-ACFA-01350F08AFD9}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{3A458890-1239-4225-A87F-B426185B7251}] => (Allow) LPort=2869
FirewallRules: [{E3FF9AE6-2047-4AB9-B002-9FC9294013F3}] => (Allow) LPort=1900
FirewallRules: [{A7B144E8-C8DF-4583-B901-55E5FDB67459}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{FBBBD95A-6F66-447A-AF51-FEE8A7B5EEE7}] => (Allow) C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\NIS.exe
FirewallRules: [TCP Query User{95A32A06-DC47-41ED-A021-97D1A1ACB433}C:\users\speed\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe] => (Block) C:\users\speed\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe
FirewallRules: [UDP Query User{8DF5CCE9-D020-4D88-8837-05111E3FA160}C:\users\speed\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe] => (Block) C:\users\speed\appdata\local\logmein rescue applet\lmir0002.tmp\lmi_rescue.exe
FirewallRules: [{96FD4854-8A7D-41C7-90DA-591845A8F8BA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/29/2015 07:28:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5335
 
Error: (08/29/2015 07:28:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5335
 
Error: (08/29/2015 07:28:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/29/2015 07:28:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4274
 
Error: (08/29/2015 07:28:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4274
 
Error: (08/29/2015 07:28:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/29/2015 07:28:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3260
 
Error: (08/29/2015 07:28:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3260
 
Error: (08/29/2015 07:28:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/29/2015 07:28:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2262
 
 
System errors:
=============
Error: (08/29/2015 06:32:30 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume TI106139W0E.
 
Error: (08/29/2015 06:23:32 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
 
Error: (08/29/2015 06:23:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Google Update Service (gupdate) service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (08/28/2015 04:06:48 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume C:.
 
Error: (08/26/2015 02:32:11 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 109globalUpdate/comsvc{577975B8-C40E-43E6-B0DE-4C6B44088B52}
 
Error: (08/26/2015 02:32:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The globalUpdate Update Service (globalUpdate) service failed to start due to the following error: 
%%109
 
Error: (08/25/2015 11:37:28 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume TI106139W0E.
 
Error: (08/23/2015 01:31:48 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume C:.
 
Error: (08/22/2015 06:36:47 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume TI106139W0E.
 
Error: (08/22/2015 06:36:47 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume TI106139W0E.
 
 
Microsoft Office:
=========================
Error: (08/29/2015 07:28:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5335
 
Error: (08/29/2015 07:28:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5335
 
Error: (08/29/2015 07:28:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/29/2015 07:28:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4274
 
Error: (08/29/2015 07:28:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4274
 
Error: (08/29/2015 07:28:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/29/2015 07:28:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3260
 
Error: (08/29/2015 07:28:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3260
 
Error: (08/29/2015 07:28:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/29/2015 07:28:40 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2262
 
 
CodeIntegrity:
===================================
  Date: 2015-08-13 13:47:49.410
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-11 12:40:10.610
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-11 11:59:04.307
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-05 14:07:32.767
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-05 14:05:15.249
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-04 22:11:29.286
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-04 22:09:48.199
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-08-02 19:38:18.568
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-06-15 20:38:51.326
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-06-03 15:36:59.072
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Web Protect\pcwtc64f.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU B940 @ 2.00GHz
Percentage of memory in use: 71%
Total physical RAM: 4043.86 MB
Available physical RAM: 1144.68 MB
Total Virtual: 8085.92 MB
Available Virtual: 4468.66 MB
 
==================== Drives ================================
 
Drive c: (TI106139W0E) (Fixed) (Total:450.57 GB) (Free:284.53 GB) NTFS ==>[system with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
==================== End of Addition.txt ============================

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:59 PM

Posted 31 August 2015 - 08:55 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===
 

I was unable to run a fresh download, as Norton would remove it as soon as it was downloaded

The Farbar tool is updated often. So Norton does not recongnize the new version.

Download the 64 bit version from the site below.

Norton will advise you in the in a box on the lower corner of the page.
Click the view details. You should then have an option ot accept or restore the downloaded file.

Run the File in an Administrator account so that we can see all that is running on the computer.
Copy the downloaded file to your Desktop and run it from there.

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

p.s.
I do not need to see a fresh Addition.txt file.

#3 Artbroken

Artbroken
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:03:59 PM

Posted 31 August 2015 - 11:44 AM

Hello Nasdaq.
I am away from home until tomorrow afternoon, however, Im pretty sure that I would be unable to perform the steps listed without getting administrator access. I appear to be blocked from changing users by a profile named "temporarory".

#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:59 PM

Posted 31 August 2015 - 01:21 PM


If unable to run Farbar in an Admin. account, run this tool.

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zeok tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyalltemp;
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.

Also, please provide an update on how the computer is behaving after running the above script.

===

#5 Artbroken

Artbroken
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:03:59 PM

Posted 01 September 2015 - 03:01 PM

Can't disable Norton Internet Security because options are greyed out, and other attempts to access them are blocked by the account asking for an administrator password.

 

I ran the command "net user" and I see that there are 4 accounts: My sister's; Guest, Administrator, and Temporarory.

While this "Temporarory" account has administrator privileges, the original Administrator account is still present, but hidden. Am trying to somehow switch to that, if the Temporarory account doesnt block me. 

Otherwise, am tempted to try resetting the password with a 3rd party program. 

I cant seem to do anything, scan-wise, without getting rid of that account.



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:59 PM

Posted 02 September 2015 - 08:16 AM

Please run this tool.

Please Download Tweaking.com - Windows Repair from Here
[list]
  • Install and then run the program
  • Execute the instructions on Step 1 Important
  • Click Next on Step 2 Optional, do the Pre Scan skip Step 3 and 4 Optional for now.
  • On Step 5 Backup System Restore Do a Registry backup. When you have completed this click Next
  • Click on Repairs
  • Click Repairs - Open Repairs in the bottom right corner
  • Click the Unselect All button then select just the item(s) listed below

  • 01 - Repair Registry Permissions
    03 - Reset Service permissions
    04 - Register System Files
    05 - Repair WMI
    10 - Remove Policies Set By Infections
    26 - Restore Important Windows Services
    27 - Set Windows Service to Default Startup
    
  • Click the Start button and let the process run to completion. Copy any error messages into Notepad, Save it on your Desktop. ( Reboot if asked to do so)
  • Please copy and paste the Contents of this file on your next reply.

  • ===

    Restart the computer normally.

    How is the computer running now?

    =======================



#7 Artbroken

Artbroken
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:03:59 PM

Posted 03 September 2015 - 06:42 PM

Same thing, cannot run tweaking file. Downloads fine, but user control window pops up asking for password when attempting to run it.



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:59 PM

Posted 04 September 2015 - 07:33 AM

If you right click on the .exe file and run as as administrator does it work.

If that does not work run this tool.


Please Download and run the ComboFix tool.

How to use ComboFix
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Follow the instructions on the page.

Post the content of the C:\ComboFix.txt file for my review.

p.s.
When all is well you can remove the tool by following the Uninstall instructions on the same page.

====

#9 Artbroken

Artbroken
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:03:59 PM

Posted 04 September 2015 - 09:05 PM

Trying to run as administrator brings up the user account control box requesting the password for the "Temporarory" account.

The same account blocks combofix from running.



#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:59 PM

Posted 05 September 2015 - 09:12 AM

Can you start the computer and if logged as Temporarory change the profile to Speed.

Press the windows key Windows_Logo_key.gif Click the arrow near the Shutdown button > Select Change user and select Speed.

If successful run the tools from there.

===

If this is not possibly the I suggest you start a new topic in the Windows 10 forum.
Someone may have a way for your to remove that bad profile.
http://www.bleepingcomputer.com/forums/f/229/windows-10/

When done please return here and will continue with the cleanup of the malware.

#11 Artbroken

Artbroken
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:03:59 PM

Posted 05 September 2015 - 04:07 PM

I was unsuccessful in both cases.

 

I posted a topic in the Windows 7 forum, since that is the OS on this laptop, and it appears that a moderator has now moved it to the "Am I infected?" forum.



#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:59 PM

Posted 06 September 2015 - 08:08 AM

You did get one reply.

See what you can do.

#13 Artbroken

Artbroken
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:03:59 PM

Posted 08 September 2015 - 11:32 AM

Hi Nasdaq - I was able to reset the password on the Temporarory account, and now have administrator access to the laptop!

 

I removed admin privilege from that account, and gave it to my sister's. I haven't deleted the Temporarory account yet, in case there's something else you feel I should do before proceeding. otherwise, I'm all set to start over.



#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:59 PM

Posted 09 September 2015 - 07:01 AM

Great.


Run the Farbar tool and post a fresh FRST log for my review.

#15 Artbroken

Artbroken
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Local time:03:59 PM

Posted 09 September 2015 - 06:33 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-09-2015
Ran by Speed (administrator) on SPEED-PC (09-09-2015 18:01:08)
Running from C:\Users\Speed\Downloads
Loaded Profiles: Speed (Available Profiles: Speed & temporarory)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Vertro Inc.) C:\Users\Emilie.Speed-PC\AppData\LocalLow\alotservice\alotservice.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\NIS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(COMPANYVERS_NAME) C:\Program Files (x86)\Zwinky_5q\bar\1.bin\5qbarsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
(Avanquest Software) C:\Program Files (x86)\Smart Driver Updater\SDUTray.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
() C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exe
() C:\Users\Speed\AppData\Roaming\Dashlane\Dashlane.exe
() C:\Users\Speed\AppData\Roaming\Dashlane\DashlanePlugin.exe
(W3i, LLC) C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
() C:\Program Files (x86)\Boost\BoostUpdater.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
() C:\Users\Speed\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsApp.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Weather Notifications, LLC) C:\Users\Speed\AppData\Local\SevereWeatherAlerts\SevereWeatherAlerts.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe [3218792 2010-08-17] (Toshiba)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294712 2010-11-29] (TOSHIBA Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [BrowserSafeguard] => "C:\Program Files (x86)\BrowserSafeguard\BrowserSafeguard.exe"
HKLM-x32\...\Run: [BrowserSafeguard Update Task] => "C:\Program Files (x86)\BrowserSafeguard\uninstall.BrowserSafeguard.exe" /CheckUpdate=true
HKLM-x32\...\Run: [ITSecMng] => C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [83336 2009-07-22] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\Run: [Exetender] => C:\Program Files (x86)\Free Ride Games\GPlayer.exe [4862384 2012-03-21] (Exent Technologies Ltd.)
HKU\S-1-5-20\...\Run: [Exetender] => C:\Program Files (x86)\Free Ride Games\GPlayer.exe [4862384 2012-03-21] (Exent Technologies Ltd.)
HKU\S-1-5-21-4019636695-2809996151-3074566073-1000\...\Run: [BreezyConnector] => C:\Users\Speed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BreezyPrint Corporation\Breezy Connector.appref-ms
HKU\S-1-5-21-4019636695-2809996151-3074566073-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-4019636695-2809996151-3074566073-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-4019636695-2809996151-3074566073-1000\...\Run: [com.apple.dav.bookmarks.daemon] => C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
HKU\S-1-5-21-4019636695-2809996151-3074566073-1000\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1326408 2013-11-15] (Apple Inc.)
HKU\S-1-5-21-4019636695-2809996151-3074566073-1000\...\Run: [WeatherBug] => C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exe [146736 2014-04-01] ()
HKU\S-1-5-21-4019636695-2809996151-3074566073-1000\...\Run: [Dashlane] => C:\Users\Speed\AppData\Roaming\Dashlane\Dashlane.exe [228024 2015-08-27] ()
HKU\S-1-5-21-4019636695-2809996151-3074566073-1000\...\Run: [DashlanePlugin] => C:\Users\Speed\AppData\Roaming\Dashlane\DashlanePlugin.exe [285880 2015-08-27] ()
HKU\S-1-5-21-4019636695-2809996151-3074566073-1000\...\Run: [InstallIQUpdater] => C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe [1179648 2011-10-11] (W3i, LLC)
HKU\S-1-5-18\...\Run: [Exetender] => C:\Program Files (x86)\Free Ride Games\GPlayer.exe [4862384 2012-03-21] (Exent Technologies Ltd.)
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => No File
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => No File
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
Startup: C:\Users\Speed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BoostUpdater.lnk [2014-08-05]
ShortcutTarget: BoostUpdater.lnk -> C:\Program Files (x86)\Boost\BoostUpdater.exe ()
Startup: C:\Users\Speed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts App.lnk [2014-08-05]
ShortcutTarget: Severe Weather Alerts App.lnk -> C:\Users\Speed\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsApp.exe ()
Startup: C:\Users\Speed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts.lnk [2014-08-05]
ShortcutTarget: Severe Weather Alerts.lnk -> C:\Users\Speed\AppData\Local\SevereWeatherAlerts\SevereWeatherAlerts.exe (Weather Notifications, LLC)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-4019636695-2809996151-3074566073-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49544;https=127.0.0.1:49544
Winsock: Catalog9-x64 01 C:\windows\system32\MyOSProtect64.dll [350768 2014-09-04] (MyOSCompany)
Winsock: Catalog9-x64 02 C:\windows\system32\MyOSProtect64.dll [350768 2014-09-04] (MyOSCompany)
Winsock: Catalog9-x64 03 C:\windows\system32\MyOSProtect64.dll [350768 2014-09-04] (MyOSCompany)
Winsock: Catalog9-x64 04 C:\windows\system32\MyOSProtect64.dll [350768 2014-09-04] (MyOSCompany)
Winsock: Catalog9-x64 15 C:\windows\system32\MyOSProtect64.dll [350768 2014-09-04] (MyOSCompany)
Tcpip\..\Interfaces\{41CB1D3D-8989-4FA9-9EF1-73677B066C87}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{B089CA44-E052-40D8-9115-61B9C4444059}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10045&barid={80E6EA4E-E33A-11E2-B85D-E89A8F7D5244}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NIS&pvid=21.6.0.32
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NIS&pvid=21.6.0.32
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NIS&pvid=21.6.0.32
HKU\S-1-5-21-4019636695-2809996151-3074566073-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=SnapdoTT&dpid=SnapdoTT&co=US&userid=18e5db55-b241-4562-deb3-6b0a20b923a9&searchtype=ds&q={searchTerms}&installDate={installDate}&barcodeid={barcodeID}&um={UM}
HKU\S-1-5-21-4019636695-2809996151-3074566073-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.toshiba.com
URLSearchHook: HKU\S-1-5-21-4019636695-2809996151-3074566073-1000 - (No Name) - {cc2e2b99-14d3-4516-883c-9ea147f594ef} - C:\Program Files (x86)\Zwinky_5q\bar\1.bin\5qSrcAs.dll (MindSpark)
SearchScopes: HKLM -> DefaultScope {1ECBCAC7-F690-41E5-9FE1-DEC50FD2749A} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {1ECBCAC7-F690-41E5-9FE1-DEC50FD2749A} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM -> {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_app_14_43_ch&cd=2XzuyEtN2Y1L1Qzu0FtB0D0Fzy0AyDzztDyEtCyEyBtDyCzztN0D0Tzu0StCtDtByEtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StBtAtByByCtC0ByDtGyC0F0AyEtG0EzyyBzztGyBtCtBzztGtCtCtB0C0BtDyC0BzztA0AtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCtAtC0ByC0D0FtBtGtAzz0A0CtGyEzz0D0CtG0A0F0B0EtGyBtCyCtD0BtDyDzzzztA0AtD2Q&cr=579581511&ir=
SearchScopes: HKLM-x32 -> DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10045&barid={80E6EA4E-E33A-11E2-B85D-E89A8F7D5244}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {5a15c091-f3c2-4c8f-8964-e3434a2a4a95} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZJxdm684YYus&ptnrS=ZJxdm684YYus&ptb=414F68EF-031B-435B-B459-F40B96C28A7C&ind=2012052116&n=77ed7a94&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM-x32 -> {9a3b19bb-9b55-4dd7-b8a2-fb2bad65cc3b} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=Z9xdm047YYus&ptnrS=Z9xdm047YYus&si=128449&ptb=7F9FC320-EBCC-4C6D-84AC-8BC50C2C3CCE&psa=&ind=2014110220&st=sb&n=780ce20c&searchfor={searchTerms}
SearchScopes: HKLM-x32 -> {D6A46094-01B9-47EB-8B84-AF9304B314CA} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM-x32 -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10045&barid={80E6EA4E-E33A-11E2-B85D-E89A8F7D5244}
SearchScopes: HKU\S-1-5-21-4019636695-2809996151-3074566073-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=U270DF&PC=U270&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4019636695-2809996151-3074566073-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=U270DF&PC=U270&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4019636695-2809996151-3074566073-1000 -> {1ECBCAC7-F690-41E5-9FE1-DEC50FD2749A} URL = 
SearchScopes: HKU\S-1-5-21-4019636695-2809996151-3074566073-1000 -> {A6863B15-AF4B-4B3C-BC7B-4E3403C604E1} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
BHO: Cinema-Plus-1.2c -> {11111111-1111-1111-1111-110611171162} -> C:\Program Files (x86)\Cinema-Plus-1.2c\Cinema-Plus-1.2c-bho64.dll No File
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
BHO: Updater By SweetPacks -> {7D4F1959-3F72-49d5-8E59-F02F8AA6815D} -> C:\Program Files\Updater By SweetPacks\Extension64.dll [2013-05-16] ()
BHO: Boost -> {8DE6FC60-E023-4AD7-A3B7-591E1460E7F7} -> C:\Program Files (x86)\Boost\64Boost.dll [2014-05-15] (Jigsaw)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2011-07-11] (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28] (Yahoo! Inc.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.)
BHO-x32: No Name -> {11111111-1111-1111-1111-110611171162} ->  No File
BHO-x32: Toolbar BHO -> {27488090-768a-4d20-a938-f223f71c344c} -> C:\Program Files (x86)\Zwinky_5q\bar\1.bin\5qbar.dll [2012-05-20] (MindSpark)
BHO-x32: Re-Markable -> {2F933C71-070C-F9FC-043D-37CA4A9A7B1F} -> C:\Program Files (x86)\ver7Re-Markable\176.dll No File
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL [2015-03-04] (Symantec Corporation)
BHO-x32: TV Bar 2 Toolbar -> {75e0046f-2275-4bce-9afd-d8da19abdf0b} -> C:\Users\Speed\AppData\LocalLow\TV_Bar_2\prxtbTV_2.dll [2014-04-10] (ClientConnect Ltd.)
BHO-x32: Updater By SweetPacks -> {7D4F1959-3F72-49d5-8E59-F02F8AA6815D} -> C:\Program Files\Updater By SweetPacks\Extension32.dll [2013-05-16] ()
BHO-x32: ALOT Appbar Helper -> {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} -> C:\Program Files (x86)\alotappbar\bin\BHO\ALOTHelperBHO.dll [2012-06-21] (Vertro, Inc)
BHO-x32: Boost -> {8DE6FC60-E023-4AD7-A3B7-591E1460E7F7} -> C:\Program Files (x86)\Boost\Boost.dll [2014-05-15] (Jigsaw)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2011-07-11] (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Search Assistant BHO -> {bd3ea7c2-3af8-4463-9a9c-6eb8e136cb02} -> C:\Program Files (x86)\Zwinky_5q\bar\1.bin\5qSrcAs.dll [2012-05-20] (MindSpark)
BHO-x32: GamesBarBHO Class -> {CB0D163C-E9F4-4236-9496-0597E24B23A5} -> C:\Program Files (x86)\GamesBar\2.0.1.82\oberontb.dll [2011-03-03] (Oberon Media Ltd.)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2010-12-05] (<TOSHIBA>)
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28] (Yahoo! Inc)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2011-07-11] (Google Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2011-07-11] (Google Inc.)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28] (Yahoo! Inc.)
Toolbar: HKLM-x32 - Zwinky - {3033124f-06bf-4829-873a-310a125b4d4c} - C:\Program Files (x86)\Zwinky_5q\bar\1.bin\5qbar.dll [2012-05-20] (MindSpark)
Toolbar: HKLM-x32 - No Name - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} -  No File
Toolbar: HKLM-x32 - ALOT Appbar - {A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Program Files (x86)\alotappbar\bin\ALOTHelper.dll [2012-06-21] (Vertro, Inc)
Toolbar: HKLM-x32 - TV Bar 2 Toolbar - {75e0046f-2275-4bce-9afd-d8da19abdf0b} - C:\Users\Speed\AppData\LocalLow\TV_Bar_2\prxtbTV_2.dll [2014-04-10] (ClientConnect Ltd.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-4019636695-2809996151-3074566073-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2011-07-11] (Google Inc.)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} 
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF ProfilePath: C:\Users\Speed\AppData\Roaming\Mozilla\Firefox\Profiles\x9icd9rm.default
FF NewTab: hxxp://www.trovi.com/?gd=&ctid=CT3330390&octid=EB_ORIGINAL_CTID&ISID=M1AF58237-B777-48DF-936D-A94AF49E8127&SearchSource=69&CUI=&SSPV=SP21715VA_sp_ff&Lay=1&UM=6&UP=SP587B2229-74A0-4B54-A523-F32D97D8C639
FF SearchEngineOrder.1: Ask Search
FF SelectedSearchEngine: Astromenda
FF Homepage: hxxp://astromenda.com/?f=1&a=ast_app_14_43_ch&cd=2XzuyEtN2Y1L1Qzu0FtB0D0Fzy0AyDzztDyEtCyEyBtDyCzztN0D0Tzu0StCtDtByEtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StBtAtByByCtC0ByDtGyC0F0AyEtG0EzyyBzztGyBtCtBzztGtCtCtB0C0BtDyC0BzztA0AtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCtAtC0ByC0D0FtBtGtAzz0A0CtGyEzz0D0CtG0A0F0B0EtGyBtCyCtD0BtDyDzzzztA0AtD2Q&cr=579581511&ir=
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-20] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-20] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll [2013-02-18] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @exent.com/npExentCtl,version=7.0.0.0 -> C:\Program Files (x86)\Free Ride Games\npExentCtl.dll [2009-12-27] (Exent Technologies Ltd.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-04-02] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-04-02] (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-09-09] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-09-09] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll [2010-09-01] (Oberon-Media )
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [2014-08-09] (globalUpdate)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [2014-08-09] (globalUpdate)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-29] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-11] ()
FF Plugin-x32: @Zwinky_5q.com/Plugin -> C:\Program Files (x86)\Zwinky_5q\bar\1.bin\NP5qStub.dll [2012-05-20] (MindSpark)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-09-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4019636695-2809996151-3074566073-1000: @nsroblox.roblox.com/launcher -> C:\Users\Speed\AppData\Local\Roblox\Versions\version-f4fa73127aa54242\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-4019636695-2809996151-3074566073-1000: @nsroblox.roblox.com/launcher64 -> C:\Users\Speed\AppData\Local\Roblox\Versions\version-f4fa73127aa54242\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-4019636695-2809996151-3074566073-1000: @sony.com/Some -> C:\Program Files (x86)\Sony\Bloggie Software\npsome.dll [2011-06-09] (Sony)
FF Plugin HKU\S-1-5-21-4019636695-2809996151-3074566073-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Speed\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-12-05] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-4019636695-2809996151-3074566073-1000: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\Speed\AppData\Roaming\CATALI~2\NPBCSK~1.DLL [2013-06-07] (Catalina Marketing Corporation)
FF user.js: detected! => C:\Users\Speed\AppData\Roaming\Mozilla\Firefox\Profiles\x9icd9rm.default\user.js [2014-10-21]
FF SearchPlugin: C:\Users\Speed\AppData\Roaming\Mozilla\Firefox\Profiles\x9icd9rm.default\searchplugins\ask-search.xml [2014-01-29]
FF SearchPlugin: C:\Users\Speed\AppData\Roaming\Mozilla\Firefox\Profiles\x9icd9rm.default\searchplugins\Astromenda.xml [2014-12-12]
FF SearchPlugin: C:\Users\Speed\AppData\Roaming\Mozilla\Firefox\Profiles\x9icd9rm.default\searchplugins\trovi-search.xml [2014-10-13]
FF SearchPlugin: C:\Users\Speed\AppData\Roaming\Mozilla\Firefox\Profiles\x9icd9rm.default\searchplugins\Web Search.xml [2014-08-09]
FF Extension: Plus-HD-V1.9c - C:\Users\Speed\AppData\Roaming\Mozilla\Firefox\Profiles\x9icd9rm.default\Extensions\0b105cbff1eb40b89bca7dae371d@7ead239035fb4613ab38ef.com [2015-06-03]
FF Extension: sipgateffxmichaelrotmanov - C:\Users\Speed\AppData\Roaming\Mozilla\Firefox\Profiles\x9icd9rm.default\Extensions\sipgateffx@michael.rotmanov [2014-08-18]
FF Extension: Astromenda NT - C:\Users\Speed\AppData\Roaming\Mozilla\Firefox\Profiles\x9icd9rm.default\Extensions\{424b0d11-e7fe-4a04-b7df-8f2c77f58aaf} [2014-09-15]
FF Extension: Astrmenda Search - C:\Users\Speed\AppData\Roaming\Mozilla\Firefox\Profiles\x9icd9rm.default\Extensions\{8dc5c42e-9204-2a64-8b97-fa94ff8a241f} [2014-10-21]
FF Extension: Boost - C:\Users\Speed\AppData\Roaming\Mozilla\Firefox\Profiles\x9icd9rm.default\Extensions\boost@boost.net.xpi [2014-05-15]
FF Extension: Framed Display - C:\Users\Speed\AppData\Roaming\Mozilla\Firefox\Profiles\x9icd9rm.default\Extensions\{7012eec1-4f37-42d4-a2cd-26727494d248}.xpi [2014-10-20]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-10-17]
FF HKLM\...\Firefox\Extensions: [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] - C:\Program Files\Updater By SweetPacks\Firefox
FF Extension: Updater By SweetPacks - C:\Program Files\Updater By SweetPacks\Firefox [2013-07-02]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-11-27]
FF HKLM-x32\...\Firefox\Extensions: [5qffxtbr@Zwinky_5q.com] - C:\Program Files (x86)\Zwinky_5q\bar\1.bin
FF Extension: No Name - C:\Program Files (x86)\Zwinky_5q\bar\1.bin [2012-05-20]
FF HKLM-x32\...\Firefox\Extensions: [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] - C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.2.15\coFFPlgn
FF HKLM-x32\...\Firefox\Extensions: [{40211632-250D-4B8C-B04E-DA45BAE6DF8C}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.5.0.19\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.5.0.19\coFFPlgn [2015-09-08]
FF HKU\S-1-5-21-4019636695-2809996151-3074566073-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-4019636695-2809996151-3074566073-1000\...\Firefox\Extensions: [{3E5C8284-F12E-5CA8-47C1-0926B2C48BAB}] - C:\Program Files (x86)\ver7Re-Markable\176.xpi
FF Extension: No Name - C:\Program Files (x86)\ver7Re-Markable\176.xpi [2014-08-09]
FF HKU\S-1-5-21-4019636695-2809996151-3074566073-1000\...\Firefox\Extensions: [jetpack-extension@dashlane.com] - C:\Users\Speed\AppData\Roaming\Dashlane\3.5.2.91147\Extensions\JetPack_expanded\jetpack-extension@dashlane.com
FF Extension: Dashlane - C:\Users\Speed\AppData\Roaming\Dashlane\3.5.2.91147\Extensions\JetPack_expanded\jetpack-extension@dashlane.com [2015-09-01]
StartMenuInternet: FIREFOX.EXE - firefox.exe
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR StartupUrls: Default -> "hxxp://astromenda.com/?f=7&a=ast_app_14_43_ch&cd=2XzuyEtN2Y1L1Qzu0FtB0D0Fzy0AyDzztDyEtCyEyBtDyCzztN0D0Tzu0StCtDtByEtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StBtAtByByCtC0ByDtGyC0F0AyEtG0EzyyBzztGyBtCtBzztGtCtCtB0C0BtDyC0BzztA0AtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCtAtC0ByC0D0FtBtGtAzz0A0CtGyEzz0D0CtG0A0F0B0EtGyBtCyCtD0BtDyDzzzztA0AtD2Q&cr=579581511&ir=","hxxp://www.trovi.com/?gd=&ctid=CT3330390&octid=EB_ORIGINAL_CTID&ISID=MCEB7D7A9-61F4-4BB9-A3E6-25381239FE9D&SearchSource=55&CUI=&UM=6&UP=SPD4DD1433-1314-4E8E-82E5-C1495964FAC7&SSPV=SP21715VA_sp_ch"
CHR DefaultSearchKeyword: Default -> astromenda.com
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\pdf.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Oberon com adapter) - C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
CHR Plugin: (Exent® AOD Gecko Plugin) - C:\Program Files (x86)\Free Ride Games\npExentCtl.dll (Exent Technologies Ltd.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.510.13) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 7 U51) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files (x86)\MyOwnSuperhero\bar\1.bin\NPv3Stub.dll No File
CHR Plugin: (Sony Online Media Engine) - C:\Program Files (x86)\Sony\Bloggie Software\npsome.dll (Sony)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files (x86)\Zwinky_5q\bar\1.bin\NP5qStub.dll (MindSpark)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Unity Player) - C:\Users\Speed\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Catalina Savings Printer) - C:\Users\Speed\AppData\Roaming\CATALI~2\NPBCSK~1.DLL (Catalina Marketing Corporation)
CHR Plugin: (Shockwave for Director) - C:\windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll No File
CHR Profile: C:\Users\Speed\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Speed\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-15]
CHR Extension: (Google Drive) - C:\Users\Speed\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-15]
CHR Extension: (YouTube) - C:\Users\Speed\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-03-03]
CHR Extension: (Google Search) - C:\Users\Speed\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-03-03]
CHR Extension: (MSN Homepage & Bing Search Engine) - C:\Users\Speed\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2015-07-27]
CHR Extension: (Zwinky) - C:\Users\Speed\AppData\Local\Google\Chrome\User Data\Default\Extensions\fidlffpkjchmiflngkkakcmbjmehkdbg [2015-03-31]
CHR Extension: (Google Docs Offline) - C:\Users\Speed\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-09]
CHR Extension: (Boost) - C:\Users\Speed\AppData\Local\Google\Chrome\User Data\Default\Extensions\igckfjdcbkimejmjmpmebffdjjjgncfn [2014-08-05]
CHR Extension: (Norton Identity Safe) - C:\Users\Speed\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-11-04]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Speed\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-18]
CHR Extension: (Skype Click to Call) - C:\Users\Speed\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-08-06]
CHR Extension: (Cinema-Plus-1.2c) - C:\Users\Speed\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnanplinmmnjhobaliikmelmmjpoogkb [2014-08-10]
CHR Extension: (App Bud) - C:\Users\Speed\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkgehohdeddilafacnmjbjlnkomcneoi [2014-09-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Speed\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-15]
CHR Extension: (Astromenda New Tab) - C:\Users\Speed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae [2014-10-21]
CHR Extension: (Gmail) - C:\Users\Speed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-03-03]
CHR Extension: (Extutil) - C:\Users\Speed\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B [2014-09-24]
CHR Extension: (Managera) - C:\Users\Speed\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42 [2014-09-24]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\Exts\Chrome.crx [2015-09-08]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-4019636695-2809996151-3074566073-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-4019636695-2809996151-3074566073-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\Exts\Chrome.crx [2015-09-08]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
CHR HKLM-x32\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - https://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AlotService; C:\Users\Emilie.Speed-PC\AppData\LocalLow\alotservice\alotservice.exe [255880 2012-06-21] (Vertro Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-08-09] (globalUpdate) [File not signed] <==== ATTENTION
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2014-08-09] (globalUpdate) [File not signed] <==== ATTENTION
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\22.5.2.15\NIS.exe [282016 2015-07-16] (Symantec Corporation)
U2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe [123320 2011-02-03] (Symantec Corporation)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe [126392 2011-02-03] (Symantec Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S2 ProtectMonitor; C:\monitorsvc.exe [34244 2014-09-02] () [File not signed] <==== ATTENTION
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025920 2014-11-04] (Enigma Software Group USA, LLC.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 Zwinky_5qService; C:\Program Files (x86)\Zwinky_5q\bar\1.bin\5qbarsvc.exe [42528 2012-05-20] (COMPANYVERS_NAME)
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [X] <==== ATTENTION
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\BASHDefs\20150706.001\BHDrvx64.sys [1648880 2015-07-10] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1605020.00F\ccSetx64.sys [173808 2015-07-10] (Symantec Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2014-11-04] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2014-11-04] ()
S1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\IPSDefs\20150710.001\IDSVia64.sys [692984 2015-07-10] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1605020.00F\SRTSP64.SYS [926448 2015-07-10] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1605020.00F\SRTSPX64.SYS [50936 2015-07-10] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NISx64\1605020.00F\SYMEFASI64.SYS [1620720 2015-07-10] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-09-08] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [78936 2014-07-23] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1605020.00F\Ironx64.SYS [297720 2015-07-10] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\NISx64\1605020.00F\SYMNETS.SYS [576248 2015-07-10] (Symantec Corporation)
S3 Tosrfcom; no ImagePath
R2 webinstr; C:\windows\system32\Drivers\webinstr.sys [57528 2014-07-16] (Corsica)
R2 X5XSEx; C:\Program Files (x86)\Free Ride Games\X5XSEx.Sys [55400 2010-11-22] (Exent Technologies Ltd.)
S3 EraserUtilDrv11313; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11313.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\VirusDefs\20150710.002\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\VirusDefs\20150710.002\EX64.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-09 17:26 - 2015-09-09 17:21 - 00097888 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2015-09-08 17:25 - 2015-09-08 17:25 - 00003120 _____ C:\windows\System32\Tasks\Food Extension
2015-09-08 17:25 - 2015-09-08 17:25 - 00000000 ____D C:\Users\temporarory\AppData\Local\Food Extension
2015-09-06 17:40 - 2015-09-06 17:40 - 00000000 ____D C:\Emergency
2015-09-04 22:01 - 2015-09-04 22:01 - 05635231 _____ (Swearware) C:\Users\Speed\Downloads\ComboFix.exe
2015-09-03 19:36 - 2015-09-03 19:37 - 20260624 _____ (Tweaking.com) C:\Users\Speed\Downloads\tweaking.com_windows_repair_aio_setup.exe
2015-09-01 15:35 - 2015-09-01 15:35 - 00003416 ____N C:\bootsqm.dat
2015-09-01 15:05 - 2015-09-01 15:05 - 01654272 _____ C:\Users\Speed\Desktop\adwcleaner_5.005.exe
2015-08-29 21:22 - 2015-08-29 21:22 - 02870984 _____ (ESET) C:\Users\Speed\Downloads\esetsmartinstaller_enu.exe
2015-08-29 20:57 - 2015-08-29 20:58 - 00037576 _____ C:\Users\Speed\Downloads\Addition.txt
2015-08-29 20:54 - 2015-09-09 18:01 - 00045598 _____ C:\Users\Speed\Downloads\FRST.txt
2015-08-29 20:53 - 2015-09-09 17:25 - 00000000 ____D C:\Users\Speed\Downloads\FRST-OlderVersion
2015-08-29 19:25 - 2015-08-29 19:25 - 01618432 _____ C:\Users\Speed\Downloads\AdwCleaner.exe
2015-08-29 19:22 - 2015-08-29 19:23 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Speed\Downloads\mbam-setup-2.1.8.1057 (1).exe
2015-08-29 19:21 - 2015-08-29 19:21 - 06667640 _____ (Piriform Ltd) C:\Users\Speed\Downloads\ccsetup509.exe
2015-08-25 11:45 - 2015-08-25 11:46 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Speed\Downloads\mbam-setup-2.1.8.1057.exe
2015-08-21 08:46 - 2015-08-10 21:20 - 25191936 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-08-21 08:46 - 2015-08-10 21:14 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-08-21 08:46 - 2015-08-10 20:33 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-08-21 08:46 - 2015-08-10 20:20 - 19871232 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-08-13 13:24 - 2015-07-30 09:13 - 00124624 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-13 13:24 - 2015-07-30 09:13 - 00103120 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 10:45 - 2015-07-28 16:09 - 00017344 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2015-08-12 10:45 - 2015-07-28 16:05 - 01116672 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-08-12 10:45 - 2015-07-28 16:05 - 00774656 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-08-12 10:45 - 2015-07-28 16:05 - 00743424 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-08-12 10:45 - 2015-07-28 16:05 - 00437760 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-08-12 10:45 - 2015-07-28 16:05 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-08-12 10:45 - 2015-07-28 16:05 - 00069120 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-08-12 10:45 - 2015-07-28 15:55 - 01148416 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-08-12 10:45 - 2015-07-16 15:12 - 06131200 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2015-08-12 10:45 - 2015-07-16 15:12 - 00856064 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdvidcrl.dll
2015-08-12 10:45 - 2015-07-16 15:12 - 00053248 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2015-08-12 10:45 - 2015-07-16 15:11 - 07077376 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2015-08-12 10:45 - 2015-07-16 15:11 - 01057792 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll
2015-08-12 10:45 - 2015-07-16 15:11 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2015-08-12 10:45 - 2015-07-15 14:15 - 05568960 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-08-12 10:45 - 2015-07-15 14:15 - 00155584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-08-12 10:45 - 2015-07-15 14:15 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-08-12 10:45 - 2015-07-15 14:15 - 00094656 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys
2015-08-12 10:45 - 2015-07-15 14:12 - 01730496 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-08-12 10:45 - 2015-07-15 14:11 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2015-08-12 10:45 - 2015-07-15 14:11 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2015-08-12 10:45 - 2015-07-15 14:11 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2015-08-12 10:45 - 2015-07-15 14:11 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-08-12 10:45 - 2015-07-15 14:11 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2015-08-12 10:45 - 2015-07-15 14:10 - 01743360 _____ (Microsoft Corporation) C:\windows\system32\sysmain.dll
2015-08-12 10:45 - 2015-07-15 14:10 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-08-12 10:45 - 2015-07-15 14:10 - 01216512 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2015-08-12 10:45 - 2015-07-15 14:10 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2015-08-12 10:45 - 2015-07-15 14:10 - 00729088 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-08-12 10:45 - 2015-07-15 14:10 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-08-12 10:45 - 2015-07-15 14:10 - 00424960 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2015-08-12 10:45 - 2015-07-15 14:10 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-08-12 10:45 - 2015-07-15 14:10 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-08-12 10:45 - 2015-07-15 14:10 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-08-12 10:45 - 2015-07-15 14:10 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-08-12 10:45 - 2015-07-15 14:10 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-08-12 10:45 - 2015-07-15 14:10 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-08-12 10:45 - 2015-07-15 14:10 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-08-12 10:45 - 2015-07-15 14:10 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-08-12 10:45 - 2015-07-15 14:10 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2015-08-12 10:45 - 2015-07-15 14:10 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-08-12 10:45 - 2015-07-15 14:10 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-08-12 10:45 - 2015-07-15 14:10 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-08-12 10:45 - 2015-07-15 14:10 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-08-12 10:45 - 2015-07-15 14:10 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-08-12 10:45 - 2015-07-15 14:10 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2015-08-12 10:45 - 2015-07-15 14:10 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\msmmsp.dll
2015-08-12 10:45 - 2015-07-15 14:09 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2015-08-12 10:45 - 2015-07-15 14:09 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-08-12 10:45 - 2015-07-15 14:05 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-08-12 10:45 - 2015-07-15 14:05 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-08-12 10:45 - 2015-07-15 14:00 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-08-12 10:45 - 2015-07-15 14:00 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-08-12 10:45 - 2015-07-15 14:00 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 14:00 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 14:00 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 14:00 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 14:00 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 14:00 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 14:00 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 14:00 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 13:59 - 03989952 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-08-12 10:45 - 2015-07-15 13:59 - 03934656 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-08-12 10:45 - 2015-07-15 13:56 - 01311768 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-08-12 10:45 - 2015-07-15 13:55 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-08-12 10:45 - 2015-07-15 13:55 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-08-12 10:45 - 2015-07-15 13:55 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-08-12 10:45 - 2015-07-15 13:55 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-08-12 10:45 - 2015-07-15 13:55 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-08-12 10:45 - 2015-07-15 13:54 - 00552960 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-08-12 10:45 - 2015-07-15 13:54 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-08-12 10:45 - 2015-07-15 13:54 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-08-12 10:45 - 2015-07-15 13:54 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2015-08-12 10:45 - 2015-07-15 13:54 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2015-08-12 10:45 - 2015-07-15 13:54 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-08-12 10:45 - 2015-07-15 13:54 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2015-08-12 10:45 - 2015-07-15 13:53 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2015-08-12 10:45 - 2015-07-15 13:53 - 00665088 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2015-08-12 10:45 - 2015-07-15 13:53 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2015-08-12 10:45 - 2015-07-15 13:53 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-08-12 10:45 - 2015-07-15 13:53 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-08-12 10:45 - 2015-07-15 13:53 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2015-08-12 10:45 - 2015-07-15 13:49 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-08-12 10:45 - 2015-07-15 13:48 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-08-12 10:45 - 2015-07-15 13:44 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-08-12 10:45 - 2015-07-15 13:44 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2015-08-12 10:45 - 2015-07-15 13:44 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 13:44 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 12:46 - 00290816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2015-08-12 10:45 - 2015-07-15 12:46 - 00159232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2015-08-12 10:45 - 2015-07-15 12:46 - 00129024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2015-08-12 10:45 - 2015-07-15 12:37 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2015-08-12 10:45 - 2015-07-15 12:37 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2015-08-12 10:45 - 2015-07-15 12:34 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 12:34 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 12:34 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-08-12 10:45 - 2015-07-15 12:34 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-08-12 10:45 - 2015-07-11 09:15 - 00429568 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe
2015-08-12 10:44 - 2015-07-14 23:19 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\basesrv.dll
2015-08-12 10:43 - 2015-07-20 20:39 - 00389840 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-08-12 10:43 - 2015-07-20 20:12 - 00342736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-08-12 10:43 - 2015-07-16 16:54 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-08-12 10:43 - 2015-07-16 16:37 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-08-12 10:43 - 2015-07-16 16:36 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-08-12 10:43 - 2015-07-16 16:36 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-08-12 10:43 - 2015-07-16 16:36 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-08-12 10:43 - 2015-07-16 16:35 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-08-12 10:43 - 2015-07-16 16:35 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-08-12 10:43 - 2015-07-16 16:27 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-08-12 10:43 - 2015-07-16 16:26 - 05923328 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-08-12 10:43 - 2015-07-16 16:26 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-08-12 10:43 - 2015-07-16 16:23 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-08-12 10:43 - 2015-07-16 16:21 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-08-12 10:43 - 2015-07-16 16:21 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-08-12 10:43 - 2015-07-16 16:21 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-08-12 10:43 - 2015-07-16 16:21 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-08-12 10:43 - 2015-07-16 16:12 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-08-12 10:43 - 2015-07-16 16:08 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-08-12 10:43 - 2015-07-16 16:00 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-08-12 10:43 - 2015-07-16 15:55 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-08-12 10:43 - 2015-07-16 15:54 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-08-12 10:43 - 2015-07-16 15:51 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-08-12 10:43 - 2015-07-16 15:51 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-08-12 10:43 - 2015-07-16 15:51 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-08-12 10:43 - 2015-07-16 15:50 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-08-12 10:43 - 2015-07-16 15:50 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-08-12 10:43 - 2015-07-16 15:49 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-08-12 10:43 - 2015-07-16 15:45 - 02279424 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-08-12 10:43 - 2015-07-16 15:43 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-08-12 10:43 - 2015-07-16 15:43 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-08-12 10:43 - 2015-07-16 15:41 - 00479232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-08-12 10:43 - 2015-07-16 15:39 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-08-12 10:43 - 2015-07-16 15:39 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-08-12 10:43 - 2015-07-16 15:38 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-08-12 10:43 - 2015-07-16 15:36 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-08-12 10:43 - 2015-07-16 15:35 - 00720384 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-08-12 10:43 - 2015-07-16 15:34 - 14451200 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-08-12 10:43 - 2015-07-16 15:33 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-08-12 10:43 - 2015-07-16 15:32 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-08-12 10:43 - 2015-07-16 15:29 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-08-12 10:43 - 2015-07-16 15:24 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-08-12 10:43 - 2015-07-16 15:20 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-08-12 10:43 - 2015-07-16 15:19 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-08-12 10:43 - 2015-07-16 15:17 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-08-12 10:43 - 2015-07-16 15:12 - 04520448 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-08-12 10:43 - 2015-07-16 15:12 - 02427904 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-08-12 10:43 - 2015-07-16 15:10 - 12856832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-08-12 10:43 - 2015-07-16 15:06 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-08-12 10:43 - 2015-07-16 15:06 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-08-12 10:43 - 2015-07-16 15:05 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-08-12 10:43 - 2015-07-16 15:01 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-08-12 10:43 - 2015-07-16 14:49 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-08-12 10:43 - 2015-07-16 14:42 - 01951232 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-08-12 10:43 - 2015-07-16 14:38 - 01310720 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-08-12 10:43 - 2015-07-16 14:37 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-08-12 10:42 - 2015-07-30 14:06 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2015-08-12 10:42 - 2015-07-30 14:06 - 01648128 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2015-08-12 10:42 - 2015-07-30 14:06 - 01180160 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2015-08-12 10:42 - 2015-07-30 14:06 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2015-08-12 10:42 - 2015-07-30 14:06 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2015-08-12 10:42 - 2015-07-30 14:06 - 00041984 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2015-08-12 10:42 - 2015-07-30 14:06 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2015-08-12 10:42 - 2015-07-30 13:57 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2015-08-12 10:42 - 2015-07-30 13:57 - 01251328 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2015-08-12 10:42 - 2015-07-30 13:57 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2015-08-12 10:42 - 2015-07-30 13:57 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2015-08-12 10:42 - 2015-07-30 13:57 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2015-08-12 10:42 - 2015-07-30 13:55 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2015-08-12 10:42 - 2015-07-30 12:56 - 03208192 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-08-12 10:42 - 2015-07-30 12:52 - 00372736 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2015-08-12 10:42 - 2015-07-30 12:49 - 00299520 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2015-08-12 10:42 - 2015-07-14 23:19 - 02004992 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll
2015-08-12 10:42 - 2015-07-14 23:19 - 01887232 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2015-08-12 10:42 - 2015-07-14 23:14 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml6r.dll
2015-08-12 10:42 - 2015-07-14 23:13 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2015-08-12 10:42 - 2015-07-14 22:55 - 01390592 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll
2015-08-12 10:42 - 2015-07-14 22:55 - 01241088 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2015-08-12 10:42 - 2015-07-14 22:51 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6r.dll
2015-08-12 10:42 - 2015-07-14 22:51 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2015-08-12 10:42 - 2015-07-09 13:57 - 00193536 _____ (Microsoft Corporation) C:\windows\system32\notepad.exe
2015-08-12 10:42 - 2015-07-09 13:57 - 00193536 _____ (Microsoft Corporation) C:\windows\notepad.exe
2015-08-12 10:42 - 2015-07-09 13:42 - 00179712 _____ (Microsoft Corporation) C:\windows\SysWOW64\notepad.exe
2015-08-12 10:42 - 2015-07-01 16:49 - 00260096 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll
2015-08-12 10:42 - 2015-07-01 16:48 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll
2015-08-12 10:42 - 2015-07-01 16:30 - 00206848 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll
2015-08-12 10:42 - 2015-07-01 16:30 - 00082432 _____ (Microsoft Corporation) C:\windows\SysWOW64\davclnt.dll
2015-08-12 10:41 - 2015-07-20 14:12 - 03154944 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-08-12 10:41 - 2015-07-20 14:12 - 02606080 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-08-12 10:41 - 2015-07-20 14:12 - 00696320 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-08-12 10:41 - 2015-07-20 14:12 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-08-12 10:41 - 2015-07-20 14:12 - 00139776 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-08-12 10:41 - 2015-07-20 14:12 - 00098304 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-08-12 10:41 - 2015-07-20 14:12 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2015-08-12 10:41 - 2015-07-20 14:12 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2015-08-12 10:41 - 2015-07-20 14:12 - 00037376 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-08-12 10:41 - 2015-07-20 14:12 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2015-08-12 10:41 - 2015-07-20 14:12 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2015-08-12 10:41 - 2015-07-20 13:56 - 00566784 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-08-12 10:41 - 2015-07-20 13:56 - 00173056 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-08-12 10:41 - 2015-07-20 13:56 - 00093184 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-08-12 10:41 - 2015-07-20 13:56 - 00034816 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-08-12 10:41 - 2015-07-20 13:56 - 00030208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2015-08-12 10:41 - 2015-07-10 13:51 - 14177280 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2015-08-12 10:41 - 2015-07-10 13:34 - 12875776 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2015-08-12 10:41 - 2015-05-09 14:26 - 00493504 _____ (Microsoft Corporation) C:\windows\system32\mcupdate_GenuineIntel.dll
2015-08-12 10:38 - 2015-08-12 10:39 - 00815748 _____ C:\Users\Speed\Downloads\Skype.zip
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-09 18:57 - 2012-11-29 00:10 - 00000632 __RSH C:\Users\Speed\ntuser.pol
2015-09-09 18:57 - 2011-10-19 22:08 - 00000000 ____D C:\Users\Speed
2015-09-09 18:04 - 2012-07-26 10:40 - 368641144 _____ C:\alotserviceruntime.log
2015-09-09 18:04 - 2009-07-14 01:13 - 00801730 _____ C:\windows\system32\PerfStringBackup.INI
2015-09-09 18:01 - 2015-07-27 20:50 - 00000000 ____D C:\FRST
2015-09-09 18:01 - 2014-08-05 17:09 - 00000000 ____D C:\Users\Speed\AppData\Local\SevereWeatherAlerts
2015-09-09 18:00 - 2014-09-04 22:57 - 00000292 _____ C:\windows\Tasks\WSE_Astromenda.job
2015-09-09 17:57 - 2014-08-09 23:21 - 00000934 _____ C:\windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-09-09 17:57 - 2014-06-15 22:42 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-09 17:57 - 2012-05-21 16:28 - 00000416 _____ C:\windows\Tasks\PC Optimizer Pro64 startups.job
2015-09-09 17:56 - 2009-07-14 01:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-09-09 17:56 - 2009-07-14 00:51 - 00086208 _____ C:\windows\setupact.log
2015-09-09 17:54 - 2012-05-15 09:58 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-09-09 17:51 - 2011-07-11 09:18 - 01640472 _____ C:\windows\WindowsUpdate.log
2015-09-09 17:46 - 2015-08-02 18:36 - 00000000 ____D C:\windows\System32\Tasks\Remediation
2015-09-09 17:30 - 2014-01-29 13:49 - 00000000 ____D C:\ProgramData\Oracle
2015-09-09 17:30 - 2011-03-23 22:26 - 00000000 ____D C:\Program Files (x86)\Java
2015-09-09 17:25 - 2015-07-27 20:50 - 02190336 _____ (Farbar) C:\Users\Speed\Downloads\FRST64.exe
2015-09-09 17:25 - 2014-08-10 11:19 - 00000938 _____ C:\windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2015-09-09 17:08 - 2011-07-11 10:01 - 00000000 ____D C:\ProgramData\Norton
2015-09-09 17:03 - 2009-07-14 00:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-09 17:03 - 2009-07-14 00:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-08 14:57 - 2014-10-13 22:25 - 00111344 _____ (Symantec Corporation) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
2015-09-08 14:57 - 2014-10-13 22:25 - 00008214 _____ C:\windows\system32\Drivers\SYMEVENT64x86.CAT
2015-09-08 14:57 - 2014-10-13 22:25 - 00002494 _____ C:\Users\Public\Desktop\Norton Internet Security.lnk
2015-09-08 14:57 - 2014-10-13 22:25 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2015-09-08 14:56 - 2011-07-11 10:03 - 00000000 ____D C:\windows\system32\Drivers\NISx64
2015-09-07 15:06 - 2014-08-09 17:14 - 00000000 ____D C:\Users\Speed\AppData\Roaming\Smart Driver Updater
2015-09-05 15:11 - 2014-06-15 22:43 - 00002252 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-04 21:58 - 2010-11-20 23:47 - 01867590 _____ C:\windows\PFRO.log
2015-09-04 20:10 - 2011-11-16 12:06 - 00000000 ____D C:\Users\Speed\AppData\Roaming\HpUpdate
2015-09-03 19:33 - 2011-11-13 10:28 - 00000000 ____D C:\Users\Speed\AppData\Local\CrashDumps
2015-09-01 15:41 - 2015-08-02 19:11 - 00001964 _____ C:\Users\Speed\Desktop\Dashlane.lnk
2015-09-01 15:41 - 2015-08-02 19:08 - 00000000 ____D C:\Users\Speed\AppData\Roaming\Dashlane
2015-09-01 15:16 - 2014-08-05 17:10 - 00000000 ____D C:\Program Files (x86)\Boost
2015-08-29 18:32 - 2015-05-31 15:59 - 00003642 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-29 18:32 - 2014-06-15 22:42 - 00003894 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-29 18:32 - 2014-06-15 22:42 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-20 18:55 - 2012-05-15 09:58 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-08-20 18:54 - 2012-05-15 09:58 - 00778440 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-08-20 18:54 - 2012-01-13 14:49 - 00142536 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-14 19:26 - 2009-07-13 23:20 - 00000000 ____D C:\windows\rescache
2015-08-13 15:07 - 2009-07-14 00:45 - 00409576 _____ C:\windows\system32\FNTCACHE.DAT
2015-08-13 15:06 - 2013-03-17 17:30 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-13 15:06 - 2013-03-17 17:30 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-13 13:48 - 2014-12-10 15:50 - 00000000 ____D C:\windows\system32\appraiser
2015-08-13 13:48 - 2014-06-17 14:56 - 00000000 ___SD C:\windows\system32\CompatTel
2015-08-13 13:24 - 2013-03-17 17:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-13 13:07 - 2012-06-18 19:53 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-13 12:52 - 2009-07-13 22:34 - 00000513 _____ C:\windows\win.ini
2015-08-13 12:16 - 2013-08-15 03:01 - 00000000 ____D C:\windows\system32\MRT
2015-08-13 11:57 - 2011-11-28 12:08 - 132483416 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-08-12 10:06 - 2009-07-14 01:09 - 00000000 ____D C:\windows\System32\Tasks\WPD
 
==================== Files in the root of some directories =======
 
2014-09-04 23:04 - 2014-09-04 23:04 - 0000318 _____ () C:\Users\Speed\AppData\Roaming\aps.uninstall.scan.results
2014-09-04 23:57 - 2015-03-08 13:09 - 0000164 _____ () C:\Users\Speed\AppData\Roaming\WB.CFG
2014-09-16 19:18 - 2014-09-17 22:06 - 1077248 _____ () C:\Users\Speed\AppData\Local\ChromeHitoryDB
2014-12-12 17:00 - 2014-12-18 21:00 - 0000010 _____ () C:\Users\Speed\AppData\Local\DSI.DAT
2014-12-12 17:00 - 2014-12-12 17:00 - 0022528 _____ () C:\Users\Speed\AppData\Local\dsisetup118977592.exe
2014-12-18 21:00 - 2014-12-18 21:00 - 0022528 _____ () C:\Users\Speed\AppData\Local\dsisetup4929319122.exe
2011-11-27 15:14 - 2014-03-15 16:45 - 0001668 _____ () C:\ProgramData\hpzinstall.log
2013-06-24 22:41 - 2013-06-24 22:41 - 4325376 _____ () C:\ProgramData\ReadOnlyInstaller.msi
2013-07-02 13:11 - 2013-07-02 13:11 - 0033958 _____ () C:\ProgramData\uninstaller.exe
 
Files to move or delete:
====================
C:\ProgramData\uninstaller.exe
 
 
Some files in TEMP:
====================
C:\Users\Speed\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\Speed\AppData\Local\Temp\jre-8u51-windows-au.exe
C:\Users\Speed\AppData\Local\Temp\q57noalx.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite10860.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite12001.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite15292.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite15972.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite17668.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite18989.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite20316.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite26127.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite26931.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite28508.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite31190.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite32298.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite34029.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite36275.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite39760.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite43041.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite43240.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite44438.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite46048.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite46245.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite46962.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite47018.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite47556.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite48779.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite52925.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite57538.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite57683.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite58463.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite64446.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite66362.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite70142.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite75524.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite75721.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite80577.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite81984.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite89ad64e3-3c5c-4e6c-ba31-be71df4e8240.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite91338.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite91480.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite91777.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite97946.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite99219.dll
C:\Users\Speed\AppData\Local\Temp\System.Data.SQLite99276.dll
C:\Users\temporarory\AppData\Local\Temp\rtx70jMODG.exe
C:\Users\temporarory\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\temporarory\AppData\Local\Temp\System.Data.SQLite26857.dll
C:\Users\temporarory\AppData\Local\Temp\System.Data.SQLite34367.dll
C:\Users\temporarory\AppData\Local\Temp\System.Data.SQLite53894.dll
C:\Users\temporarory\AppData\Local\Temp\System.Data.SQLite55608.dll
C:\Users\temporarory\AppData\Local\Temp\System.Data.SQLite62098.dll
C:\Users\temporarory\AppData\Local\Temp\System.Data.SQLite96951.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-11 00:26
 
==================== End of FRST.txt ============================





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users